Communication Analysis System for Intrusion Detection Systems (IDSs)
Agency / Branch:
DOD / NAVY
The innovation proposed herein is based on using Principal Component Analysis (PCA) to provide real-time characterization of communication between distributed processors, and to then use that characterization for real-time detection of attacks. PCA allows real-time processing of very high data rate communication, producing a characterization of that communication in a reduced dimensional space. Advantages are (1) Our processing can be done in real time even with hundreds of inputs at megabits per second each, (2) The state of the network communication can be viewed visually in the reduced dimensional space, giving a network administrator a visual queue as to anomalies that might be occurring, and (3) The approach is effective in detecting intrusions even if the attack has never been seen before. We have already tested our approach on a very limited set of data from the MIT Lincoln Labs 1999 data (Zissman 2001). Even though these tests represented only preliminary evaluation, we were able to detect 43% of the attacks in a group of ¿ % of the total data set. With refinement we should be able to substantially improve this rate. Sharing the resulting characterization and attack detection data between nodes of the network should further improve performance.
Small Business Information at Submission:
INTELLIGENT AUTOMATION, INC.
7519 Standish Place, Suite 200 Rockville, MD 20855
Number of Employees: