After an attack like the Boston Marathon bombing in 2013, analysts sift through vast amounts of data to understand what led up to the attack. From this intelligence, analysts suggest precautionary measures to prevent a similar attack from happening again. For the subsequent Boston Marathon in 2014, this meant security was put on the lookout for pressure cookers and unattended backpacks. The problem with this approach is that adversaries are creative and they improvise everyday. It is uncommon for attackers to repeat the same attack method. Instead, they use new methods. Consequently, behaviors are simply too varied to be able to train an expert system to account for each possibility. However, certain general behaviors leading up to an attack are common, such as planning and communication among the attackers. To prevent attacks from happening in the future, there is a need for a proactive real-time analysis tool that alerts operators to closely monitor emerging threats and stop the attack before it happens.
Prior attempts at dealing with such attacks consist of tools such as Raytheon's® Intersect Sentry™ and EarthBase™ or IBM's SPSS®. These tools are non-real time and only support offline forensic analysis. They do not have the capability to do proactive analysis in real-time. The underlying techniques currently used for predictive analytics are based on graphical networks and Bayes networks. These techniques capture the causal relationship in the form of conditional probabilities between the events. This requires events, event types, and the causal relationships to be pre-defined. This further necessitates having a domain expert capable of understanding the events and their causal relationships, and modeling these relationships mathematically. Once the models are defined, they need to be trained with copious amounts of data, which must be gathered ahead of time and must be representative of real life. Once the models are trained, they are fixed, which means they can only predict the events for which they are trained.