A Distributed Scalable Intrusion Detection System for Rapid Detection of Insider Attacks

Award Information
Agency: Department of Defense
Branch: Army
Contract: W911QX-04-C-0001
Agency Tracking Number: A022-0140
Amount: $729,969.00
Phase: Phase II
Program: SBIR
Awards Year: 2003
Solicitation Year: N/A
Solicitation Topic Code: N/A
Solicitation Number: N/A
Small Business Information
28119 Ridgefern Court, Rancho Palos Verdes, CA, 90275
DUNS: 114422095
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 Alexander Tartakovsky
 Vice president
 (310) 377-6029
Business Contact
 Vladimir Katzman
Title: President
Phone: (310) 377-6029
Email: katzman@adsantec.com
Research Institution
Rapid response, minimal false alarm rate, and the capability to detect a wide spectrum of attacks are the crucial features of intrusion detection systems. The ultimate goal of this effort is to develop an integrated general framework for rapid detection ofinsider attacks for simultaneous defense of information systems on all required levels, which range from small local sub-networks to global distributed enterprise networks. In Phase I, the feasibility of our approach to rapid detection of internal attackswas demonstrated. In Phase II, we will further develop, implement, and test advanced statistical methods for defense against cyber-terrorism in high-speed computer networks. Powerful statistical techniques, such as adaptive change-point detection methods,hidden Markov models, and statistical learning, will be exploited in order to develop an optimized global distributed intrusion detection system that overcomes the major drawbacks and limitations of current detection systems. This system will have anadaptive, re-configurable structure that utilizes auto-tuning and auto-selection procedures for optimal configuration, reducing susceptibility to changes in environment. We will use collected data to tune and to optimize the detection system and to testthe prototype using state-of-the-art testbeds. Prototype software will be delivered and demonstrated at the end of Phase II.This effort will develop robust, mathematically rigorous, and, in certain senses, statistically optimal defense techniques. Thedevelopment will be carried out in a generic way so that these methods can be readily adapted to any insider intrusion defense implementation. As a result, this work will significantly increase the likelihood that an effective defense system will bedeveloped. We anticipate that this system, which is based on the advanced change-point detection method, will offer crucial improvements, specifically increased detection probability for unknown attacks, lower false alarm rates, and lower detection times,when compared to existing systems. We also anticipate that the distributed, scalable configuration will offer further improvements in overall performance in terms of lowering false alarm rates and increasing detection capabilities at high data rates.The successful completion of this program will result in the commercialization of the most advanced algorithm available for rapid detection of attacks in government, commercial and enterprise networks. The developed intrusion detection software will beparticularly effective in protecting these networks against insider threats. The complete software package can also be used by financial institutions in order to increase the security of their existing networks.

* Information listed above is at the time of submission. *

Agency Micro-sites

SBA logo
Department of Agriculture logo
Department of Commerce logo
Department of Defense logo
Department of Education logo
Department of Energy logo
Department of Health and Human Services logo
Department of Homeland Security logo
Department of Transportation logo
Environmental Protection Agency logo
National Aeronautics and Space Administration logo
National Science Foundation logo
US Flag An Official Website of the United States Government