Scalable Intrusion Detection System for Rapid Global Detection of Network Attacks

Award Information
Agency:
Department of Energy
Branch
n/a
Amount:
$99,958.00
Award Year:
2005
Program:
SBIR
Phase:
Phase I
Contract:
DE-FG02-05ER84136
Award Id:
72457
Agency Tracking Number:
78652S05-I
Solicitation Year:
n/a
Solicitation Topic Code:
n/a
Solicitation Number:
n/a
Small Business Information
27 Via Porto Grande, Rancho Palos Verdes, CA, 90275
Hubzone Owned:
N
Minority Owned:
N
Woman Owned:
N
Duns:
n/a
Principal Investigator:
AlexanderTartakovsky
Dr.
(310) 292-7847
tartakov@adsantec.com
Business Contact:
VladimirKatzman
Dr.
(310) 377-6029
katzman@adsantec.com
Research Institute:
n/a
Abstract
78652S05 Rapid response, minimal false alarm rate, and the capability to detect a wide spectrum of attacks are the crucial features of intrusion detection systems. Current intrusion detection systems fall short of one or more of these requirements, especially in large-scale high-speed networks. This project will develop an efficient detection system that detects attacks with minimal detection delays for a given (low) false alarm rate at extremely high data rates. The approach is based on change-point detection theory and utilizes adaptive architecture that provides for the efficient autoselection of the best possible configuration under current conditions, thereby reducing susceptibility to a changing environment. In addition, statistical parallelization techniques will be developed to allow anomaly and signature-based rapid detection algorithms to be applied to intrusion detection in large distributed networks with ultra-high speed backbones. Phase I will develop: (1) advanced statistical algorithms for rapid anomaly and signature detection, with a controlled false alarm rate in ultra high-speed networks; (2) a bank of detection filters and autoselection procedures for the intrusion detection system with a reconfigurable architecture; (3) parallel, low-latency statistical algorithms and corresponding data fusion algorithms that minimize detection delays and communication bandwidth for large distributed networks; and (4) algorithms for the localization of raw data for forensic analysis. Commercial Applications and Other Benefits as described by the awardee: The new intrusion detection system should become the most advanced system for reliable detection and forensic analysis of network intrusions in military, homeland defense, federal, industrial, and enterprise ultra high-speed networks. In particular, this intrusion detection system should be applicable for deployment in the next generation of high-performance networks that interconnect DOE containing supercomputers, experimental facilities, and storage systems.

* information listed above is at the time of submission.

Agency Micro-sites


SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government