Global Analysis of Weak Signals for Enterprise Event Detection (GAWSEED)

Project Description

The Global Analysis of Weak Signals for Enterprise Event Detection (GAWSEED) project is studing weak signals across multiple large-enterprise datasets looking for signs of malicious activity so small they may be passed over by a single enterprise’s operational staff. GAWSEED has three goals to meet this challenge:

  • We will create new security-event sensors by analyzing structures in data sources using insights about protocols and host-based information sources. Analysis of these structures will develop new methods to expose security events even in weak signals, and evaluate use of corroborative information to further amplify them.

  • These signals and supporting information will serve as features for machine-learning-augmented algorithms to find, classify, and prioritize discovered security events.

  • To draw upon sensor data distributed across multiple enterprises, we will develop inter-enterprise sharing and control protocols. These protocols will address challenges in distributed computation and constrained communication in the face of soemtimes conflicting policies about privacy and sharing.

GAWSEED is part of ANT Lab at USC/ISI (PIs: John Heidemann and Wes Hardaker in the networking division, and Aram Galystan from the AI division. It is joint work with researchers at Parsons Corporation. It is supported by DARPA as part of the CHASE program.


  • Michael Baer, researcher (PARSONS)
  • Genevieve Bartlett, researcher (USC CS Dept. and ISI)
  • Aram Galstyan, research director and research associate professor (USC/ISI)
  • Wes Hardaker, co-PI on this project, researcher (USC/ISI)
  • John Heidemann, PI on this project, project leader and professor (USC/ISI)
  • Suresh Krishnaswamy, researcher (PARSONS)
  • Wayne Morrison, researcher (PARSONS)
  • Russ Mundy, researcher (PARSONS)
  • Sandy Murphy, researcher (PARSONS)
  • Yuri Pradkin, researcher (USC/ISI)
  • Robert Story, Computer Analyst (USC/ISI)


  • Abdul Qadeer and John Heidemann 2021. Efficient Processing of Streaming Data using Multiple Abstractions. Proceedings of the IEEE International Conference on Cloud Computing (Virtual, Sep. 2021), 157–167. [DOI] [PDF] Details
  • Abdul Qadeer and John Heidemann 2020. Plumb: Efficient Stream Processing of Multi-User Pipelines. Software—Practice and Experience. 51, 2 (2020), 385–408. [DOI] [PDF] Details
  • Wes Hardaker 2020. GAWSEED. ISI Research Day. Details

For related publications, please see the ANT publications web page.


pip3 installable software:

  • pyfsdb
  • gawseed-processing
  • gawseed-threat-feed-tools

See also the ANT software web page.