USA flag logo/image

An Official Website of the United States Government

Automatic Generation of Robust Network Intrusion Detection Signatures

Award Information

Agency:
Department of Defense
Branch:
Office of the Secretary of Defense
Award ID:
77973
Program Year/Program:
2006 / STTR
Agency Tracking Number:
O064-NC2-2006
Solicitation Year:
N/A
Solicitation Topic Code:
N/A
Solicitation Number:
N/A
Small Business Information
Reservoir Labs., Inc.
632 Broadway, Suite 803 New York, NY 10012-2614
View profile »
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No
 
Phase 1
Fiscal Year: 2006
Title: Automatic Generation of Robust Network Intrusion Detection Signatures
Agency / Branch: DOD / OSD
Contract: W911NF-06-C-0169
Award Amount: $99,925.00
 

Abstract:

We propose to develop a system that autonomously and rapidly (1) directly detects exploitation of application software vulnerabilities (including previously unknown vulnerabilities) via dynamic taint analysis, and (2) generates vulnerability signatures identifying all traffic that exploits those vulnerabilities-even traffic with no other similarities to the observed exploit-via semantic analysis of program paths leading to each vulnerability. These signatures will be generated in a format suitable for deployment in a conventional network-based intrusion detection/prevention system. Compared to the current practice of manual signature generation, an automated signature generation system is a necessary step to combat rapidly spreading worms that target previously unknown ("zero-day") vulnerabilities. Compared to other proposed automated signature generation systems which use statistical or heuristic techniques, our approach (1) provides more accurate discrimination between malicious and benign traffic and more precise identification of exploited vulnerabilities at the detection stage, and (2) generates signatures that represent the fundamental characteristics of any exploit targeting a particular vulnerability as completely as possible within the constraints of the signature language. Both aspects contribute directly to reducing the number of false positives and false negatives when the signatures are deployed.

Principal Investigator:

Steven Reinhardt
Managing Engineer
2127800527
stever@reservoir.com

Business Contact:

Melanie Peters
Business Manager
2127800527
peters@reservoir.com
Small Business Information at Submission:

RESERVOIR LABS., INC.
632 Broadway, Suite 803 New York, NY 10012

EIN/Tax ID: 061303098
DUNS: N/A
Number of Employees:
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No
Research Institution Information:
CARNEGIE MELLON UNIV.
Collaborative Innovation Cente, 4720 Forbes Avenue, Room 211
Pittsburgh, PA 15213
Contact: A. J. Abels
Contact Phone: (412) 268-4912
RI Type: Nonprofit college or university