A Distributed Scalable Intrusion Detection System for Rapid Detection of Insider Attacks

Award Information
Agency:
Department of Defense
Branch
Army
Amount:
$729,969.00
Award Year:
2003
Program:
SBIR
Phase:
Phase II
Contract:
W911QX-04-C-0001
Award Id:
62887
Agency Tracking Number:
A022-0140
Solicitation Year:
n/a
Solicitation Topic Code:
n/a
Solicitation Number:
n/a
Small Business Information
28119 Ridgefern Court, Rancho Palos Verdes, CA, 90275
Hubzone Owned:
N
Minority Owned:
N
Woman Owned:
N
Duns:
114422095
Principal Investigator:
AlexanderTartakovsky
Vice president
(310) 377-6029
tartakov@adsantec.com
Business Contact:
VladimirKatzman
President
(310) 377-6029
katzman@adsantec.com
Research Institute:
n/a
Abstract
Rapid response, minimal false alarm rate, and the capability to detect a wide spectrum of attacks are the crucial features of intrusion detection systems. The ultimate goal of this effort is to develop an integrated general framework for rapid detection ofinsider attacks for simultaneous defense of information systems on all required levels, which range from small local sub-networks to global distributed enterprise networks. In Phase I, the feasibility of our approach to rapid detection of internal attackswas demonstrated. In Phase II, we will further develop, implement, and test advanced statistical methods for defense against cyber-terrorism in high-speed computer networks. Powerful statistical techniques, such as adaptive change-point detection methods,hidden Markov models, and statistical learning, will be exploited in order to develop an optimized global distributed intrusion detection system that overcomes the major drawbacks and limitations of current detection systems. This system will have anadaptive, re-configurable structure that utilizes auto-tuning and auto-selection procedures for optimal configuration, reducing susceptibility to changes in environment. We will use collected data to tune and to optimize the detection system and to testthe prototype using state-of-the-art testbeds. Prototype software will be delivered and demonstrated at the end of Phase II.This effort will develop robust, mathematically rigorous, and, in certain senses, statistically optimal defense techniques. Thedevelopment will be carried out in a generic way so that these methods can be readily adapted to any insider intrusion defense implementation. As a result, this work will significantly increase the likelihood that an effective defense system will bedeveloped. We anticipate that this system, which is based on the advanced change-point detection method, will offer crucial improvements, specifically increased detection probability for unknown attacks, lower false alarm rates, and lower detection times,when compared to existing systems. We also anticipate that the distributed, scalable configuration will offer further improvements in overall performance in terms of lowering false alarm rates and increasing detection capabilities at high data rates.The successful completion of this program will result in the commercialization of the most advanced algorithm available for rapid detection of attacks in government, commercial and enterprise networks. The developed intrusion detection software will beparticularly effective in protecting these networks against insider threats. The complete software package can also be used by financial institutions in order to increase the security of their existing networks.

* information listed above is at the time of submission.

Agency Micro-sites


SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government