An Efficient Distributed Scalable Intrusion Detection System for Rapid Detection of Insider Attacks

Award Information
Agency:
Department of Defense
Branch
Army
Amount:
$119,848.00
Award Year:
2003
Program:
SBIR
Phase:
Phase I
Contract:
DAAD17-03-C-005
Award Id:
62887
Agency Tracking Number:
A022-0140
Solicitation Year:
n/a
Solicitation Topic Code:
n/a
Solicitation Number:
n/a
Small Business Information
28119 Ridgefern Court, Rancho Palos Verdes, CA, 90275
Hubzone Owned:
N
Minority Owned:
N
Woman Owned:
N
Duns:
n/a
Principal Investigator:
Alexander Tartakovsky
Vice President, Research
(310) 377-6029
tartakov@math.usc.edu
Business Contact:
Vladimir Katzman
President
(310) 377-6029
traffic405@cox.net
Research Institute:
n/a
Abstract
The critical criteria for intrusion detection systems (IDS) are the speed of detection, the false alarm rate, and the number of types of attacks that can be detected. Unlike external attacks, insider attacks are not well understood today. Advanced Scienceand Novel Technology (ADSANTEC) proposes key technological advancements in the area of insider IDS based on its revolutionary adaptive change-point detection algorithms with the following major benefits:(1) Efficient local IDS algorithms for rapid detection of insider attacks(2) Multi-sensor distributed detection technology with multi-level false alarm filtering(3) Fusion center for data and decisions identifying insider attack trends and patternsDuring Phase I, ADSANTEC will identify most informative observables, demonstrate the flexibility of the approach, and evaluate the advantages of our detection system compared to existing ones. As an illustration, we will apply this methodology fordetection of unauthorized access and misuse of resources. Existing solutions for detection of these intrusions do not employ statistical methods and suffer from uncontrollable false alarm rates and scalability problems in large distributed networks. TheADSANTEC's approach addresses both of these crucial issues. Active probing and service quality monitoring when combined with the ADSANTEC's change-point detection methods will allow us to achieve two important improvements as compared to the existing IDS:an increase of the probability of detection of unknown, stealthy attacks and a decrease of the false alarm rate. We also anticipate that the distributed, scalable IDS configuration will allow us to improve the overall performance of the system in terms ofdetection capabilities and lowering false detections.Phase I architectural and algorithmic design along with the results of preliminary simulations will constitute a basis for the development, training, and testing in Phase II where the proposed detection methods will be extensively trained andexperimentally tested in the available testbeds. The successful completion of this program will result in commercialization of the most advanced algorithm for rapid detection and mitigation of insider attacks in military, homeland defense and industrialnetworks.

* information listed above is at the time of submission.

Agency Micro-sites


SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government