Intrusion Detection System (IDS) With Automatic Signature Generation for Self Healing Networks

Award Information
Agency:
Department of Defense
Amount:
$70,000.00
Program:
SBIR
Contract:
W15P7T-10-C-A029
Solitcitation Year:
2010
Solicitation Number:
2010.1
Branch:
Army
Award Year:
2010
Phase:
Phase I
Agency Tracking Number:
A101-013-0501
Solicitation Topic Code:
A10-013
Small Business Information
Altusys Corp
P O Box 1274, Princeton, NJ, 08542
Hubzone Owned:
N
Woman Owned:
N
Socially and Economically Disadvantaged:
N
Duns:
135270473
Principal Investigator
 Khushboo Shah
 Senior Research Scientist
 (609) 651-4500
 khushboo@altusystems.com
Business Contact
 John Buford
Title: President
Phone: (609) 651-4500
Email: buford@altusystems.com
Research Institution
N/A
Abstract
This proposal details an ambitious effort to develop Smart Host-Based Intrusion Detection System (SHIDS). The SHIDS supports self-healing, self-monitoring, self-diagnosing, self-hardening, and self-recovering network architecture after corruption by an attack by automatically creating malware fingerprints and alert messages to protect against variants of known threats as well as possible zero day attacks. SHIDS utilizes hooking technique to collect binary behavior at the instruction level without requiring source code change. It employs rule-based, behavior-based, and a combination of both detectors to reliably identify zero-day malware as well as polymorphic worms and generates malware fingerprints. SHIDS includes mechanisms to avoid discovery of the SHIDS by attackers, and responds robustly to attempts to circumvent detection by the SHIDS such as polymorphism, encryption of collected data, hiding exploits in large volumes of system calls, rate variation and randomization of the attack vector. SHIDS responds robustly to the attempts by an attacker to produce ambiguous signatures. Furthermore, SHIDS adaptively adjusts the vigilance level based on the state of host and network health using various state-of-the-art statistical techniques such as fuzzy-matching, classification and clustering. Finally, SHIDS uses hybrid finite state automata to efficiently perform malware fingerprint matching.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government