Presentation is loading. Please wait.

Presentation is loading. Please wait.

Modeling Adversarial Activity (MAA)

Published bySamuel Bell Modified over 6 years ago

Similar presentations

Presentation on theme: "Modeling Adversarial Activity (MAA)"— Presentation transcript:

1 Modeling Adversarial Activity (MAA)
Carey Schwartz DARPA/I2O Proposers Day September 27, 2016 DISTRIBUTION A. Approved for public release: distribution unlimited.

2 DISTRIBUTION A. Approved for public release: distribution unlimited.
MAA program goal Goal: Develop mathematical techniques that integrate and analyze heterogeneous data sources to enable high confidence indications and warnings of Weapon of Mass Terrorism (WMT) activities Hypothesis: Adversaries will leave a trail of observable transactions while they attempt to build or buy a WMT that MAA techniques will be able to detect DISTRIBUTION A. Approved for public release: distribution unlimited.

3 MAA vision Observe transaction data Merge into graphs Detect activity
Combined entity-transaction graphs E1 E9 E12 E11 E2 E3 E5 E6 E7 E18 E19 E20 E4 E8 E10 E13 E14 E15 E16 E17 Multiple single channel sources Activity templates = Transactions associated with multiple channels = = Integrated view of all transactions Challenges: Real world transaction data has PII & classification issues WMT activities may not be present in the data Entities and transactions are often not correctly identified Product is a set of noisy, incomplete, mischaracterized, and mislabeled data Challenge: Adversaries’ malicious activities are actively buried in benign background transactions Approach: Create realistic synthetic data for research with benign background activities Control presence or absence of WMT-related activities Create structure-based merge methods that can exploit relationships in graph topologies Advance state of the art in sub-graph detection and graph isomorphism to improve graph matching DISTRIBUTION A. Approved for public release: distribution unlimited.

4 MAA acquisition strategy: Two phases
Phase 2: System development (separate BAA) TA 4 Adaptive activity recognition TA 5 System engineering and evaluation Identify activities that resemble but are not exactly as specified by templates Reason over events and activity models generating hypothesis, data requests, and alternative explanations of observations Build integrated MAA system and execute on synthetic transaction data Provide feedback to TA 1-4 based on performance Generate Receiver Operating Characteristic Conduct sensitivity analysis including value of data, quality of data, and instantiation of algorithms Phase 1: Mathematical underpinning Activity templates E1 E9 E12 E11 E2 E3 E5 E6 E7 E18 E19 E20 E4 E8 E10 E13 E14 E15 E16 E17 Multiple single channel sources TA 3 Activity detection TA 2 Graph merging TA 1 Synthetic data creation Combined entity-transaction graphs DISTRIBUTION A. Approved for public release: distribution unlimited.

5 TA1 Synthetic data creation
Transaction data Combined graph (ground truth) Channel-specific graphs (for TA2) Background activity templates E1 E9 E12 E11 E2 E3 E5 E6 E7 E18 E19 E20 E4 E8 E10 E13 E14 E15 E16 E17 Combine Filter Add noise Adversary activity templates SME generated Channel-specific graphs arising from filtering the integrated view = Transactions associated with multiple channels = = Integrated view of all transactions Challenges: Modeling the background and foreground at sufficient realism Scale of data sets and number of channels Embedding without trivializing detection DISTRIBUTION A. Approved for public release: distribution unlimited.

6 TA2 Graph merging Channel-specific graphs (from TA1) Merged graph
(for TA3) Merge Challenges: Structural graph merging had been considered intractable Application of graph structure and topology to enhance feature matching DISTRIBUTION A. Approved for public release: distribution unlimited.

7 TA3 Activity detection Activity detected in merged graph
Map Adversary activity templates Challenges: Adaptation of adversary activity templates Requires application of sub-graph detection, graph isomorphism, community, clique detection in graphs, multi-commodity flow and temporal sequences in activity graphs DISTRIBUTION A. Approved for public release: distribution unlimited.

8 MAA Program Evaluation Schedule
MAA Program Schedule Task Area FY17 FY18 FY19 FY20 Q1 Q2 Q3 Q4 TA 1 Synthetic data creation TAs 2 Graph merging TA3 Activity detection PI meetings Data or code drop and assessment PI Meetings Key DISTRIBUTION A. Approved for public release: distribution unlimited.

9 Teaming For performers seeking to team with others, we have created a MAA Teaming site: Account creation is required to participate Immediate access will be granted to post your teaming information to the site You can also browse or search the information of others You may also access the site through the MAA Proposers' Day meeting registration website Use the "Teaming" link on the site navigation menu.   TEAMING IS NOT REQUIRED DISTRIBUTION A. Approved for public release: distribution unlimited.

10 DISTRIBUTION A. Approved for public release: distribution unlimited.

Download ppt "Modeling Adversarial Activity (MAA)"

Similar presentations

From the eyes of an Administrator A general overview of e-CFunds Administrative Site, including navigation and exploring the features of this powerful.

From the eyes of an Administrator A general overview of e-CFunds Administrative Site, including navigation and exploring the features of this powerful.
1 Evaluation Rong Jin. 2 Evaluation  Evaluation is key to building effective and efficient search engines usually carried out in controlled experiments.

1 Evaluation Rong Jin. 2 Evaluation  Evaluation is key to building effective and efficient search engines usually carried out in controlled experiments.
Sensor-Based Abnormal Human-Activity Detection Authors: Jie Yin, Qiang Yang, and Jeffrey Junfeng Pan Presenter: Raghu Rangan.

Sensor-Based Abnormal Human-Activity Detection Authors: Jie Yin, Qiang Yang, and Jeffrey Junfeng Pan Presenter: Raghu Rangan.
Multi-View Learning in the Presence of View Disagreement C. Mario Christoudias, Raquel Urtasun, Trevor Darrell UC Berkeley EECS & ICSI MIT CSAIL.

Multi-View Learning in the Presence of View Disagreement C. Mario Christoudias, Raquel Urtasun, Trevor Darrell UC Berkeley EECS & ICSI MIT CSAIL.
Linking the World Through Learning 1 GEM – GDLN Event Management system GDLN Asia Pacific General Meeting, June 2007.

Linking the World Through Learning 1 GEM – GDLN Event Management system GDLN Asia Pacific General Meeting, June 2007.
Multiuser Detection (MUD) Combined with array signal processing in current wireless communication environments 2002.4.10.Wed. 박사 3학기 구 정 회.

Multiuser Detection (MUD) Combined with array signal processing in current wireless communication environments Wed. 박사 3학기 구 정 회.
Audience Analysis & Usability. The Writing Process Focusing and Planning Drafting Assessing & Evaluating Assessing & Editing Publishing and Evaluating.

Audience Analysis & Usability. The Writing Process Focusing and Planning Drafting Assessing & Evaluating Assessing & Editing Publishing and Evaluating.
ETISEO Evaluation Nice, May 10-11 th 2005 Evaluation Cycles.

ETISEO Evaluation Nice, May th 2005 Evaluation Cycles.
1 Yield Analysis and Increasing Engineering Efficiency Spotfire Users Conference 10/15/2003 William Pressnall, Scott Lacey.

1 Yield Analysis and Increasing Engineering Efficiency Spotfire Users Conference 10/15/2003 William Pressnall, Scott Lacey.
SCOM 450 Final Product Assignment. Information Literacy Objectives Integrate organizational theory and organizational research into a study of organizational.

SCOM 450 Final Product Assignment. Information Literacy Objectives Integrate organizational theory and organizational research into a study of organizational.
Search Engine using Web Mining COMS E6125.001 Web Enhanced Information Mgmt Prof. Gail Kaiser Presented By: Rupal Shah (UNI: rrs2146)

Search Engine using Web Mining COMS E Web Enhanced Information Mgmt Prof. Gail Kaiser Presented By: Rupal Shah (UNI: rrs2146)
WINS Short Course 1 Sensor.com WINS Network Signal Processing Network Signal Processing Research Review SenseIT PI Meeting October 7-8, 1999 Marina Del.

WINS Short Course 1 Sensor.com WINS Network Signal Processing Network Signal Processing Research Review SenseIT PI Meeting October 7-8, 1999 Marina Del.
Distribution Statement “A” (Approved for Public Release, Distribution Unlimited) Hallmark Software Testbed (Hallmark-ST) Architecture to Enable Space Enterprise.

Distribution Statement “A” (Approved for Public Release, Distribution Unlimited) Hallmark Software Testbed (Hallmark-ST) Architecture to Enable Space Enterprise.
3 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. PeopleSoft General Ledger 9.2 New Features 9.2 Release New Features.

3 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. PeopleSoft General Ledger 9.2 New Features 9.2 Release New Features.
NMHIMSS Meet the Board & Committees May 26th, 2016

NMHIMSS Meet the Board & Committees May 26th, 2016
NETSTORM.

NETSTORM.
The Practice of Strategy

The Practice of Strategy
Data Mining – Intro.

Data Mining – Intro.
PeerWise Student Instructions

PeerWise Student Instructions
Project Management (PS)

Project Management (PS)

Similar presentations

Ads by Google