Researchers rely on realistic datasets to build new analysis algorithms, but in many cases, realistic datasets have sensitivities that limit the audience that can work with them. One solution is to transform the original datasets with the intent to mask or remove the sensitive portions. This method is problematic because it is very difficult to ensure the transformation cannot be reversed. A better solution is to create surrogate datasets that have the properties of the original datasets but have no relationship to the content of the original data.

A recent survey estimated that malicious insiders were responsible for 34% of e-crimes at organizations. Detection is particularly difficult since many criminals act within their own authorized access and do not show up in anomaly detection systems. We perform automatic document redaction on "honey pot" documents to identify sensitive portions of a document and replace these segments with false but plausible information. These documents are then placed in semi-public places to make them look like accidental leaks to lure malicious insiders.

Sophisticated spear-phishing (or whaling) attacks have been launched against high profile targets, resulting in the loss of personally identifiable and sensitive information leading to financial losses exceeding $3 billion. These phishers write convincing emails leading users to open unsafe attachments or visit malicious Web sites. Phishers are now using highly customized messages which are less likely to be caught by traditional mail filters, exposing organization staff to a barrage of phishing attacks.

Modern malware uses polymorphism and metamorphism to evade detection and thwart reverse engineering. These techniques are relatively straightforward to implement, but their effects are very challenging to undo. The computed behavior can be used to overcome polymorphism and metamorphism by rewriting programs based on their computed end-to-end functional behavior (for example, omitting "no-op" code).

A complete solution for Quantum Computing requires large amounts of entanglement, generated in a scalable, controllable way. Continuous-variable (CV) entanglement is a good solution to this problem, but conventional sources are difficult to operate, involving optical cavities that must be locked to a given optical mode, and they do not solve the scalability problem.

Network defense requires layers of strategic thinking. CSES implements analysis of Bayesian networks to support a rigorous and systematic approach to resource and threat dependencies. It provides impact analysis with an intuitive visual representations and a comprehensive basis for choosing courses of action that have the highest risk reduction return on investment.

Effective security mechanisms are essential to the widespread deployment of pervasive systems. Much of the research focus on security in pervasive computing has revolved around distributed trust management. While such mechanisms are effective in specific environments, there is no generic framework for deploying and extending these mechanisms over a variety of pervasive systems.

In an interview situation, the interviewer needs a way to verify the answers a subject provides, have information to construct control questions, and possibly, have information to formulate high-value questions outside the scope of the interview. Data is stored in a graph-based topology of interconnected entities so that all relevant information regarding an entity is within one or two "hops." Everything that is known and unknown about an entity can be retrieved very quickly.

Insider sourced espionage, sabotage, and fraud are now considered as the top cyber threat. Cost estimates approach $1,000 billion/year from modification of data, security mechanism, unauthorized network connections, covert channels, and physical damage and destruction including information extrusion/exfiltration. Intelligent Insider Threat Detection (IITD) system is a distributed, hierarchical, multi-faceted, multi-level, rule based intrusion detection system.

In recent years, there has been a large increase in the amount of observable, electronic communications between individuals. The quantity of data available has significantly increased the time required for analysts to decipher information and gain a global picture of the social relationships within a network. This project will present an intuitive summary of how roles are distributed in the network as well as how those roles are interrelated.

By 2030, there will be 171 million Americans with chronic conditions (18% jump from 2010). With a larger aging population (77% of Americans 65+ have two or more chronic conditions), companies are beginning to help patients remotely. However, as features are added to medical devices (e.g., remotely checking heart information), this creates possibilities for attack. MDS will help protect lives by protecting the medical devices on which these lives depend.

In the event of a WMD-scale attack, protecting communication networks is essential to the survival of a nation. An attack of such magnitude will trigger an overflow of communication that will produce cascading failures.The goal of our proposed mitigation techniques is to identify and protect the functionality of essential network and application services through the utilization of a variety of information sources such as social networks and network infrastructure to extend existing and new techniques for prevention of cascading failures.

It is convenient to express social relations in the form of a network, with edges representing relationships and vertices representing people, organizations, etc. This project attempts to model future states of a network through modeling the edge reconnection processes of vertices. Future states can then be used to run experiments on information diffusion with a dynamic network with similar statistics as the original snapshot.

Conventional photon sources for quantum communication and computing are bulky, complex, and typically emit photons into many spectral and spatial modes. Bright, single-mode entangled photon sources are essential for multi-photon quantum information applications. Control of both the spatial and spectral properties of entangled photons will enable researchers to optimize entangled photon sources for their particular quantum applications.

The current state of Digital Forensics technologies and procedures involves gathering data from accepted data logs, event records, and databases after an incident or infraction has been detected. With the rise of anti-forensic utilities and practices, this approach is potentially ineffective and can result in inaccurate, impractical, and hence questionable evidence for prosecution and/or intelligence action. ACTFOR is a digital forensic solution for collecting, preserving, and analyzing data to support investigations involving cyber attacks and cyber crimes.

Silent Shield is a cybersecurity anomaly detection system being developed at ORNL with LDRD funds. It will be used to collect data from sensors, to model normal behavior, and to report deviations from normality. Furthermore, it will automatically and actively respond to attacks in real time. The Cyber Security Econometrics System will be used to support decision-making for response decisions.

Effective security mechanisms are essential to the widespread deployment of pervasive systems. Much of the research focus on security in pervasive computing has revolved around distributed trust management. While such mechanisms are effective in specific environments, there is no generic framework for deploying and extending these mechanisms over a variety of pervasive systems. We are developing software to simulate error propagation in QC hardware. The simulation cost is greatly reduced by exploiting the recursive, self-corrective nature of fault-tolerant QC design.

Security checkpoints now require vehicles to slow or stop, to pass through serpentine roadway approaches, and to be subject to visual evaluation before entering secure facilities. SWIMERS will employ state-of-the-art sensors embedded in a set of modular, light-weight pads that increase the core level performance of the WIM to produce accurate weights from the patent-pending signal processing mode removal of noise and error developed by ORNL, which have increased the precision to better than 0.1%.

A collection of structured entity data built from multiple heterogeneous data sources likely has a large amount of duplicate information. External datasets that contain additional information about the entities need to be integrated into the structured entity data. Review the entity data to create a list of the entity properties ordered from most discriminating to least discriminating. Work with subject matter experts to determine appropriate similarity thresholds for each entity property.

SHAF is a framework that will integrate itself into critical processes on a system, allowing it to covertly and flexibly monitor the system for malicious activity and mount active defenses to address risks. SHAF allows for the rapid deployment of tamper-resistant, covert security modules. It provides a multi-layered active defense that is transparent to the user.

The ubiquitous insecurity of computers and networks in the U.S. critical infrastructures makes cyberspace an obvious target in 21st Century warfare. A coordinated cyber attack could disrupt one or more of U.S. critical infrastructures. UNTAME is a networked colony of distributed intelligent autonomous collaborating Cyber Robots (Cybots) residing on diverse hosts throughout the cyberspace infrastructure, including switches and routers.

While the convenience of USB devices and removable media increase business productivity, they also provide an attack vector for malicious software. Some organizations have simply physically disabled USB ports or required all devices be centrally scanned at a physical location. USB-ARM creates operating system drivers which sit between removable media and the user and applications. The drivers isolate the media and submit the contents of the media to a virtual machine containing an entire scanning system.