Video

There is a massive amount of intelligence data available that cannot be manually analyzed. Computers can provide some help in this problem, but the shear volumes of data make the most promising approaches impractical. The challenge is for a computer to sift through a large amount of data & provide a human with accurate and relevant information, not to merely allow the analyst to search over an ever increasing set of data. This requires software that is able to filter, relate, and show documents & relationships to an analyst.

Oak Ridge Cyber Analytics (ORCA) is a suite of tools for applying automation and advanced analytics to pressing information security problems. ORCA is comprised of several components, each of which addresses widespread technology gaps in computer network defense, such as:

ORCA Fusion Engine
A software tool for the aggregation, analysis, filtering and correlation of IDS alerts.

ORCA Attack Variant Detector
A software tool for applying advanced analytics to network traffic to reliably detect variants of known attack vectors.

ORCA Asset Valuator
An agent-based architecture for valuing each host in a network based on the contained text information.

ORCA Exfiltration Detector
Host-based sensors and analytics for identifying probable unauthorized exfiltration actions.

At the foundation of many applications that perform analysis over sets of natural language texts lies the task of extracting information into a structured form. Despite some demonstrable successes, Information Extraction (IE) suffers from a major flaw in most real applications. The extraction task for which a tool was built is rarely identical to the task on which it is deployed, and shifting IE tools to new textual domains (e.g. from newswire to emails) results in significant performance drops, even for simple types of extraction and even for slight shifts in domain. The errors propagate through multiple subtasks resulting in even more significant performance reductions for more complex tasks. Modifying extraction systems to work on new domains or new tasks has traditionally been a tedious process and the cost was not always justifiable.

In the last decade, an explosion in the amount of available digital text resources has occurred. It is estimated that the Internet contains hundreds of terabytes of text data, a sizable amount of which is in an unstructured format. We will soon reach a point where terabyte-scale text corpora are routinely used on personal desktops for the purposes of research and decision making. However, most current text processing algorithms work well only on small corpora and are difficult to be scaled to the terabyte level on desktops because of the lack of enough computing power. Even running some simple text analysis tasks can take days or weeks of computer time to process a relatively large collection of data.

Problem Statement:
Link knowledge discovery, scenario development and modeling, uncertainty and likelihood estimation into an integrated threat anticipation system.

Technical Approach:
Proof of concept demonstrating the linkage of knowledge bass with scenario databases.
Libraries of scenarios are generated through serious gaming approaches
Evaluate threat likelihoods by a Bayesian reasoning/inference engine.

This effort will set a new direction for first responder applications, establishing a first responder open source community, allowing innovation while creating a market.

Takes advantage of ubiquitous cell phone technology, even in developing countries and provides rapid sharing of information about available resources to meet critical needs during emergency.

Provides a common view over multiple data sources to enable faster and more accurate event classification and response and supports legacy systems without requiring expensive modifications and re-certification.

Our approach supports a more adaptable grid allowing designers and analysts to compare architectures and optimize approaches for modernization and grid sustainability.

Allows analysts from different states to follow leads and perform trend analysis across the state boundaries and minimizes technical, administrative and maintenance burden on the states.

The tag-based design allows for great flexibility and scalability as the system grows and matures. The loose coupling also supports a phased approach for integrating additoinal information systems.

BEST provides a cost-effective means of consolidating and modernizing its incident center while reducing 9-1-1 response time by half.

Through Sensorpedia, enterprise applications and users gain access to disparate sensor networks. Sensorpedia also explores how volunteered sensor data is being used and shared.

Simple and scalable tools to analyze heterogeneous sensor data using familiar user interfaces.

Enterprise applications and users gain access to tracking related data across applications and organizations.

Provides end-to-end visibility of tracking data throughout the radioisotope supply chanin and help the DOE National Isotope Program meet tracking regulatory requirements.

Information processing at the network's edge is critical and is feasible.

Supporting superior grid behavior modeling and simulation capabilities, and coordinating human response will enable greater grid stability.

Near term: improve Marine corps' ability to locate, manage, share, and understand PM LAV data
Long term: lay foundation for future Marine Corps information sharing innovations and collaborations.

How would ORNL establish an emergency credentialing system that meets the following requirements:

Trust Network, Individuals, Location Mashup, Timestamp, Credentials, Entrprises