Intrusion Detection System (IDS) With Automatic Signature Generation for Self Healing Networks

Award Information
Agency:
Department of Defense
Branch
Army
Amount:
$70,000.00
Award Year:
2010
Program:
SBIR
Phase:
Phase I
Contract:
W15P7T-10-C-A029
Award Id:
97823
Agency Tracking Number:
A101-013-0501
Solicitation Year:
n/a
Solicitation Topic Code:
ARMY 10-013
Solicitation Number:
n/a
Small Business Information
P O Box 1274, Princeton, NJ, 08542
Hubzone Owned:
N
Minority Owned:
N
Woman Owned:
N
Duns:
135270473
Principal Investigator:
Khushboo Shah
Senior Research Scientist
(609) 651-4500
khushboo@altusystems.com
Business Contact:
John Buford
President
(609) 651-4500
buford@altusystems.com
Research Institution:
n/a
Abstract
This proposal details an ambitious effort to develop Smart Host-Based Intrusion Detection System (SHIDS). The SHIDS supports self-healing, self-monitoring, self-diagnosing, self-hardening, and self-recovering network architecture after corruption by an attack by automatically creating malware fingerprints and alert messages to protect against variants of known threats as well as possible zero day attacks. SHIDS utilizes hooking technique to collect binary behavior at the instruction level without requiring source code change. It employs rule-based, behavior-based, and a combination of both detectors to reliably identify zero-day malware as well as polymorphic worms and generates malware fingerprints. SHIDS includes mechanisms to avoid discovery of the SHIDS by attackers, and responds robustly to attempts to circumvent detection by the SHIDS such as polymorphism, encryption of collected data, hiding exploits in large volumes of system calls, rate variation and randomization of the attack vector. SHIDS responds robustly to the attempts by an attacker to produce ambiguous signatures. Furthermore, SHIDS adaptively adjusts the vigilance level based on the state of host and network health using various state-of-the-art statistical techniques such as fuzzy-matching, classification and clustering. Finally, SHIDS uses hybrid finite state automata to efficiently perform malware fingerprint matching.

* information listed above is at the time of submission.

Agency Micro-sites


SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government