Integrated Agent-based Cyber Behavior Anomaly Detection and Analysis Approach for Enterprise Networks and Workstations

Award Information
Agency:
Department of Defense
Branch
n/a
Amount:
$744,014.00
Award Year:
2011
Program:
SBIR
Phase:
Phase II
Contract:
FA8750-11-C-0164
Award Id:
n/a
Agency Tracking Number:
F093-051-2132
Solicitation Year:
2009
Solicitation Topic Code:
AF093-051
Solicitation Number:
2009.3
Small Business Information
15400 Calhoun Drive, Suite 400, Rockville, MD, -
Hubzone Owned:
N
Minority Owned:
N
Woman Owned:
Y
Duns:
161911532
Principal Investigator:
YiCheng
Research Scientist
(301) 294-5215
ycheng@i-a-i.com
Business Contact:
MarkJames
Director, Contracts and P
(301) 294-5221
mjames@i-a-i.com
Research Institute:
Stub




Abstract
ABSTRACT: Cyber behavior attribution, analysis, and anomaly detection has been a critical issue in today"s computer networks. As the business operations and assets are under more multiple points of malicious attacks from both inside and outside, protecting data, software and hardware from various cyber attacks, malwares, fraud and/or malicious user activities is, now more than ever, a"need"than just a"concern"for enterprise networks. Existing firewalls and intrusion detection systems are not sufficient to fully protect today"s enterprise networks from new emerged attacks, malware, and user"s misbehavior. To address this problem, Intelligent Automation, Inc., proposes an integrated agent-based cyber behavior anomaly detection and analysis approach to effectively and efficiently detect and analyze cyber behavior anomalies in enterprise networks and workstations. In Phase I work, we have successfully performed feasibility studies and demonstrated our preliminary software prototype. In Phase II, we will extend work by adding new design aspects and implementing a fully functional approach to support high-speed accurate cyber behavior analysis and anomaly detection. The significant advantage of the proposed system is: 1) reliable and highly accurate detection, 2) scalable to high-speed networks, 3) allows aggregate detection over multiple routers/gateways, and 4) reduced false alarms. BENEFIT: Essentially, the proposed system is an integrated cyber behavior anomaly detection and analysis approach. It integrates recent advances on network and host level anomaly detecting techniques, as well as high-speed streaming data processing techniques. If our approach is proven successful, the potential market size is very large. In addition, our industry partner, Lockheed Martin can transition these technologies. One direct product of this research will be an integrated cyber behavior anomaly detection and analysis software tool. We expect that this tool can support different attack scenarios and various network sizes. It can detect various types of cyber attacks, malware, user misbehaviors and other anomalous cyber events with high efficiency and reliability. More importantly, the tool is very efficient for detecting new emerged cyber threats even without predefined attack signatures. The developed tool can be applied to protect enterprise-level networks such as military information networks.

* information listed above is at the time of submission.

Agency Micro-sites


SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government