An Efficient Distributed Scalable Intrusion Detection System for Rapid Detection of Insider Attacks

Award Information
Agency: Department of Defense
Branch: Army
Contract: DAAD17-03-C-005
Agency Tracking Number: A022-0140
Amount: $119,848.00
Phase: Phase I
Program: SBIR
Awards Year: 2003
Solitcitation Year: N/A
Solitcitation Topic Code: N/A
Solitcitation Number: N/A
Small Business Information
ADVANCED SCIENCE & NOVEL TECHNOLOGY
28119 Ridgefern Court, Rancho Palos Verdes, CA, 90275
Duns: N/A
Hubzone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 Alexander Tartakovsky
 Vice President, Research
 (310) 377-6029
 tartakov@math.usc.edu
Business Contact
 Vladimir Katzman
Title: President
Phone: (310) 377-6029
Email: traffic405@cox.net
Research Institution
N/A
Abstract
The critical criteria for intrusion detection systems (IDS) are the speed of detection, the false alarm rate, and the number of types of attacks that can be detected. Unlike external attacks, insider attacks are not well understood today. Advanced Scienceand Novel Technology (ADSANTEC) proposes key technological advancements in the area of insider IDS based on its revolutionary adaptive change-point detection algorithms with the following major benefits:(1) Efficient local IDS algorithms for rapid detection of insider attacks(2) Multi-sensor distributed detection technology with multi-level false alarm filtering(3) Fusion center for data and decisions identifying insider attack trends and patternsDuring Phase I, ADSANTEC will identify most informative observables, demonstrate the flexibility of the approach, and evaluate the advantages of our detection system compared to existing ones. As an illustration, we will apply this methodology fordetection of unauthorized access and misuse of resources. Existing solutions for detection of these intrusions do not employ statistical methods and suffer from uncontrollable false alarm rates and scalability problems in large distributed networks. TheADSANTEC's approach addresses both of these crucial issues. Active probing and service quality monitoring when combined with the ADSANTEC's change-point detection methods will allow us to achieve two important improvements as compared to the existing IDS:an increase of the probability of detection of unknown, stealthy attacks and a decrease of the false alarm rate. We also anticipate that the distributed, scalable IDS configuration will allow us to improve the overall performance of the system in terms ofdetection capabilities and lowering false detections.Phase I architectural and algorithmic design along with the results of preliminary simulations will constitute a basis for the development, training, and testing in Phase II where the proposed detection methods will be extensively trained andexperimentally tested in the available testbeds. The successful completion of this program will result in commercialization of the most advanced algorithm for rapid detection and mitigation of insider attacks in military, homeland defense and industrialnetworks.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government