Author Biography

Dr. Frank L. Greitzer is a Chief Scientist at the Pacific Northwest National Laboratory (PNNL), where he conducts R&D in human decision making for diverse problem domains. At PNNL Dr. Greitzer leads the cognitive informatics R&D focus area, which addresses human factors and social/behavioral science challenges through modeling and advanced engineering/computing approaches. This research focuses on the intelligence domain, including human behavior modeling with application to identifying/predicting malicious insider cyber activities, modeling socio-cultural factors as predictors of terrorist activities, and human information interaction concepts for enhancing intelligence analysis decision making. Dr. Greitzer’s research interests also include evaluation methods and metrics for assessing effectiveness of decision aids, analysis methods and displays. Ryan Hohimer is a Senior Research Scientist at PNNL. His research interests include knowledge representation and reasoning, probabilistic reasoning, semantic computing, cognitive modeling, image analysis, data management, and data acquisition and analysis. He is currently serving as Principal Investigator of a Laboratory-directed Research and Development project that has designed and developed the CHAMPION reasoner.



Subject Area Keywords

Corporate security, Cybersecurity, Intelligence analysis, Security management, Terrorism / counterterrorism, Threat assessment


The insider threat ranks among the most pressing cyber-security challenges
that threaten government and industry information infrastructures.
To date, no systematic methods have been developed that provide a
complete and effective approach to prevent data leakage, espionage, and
sabotage. Current practice is forensic in nature, relegating to the analyst
the bulk of the responsibility to monitor, analyze, and correlate an overwhelming
amount of data. We describe a predictive modeling framework
that integrates a diverse set of data sources from the cyber domain, as well
as inferred psychological/motivational factors that may underlie malicious
insider exploits. This comprehensive threat assessment approach
provides automated support for the detection of high-risk behavioral
"triggers" to help focus the analyst's attention and inform the analysis.
Designed to be domain-independent, the system may be applied to many
different threat and warning analysis/sense-making problems.