Insider threats are individuals within an organization enacting harmful behaviors—behaviors caused by espionage, sabotage, or even ignorance.
The Intelligence Community needs to forecast the accuracy and sensitivity of different insider threat detection systems. But current detection systems cannot deliver this information in large enterprise organizations because they fail to adequately model and account for the uncertainty of the environment and organization that they are placed in. The Intelligence Advanced Research Projects Activity (IARPA)’s Scientific Advances to Continuous Insider Threat Detection (SCITE) program sought to develop methods that allow analysts to forecast the accuracy and sensitivity of different insider threat detection systems in large enterprise organizations.
The Charles River Analytics Solution
The Charles River Analytics team (with Assured Information Security, Applied Marketing Science, and Cognitio) worked under the Probabilistic Relational Inference Modeling for Enterprises (PRIME) effort to develop prediction and sensitivity analysis tools and algorithms.
The effort resulted in probabilistic models of enterprise-deployed machine learning systems (such as insider threat detection systems). Analysts can use these models to evaluate, forecast, and understand the performance of a machine learning system within the enterprise.
Charles River built probabilistic relational models of inference enterprises in PRIME using the Figaro™ probabilistic programming language. Figaro is a free, open-source language for probabilistic modeling.
In the Analyze view of the PRIME interface, the user can see an overview of their model of the system, the systems’ predicted performance, and how the inputs to their model influenced the results.
In the Build view, the user can modify the model’s input values and see how those changes impact system performance.
Information technologists, analysts, or other decision makers can use the PRIME tools to create models to assess and evaluate their current machine learning systems, giving them the information they need to select the best system for their domain. PRIME can also recommend new components or configuration changes to a system to increase its performance, offering an effective solution at a fraction of the cost and with greater assurance than a hand-designed solution.