The Design of Defensive Software Systems
Agency / Branch:
DOD / OSD
CML proposes to extend its current work in dynamic kernel monitoring for attack recognition and mitigation. The focus of this proposal is on mitigating the effects of an attack on executing software process by an individual user. The object of interest is the mapping of the activity of a user of a software system onto a model of their normal use of this software. In the construction of a mathematical model of certified software activity there two distinct sources of variation in the actual execution vocabulary of the software: the variation that is due to the differences between users of the application and the variation with each user in the way that they use the software. In our previous research investigations we have focused on the total variation of activity across all users. To establish a defensive posture for software that is being misused by an authenticated user, we must construct multiple models of normal activity; one for each user. In this new research aspect we will increase the level resolution for software activity to the individual user level. This will, in turn, permit the system to recognize and react to the abnormal activity per individual user.
Small Business Information at Submission:
COMPUTER MEASUREMENT LABORATORY, INC.
128 E Pine Avenue Meridian, ID 83642
Number of Employees: