USA flag logo/image

An Official Website of the United States Government

An Efficient Distributed Scalable Intrusion Detection System for Rapid…

Award Information

Department of Defense
Award ID:
Program Year/Program:
2003 / SBIR
Agency Tracking Number:
Solicitation Year:
Solicitation Topic Code:
Solicitation Number:
Small Business Information
Advanced Science and Novel Technology
27 Via Porto Grande Rancho Palos Verdes, CA 90275-7848
View profile »
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No
Phase 1
Fiscal Year: 2003
Title: An Efficient Distributed Scalable Intrusion Detection System for Rapid Detection of Insider Attacks
Agency / Branch: DOD / ARMY
Contract: DAAD17-03-C-005
Award Amount: $119,848.00


The critical criteria for intrusion detection systems (IDS) are the speed of detection, the false alarm rate, and the number of types of attacks that can be detected. Unlike external attacks, insider attacks are not well understood today. Advanced Scienceand Novel Technology (ADSANTEC) proposes key technological advancements in the area of insider IDS based on its revolutionary adaptive change-point detection algorithms with the following major benefits:(1) Efficient local IDS algorithms for rapid detection of insider attacks(2) Multi-sensor distributed detection technology with multi-level false alarm filtering(3) Fusion center for data and decisions identifying insider attack trends and patternsDuring Phase I, ADSANTEC will identify most informative observables, demonstrate the flexibility of the approach, and evaluate the advantages of our detection system compared to existing ones. As an illustration, we will apply this methodology fordetection of unauthorized access and misuse of resources. Existing solutions for detection of these intrusions do not employ statistical methods and suffer from uncontrollable false alarm rates and scalability problems in large distributed networks. TheADSANTEC's approach addresses both of these crucial issues. Active probing and service quality monitoring when combined with the ADSANTEC's change-point detection methods will allow us to achieve two important improvements as compared to the existing IDS:an increase of the probability of detection of unknown, stealthy attacks and a decrease of the false alarm rate. We also anticipate that the distributed, scalable IDS configuration will allow us to improve the overall performance of the system in terms ofdetection capabilities and lowering false detections.Phase I architectural and algorithmic design along with the results of preliminary simulations will constitute a basis for the development, training, and testing in Phase II where the proposed detection methods will be extensively trained andexperimentally tested in the available testbeds. The successful completion of this program will result in commercialization of the most advanced algorithm for rapid detection and mitigation of insider attacks in military, homeland defense and industrialnetworks.

Principal Investigator:

Alexander Tartakovsky
Vice President, Research

Business Contact:

Vladimir Katzman
Small Business Information at Submission:

28119 Ridgefern Court Rancho Palos Verdes, CA 90275

EIN/Tax ID: 383654319
Number of Employees:
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No