Network Sensor to Geolocate Cyber Attacks and Framework
Small Business Information
Reservoir Labs., Inc.
632 Broadway, Suite 803, New York, NY, -
AbstractThis proposal describes a cyber-defense research and development program. The technologies offered and to be developed will increase the depth and pervasiveness of cyber defenses through Navy systems, provide a platform for more rapid deployment of new defenses, increase the performance (data bandwidth and energy efficiency), and provide a global view to allow new forms of understanding and defense of Navy global IP networks. The proposed technology consists of a network-based IP sensor that will enable a new breed of sophisticated algorithms toward the detection of cyber security attacks. The sensor will be able to seamlessly extract relevant features from the network traffic, store historical snapshots of the network, and use both historical and current state of the network to detect attacks. To that end, we propose to use Bro, the open source, language-rich, network analyzer developed at the ICSI Center for Internet Research (ICIR), as a programmable building block, and to extend its current capabilities to support richer mathematical frameworks required to detect sophisticated cyber attacks. Besides providing a programmable framework, the proposed technology will integrate specific algorithms toward the detection of highly distributed, stealth attacks and their geolocation on a multi-resolution world map.
* information listed above is at the time of submission.