Automatic Generation of Robust Network Intrusion Detection Signatures

Award Information
Agency: Department of Defense
Branch: Army
Contract: W911NF-08-C-0007
Agency Tracking Number: O064-NC2-2006
Amount: $744,383.00
Phase: Phase II
Program: STTR
Awards Year: 2008
Solicitation Year: 2006
Solicitation Topic Code: OSD06-NC2
Solicitation Number: N/A
Small Business Information
632 Broadway, Suite 803, New York, NY, 10012
DUNS: 022423854
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 Steven Reinhardt
 Managing Engineer
 (212) 780-0527
 stever@reservoir.com
Business Contact
 Melanie Peters
Title: Business Manager
Phone: (212) 780-0527
Email: peters@reservoir.com
Research Institution
 CARNEGIE MELLON UNIV.
 A. J Abels
 Collaborative Innovation Ctr
4720 Forbes Ave., Room 2111
Pittsburgh, PA, 15213
 (412) 268-4912
 Nonprofit college or university
Abstract
In this Phase II STTR project, we propose to develop a system that autonomously and rapidly (1) detects exploitation of application software vulnerabilities (including previously unknown vulnerabilities) via dynamic taint analysis; (2) generates vulnerability signatures identifying nearly all traffic that exploits those same vulnerabilitieseven traffic with no superficial similarities to the observed exploit, and with no false positivesvia semantic analysis of program paths leading to each vulnerability; and (3) deploys these signatures to a network-based intrusion prevention system to prevent further exploits of the same vulnerability on other systems within the protected network. Our unique advantages over competitors stem from several factors. Our semantics-based approach enables broad coverage, even against polymorphic attacks, while fundamentally eliminating the possibility of false positives. Our advanced network intrusion prevention platform enables traffic to be checked against complex signature patterns at line rate up to 10 Gbps. Our system's end-to-end automation will provide effective defense even against rapidly spreading worms spreading via previously unknown (zero-day) exploits.

* Information listed above is at the time of submission. *

Agency Micro-sites

SBA logo
Department of Agriculture logo
Department of Commerce logo
Department of Defense logo
Department of Education logo
Department of Energy logo
Department of Health and Human Services logo
Department of Homeland Security logo
Department of Transportation logo
Environmental Protection Agency logo
National Aeronautics and Space Administration logo
National Science Foundation logo
US Flag An Official Website of the United States Government