Cyber-Battle Management System (CBMS)
Agency / Branch:
DOD / USAF
ABSTRACT: We are experiencing grand challenges to ensure that cyberspace resources and services can effectively tolerate epidemic-style cybperattacks, and manage automatically its resources and services. Currently, there are no effective commercial technologies to secure and protect cyberspace resources and services; they are mainly labor intensive (e.g., patch update), signature based, and not flexible enough to handle the complexity, dynamism and rapid propagation of cyberattacks. Furthermore, the organization boundaries are gradually disappearing so that the idea of creating a defendable perimeter becomes useless. In this Phase II STTR, AVIRTEK will develop and demonstrate a Cyber-Battle Management System (CBMS) that is based on autonomic computing. The autonomic paradigm is inspired by the human autonomic nervous system that handles complexity and uncertainties, and aims at realizing computing systems and applications capable of managing themselves with minimum human intervention. The proposed CBMS will utilize AVIRTEK autonomic agents, along with statistical and data mining techniques, anomaly behavior analysis, and intelligent decision fusion to autonomically manage configuration and security of battle space resources and services. The CBMS features that will be supported by the prototype to be developed and demonstrated at the end of Phase II are: Threat Management, Automated/Semi-automated/Manual Management Actions and Dashboard and Visualization. BENEFIT: Currently there are not effective cybersecurity tools and automated management capabilities that can effectively handle the exponential growth in number and complexity of cyberattacks. Most of the intrusion detection/protection systems that are commercially available today are mainly signature base, and require intensive manual management. The main reason they failed because they are signature based and the anomaly based solutions are very simple (e.g., threshold base) that require intensive fine tuning and adjustment. Any changes in the environments and the workloads will lead to high false alarms and thus make the anomaly based intrusion detection systems ineffective. AVIRTEK approach, on the other hand, uses sophisticated online monitoring tools, innovative feature selection algorithms, data mining, statistical and correlation models to accurately characterize the normal behavior of cyberspace resources and services so it can detect any anomalous events triggered by attacks, faults or accidents. Furthermore, AVIRTEK"s autonomic agents provide automated/semi-automated actions in order to stop cyberattacks in a timely manner and prevent their epidemic propagation. The successful development of the CBMS technology will have profound impacts because it will enable us to 1) Stop/eliminate the effectiveness of cyberattacks (known or unknown); 2) Deliver uninterrupted services and applications in spite of attacks and failures; and 3) Build"hassle-free"computing environments that are self-aware, self-adapt, self-heal, self-protect, self-* (i.e., autonomic computing environments). This will have strong impacts on business, healthcare systems, education, and government and will lead to cyberspace technology that is trustworthy. The CBMS technology is also extremely important to secure and protect DoD networks and services. The CBMS will be deployed at the following DoD sites: - Army Research Lab - Air force (Autonomic Sensor Directorate, Dayton) - Air force Rome Laboratory (testbed for evaluation of cyber security) - Joint Interoperability Test Command (Ft. Huachuca) Commercial Opportunities: AVIRTEK"s CBMS technology targets various commercial markets world-wide covering enterprise and SMB markets. Examples include: - Financial institutions such as Bank of America and JPMorgan Chase. - Medical Market to secure and protect electronic medical records and proprietary drug research data, just to name a few. - Utility Market: Securing critical infrastructure grids such as power, gas, and oil networks. - Autonomic Grid and Cloud Computing, Data Centers used by Google, Amazon, Yahoo, just to name a few. - Computer Network Defense markets. AVIRTEK will collaborate with Raytheon, Ball Aerospace and EWA Government systems to deploy the CBMS technology to secure and protect DoD networks and services.
Small Business Information at Submission:
Chief Executive Officer
Research Institution Information:
1236 E. Grant Rd Tucson, AZ 85719-
Number of Employees:
University of Arizona
1230 E. Speedway Blvd.
Tucson, AZ 85721-
University O. Arizona