USA flag logo/image

An Official Website of the United States Government

A Distributed Scalable Intrusion Detection System for Rapid Detection of…

Award Information

Department of Defense
Award ID:
Program Year/Program:
2003 / SBIR
Agency Tracking Number:
Solicitation Year:
Solicitation Topic Code:
Solicitation Number:
Small Business Information
Advanced Science and Novel Technology
27 Via Porto Grande Rancho Palos Verdes, CA 90275-7848
View profile »
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No
Phase 2
Fiscal Year: 2003
Title: A Distributed Scalable Intrusion Detection System for Rapid Detection of Insider Attacks
Agency / Branch: DOD / ARMY
Contract: W911QX-04-C-0001
Award Amount: $729,969.00


Rapid response, minimal false alarm rate, and the capability to detect a wide spectrum of attacks are the crucial features of intrusion detection systems. The ultimate goal of this effort is to develop an integrated general framework for rapid detection ofinsider attacks for simultaneous defense of information systems on all required levels, which range from small local sub-networks to global distributed enterprise networks. In Phase I, the feasibility of our approach to rapid detection of internal attackswas demonstrated. In Phase II, we will further develop, implement, and test advanced statistical methods for defense against cyber-terrorism in high-speed computer networks. Powerful statistical techniques, such as adaptive change-point detection methods,hidden Markov models, and statistical learning, will be exploited in order to develop an optimized global distributed intrusion detection system that overcomes the major drawbacks and limitations of current detection systems. This system will have anadaptive, re-configurable structure that utilizes auto-tuning and auto-selection procedures for optimal configuration, reducing susceptibility to changes in environment. We will use collected data to tune and to optimize the detection system and to testthe prototype using state-of-the-art testbeds. Prototype software will be delivered and demonstrated at the end of Phase II.This effort will develop robust, mathematically rigorous, and, in certain senses, statistically optimal defense techniques. Thedevelopment will be carried out in a generic way so that these methods can be readily adapted to any insider intrusion defense implementation. As a result, this work will significantly increase the likelihood that an effective defense system will bedeveloped. We anticipate that this system, which is based on the advanced change-point detection method, will offer crucial improvements, specifically increased detection probability for unknown attacks, lower false alarm rates, and lower detection times,when compared to existing systems. We also anticipate that the distributed, scalable configuration will offer further improvements in overall performance in terms of lowering false alarm rates and increasing detection capabilities at high data rates.The successful completion of this program will result in the commercialization of the most advanced algorithm available for rapid detection of attacks in government, commercial and enterprise networks. The developed intrusion detection software will beparticularly effective in protecting these networks against insider threats. The complete software package can also be used by financial institutions in order to increase the security of their existing networks.

Principal Investigator:

Alexander Tartakovsky
Vice president

Business Contact:

Vladimir Katzman
Small Business Information at Submission:

28119 Ridgefern Court Rancho Palos Verdes, CA 90275

EIN/Tax ID: 383654319
Number of Employees:
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No