USA flag logo/image

An Official Website of the United States Government

DECISIVE ANALYTICS Corporation Response to Cross-Domain Attack Correlation…

Award Information

Agency:
Department of Homeland Security
Branch:
N/A
Award ID:
69314
Program Year/Program:
2004 / SBIR
Agency Tracking Number:
0421204
Solicitation Year:
2004
Solicitation Topic Code:
H-SB04.2-001
Solicitation Number:
N/A
Small Business Information
DECISIVE ANALYTICS Corporation
1235 South Clark Street Suite 400 Arlington, VA -
View profile »
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No
 
Phase 1
Fiscal Year: 2004
Title: DECISIVE ANALYTICS Corporation Response to Cross-Domain Attack Correlation Technologies
Agency: DHS
Contract: NBCHC050006
Award Amount: $99,999.00
 

Abstract:

The DECISIVE ANALYTICS Team presents a suite of novel technique to perform distributed event correlation across distinct administrative domains while preserving privacy. Our approach for detecting attacks is based on the facts, prerequisites, and consequences of an attack. Such an approach allows us to detect well-known and stealthy attacks while also minimizing false alarms. Normal and suspicious activities are represented by graphs that are automatically constructed where nodes of the graph represent an event in the system, and arcs represent their relationships. We use data mining techniques such as clustering, classification, and frequent episodes mining to correlate events and attacks within an administrative boundary We perform event correlation across administrative boundaries by utilizing probabilistic statistical causality techniques, and preserve privacy by using Secure 2-Party Computational techniques such as multivariate statistical analysis to enable secure collaboration across domains. These techniques are implemented as a set of intelligent agents that collaborate across administrative domains and provide alerts to the security analyst as attacks against the Homeland¿s critical infrastructure are identified. We anticipate commercial benefits as we transition the technology to our partner, Cisco Systems, for deployment as part of their PIX Security Appliance. Potential spinoff applications include intelligence analysis and securities fraud.

Principal Investigator:

James J. Nolan
Sr Scientist/Engineer, Sys Analy Div
7034145002
jim.nolan@dac.us

Business Contact:

Kelly McClelland
Manager, Business Operations
7034145024
kelly.mcclelland@dac.us
Small Business Information at Submission:

DECISIVE ANALYTICS Corporation
1235 South Clark St. Suite 400 Arlington, VA 22202

EIN/Tax ID: 541785147
DUNS: N/A
Number of Employees:
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No