PRODIGAL

{{Update|date=October 2021}}

{{Use mdy dates|date=October 2017}}

{{Infobox

|name =

|title = Proactive discovery of insider threats using graph analysis and learning

|label2 = Establishment

|data2 = 2011

|label3 = Sponsor

|data3 = DARPA

|label4 = Value

|data4 = $9 million

|label5 = Goal

|data5 = Rapidly data mine large sets to discover anomalies

}}

PRODIGAL (proactive discovery of insider threats using graph analysis and learning) is a computer system for predicting anomalous behavior among humans, by data mining network traffic such as emails, text messages and server log entries.{{cite news|url=http://insidehpc.com/2011/11/29/video-interview-darpas-adams-project-taps-big-data-to-find-the-breaking-bad/|title=Video Interview: DARPA's ADAMS Project Taps Big Data to Find the Breaking Bad|publisher=Inside HPC|date=November 29, 2011|accessdate=2011-12-05}} It is part of DARPA's Anomaly Detection at Multiple Scales (ADAMS) project.{{cite news|url=http://www.foxnews.com/scitech/2011/12/03/could-us-government-start-reading-your-emails/|archive-url=https://web.archive.org/web/20111203222717/http://www.foxnews.com/scitech/2011/12/03/could-us-government-start-reading-your-emails/|url-status=dead|archive-date=December 3, 2011|title=Could the U.S. Government Start Reading Your Emails?|first=John|last=Brandon|publisher=Fox News|date=December 3, 2011|accessdate=2011-12-06}} The initial schedule is for two years and the budget $9 million.{{cite news|url=http://www.gatech.edu/newsroom/release.html?nid=72599|title=Georgia Tech Helps to Develop System That Will Detect Insider Threats from Massive Data Sets|publisher=Georgia Institute of Technology|date=November 10, 2011|accessdate=2011-12-06}}

It uses graph theory, machine learning, statistical anomaly detection, and high-performance computing to scan larger sets of data more quickly than in past systems. The amount of data analyzed is in the range of terabytes per day. The targets of the analysis are employees within the government or defense contracting organizations; specific examples of behavior the system is intended to detect include the actions of Nidal Malik Hasan and WikiLeaks source Chelsea Manning. Commercial applications may include finance. The results of the analysis, the five most serious threats per day, go to agents, analysts, and operators working in counterintelligence.{{cite news|url=http://blogs.computerworld.com/19382/sifting_through_petabytes_prodigal_monitoring_for_lone_wolf_insider_threats|title=Sifting through petabytes: PRODIGAL monitoring for lone wolf insider threats|first=Darlene|last=Storm|work=Computer World|date=December 6, 2011|accessdate=2011-12-06|archive-url=https://web.archive.org/web/20120112170109/http://blogs.computerworld.com/19382/sifting_through_petabytes_prodigal_monitoring_for_lone_wolf_insider_threats|archive-date=January 12, 2012|url-status=dead}}

Primary participants

See also

References