Modeling Inference Enterprises Using Multiple Interoperating Models

A methodology is described for modeling enterprises that use data, tools, people and processes to make mission-focused inferences. Examples include cyber-operations centers detecting cyber intrusions, airport security systems detecting attempts to carry prohibited items onto airplanes, or mortgage underwriting offices predicting loan defaults. An inference enterprise gathers and analyzes data, generates alerts when a concerning event or behavior is identified, and follows up with more thorough investigation of alert cases. The purpose of modeling is to understand and evaluate enterprise performance to help identify ways to improve performance. This typically involves constructing a modeling workflow comprising components that may not have been designed to interoperate. It may involve combining multiple models based on different modeling formalisms. This paper presents a multi-modeling approach to inference enterprise modeling (MIEM). MIEM combines multiple models to generate multiple predictions of inference enterprise performance. These predictions are combined into an overall estimate of performance with error bounds. The MIEM methodology is illustrated on a problem of detecting insider threats in information systems. Copyright © 2018 by Kathryn Blackmond Laskey, et al. Published and used by INCOSE with permission.