Scalable Intrusion Detection System for Rapid Global Detection of Network Attacks

Award Information
Agency:
Department of Energy
Amount:
$99,958.00
Program:
SBIR
Contract:
DE-FG02-05ER84136
Solitcitation Year:
2006
Solicitation Number:
DE-FG02-06ER06-09
Branch:
N/A
Award Year:
2005
Phase:
Phase I
Agency Tracking Number:
78652S05-I
Solicitation Topic Code:
40
Small Business Information
Advanced Science and Novel Technology Company
27 Via Porto Grande, Rancho Palos Verdes, CA, 90275
Hubzone Owned:
N
Woman Owned:
N
Socially and Economically Disadvantaged:
N
Duns:
N/A
Principal Investigator
 Alexander Tartakovsky
 Dr.
 (310) 292-7847
 tartakov@usc.edu
Business Contact
 Vladimir Katzman
Title: Dr.
Phone: (310) 377-6029
Email: traffic405@cox.net
Research Institution
N/A
Abstract
78652S05 Rapid response, minimal false alarm rate, and the capability to detect a wide spectrum of attacks are the crucial features of intrusion detection systems. Current intrusion detection systems fall short of one or more of these requirements, especially in large-scale high-speed networks. This project will develop an efficient detection system that detects attacks with minimal detection delays for a given (low) false alarm rate at extremely high data rates. The approach is based on change-point detection theory and utilizes adaptive architecture that provides for the efficient autoselection of the best possible configuration under current conditions, thereby reducing susceptibility to a changing environment. In addition, statistical parallelization techniques will be developed to allow anomaly and signature-based rapid detection algorithms to be applied to intrusion detection in large distributed networks with ultra-high speed backbones. Phase I will develop: (1) advanced statistical algorithms for rapid anomaly and signature detection, with a controlled false alarm rate in ultra high-speed networks; (2) a bank of detection filters and autoselection procedures for the intrusion detection system with a reconfigurable architecture; (3) parallel, low-latency statistical algorithms and corresponding data fusion algorithms that minimize detection delays and communication bandwidth for large distributed networks; and (4) algorithms for the localization of raw data for forensic analysis. Commercial Applications and Other Benefits as described by the awardee: The new intrusion detection system should become the most advanced system for reliable detection and forensic analysis of network intrusions in military, homeland defense, federal, industrial, and enterprise ultra high-speed networks. In particular, this intrusion detection system should be applicable for deployment in the next generation of high-performance networks that interconnect DOE containing supercomputers, experimental facilities, and storage systems.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government