2018: DOLL/Vencore wins CHASE

DOLL and MIT will subcontract to Vencore Labs on WILEE, a set of components for Threat Detection and Characterization as part of DARPA I2O's CHASE program. Scaling the Cyber Hunt problem poses several key technical challenges. Detecting and characterizing cyber threats at scale in large enterprise networks is hard because of the vast quantity and complexity of the data that must be analyzed as adversaries deploy varied and evolving tactics to accomplish their goals. WILEE's Threat Detector accelerates the hunt process by translating high-level threat descriptions into many possible concrete implementations and using adversarial planning, genetic perturbation, and data-driven evaluation to automatically prioritize hunt activities, inform data collection, minimize detection time, and detect both known and novel malicious activities with high confidence. WILEE's threat interpretation and validation process lowers the cognitive burden on Cyber Protection Team (CPT) hunt operators by producing validated threat indicators in human-readable form, alongside a continuous confidence score to assist in triaging and prioritizing responses when operating with limited resources.