U.S. Army Gets Predictive On Cyber Threats

The armed service branch is testing business intelligence technology to identify cyber-related attack patterns that threaten critical sets of infrastructure.
According to CIAP-CT/HISTO, Clementine's enhanced data mining capabilities are essential to conducting effective analysis. The program does not require any code or syntax, and each visual field contains various nodes, or icons, that allow users to grab data, and then aggregate it by the day of the week or by volume of transactions, for instance. Each node represents a step in the data mining process, which linked together create a profile of a potential threat. "It's crucial that users are able to build a set of characteristics that surround a particular type of event," says Bill Haffey, technical director, public sector at SPSS. An example would be a domain expert at CIAP-CT/HISTO viewing how many times access to a specific IP address was attempted by a single user unsuccessfully over a specific period of time. Based on results from the data, he or she could determine if the behavior should be considered unusual and dealt with as a possible threat.

The key to analyzing possible threats, according to CIAP-CT/HISTO, is the volume of data users have to work with. The more data that's available, the better the results will be in pinpointing unusual behaviors.

Editor's Choice
Samuel Greengard, Contributing Reporter
Cynthia Harvey, Freelance Journalist, InformationWeek
Carrie Pallardy, Contributing Reporter
John Edwards, Technology Journalist & Author
Astrid Gobardhan, Data Privacy Officer, VFS Global
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing