USA flag logo/image

An Official Website of the United States Government

Scalable Intrusion Detection System for Rapid Global Detection of Network…

Award Information

Agency:
Department of Energy
Branch:
N/A
Award ID:
72457
Program Year/Program:
2006 / SBIR
Agency Tracking Number:
78652S05-I
Solicitation Year:
N/A
Solicitation Topic Code:
N/A
Solicitation Number:
N/A
Small Business Information
Advanced Science and Novel Technology
27 Via Porto Grande Rancho Palos Verdes, CA 90275-7848
View profile »
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No
 
Phase 2
Fiscal Year: 2006
Title: Scalable Intrusion Detection System for Rapid Global Detection of Network Attacks
Agency: DOE
Contract: DE-FG02-05ER84136
Award Amount: $750,000.00
 

Abstract:

Current ultra high­speed networks carry massive aggregate data ¿ows that must be monitored and pro­cessed to detect and counteract intrusions. The problem is further compounded by the sheer number and complexity of attacks. As a result, the challenges of intrusion detection in ultra-high-­speed networks are outstripping our ability to de­tect, track, fuse, and interpret them. This project will develop a distributed anomaly-­based intrusion detection system, consisting of sensing nodes for local (e.g., host­ level) detection and fusion nodes to combine the output from the sens­ing nodes. Advanced statistical methods will be used to identify hidden patterns and to optimize the operating characteristics of the intrusion detection system. In Phase I, a novel detection system, which detects attacks with minimal delays for a given (low) false alarm rate at extremely high data rates, was developed. An adaptive parallel architecture allowed for an efficient auto-selection of the best possible configuration under existing conditions, thereby reducing susceptibility to a changing envi­ronment. The algorithms were evaluated using asymptotic analysis, Monte Carlo experiments, and deployment in a testbed. Phase II will: (1) develop statistical meth­ods for an efficient, anomaly-­based local detector with a low false alarm rate, as well as a hybrid anomaly-­signature local detector with profiling capability; (2) develop an architecture for the distributed deployment of detectors, along with fusion algorithms to combine outputs for network-­level detections; (3) design and implement sensor and fusion nodes using commercial-­off-­the-­shelf technologies; and (4) develop a laboratory testbed to support implementation and testing. Commercial Applications and other Benefits as described by the awardee: The new intrusion detection system should be of particular relevance to DOE networks that support large-­scale science applications. Advantages over existing systems include an increased probability of detecting unknown attacks, and a lower false alarm rate and detection time

Principal Investigator:

Alexander G. Tartakovsky
Dr.
3102927847
tartakov@usc.edu

Business Contact:

Vladimir Katzman
Dr.
3103776029
traffic405@cox.net
Small Business Information at Submission:

Advanced Science and Novel Technology Company
27 Via Porto Grande Rancho Palos Verdes, CA 90275

EIN/Tax ID: 383654319
DUNS: N/A
Number of Employees:
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No