A Diagnostics Approach for Persistent Threat Detection (ADAPT)

Abstract

Over the course of the Transparent Computing program, the ADAPT team developed a system for Automated Detection of Advanced Persistent Threats (APTs). The core developments of the Quine distributed graph database together with a newly developed technique for categorical anomaly detection provided the capability to perform probabilistic analysis for all system activity at arbitrarily high speeds. Using policies defined once by a team of experts, the system is able to effectively find and describe considerable APT activity and produce meaningful summaries for a human analyst.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Nov 01, 2019
Accession Number
AD1085243

Entities

People

  • Alan Fern
  • Anthony Williams
  • Ghita Berrada
  • James Cheney
  • Ryan Wright
  • Sid A. Benabderrahmane

Organizations

  • Galois, Inc.

Tags

Communities of Interest

  • Engineered Resilient Systems
  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Algorithms
  • Anomaly Detection
  • Artificial Intelligence
  • Change Detection
  • Computer Languages
  • Computers
  • Cybersecurity
  • Data Compression
  • Data Management
  • Data Mining
  • Databases
  • Detection
  • Detectors
  • Information Science
  • Machine Learning
  • Operating Systems
  • Supervised Machine Learning

Fields of Study

  • Computer science

Readers

  • Computational Linguistics
  • Sensor Fusion and Tracking Systems.
  • Systems Analysis and Design