Computer Network Operations (CNO) for Ground-based Midcourse Defense (GMD)
Small Business Information
2227 Drake Avenue, Suite 27, Huntsville, AL, 35805
AbstractMost computer network intrusion detection (ID) systems are based on the detection of a priori patterns determined during security audits, or more often by post-attack forensic analysis. By all estimates, thousands of new attack modes are identified each year which cause damage until they are discovered. The problem is compounded by the threat of stealthy `insider' attacks which may go undiscovered for extended periods. The evolution of the Ballistic Missile Defense System (BMDS) will introduce new external components (e.g., Aegis) into what has been a closed system. These additional elements will expand and improve the capabilities of the BMDS, but they will also introduce significant new Computer Network Operations (CNO) concerns. Improved methods are needed that can provide increased protection. Torch Technologies will examine the feasibility of integrating Maximum Likelihood Adaptive Neural System (MLANS) technology into agent-based intrusion detection (ID) systems. Through adaptive, multidimensional statistical modeling of network traffic within the system, MLANS-capable ID systems will increase the detection rates of internal and external malicious activity, reduce detection time, and decrease false positives. Because it is a ML technique, MLANS achieves the Cramer-Rao bound for the fastest possible learning and accuracy, and the Bayes Error for the least possible error rate. Feasibility analysis will focus on extending the MLANS algorithm to incorporate the Weibull density in order to model the chaotic nature of inter-arrival and service times and other parameters poorly modeled by Gaussian mixtures.
* information listed above is at the time of submission.