Scalable Intrusion Detection System for Rapid Global Detection of Network Attacks

Award Information
Agency: Department of Energy
Branch: N/A
Contract: DE-FG02-05ER84136
Agency Tracking Number: 78652S05-I
Amount: $99,958.00
Phase: Phase I
Program: SBIR
Awards Year: 2005
Solitcitation Year: 2006
Solitcitation Topic Code: 40
Solitcitation Number: DE-FG02-06ER06-09
Small Business Information
Advanced Science and Novel Technology Company
27 Via Porto Grande, Rancho Palos Verdes, CA, 90275
Duns: N/A
Hubzone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 Alexander Tartakovsky
 Dr.
 (310) 292-7847
 tartakov@usc.edu
Business Contact
 Vladimir Katzman
Title: Dr.
Phone: (310) 377-6029
Email: traffic405@cox.net
Research Institution
N/A
Abstract
78652S05 Rapid response, minimal false alarm rate, and the capability to detect a wide spectrum of attacks are the crucial features of intrusion detection systems. Current intrusion detection systems fall short of one or more of these requirements, especially in large-scale high-speed networks. This project will develop an efficient detection system that detects attacks with minimal detection delays for a given (low) false alarm rate at extremely high data rates. The approach is based on change-point detection theory and utilizes adaptive architecture that provides for the efficient autoselection of the best possible configuration under current conditions, thereby reducing susceptibility to a changing environment. In addition, statistical parallelization techniques will be developed to allow anomaly and signature-based rapid detection algorithms to be applied to intrusion detection in large distributed networks with ultra-high speed backbones. Phase I will develop: (1) advanced statistical algorithms for rapid anomaly and signature detection, with a controlled false alarm rate in ultra high-speed networks; (2) a bank of detection filters and autoselection procedures for the intrusion detection system with a reconfigurable architecture; (3) parallel, low-latency statistical algorithms and corresponding data fusion algorithms that minimize detection delays and communication bandwidth for large distributed networks; and (4) algorithms for the localization of raw data for forensic analysis. Commercial Applications and Other Benefits as described by the awardee: The new intrusion detection system should become the most advanced system for reliable detection and forensic analysis of network intrusions in military, homeland defense, federal, industrial, and enterprise ultra high-speed networks. In particular, this intrusion detection system should be applicable for deployment in the next generation of high-performance networks that interconnect DOE containing supercomputers, experimental facilities, and storage systems.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government