Cyber Insider Threat (CINDER)
Abstract
The Cyber Insider Threat (CINDER) program developed technologies for identifying advanced cyber threat missions that may be currently ongoing within DoD and government interest systems and networks. Current cyber defenses are primarily based on network and host intrusion detection and look for break-ins and abnormal behavior without context. The CINDER program built tools and techniques that applied mission templates of advanced cyber espionage onto seemingly normal internal system and network activity. The program focused on identifying ongoing adversary missions rather than a person, program, or particular piece of malware. Through this CINDER uncovered ongoing advanced persistent cyber threats and espionage within our cyber environments. Capabilities from this program transitioned to DoD and the defense industrial base.
Document Details
- Document Type
- Accomplishment
- Publication Date
- Oct 01, 2015
- Source ID
- 13c1239ce24345f51c3d34a56a2f68a0