Countermeasures to Covert Access Methods to Reduce Attack Susceptibility and Ensure Trust
Department of Defense
Agency Tracking Number:
Solicitation Topic Code:
Small Business Information
Clear Hat Consulting, Inc.
1207 Cole Rd., Orlando, FL, 32803
Socially and Economically Disadvantaged:
AbstractThe primary objective of this project is to develop software and data protection technologies that provide countermeasures to sophisticated covert access methods on critical end node computer systems. We believe that machine learning algorithms can be applied to low level data streams in order to detect and prevent sophisticated, covert attacks against such systems. Machine learning algorithms have been successfully applied to the problem of network based intrusion detection, however, little research has been done toward applying them to other types of intrusive behavior that manifests in lower level non network based data streams. Furthermore, we believe that our approach has the potential to significantly advance the current state of technology for detecting sophisticated covert or intrusive system behavior. Anticipated benefits include a rational method of dealing with the false positive problem that has plagued many prior heuristic detection methods and the development of a generic detection platform applicable to both Operating System Dependent attacks like kernel rootkits and more sophisticated Operating System Independent attacks like SMM / BIOS rootkits. The end goal of this effort will be a unified framework capable of detecting both types of attack.
* information listed above is at the time of submission.