A lightweight infrastructure for detection and mitigation of insider threats in distributed environments

Award Information
Agency:
Department of Defense
Branch
Missile Defense Agency
Amount:
$100,000.00
Award Year:
2006
Program:
STTR
Phase:
Phase I
Contract:
HQ0006-06-C-7524
Award Id:
78112
Agency Tracking Number:
B064-009-0096
Solicitation Year:
n/a
Solicitation Topic Code:
n/a
Solicitation Number:
n/a
Small Business Information
500 West Cummings Park - Ste 3000, Woburn, MA, 01801
Hubzone Owned:
N
Minority Owned:
N
Woman Owned:
N
Duns:
859244204
Principal Investigator:
Joao Cabrera
Principal Investigator
(781) 933-5355
cabrera@ssci.com
Business Contact:
Robert Simpson
Mgr of Fin/Controller
(781) 933-5355
rsimpson@ssci.com
Research Institute:
GEORGIA INSTITUTE OF TECHNOLOGY
Sherry A Levy
505 Tenth Street, NW
Atlanta, GA, 30332
(404) 385-2879
Nonprofit college or university
Abstract
The insider threat remains one of the most difficult to detect -- left alone to mitigate -- threats against information systems. The overall objective of the effort (Phase I and Phase II) is to produce and prototype a Distributed Insider Threat Detection System (DITDS) for distributed environments, capable of identifying and quantifying emerging insider threats against the network, allowing for timely mitigation. Instead of relying on large centralized databases for tracking the evolution of the multi-stage attacks, we propose an interactive methodology, with sensor data being fetched from the hosts as needed in the evaluation process. Our solution includes: (1) A heterogeneous, distributed sensor suite, which, under request from the DITDS manager, gather information from multiple nodes; (2) Given the readings from the multiple sensors, continuous evaluation of the network with respect to known multi-stage attack scenarios, and continuous search for new attack scenarios; (3) mechanisms centered on mobile agents for inoculating the various components of the network against a detected attack, and (4) mechanisms for integrating behavioral information about the users into the decision making process. The College of Computing at the Georgia Institute of Technology will serve as the University partner. Lockheed Martin Information Assurance (LMIA) will serve as a subcontractor, providing data sets representative of insider attacks. These data sets will be collected using LMIA's DAIWatch(TM) system.

* information listed above is at the time of submission.

Agency Micro-sites


SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government