DARPA ADAMS Project
Abstract
The principal goal of the Anomaly Detection Engine for Networks (ADEN) was to identify malicious users within a network. We took the word network to broadly refer to corporate and government intranets , as well as networks of users in online communities such as Wikipedia and Slashdot whose goal is to provide correct information to end users. Malicious users within such online communities also constitute a threat inside those networks. During this project, we worked on 5 different data sets involving insider threat and malicious users. These data sets included a CERT data set, a Vegas data set, a Wikipedia data set, a Slashdot data set, and the BAIT data set that learned behaviors distinguishing real benign users from malicious ones. Because of the varied nature of these data sets, there were different techniques developed. We worked with open source Wikipedia and Slashdot data sets under the initial impression that finding vandals and trolls in such data would be easy. Though this proved to not be the case, we were eventually able to predict vandals on Wikipedia with over 90% accuracy, using a novel mix of network and language analytics. We were also able to significantly improve both the accuracy and run-time of troll detection within Slashdot.
Document Details
- Document Type
- Technical Report
- Publication Date
- May 11, 2015
- Accession Number
- ADA625184
Entities
People
- V. S. Subrahmanian
Organizations
- University of Maryland