Participant Experiences

Participant Experiences | Catalog of Research Opportunities | ORAU Home | ORISE Home

Steven McKinney and Joseph Calandrino

Mitigating Threats and Preventing Attacks in Cyberspace… and in Service Overseas

Steven McKinney

Pictured L to R: Steve McKinney and Joseph Calandrino spent the summer of 2006 at Oak Ridge National Laboratory (ORNL) developing a prototype that would assist organizations detect insider threats to their computer systems. McKinney, an undergraduate at the University of North Carolina, and Calandrino, a graduate student at Princeton University, spent 10 weeks at ORNL—an internship requirement through the U.S. Department of Homeland Security’s Scholars (undergraduates) and Fellows (graduates) program.

Six hundred million dollars. Ten million dollars.

These figures represent the financial losses of two companies whose computer networks were attacked by a company insider. Unfortunately, however, this problem is more common than not, so that’s where Steven McKinney comes in.

McKinney, a U.S. Department of Homeland Security (DHS) Scholarship Program participant, spent 10 weeks during the summer of 2006 at Oak Ridge National Laboratory’s (ORNL) Cyber Security and Information Infrastructure Research Group where, under the direction of Dr. Frederick Sheldon, McKinney studied the undercover world of insider threat detection (ITD).

"Insider threat detection (ITD) is different from external threat detection," McKinney said. "ITD involves people who already have some level of authorization to perform their normal duties. Therefore, insiders have a significant advantage compared to those on the outside."

At ORNL, McKinney has been tasked with further researching the field of ITD by developing a detection system prototype—a multi-level evidence based intrusion detection system—that may eventually be utilized by both governmental and enterprise networks (a complex network of information systems used by any large organization).

The prototype, McKinney said, is both "anomaly-based and rule-based"—a system that attempts to establish a baseline of normal user activity and then alerts administrators when a user deviates from "normal" behavior, and a system that also attempts to define activity as either malicious or a precursor to malicious activity.

Dr. Sheldon said Steve’s work has been "remarkable." "We are currently working on a proposal to the DOE which incorporates some of the ideas that have been demonstrated by Steve.”

In 2003, McKinney was one of 50 out of 2,500 undergraduate students selected to participate in the DHS scholarship program—its first year in operation. However, he was called into active duty with the western North Carolina National Guard and was deployed shortly after the start of the program to the Kuwaiti-Iraqi border.

McKinney will soon be completing his internship at ORNL before going for his master’s degree at North Carolina State University in the fall. But this won’t be the last time that he participates in a DHS program; he was recently selected to receive a DHS fellowship for graduate students.

As a DHS fellow, McKinney will be required to complete another internship, but in doing so, he could receive additional research support for up to three years while he pursues his degree.

For more information about the DHS Scholarship and Fellowship program, please visit http://www.orau.gov/dhsed/.