Scalable Intrusion Detection System for Rapid Global Detection of Network Attacks
Small Business Information
27 Via Porto Grande, Rancho Palos Verdes, CA, 90275
Abstract78652S05 Rapid response, minimal false alarm rate, and the capability to detect a wide spectrum of attacks are the crucial features of intrusion detection systems. Current intrusion detection systems fall short of one or more of these requirements, especially in large-scale high-speed networks. This project will develop an efficient detection system that detects attacks with minimal detection delays for a given (low) false alarm rate at extremely high data rates. The approach is based on change-point detection theory and utilizes adaptive architecture that provides for the efficient autoselection of the best possible configuration under current conditions, thereby reducing susceptibility to a changing environment. In addition, statistical parallelization techniques will be developed to allow anomaly and signature-based rapid detection algorithms to be applied to intrusion detection in large distributed networks with ultra-high speed backbones. Phase I will develop: (1) advanced statistical algorithms for rapid anomaly and signature detection, with a controlled false alarm rate in ultra high-speed networks; (2) a bank of detection filters and autoselection procedures for the intrusion detection system with a reconfigurable architecture; (3) parallel, low-latency statistical algorithms and corresponding data fusion algorithms that minimize detection delays and communication bandwidth for large distributed networks; and (4) algorithms for the localization of raw data for forensic analysis. Commercial Applications and Other Benefits as described by the awardee: The new intrusion detection system should become the most advanced system for reliable detection and forensic analysis of network intrusions in military, homeland defense, federal, industrial, and enterprise ultra high-speed networks. In particular, this intrusion detection system should be applicable for deployment in the next generation of high-performance networks that interconnect DOE containing supercomputers, experimental facilities, and storage systems.
* information listed above is at the time of submission.