You are here

Detection & Containment of Computer Epidemics Through Correlation of Communication Anomalies

Award Information
Agency: Department of Homeland Security
Branch: N/A
Contract: NBCHC050010
Agency Tracking Number: 0421210
Amount: $99,867.00
Phase: Phase I
Program: SBIR
Solicitation Topic Code: H-SB04.2-002
Solicitation Number: N/A
Solicitation Year: 2004
Award Year: 2004
Award Start Date (Proposal Award Date): 2004-10-27
Award End Date (Contract End Date): 2005-05-15
Small Business Information
5777 W. Century Blvd. Suite 1185
Los Angeles, CA 90045
United States
HUBZone Owned: No
Woman Owned: No
Socially and Economically Disadvantaged: No
Principal Investigator
 K Narayanaswamy
 Chief Technology Officer
 (310) 337-3013
Business Contact
 Deborah Taylor
Title: President
Phone: (310) 337-3013
Research Institution

This Phase I SBIR project investigates the detection and mitigation of fast-spreading computer infections that we call network epidemics. We wish to avoid packet payload inspection for several reasons. For one, increasing use of encrypted communication makes it impossible to interpret the payload. Further, payload anomaly analysis introduces delays that can be unacceptable when stopping fast-spreading epidemics. In our project, detection of a network epidemic is based upon communication anomalies and the detection of similar shifts in behavior in a very large number of machines across the network. It is our hypothesis that epidemics can be detected by analyzing just communication patterns of the machines, without reference to packet payloads. Innovations of our approach include efficient traffic summaries that can store traffic data indefinitely. We also include sophisticated correlation features that make it possible to detect shifts in behavior of many machines across an entire network. Both exponential and slow spreading epidemics are discovered using this approach. The approach also generates filters for the traffic that spreads the infection thereby providing a defense. In Phase I, we validate the approach with a proof of concept prototype, and analyze the scalability issues of the approach to larger and faster networks.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government