AI Assisted Compromise Email Detector (AACED)
Description
This use case intends to solve the problem of the extensive manual effort required to review emails for signs of cyber compromise.
Detailed example
Outputs are named entities and generated text for specific questions. Chat interface for analyst to conduct Q&A with email as context.
AI / analytics pattern
Classical/Predictive Machine Learning: Models trained on data to make predictions or classifications based on identified patterns or relationships.
Automation level / stage
c) Deployed – The use case is being actively authorized or utilized to support the functions or mission of an agency.
Expected benefit
The use case was developed to assist ICE SOC in reviewing a collection of emails between ICE personnel and Microsoft that were part of Emergency Directive 24-02. The use case provides a faster mechanism to the SOC analysts to determine indicators of compromise, reducing the level of effort for these individuals’ analysis exponentially. To assist the analysts, Named Entity Recognition (NER) was used to detect PII and other associated keywords to increase analyst productivity, and reduce time required to analyze emails.
Controls / human review
ATO: No; PIA: Not published
Data needed
Stored Agency emails used for validation.