Real Time Intrusion Detection in High-Speed Data Streams

Award Information
Agency: Department of Defense
Branch: Army
Contract: DAAD17-02-C-0023
Agency Tracking Number: A012-1235
Amount: $120,000.00
Phase: Phase I
Program: SBIR
Awards Year: 2002
Solicitation Year: N/A
Solicitation Topic Code: N/A
Solicitation Number: N/A
Small Business Information
500 West Cummings Park, Suite 3000, Woburn, MA, 01801
DUNS: 859244204
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 Joao B.D. Cabrera
 Research Engineer
 (781) 933-5355
 cabrera@ssci.com
Business Contact
 Raman Mehra
Title: President
Phone: (781) 933-5355
Email: rkm@ssci.com
Research Institution
N/A
Abstract
"We propose to investigate a methodology for designing hybrid(network-based and host-based) Intrusion Detection Systems (IDSs) foroperation at the OC-12 range and above. The scheme is centered on theapplication of Statistical Pattern Recognition methods for producingcomputationally cheap, yet effective detection rules to be programmedin dedicated co-processors. The effort addresses the challenges inthe development of network-based IDSs posed by the unabated increasein network capacity, and the arise of multi-stage attacks involvinghost infiltration followed by network scanning and automatedpacket-flooding. Current schemes for coping with increasing linkspeed rely on packet subsampling and/or reduction of the signatureset, resulting on substantial reduction in accuracy. In contrast, ourmethod offers a flexible alternative with no reduction of detectionrate, that can also be easily reprogrammed for new attacks. Theinclusion of host-based features allows the detection of multi-stageattacks. The statistical nature of the approach is compatible withIPSEC, as packet encryption preserves the features used for ruleconstruction. Aprisma Inc. (manufacturer of SPECTRUM) will provideconsulting in network management and security. Design and evaluationof algorithms will utilize an extensive data set collected by MCNC ona Gigabit Ethernet. MCNC group will also provide consulting inadvanced hardware. Prof. Wenke Lee from Georgia Tech will serv

* Information listed above is at the time of submission. *

Agency Micro-sites

SBA logo
Department of Agriculture logo
Department of Commerce logo
Department of Defense logo
Department of Education logo
Department of Energy logo
Department of Health and Human Services logo
Department of Homeland Security logo
Department of Transportation logo
Environmental Protection Agency logo
National Aeronautics and Space Administration logo
National Science Foundation logo
US Flag An Official Website of the United States Government