Insider Anomaly Measurement Processing System (IAMPS)
Abstract
The solution detailed in this report is based on the fusion of information from a variety of cyber sensors, all looking for authentication consistency. In the event that authentication inconsistency is developed, the user holding the presented credentials is denied further access to the system. Several forms of authentication information and types of sensors were considered as part of the IAMPS suite, with the goal of using common COTS sensors to enhance transfer of IAMPS technology into real world systems. An additional sensor was conceptually developed to profile users based on the more hardware-related parameters all specifying computer usage. The basis of the IAMPS solution is in the application of sensor fusion approaches. while initially seeking to use only one form of fusion (i.e., Bayesian Networks, Dempster-Schaeffer, etc.), it was decided that a hybrid approach would work best. This avoids the problem of methods targeted to defeat certain forms of fusion if the detection fusion approach is known. A hybrid approach preserves algorithmic integrity. The research developed success criteria for evaluation of alternatives and then applied those criteria to the IAMPS solution. In summary, IAMPS directly addresses one of Sherlock Holmes' major concerns, as stated in the novel A Study in Scarlet: 'There is nothing like first hand evidence'. IAMPS leverages all sources of authentication information to develop aspects of first hand evidence.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 01, 2002
- Accession Number
- ADA406317
Entities
People
- Dennis H. Mccallam