An Efficient Distributed Scalable Intrusion Detection System for Rapid Detection of Insider Attacks
Small Business Information
28119 Ridgefern Court, Rancho Palos Verdes, CA, 90275
Vice President, Research
Vice President, Research
AbstractThe critical criteria for intrusion detection systems (IDS) are the speed of detection, the false alarm rate, and the number of types of attacks that can be detected. Unlike external attacks, insider attacks are not well understood today. Advanced Scienceand Novel Technology (ADSANTEC) proposes key technological advancements in the area of insider IDS based on its revolutionary adaptive change-point detection algorithms with the following major benefits:(1) Efficient local IDS algorithms for rapid detection of insider attacks(2) Multi-sensor distributed detection technology with multi-level false alarm filtering(3) Fusion center for data and decisions identifying insider attack trends and patternsDuring Phase I, ADSANTEC will identify most informative observables, demonstrate the flexibility of the approach, and evaluate the advantages of our detection system compared to existing ones. As an illustration, we will apply this methodology fordetection of unauthorized access and misuse of resources. Existing solutions for detection of these intrusions do not employ statistical methods and suffer from uncontrollable false alarm rates and scalability problems in large distributed networks. TheADSANTEC's approach addresses both of these crucial issues. Active probing and service quality monitoring when combined with the ADSANTEC's change-point detection methods will allow us to achieve two important improvements as compared to the existing IDS:an increase of the probability of detection of unknown, stealthy attacks and a decrease of the false alarm rate. We also anticipate that the distributed, scalable IDS configuration will allow us to improve the overall performance of the system in terms ofdetection capabilities and lowering false detections.Phase I architectural and algorithmic design along with the results of preliminary simulations will constitute a basis for the development, training, and testing in Phase II where the proposed detection methods will be extensively trained andexperimentally tested in the available testbeds. The successful completion of this program will result in commercialization of the most advanced algorithm for rapid detection and mitigation of insider attacks in military, homeland defense and industrialnetworks.
* information listed above is at the time of submission.