DECISIVE ANALYTICS Corporation Response to Cross-Domain Attack Correlation Technologies
The DECISIVE ANALYTICS Team presents a suite of novel technique to perform distributed event correlation across distinct administrative domains while preserving privacy. Our approach for detecting attacks is based on the facts, prerequisites, and consequences of an attack. Such an approach allows us to detect well-known and stealthy attacks while also minimizing false alarms. Normal and suspicious activities are represented by graphs that are automatically constructed where nodes of the graph represent an event in the system, and arcs represent their relationships. We use data mining techniques such as clustering, classification, and frequent episodes mining to correlate events and attacks within an administrative boundary We perform event correlation across administrative boundaries by utilizing probabilistic statistical causality techniques, and preserve privacy by using Secure 2-Party Computational techniques such as multivariate statistical analysis to enable secure collaboration across domains. These techniques are implemented as a set of intelligent agents that collaborate across administrative domains and provide alerts to the security analyst as attacks against the Homeland¿s critical infrastructure are identified. We anticipate commercial benefits as we transition the technology to our partner, Cisco Systems, for deployment as part of their PIX Security Appliance. Potential spinoff applications include intelligence analysis and securities fraud.
Small Business Information at Submission:
James J. Nolan
Sr Scientist/Engineer, Sys Analy Div
DECISIVE ANALYTICS Corporation
1235 South Clark St. Suite 400 Arlington, VA 22202
Number of Employees: