Scientific advances to Continuous Insider Threat Evaluation (SCITE)

Program Manager

Paul Lehner

Program Information

IARPA-BAA-15-09

The SCITE program seeks to develop and test methods to detect insider threats through two separate research thrusts. Insider threats are individuals with privileged access within an organization who are, or intend to be, engaged in malicious behaviors such as espionage, sabotage or violence. Current practice and research in the detection of potential threats examine both internal organizational data sources (e.g., intranet search patterns) and, where appropriate, external data sources (e.g., financial records), apply various tools to passively monitor the data sources to automatically detect instances of possible insider threat indicators, aggregate automated detections to generate an initial risk assessment, and, based on that automated risk assessment, select a small number of insiders who are further examined by insider threat analysts.

The first research thrust will develop a new class of insider threat indicators, called active indicators, where indicative responses are evoked from potential insider threats. The second research thrust will develop Inference Enterprise Models (IEMs) that forecast the accuracy of existing and proposed systems for detecting insider threats.

Related Program(s)

Research Area(s)

  • Engineering enterprises that detect low probability events with low accuracy sensors
  • Innovative research methods to evaluate analytic and forecasting tradecraft
  • Innovative statistical methods to estimate performance of systems addressing complex analysis and forecasting problems
  • Scientific research on organizational lessons-learned methods
  • Evidence-based forecasting methods
  • Inductive logic
  • Probabilistic reasoning and its application to analytic tradecraft

Related Article(s)