An IPRO project is a team-based learning environment in which students from various concentrations and disciplines work together to solve a real-world problem.  The projects arise from both university and industry needs.  Corporate sponsorship ensures that the offerings each semester are constantly changing to reflect emerging trends in technology and the needs of society. This semester IPRO 311 will be addressing one of these emerging trends.

In the information age we live in, the prevalence of complex information systems in our society has been spreading at breakneck speeds.  With almost every aspect of our daily lives depending on digital data transmission and verification, it is immediately evident that the need to protect these channels is paramount.  Due to the fact that most attention seems to be on outsider threats to information (evident by the multitude of hacker-themed books and films available), many people may be surprised that outsider threats make up the minority of computer crime.  The real danger lies in what the Defense Personnel Security Research Center has called “a Peopleware Problem”.

According to the Ponemon Institutes’ 2006 National Survey on Managing the Insider Threat, of the 450 IT professionals surveyed, “more than 78% of respondents reported one or more unreported insider-related security breaches within their company.” [1]

With shocking statistics like that, it's even more surprising that a myriad of companies aren't trying to capitalize on this problem like they have with anti-spyware, anti-virus, and anti-intrusion detection.  A significant roadblock in the process appears to be that there isn't enough data available to experiment on.  Datasets that are available tend to be synthetically-generated and do not offer the variety of user actions that a simulated data set might provide.  A true dataset would be ideal for research and analysis, but something like that could only be obtained from a company that monitors its users.  Companies are very reluctant to give out data they have collected about their users because they could face legal repercussions for doing so, not to mention bad publicity if word gets out that there is abuse within the company.

The Spring 2007 IPRO 311 team will be working to implement a system to capture real user activity and habits.  This captured data will be used to detect if a computer within a company or organization is being used for nefarious purposes.

Using a bootable CD, the members of 311 will perform normal operations on a system, which will be logged to a central server.  Later in the semester, some users will be assigned to "misuse" the system.  The misuse data will also be logged to the server.  This collected data will be examined and run through several algorithms which will help discover which users were misusing the system.  This determination will be based on the regular usage patterns that were logged before misuse was performed.

When a successful dataset is formed, it will be made available for other universities and companies to utilize and create products to help detect misuse.  IIT will also develop its own software to help detect misuse, and will hopefully develop a marketable product.