A Network Sensor-Based Defense Framework for Active Network Security Situation Awareness and Impact Mitigation
Small Business Information
39 Timber Rock Rd, Gaithersburg, MD, 20878-2266
AbstractABSTRACT: Cyber-attacks are increasing in frequency, impact, and complexity, which demonstrate extensive vulnerabilities of networks with the potential for catastrophic damage. Defending against these cyber-attacks requires network security situation awareness (SA) through distributed collaborative monitoring, detection, and mitigation. In the Phase I project, IFT team has developed a Network Sensor-Based Defense Framework for Active Network Security Situation Awareness and Impact Mitigation. The framework features five elements: distributed network sensors (both passive and active), effective anomaly detectors, cyber-attack scene investigation, game theoretic cyber-attack formalization, and Google Earth based multi-view and multi-layer visualization. The preliminary yet promising results obtained in the Phase I study clearly demonstrate that IFT"s network sensor based defense framework provides innovative and effective SA techniques for active network security and proactive impact mitigation against cyber network attacks. In the Phase II research proposed, we will revise, extend, and optimize the Phase I research results with the focus on enhanced detection techniques, privacy-preserving, insider attack detection, game theoretic intent inference and impact mitigation, trust/assurance of network sensors, system resilience/agility, social-cultural factor modeling, traceback for anonymous attacks, and coordination between passive sensors and active sensors for a holistic cyber assessment testbed to enhance strategic and operational capabilities. BENEFIT: The innovations that we are developing will improve situation awareness, planning, data theft protection, and decision support for many military applications contending with complex malicious network attacks. The first near term DOD application target is the Cyber Warriors program, which is an Air Force stringent need. The second near term DOD application target is Distributed Common Ground System (DCGS) program and other programs where Raytheon-IIS is the Prime Contractor. Raytheon-IIS is prime contractor on the DCGS, Universal Control System (UCS), and next generation GPS control segment (GPS OCX). IFT has developed a strong and realistic plan to transition our technology to Raytheon programs. The cyber technology is also applicable to commercial systems. IFT"s target application will focus on civilian networks, such as finance, medicine, communications, electric power, nuclear energy, Internet service providers, and air traffic control.
* information listed above is at the time of submission.