Intelligence Analyst Activity Dataset
This dataset represents a detailed log of about 6406 actions taken by 20 intelligence analysts with some degree of professional training. Analysts used a handful of simple tools to investigate a cybercrime at a fictional software startup company. The player’s job is to investigate the documents on the company's computers to conclude who committed an insider attack. Various tools are provided which attempt to mimic real analyst tools, including a database query search, a fictional web search, a way to recover deleted documents from employee computers, and tools to visualize documents on a timeline and on a map. Players use these tools to explore the collection of documents and then assign which documents they think indicate that each employee is guilty or innocent of the crime. Before performing a search or marking a document as important, analysts were prompted to explain their intentions.
The dataset and its documentation can be downloaded here.
Developing the serious game and collecting this data was a joint effort between the CORGI lab and the Narrative Intelligence Lab at the University of Kentucky. The work was done for the Laboratory for Analytic Sciences at North Carolina State University, who hosted the game and recruited intelligence analysts to play it. This dataset has been reviewed by LAS and has been released as unclassified.
These videos give a short explanation of the project and show examples of the Insider Threat game used to collect the data.