The US Air Force is seeking an entrepreneurial innovator to develop technology to analyse the conduct of insiders to determine if they pose a threat to government IT systems.

In a call for proposals aimed at small businesses, posted on Tuesday, the Air Force is asking outside developers to "define, develop and demonstrate innovative approaches for determining 'good' (approved) versus 'bad' (disallowed/subversive) activities, including insiders and/or malware." For their initial efforts, the Air Force will pay up to $100,000.

The proposal says current techniques that monitor illicit activities only address the most blatant violations of policy or the grossest deviations from accepted behavior. Most systems concentrate their resources on repelling attacks at the network borders with little attention devoted to threats that evade detection and/or emanate from within. The proposal states:  

In the first phase, Air Force planners envision the development of a prototype algorithm that incorporates heuristic analysis for determining approved versus disallowed or subversive activities, including insiders and/or malware. The awarded contractor also would propose an architecture and perform a feasibility analysis of the algorithm and architecture during the initial phase.

In the second phase, the contractor would implement the best approach from Phase 1 in an experimental hardware/software environment, representative of the Air Force cyber infrastructure. They'd be asked to correlate Phase 1 analysis with experimental results as well as analyze the prototype system with respect to performance, scalability, cost, security and vulnerability.

In the first phase, Air Force planners envision the development of a prototype algorithm that incorporates heuristic analysis for determining approved versus disallowed or subversive activities, including insiders and/or malware. The awarded contractor also would propose an architecture and perform a feasibility analysis of the algorithm and architecture during the initial phase.

In the second phase, the contractor would implement the best approach from Phase 1 in an experimental hardware/software environment, representative of the Air Force cyber infrastructure. They'd be asked to correlate Phase 1 analysis with experimental results as well as analyze the prototype system with respect to performance, scalability, cost, security and vulnerability.