Technical Tuesday – 22 May 2012 – Predicting Malicious Behavior: Tools and Techniques for Ensuring Global Security by Dr. Gary Jackson
Network attacks are in the process of crippling organizations. Over the years, such attacks have grown in sophistication and ever increasing damage or extensive theft of sensitive or classified data/information has been the result. Although adversarial threat has increased in effectiveness including higher numbers of first-time attacks, network protection methodologies have remained essentially the same for decades. Signature detection, the primary method, depends on writing signatures of past attacks to identify the same attacks if they reoccur. Anomaly detection, used to a lesser extent, depends on establishing a norm or a network baseline against which future network behavior may be compared to flag “non-normal” network behavior. Because of the emphasis on the past, signature detection is reactive and cannot recognize new attacks not in the rules archive. The anomaly detection approach of flagging non-normal behavior does not equate to identifying malicious behavior – human behavior on a network is rife with non-normal variants of non-malicious behavior. In other words, it is extremely difficult to identify “anomaly good” from “anomaly bad”. A paradigm shift in network protection methodology is past due. This shift must result in a proactive, predictive capability so that malicious behavior may be anticipated prior to occurrence allowing time for mitigation procedures to be implemented. Most importantly, it is time to incorporate human behavior assessment as opposed to network behavior. Attackers have intent to inflict damage or engage in theft. For mitigation, prediction of intent is essential. This presentation focuses on new automated behavior assessment technology capable of realizing this much needed paradigm shift as described in the presenter’s new book: Predicting Malicious Behavior: Tools and Techniques for Ensuring Global Security.
Presented by: Dr. Gary Jackson of SAIC
Dr. Gary M. Jackson is an Assistant Vice President and Technical Lead within the Cyber and Information Solutions Business Unit at Science Applications International Corporation (SAIC). A behavioral psychologist with specialties in artificial intelligence and automated assessment, Dr. Jackson has designed and developed scores of advanced applications across both corporate and U.S. Government settings. Dr. Jackson’s career has spanned academia as assistant and associate professor (University of South Florida), director of R&D and treatment development in various clinical settings, research psychologist within the U.S. Secret Service Intelligence Division, Intelligence Officer and Chief of three advanced technology branches within the Central Intelligence Agency, vice president and director of research and development for Psychological Assessment Resources (PAR), Director of the Center for the advancement of Intelligent Systems (CAIS) for the American Institutes for Research, and until recently, the founder, president, and CEO of Psynapse Technologies in Washington, DC. Dr. Jackson has extensive R&D and field experience in counterterrorism, counterintelligence, and asymmetric warfare prediction. He was a former President of the Florida Association for Behavior Analysis (FABA). He holds B.A. and Ph.D. degrees from Southern Illinois University-Carbondale and an M.A. degree from University of Illinois. He has completed additional postdoctoral training in neurophysiology at the University of South Florida Medical School. Fusing the behavioral and computer sciences, Dr. Jackson is the inventor of the patented automated behavioral assessment (AuBA) technology, CheckMate intrusion protection system, and InMate misuse detection system for insider threat.