Real Time Intrusion Detection in High-Speed Data Streams

Award Information
Agency:
Department of Defense
Amount:
$120,000.00
Program:
SBIR
Contract:
DAAD17-02-C-0023
Solitcitation Year:
N/A
Solicitation Number:
N/A
Branch:
Army
Award Year:
2002
Phase:
Phase I
Agency Tracking Number:
A012-1235
Solicitation Topic Code:
N/A
Small Business Information
Scientific Systems Co., Inc.
500 West Cummings Park, Suite 3000, Woburn, MA, 01801
Hubzone Owned:
N
Woman Owned:
N
Socially and Economically Disadvantaged:
N
Duns:
859244204
Principal Investigator
 Joao B.D. Cabrera
 Research Engineer
 (781) 933-5355
 cabrera@ssci.com
Business Contact
 Raman Mehra
Title: President
Phone: (781) 933-5355
Email: rkm@ssci.com
Research Institution
N/A
Abstract
"We propose to investigate a methodology for designing hybrid(network-based and host-based) Intrusion Detection Systems (IDSs) foroperation at the OC-12 range and above. The scheme is centered on theapplication of Statistical Pattern Recognition methods for producingcomputationally cheap, yet effective detection rules to be programmedin dedicated co-processors. The effort addresses the challenges inthe development of network-based IDSs posed by the unabated increasein network capacity, and the arise of multi-stage attacks involvinghost infiltration followed by network scanning and automatedpacket-flooding. Current schemes for coping with increasing linkspeed rely on packet subsampling and/or reduction of the signatureset, resulting on substantial reduction in accuracy. In contrast, ourmethod offers a flexible alternative with no reduction of detectionrate, that can also be easily reprogrammed for new attacks. Theinclusion of host-based features allows the detection of multi-stageattacks. The statistical nature of the approach is compatible withIPSEC, as packet encryption preserves the features used for ruleconstruction. Aprisma Inc. (manufacturer of SPECTRUM) will provideconsulting in network management and security. Design and evaluationof algorithms will utilize an extensive data set collected by MCNC ona Gigabit Ethernet. MCNC group will also provide consulting inadvanced hardware. Prof. Wenke Lee from Georgia Tech will serv

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government