Scalable Intrusion Detection System for Rapid Global Detection of Network Attacks

Award Information
Agency: Department of Energy
Branch: N/A
Contract: DE-FG02-05ER84136
Agency Tracking Number: 78652S05-I
Amount: $750,000.00
Phase: Phase II
Program: SBIR
Awards Year: 2006
Solicitation Year: 2006
Solicitation Topic Code: 40
Solicitation Number: DE-FG02-06ER06-09
Small Business Information
Advanced Science and Novel Technology Company
27 Via Porto Grande, Rancho Palos Verdes, CA, 90275
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 Alexander Tartakovsky
 (310) 292-7847
Business Contact
 Vladimir Katzman
Title: Dr.
Phone: (310) 377-6029
Research Institution
Current ultra high­speed networks carry massive aggregate data ¿ows that must be monitored and pro­cessed to detect and counteract intrusions. The problem is further compounded by the sheer number and complexity of attacks. As a result, the challenges of intrusion detection in ultra-high-­speed networks are outstripping our ability to de­tect, track, fuse, and interpret them. This project will develop a distributed anomaly-­based intrusion detection system, consisting of sensing nodes for local (e.g., host­ level) detection and fusion nodes to combine the output from the sens­ing nodes. Advanced statistical methods will be used to identify hidden patterns and to optimize the operating characteristics of the intrusion detection system. In Phase I, a novel detection system, which detects attacks with minimal delays for a given (low) false alarm rate at extremely high data rates, was developed. An adaptive parallel architecture allowed for an efficient auto-selection of the best possible configuration under existing conditions, thereby reducing susceptibility to a changing envi­ronment. The algorithms were evaluated using asymptotic analysis, Monte Carlo experiments, and deployment in a testbed. Phase II will: (1) develop statistical meth­ods for an efficient, anomaly-­based local detector with a low false alarm rate, as well as a hybrid anomaly-­signature local detector with profiling capability; (2) develop an architecture for the distributed deployment of detectors, along with fusion algorithms to combine outputs for network-­level detections; (3) design and implement sensor and fusion nodes using commercial-­off-­the-­shelf technologies; and (4) develop a laboratory testbed to support implementation and testing. Commercial Applications and other Benefits as described by the awardee: The new intrusion detection system should be of particular relevance to DOE networks that support large-­scale science applications. Advantages over existing systems include an increased probability of detecting unknown attacks, and a lower false alarm rate and detection time

* information listed above is at the time of submission.

Agency Micro-sites

SBA logo
Department of Agriculture logo
Department of Commerce logo
Department of Defense logo
Department of Education logo
Department of Energy logo
Department of Health and Human Services logo
Department of Homeland Security logo
Department of Transportation logo
Environmental Protection Agency logo
National Aeronautics and Space Administration logo
National Science Foundation logo
US Flag An Official Website of the United States Government