SIFT has utilized its core technologies of machine learning, planning and human interfaces in the context of cyber security. For example, SIFT has applied intent recognition techniques to the problem of identifying the objectives of cyber attackers in order to distinguish serious threats from "ankle biters." Projects in this area have included applying qualitative probabilistic reasoning to network intrusion detection, helping security analysts tame the floods of false positives generated by conventional intrusion detection systems, applying planning techniques to coordinate cyber defense across large enterprises, and applying machine learning to actively deceive cyber attackers so that they reveal facts about their true identity.