Proc. SPIE. 5403, Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense III
KEYWORDS: Defense and security, Homeland security, Sensors, Computing systems, Control systems, Computer intrusion detection, Control systems design, Environmental sensing, Systems modeling, Process modeling
This paper describes the design for a content-based approach to detecting insider misuse by an analyst producing reports in an environment supported by a document control system. The approach makes use of Hidden Markov Models to represent stages in the Evidence-Based Intelligence Analysis Process Model (EBIAPM). This approach is seen as a potential application for the Process Query System / Tracking and Fusion Engine (PQS/TRAFEN). Actions taken by the insider are viewed as processes that can be detected in PQS/TRAFEN. Text categorization of the content of analyst's queries, documents accessed, and work product are used to disambiguate multiple EBIAPM processes.
This paper describes research on cognitive and semantic attacks on computer systems and their users. Several countermeasures against such attacks are described, including a description of a prototype News Verifier system. It is argued that because misinformation and deception play a much more significant role in intelligence and security informatics than in other informatics disciplines such as science, medicine, and the law, a new science of intelligence and security informatics must concern itself with semantic attacks and countermeasures.