Integrated Agent-based Cyber Behavior Anomaly Detection and Analysis Approach for Enterprise Networks and Workstations

Award Information
Agency:
Department of Defense
Branch:
Air Force
Amount:
$744,014.00
Award Year:
2011
Program:
SBIR
Phase:
Phase II
Contract:
FA8750-11-C-0164
Agency Tracking Number:
F093-051-2132
Solicitation Year:
2009
Solicitation Topic Code:
AF093-051
Solicitation Number:
2009.3
Small Business Information
Intelligent Automation, Inc.
15400 Calhoun Drive, Suite 400, Rockville, MD, -
Hubzone Owned:
N
Socially and Economically Disadvantaged:
N
Woman Owned:
Y
Duns:
161911532
Principal Investigator
 Yi Cheng
 Research Scientist
 (301) 294-5215
 ycheng@i-a-i.com
Business Contact
 Mark James
Title: Director, Contracts and P
Phone: (301) 294-5221
Email: mjames@i-a-i.com
Research Institution
 Stub
Abstract
ABSTRACT: Cyber behavior attribution, analysis, and anomaly detection has been a critical issue in today"s computer networks. As the business operations and assets are under more multiple points of malicious attacks from both inside and outside, protecting data, software and hardware from various cyber attacks, malwares, fraud and/or malicious user activities is, now more than ever, a"need"than just a"concern"for enterprise networks. Existing firewalls and intrusion detection systems are not sufficient to fully protect today"s enterprise networks from new emerged attacks, malware, and user"s misbehavior. To address this problem, Intelligent Automation, Inc., proposes an integrated agent-based cyber behavior anomaly detection and analysis approach to effectively and efficiently detect and analyze cyber behavior anomalies in enterprise networks and workstations. In Phase I work, we have successfully performed feasibility studies and demonstrated our preliminary software prototype. In Phase II, we will extend work by adding new design aspects and implementing a fully functional approach to support high-speed accurate cyber behavior analysis and anomaly detection. The significant advantage of the proposed system is: 1) reliable and highly accurate detection, 2) scalable to high-speed networks, 3) allows aggregate detection over multiple routers/gateways, and 4) reduced false alarms. BENEFIT: Essentially, the proposed system is an integrated cyber behavior anomaly detection and analysis approach. It integrates recent advances on network and host level anomaly detecting techniques, as well as high-speed streaming data processing techniques. If our approach is proven successful, the potential market size is very large. In addition, our industry partner, Lockheed Martin can transition these technologies. One direct product of this research will be an integrated cyber behavior anomaly detection and analysis software tool. We expect that this tool can support different attack scenarios and various network sizes. It can detect various types of cyber attacks, malware, user misbehaviors and other anomalous cyber events with high efficiency and reliability. More importantly, the tool is very efficient for detecting new emerged cyber threats even without predefined attack signatures. The developed tool can be applied to protect enterprise-level networks such as military information networks.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government