Department of Defense (DoD) operations are supported by a global data network that connects computers, sensors and equipment. Despite heavy investments in security and cyber defenses, the millions of network nodes around the world, the interfaces with external data networks, and the sheer ubiquity and interconnectedness of DoD equipment leave open the possibility that adversaries can introduce advanced, persistent cyber threats to DoD systems and networks. Such threats take many forms, but include variants like trojaned code, backdoors in embedded systems, worms and logic bombs, all of which could prove detrimental to the warfighter if not discovered.
The Cyber-Insider Threat (CINDER) program aims to develop novel approaches to the detection of activities within military-interest networks that are consistent with the activities of cyber espionage. CINDER will apply models of adversary missions to "normal" activity on internal DoD networks to expose hidden operations within those networks. CINDER will also attempt to increase the accuracy, rate and speed with which future generations of advanced, persistent cyber threats are detected, while impeding the ability of adversaries to operate within military-interest networks.
Dr. Daniel Ragsdaledaniel.firstname.lastname@example.org