A lightweight infrastructure for detection and mitigation of insider threats in distributed environments

Award Information
Agency:
Department of Defense
Branch:
Missile Defense Agency
Amount:
$100,000.00
Award Year:
2006
Program:
STTR
Phase:
Phase I
Contract:
HQ0006-06-C-7524
Agency Tracking Number:
B064-009-0096
Solicitation Year:
2006
Solicitation Topic Code:
MDA06-T009
Solicitation Number:
N/A
Small Business Information
SCIENTIFIC SYSTEMS COMPANY, INC
500 West Cummings Park - Ste 3000, Woburn, MA, 01801
Hubzone Owned:
N
Socially and Economically Disadvantaged:
Y
Woman Owned:
N
Duns:
859244204
Principal Investigator
 Joao Cabrera
 Principal Investigator
 (781) 933-5355
 cabrera@ssci.com
Business Contact
 Robert Simpson
Title: Mgr of Fin/Controller
Phone: (781) 933-5355
Email: rsimpson@ssci.com
Research Institution
 GEORGIA INSTITUTE OF TECHNOLOGY
 Sherry A Levy
 505 Tenth Street, NW
Atlanta, GA, 30332
 (404) 385-2879
 Nonprofit college or university
Abstract
The insider threat remains one of the most difficult to detect -- left alone to mitigate -- threats against information systems. The overall objective of the effort (Phase I and Phase II) is to produce and prototype a Distributed Insider Threat Detection System (DITDS) for distributed environments, capable of identifying and quantifying emerging insider threats against the network, allowing for timely mitigation. Instead of relying on large centralized databases for tracking the evolution of the multi-stage attacks, we propose an interactive methodology, with sensor data being fetched from the hosts as needed in the evaluation process. Our solution includes: (1) A heterogeneous, distributed sensor suite, which, under request from the DITDS manager, gather information from multiple nodes; (2) Given the readings from the multiple sensors, continuous evaluation of the network with respect to known multi-stage attack scenarios, and continuous search for new attack scenarios; (3) mechanisms centered on mobile agents for inoculating the various components of the network against a detected attack, and (4) mechanisms for integrating behavioral information about the users into the decision making process. The College of Computing at the Georgia Institute of Technology will serve as the University partner. Lockheed Martin Information Assurance (LMIA) will serve as a subcontractor, providing data sets representative of insider attacks. These data sets will be collected using LMIA's DAIWatch(TM) system.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government