You are here

Multiple Hypothesis Tracking of Cyberthreats

Award Information
Agency: Department of Defense
Branch: Air Force
Contract: FA8649-21-P-0059
Agency Tracking Number: FX20D-TCSO1-0073
Amount: $149,999.00
Phase: Phase I
Program: STTR
Solicitation Topic Code: AFX20D-TCSO1
Solicitation Number: X20.D
Solicitation Year: 2020
Award Year: 2021
Award Start Date (Proposal Award Date): 2020-12-18
Award End Date (Contract End Date): 2021-06-18
Small Business Information
1531 Grand Avenue Suite D
San Marcos, CA 92078-1111
United States
DUNS: 118594928
HUBZone Owned: No
Woman Owned: No
Socially and Economically Disadvantaged: No
Principal Investigator
 C Thomas Savell
 (760) 591-4227
Business Contact
 C. Thomas Savell
Phone: (760) 591-4227
Research Institution
 Carnegie Mellon University
 Christine Bedillion
5000 Forbes Ave.
Pittsburgh, PA 15213-3815
United States

 (412) 268-3603
 Nonprofit college or university

This Proposal addresses the tracking and forecasting a cyberthreat’s future maneuvers in compromised network. Our approach is as follows: Movement in the Network observed by Intrusion Detection System (IDS) Sensor Data = Discrete States (e.g., IP or Port Addressed per IDMEF alert format) Forecast Threat Track Vector using Multiple Hypothesis Method (MHM) Use Probabilistic Relational Model (PRM) framework to Develop Tracking Algorithms. Model Threat Movement using a Dynamic Decision Network (DDN) with Multi-Tactics & Trafficability Extend Bayesian Inference with Second Order Uncertainty (SOU) which Increases the precision of the forecast. Select multiple hypothesis of movement tactics from MITRE ATT&CK framework Apply weights to hypothesis paths based on the value of the target assets, Use data association methods, select and save the top-3 likely threat vectors for further tracking This is different from Today’s Technology in that it adds the ability to predict the likely next move in the attack vector using Multi Hypothesis Method (MHM) within a Bayesian representation of the cyber network. The Phase-I validation of the method will be performed using a simplified simulation of a Cyberattack. Namely, a single Intruder with a limited number of maneuver tactics

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government