Distributed, Closed-Loop, Anonymized, Dynamic Collaborative Defense Against Network Threats

Award Information
Agency:
Department of Homeland Security
Branch
n/a
Amount:
$91,492.00
Award Year:
2010
Program:
SBIR
Phase:
Phase I
Contract:
D11PC20011
Award Id:
95261
Agency Tracking Number:
1021127
Solicitation Year:
n/a
Solicitation Topic Code:
H-SB010.2-003
Solicitation Number:
n/a
Small Business Information
1743 BLUE WATER LANE, SAN MARCOS, CA, 92078
Hubzone Owned:
N
Minority Owned:
N
Woman Owned:
N
Duns:
962937285
Principal Investigator:
TomasByrnes
(760) 539-8999
tomb@threatstop.com
Business Contact:
TomByrnes
(760) 402-3999
tomb@threatstop.com
Research Institute:
n/a
Abstract

This Proposal is for the investigation of the feasibility, and if feasible, the requirements, for deploying distributed intrusion and bot
detection services in a bundle inside multiple networks, while sharing the resulting threat information in an anonymized way. It will
involve the implementation of combined defense and sensor nodes as gateways; local correlation, log processing and reporting engines; and dissemination of detected threat sources back to a central correlation authority which then disseminates the information to all participating entities. Key items to be examined are the scalability of distributing existing databases while maintaining consistency; anonymization of threat information detected while maintaining relevancy; and the scalability of processing data from the
local detector enforcers into the private threat correlation system, sending the detected threats upstream to the global system, and disseminating the correlated data to all nodes. This will provide the requirements to scale the current ThreatSTOP system so that it can be fully commercialized to protect national security assets, large enterprises, and large numbers of individual users. The benefit will be dynamic detection and blocking of
network level attacks and the dynamic disabling of botnets through the interruption of their command and control channels.This Proposal is for the investigation of the feasibility, and if feasible, the requirements, for deploying distributed intrusion and bot detection services in a bundle inside multiple networks, while sharing the resulting threat information in an anonymized way. It will
involve the implementation of combined defense and sensor nodes as gateways; local correlation, log processing and reporting engines; and dissemination of detected threat sources back to a central correlation authority which then disseminates the information to all participating entities. Key items to be examined are the scalability of distributing existing databases while maintaining consistency; anonymization of threat information detected while maintaining relevancy; and the scalability of processing data from the
local detector enforcers into the private threat correlation system, sending the detected threats upstream to the global system, and disseminating the correlated data to all nodes. This will provide the requirements to scale the current ThreatSTOP system so that it can be fully commercialized to protect national security assets, large enterprises, and large numbers of individual users. The benefit will be dynamic detection and blocking of network level attacks and the dynamic disabling of botnets through the interruption of their command and control channels.

* information listed above is at the time of submission.

Agency Micro-sites


SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government