Processing Events in Probabilistic Risk Assessment

Robert Schrag, Edward Wright, Robert Kerr, Bryan Ware
2014 Semantic Technologies for Intelligence, Defense, and Security  
Assessing entity (e.g., person) risk from entity-related events requires appropriate techniques to address the relevance of events (individually and/or in aggregate) relative to a prevailing temporal frame of reference-for continuous risk monitoring, a running time point representing "the present." We describe two classes of temporal relevance techniques we have used towards insider threat detection in probabilistic risk models based on Bayesian networks. One class of techniques is appropriate
more » ... hen a generic person Bayesian network is extended with a new random variable for each relevant event-practical when events of concern are infrequent and we expect their number per person to be small (as in public records monitoring). Another class is needed when (as in computer network event monitoring) we expect too many relevant events to create a new random variable for each event. We present a use case employing both classes of techniques and discuss their relative strengths and weaknesses. Finally, we describe the semantic technology framework supporting this work.
dblp:conf/stids/SchragWKW14 fatcat:oj5gpw4fifchfo2hkukwdsciam