OMB Individually Reported

AI Assisted Compromise Email Detector (AACED)

Low riskExact public inventory row

Description

This use case intends to solve the problem of the extensive manual effort required to review emails for signs of cyber compromise.

Detailed example

Outputs are named entities and generated text for specific questions. Chat interface for analyst to conduct Q&A with email as context.

AI / analytics pattern

Classical/Predictive Machine Learning: Models trained on data to make predictions or classifications based on identified patterns or relationships.

Automation level / stage

c) Deployed – The use case is being actively authorized or utilized to support the functions or mission of an agency.

Expected benefit

The use case was developed to assist ICE SOC in reviewing a collection of emails between ICE personnel and Microsoft that were part of Emergency Directive 24-02. The use case provides a faster mechanism to the SOC analysts to determine indicators of compromise, reducing the level of effort for these individuals’ analysis exponentially. To assist the analysts, Named Entity Recognition (NER) was used to detect PII and other associated keywords to increase analyst productivity, and reduce time required to analyze emails.

Controls / human review

ATO: No; PIA: Not published

Data needed

Stored Agency emails used for validation.