USA flag logo/image

An Official Website of the United States Government

Anomaly Detection At Multiple Scales (ADAMS)

Award Information

Agency:
Department of Defense
Branch:
Defense Advanced Research Projects Agency
Award ID:
Program Year/Program:
2012 / SBIR
Agency Tracking Number:
D2-1132
Solicitation Year:
2011
Solicitation Topic Code:
SB111-003
Solicitation Number:
2011.1
Small Business Information
Allure Security Technology
5 Penn Plaza 23rd Floor New York,, NY -
View profile »
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No
 
Phase 2
Fiscal Year: 2012
Title: Anomaly Detection At Multiple Scales (ADAMS)
Agency / Branch: DOD / DARPA
Contract: HR0011-12-9-0004
Award Amount: $937,188.00
 

Abstract:

We propose to develop robust technical capabilities (resulting in commercial-quality software product) for identifying likely malicious as well as overly trusting insiders within an organization by leveraging automatically generated misinformation. Our system will work in conjunction with modern system and network monitoring technologies such as Data Leakage Prevention (DLP) systems and honeypots of various kinds (both traditional and unconventional), some of which are already in use by many enterprises for other purposes. Our approach focuses on and exploits what malicious insiders seek (illicitly acquired information), as opposed to incidental signs of misbehavior. Our approach also identifies users who make inappropriate trust decision putting organizations at risk. This provides a robust alternative and a good complement to passive-detection mechanisms. In Phase 1, we proposed to (a) investigate and design an insider detection architecture based on this notion of misinformation, and (b) demonstrate the feasibility of identifying specific types of insiders by developing a prototype for automatically generating and distributing believable misinformation based on pre-defined templates, and then tracking access and attempted misuse of it through integration with an open-source DLP system. In Phase 2, we will extend and instantiate our architecture, also expanding our system capabilities to generate documents that use information harvested from real sources. We will also develop a modular and extensible back-end system and management console.

Principal Investigator:

Herbert H. Thompson
Chief Technology Officer
(321) 795-4531
hugh@alluresecurity.com

Business Contact:

Salvatore Stolfo
President
(321) 795-4531
sal@alluresecurity.com
Small Business Information at Submission:

Allure Security Technology
5 Penn Plaza 23rd Floor New York,, NY -

EIN/Tax ID: 000000000
DUNS: N/A
Number of Employees:
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No