USA flag logo/image

An Official Website of the United States Government

DOODLEBUG: A Distributed, Peer-to-Peer Approach to Cross-Domain Attack…

Award Information

Department of Homeland Security
Award ID:
Program Year/Program:
2004 / SBIR
Agency Tracking Number:
Solicitation Year:
Solicitation Topic Code:
Solicitation Number:
Small Business Information
Smart Information Flow Technologies, d/b/a SIFT
211 N 1st St. Suite 300 Minneapolis, MN 55401-
View profile »
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No
Phase 1
Fiscal Year: 2004
Title: DOODLEBUG: A Distributed, Peer-to-Peer Approach to Cross-Domain Attack Correlation
Agency: DHS
Contract: NBCHC050002
Award Amount: $99,743.00


SIFT`s DOODLEBUG approach provides a revolutionary approach to intrusion event correlation and fusion. Existing correlation systems are brittle, mostly rule-based systems that provide centralized correlation of intrusion events from very restricted areas. They require access to confidential information of the systems whose events they correlate, share those systems` false positive problems, and are difficult to configure and operate. By contrast, DOODLEBUG provides a lightweight event correlation solution that will operate over extremely large areas (e.g., continent-wide). The DOODLEBUG approach will build a robust, redundant, decentralized network for event correlation, producing rich results by incorporate very large amounts of information. Using large amounts of information, and combining it with relatively simple, and computationally inexpensive operations, DOODLEBUG will enable detection and identification of both known and novel attacks. In order to incorporate these large numbers of nodes, DOODLEBUG must stretch across not just administrative domains, but enterprises as well. To make this possible, DOODLEBUG will incorporate techniques for robust computation even in the face of malicious network members, and will provide strong assurances of the privacy of network nodes. DOODLEBUG will do this by combining a novel re-framing of the correlation problem with existing techniques for robust distributed computation and privacy protection.

Principal Investigator:

Robert P. Goldman
Senior Principal Research Scientist

Business Contact:

Harry B. Funk
Vice President, Research and Development
Small Business Information at Submission:

Smart Information Flow Technologies, LLC d/b/a SIFT, LLC
211 N 1st St. Suite 300 Minneapolis, MN 55401

EIN/Tax ID: 411929753
Number of Employees:
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No