Insider Threat Mitigation Using Lexical Link Analysis (LLA) Methods - Cyber Academic Group
Gallup, Shelley P.
The Navy Insider Threat (InT) program includes an InT hub as the nexus of threat information and case management. The data supporting the InT hub and alerting thresholds may come from a variety of sources, and will likely require different levels of analysis in the preparation either of relevant cases, or being relegated to a database for further use later. Analysts using the current technical means for their analysis and work flow through the InT system may find it useful to use the data being collected for further analysis of patterns that are revealed in this large pool of data. Lexical Link Analysis (LLA) is a technical capability for doing “big data” analysis, revealing patterns within large data sets and creating visualizations of those patterns and interconnections within the data. For example, LLA can be used to distinguish anomalous behavior patterns from background information, over time, and automatically. Trend analysis of behavior patterns would be very useful in refining the InT hub's operations.
NPS Naval Research Program
NPS Naval Research Program
Navy
2017