skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Results From Invoking Artificial Neural Networks to Measure Insider Threat Detection & Mitigation

Journal Article · · Digital Threats: Research and Practice
DOI:https://doi.org/10.1145/3457909· OSTI ID:1831170
 [1];  [1];  [1];  [2]
  1. Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)
  2. Univ. of Texas, Austin, TX (United States). Nuclear Engineering Teaching Lab.
+ Show Author Affiliations

Advances on differentiating between malicious intent and natural “organizational evolution” to explain observed anomalies in operational workplace patterns suggest benefit from evaluating collective behaviors observed in the facilities to improve insider threat detection and mitigation (ITDM). Advances in artificial neural networks (ANN) provide more robust pathways for capturing, analyzing, and collating disparate data signals into quantitative descriptions of operational workplace patterns. In response, a joint study by Sandia National Laboratories and the University of Texas at Austin explored the effectiveness of commercial artificial neural network (ANN) software to improve ITDM. Overall, this research demonstrates the benefit of learning patterns of organizational behaviors, detecting off-normal (or anomalous) deviations from these patterns, and alerting when certain types, frequencies, or quantities of deviations emerge for improving ITDM. Evaluating nearly 33,000 access control data points and over 1,600 intrusion sensor data points collected over a nearly twelve-month period, this study's results demonstrated the ANN could recognize operational patterns at the Nuclear Engineering Teaching Laboratory (NETL) and detect off-normal behaviors—suggesting that ANNs can be used to support a data-analytic approach to ITDM. Several representative experiments were conducted to further evaluate these conclusions, with the resultant insights supporting collective behavior-based analytical approaches to quantitatively describe insider threat detection and mitigation.

Research Organization:
Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)
Sponsoring Organization:
USDOE National Nuclear Security Administration (NNSA), Office of Defense Nuclear Nonproliferation
Grant/Contract Number:
NA0003525
OSTI ID:
1831170
Report Number(s):
SAND-2021-3782J; 695178
Journal Information:
Digital Threats: Research and Practice, Vol. 3, Issue 1; ISSN 2692-1626
Publisher:
Association for Computing Machinery (ACM)Copyright Statement
Country of Publication:
United States
Language:
English

References (6)

Why ReLU Networks Yield High-Confidence Predictions Far Away From the Training Data and How to Mitigate the Problem conference June 2019
Insider threats of Physical Protection Systems in nuclear power plants: Prevention and evaluation journal April 2018
Hindsight Bias journal September 2012
Risk management in a dynamic society: a modelling problem journal November 1997
Prevalence effects in newly trained airport checkpoint screeners: Trained observers miss rare targets, too journal February 2013
A study of insider threat in nuclear security analysis using game theoretic modeling journal October 2017

Similar Records

Phase I Closeout Report: Invoking Artificial Neural Networks to Measure Insider Threat Mitigation
Technical Report · Sat Aug 01 00:00:00 EDT 2020 · OSTI ID:1831170
MetaPhortress: A Situational Awareness Platform
Technical Report · Fri Oct 29 00:00:00 EDT 2021 · OSTI ID:1831170
Data Ingestion, Analysis, and Situational Awareness Tool
Technical Report · Mon Apr 15 00:00:00 EDT 2019 · OSTI ID:1831170

Related Subjects

45 MILITARY TECHNOLOGY, WEAPONRY, AND NATIONAL DEFENSE