Scalable Intrusion Detection System for Rapid Global Detection of Network Attacks

Award Information
Agency:
Department of Energy
Branch
n/a
Amount:
$99,958.00
Award Year:
2005
Program:
SBIR
Phase:
Phase I
Contract:
DE-FG02-05ER84136
Agency Tracking Number:
78652S05-I
Solicitation Year:
n/a
Solicitation Topic Code:
n/a
Solicitation Number:
n/a
Small Business Information
Advanced Science And Novel Technology Company
27 Via Porto Grande, Rancho Palos Verdes, CA, 90275
Hubzone Owned:
N
Socially and Economically Disadvantaged:
N
Woman Owned:
N
Duns:
n/a
Principal Investigator:
Alexander Tartakovsky
Dr.
(310) 292-7847
tartakov@adsantec.com
Business Contact:
Vladimir Katzman
Dr.
(310) 377-6029
katzman@adsantec.com
Research Institution:
n/a
Abstract
78652S05 Rapid response, minimal false alarm rate, and the capability to detect a wide spectrum of attacks are the crucial features of intrusion detection systems. Current intrusion detection systems fall short of one or more of these requirements, especially in large-scale high-speed networks. This project will develop an efficient detection system that detects attacks with minimal detection delays for a given (low) false alarm rate at extremely high data rates. The approach is based on change-point detection theory and utilizes adaptive architecture that provides for the efficient autoselection of the best possible configuration under current conditions, thereby reducing susceptibility to a changing environment. In addition, statistical parallelization techniques will be developed to allow anomaly and signature-based rapid detection algorithms to be applied to intrusion detection in large distributed networks with ultra-high speed backbones. Phase I will develop: (1) advanced statistical algorithms for rapid anomaly and signature detection, with a controlled false alarm rate in ultra high-speed networks; (2) a bank of detection filters and autoselection procedures for the intrusion detection system with a reconfigurable architecture; (3) parallel, low-latency statistical algorithms and corresponding data fusion algorithms that minimize detection delays and communication bandwidth for large distributed networks; and (4) algorithms for the localization of raw data for forensic analysis. Commercial Applications and Other Benefits as described by the awardee: The new intrusion detection system should become the most advanced system for reliable detection and forensic analysis of network intrusions in military, homeland defense, federal, industrial, and enterprise ultra high-speed networks. In particular, this intrusion detection system should be applicable for deployment in the next generation of high-performance networks that interconnect DOE containing supercomputers, experimental facilities, and storage systems.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government