USA flag logo/image

An Official Website of the United States Government

Intrusion Detection System (IDS) With Automatic Signature Generation for Self…

Award Information

Agency:
Department of Defense
Branch:
Army
Award ID:
97823
Program Year/Program:
2010 / SBIR
Agency Tracking Number:
A101-013-0501
Solicitation Year:
N/A
Solicitation Topic Code:
ARMY 10-013
Solicitation Number:
N/A
Small Business Information
ALTUSYS CORP.
P O Box 1274 Princeton, NJ -
View profile »
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No
 
Phase 1
Fiscal Year: 2010
Title: Intrusion Detection System (IDS) With Automatic Signature Generation for Self Healing Networks
Agency / Branch: DOD / ARMY
Contract: W15P7T-10-C-A029
Award Amount: $70,000.00
 

Abstract:

This proposal details an ambitious effort to develop Smart Host-Based Intrusion Detection System (SHIDS). The SHIDS supports self-healing, self-monitoring, self-diagnosing, self-hardening, and self-recovering network architecture after corruption by an attack by automatically creating malware fingerprints and alert messages to protect against variants of known threats as well as possible zero day attacks. SHIDS utilizes hooking technique to collect binary behavior at the instruction level without requiring source code change. It employs rule-based, behavior-based, and a combination of both detectors to reliably identify zero-day malware as well as polymorphic worms and generates malware fingerprints. SHIDS includes mechanisms to avoid discovery of the SHIDS by attackers, and responds robustly to attempts to circumvent detection by the SHIDS such as polymorphism, encryption of collected data, hiding exploits in large volumes of system calls, rate variation and randomization of the attack vector. SHIDS responds robustly to the attempts by an attacker to produce ambiguous signatures. Furthermore, SHIDS adaptively adjusts the vigilance level based on the state of host and network health using various state-of-the-art statistical techniques such as fuzzy-matching, classification and clustering. Finally, SHIDS uses hybrid finite state automata to efficiently perform malware fingerprint matching.

Principal Investigator:

Khushboo Shah
Senior Research Scientist
6096514500
khushboo@altusystems.com

Business Contact:

John Buford
President
6096514500
buford@altusystems.com
Small Business Information at Submission:

Altusys Corp
P O Box 1274 Princeton, NJ 08542

EIN/Tax ID: 810627388
DUNS: N/A
Number of Employees:
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No