Integrated Agent-based Cyber Behavior Anomaly Detection and Analysis Approach for Enterprise Networks and Workstations

Award Information
Department of Defense
Award Year:
Phase II
Agency Tracking Number:
Solicitation Year:
Solicitation Topic Code:
Solicitation Number:
Small Business Information
Intelligent Automation, Inc.
15400 Calhoun Drive, Suite 400, Rockville, MD, -
Hubzone Owned:
Minority Owned:
Woman Owned:
Principal Investigator:
Yi Cheng
Research Scientist
(301) 294-5215
Business Contact:
Mark James
Director, Contracts and P
(301) 294-5221
Research Institution:

ABSTRACT: Cyber behavior attribution, analysis, and anomaly detection has been a critical issue in today"s computer networks. As the business operations and assets are under more multiple points of malicious attacks from both inside and outside, protecting data, software and hardware from various cyber attacks, malwares, fraud and/or malicious user activities is, now more than ever, a"need"than just a"concern"for enterprise networks. Existing firewalls and intrusion detection systems are not sufficient to fully protect today"s enterprise networks from new emerged attacks, malware, and user"s misbehavior. To address this problem, Intelligent Automation, Inc., proposes an integrated agent-based cyber behavior anomaly detection and analysis approach to effectively and efficiently detect and analyze cyber behavior anomalies in enterprise networks and workstations. In Phase I work, we have successfully performed feasibility studies and demonstrated our preliminary software prototype. In Phase II, we will extend work by adding new design aspects and implementing a fully functional approach to support high-speed accurate cyber behavior analysis and anomaly detection. The significant advantage of the proposed system is: 1) reliable and highly accurate detection, 2) scalable to high-speed networks, 3) allows aggregate detection over multiple routers/gateways, and 4) reduced false alarms. BENEFIT: Essentially, the proposed system is an integrated cyber behavior anomaly detection and analysis approach. It integrates recent advances on network and host level anomaly detecting techniques, as well as high-speed streaming data processing techniques. If our approach is proven successful, the potential market size is very large. In addition, our industry partner, Lockheed Martin can transition these technologies. One direct product of this research will be an integrated cyber behavior anomaly detection and analysis software tool. We expect that this tool can support different attack scenarios and various network sizes. It can detect various types of cyber attacks, malware, user misbehaviors and other anomalous cyber events with high efficiency and reliability. More importantly, the tool is very efficient for detecting new emerged cyber threats even without predefined attack signatures. The developed tool can be applied to protect enterprise-level networks such as military information networks.

* information listed above is at the time of submission.

Agency Micro-sites

SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government