Scalable Intrusion Detection System for Rapid Global Detection of Network Attacks

Award Information
Agency:
Department of Energy
Branch
n/a
Amount:
$750,000.00
Award Year:
2006
Program:
SBIR
Phase:
Phase II
Contract:
DE-FG02-05ER84136
Award Id:
72457
Agency Tracking Number:
78652S05-I
Solicitation Year:
n/a
Solicitation Topic Code:
n/a
Solicitation Number:
n/a
Small Business Information
27 Via Porto Grande, Rancho Palos Verdes, CA, 90275
Hubzone Owned:
N
Minority Owned:
N
Woman Owned:
N
Duns:
n/a
Principal Investigator:
Alexander Tartakovsky
Dr.
(310) 292-7847
tartakov@usc.edu
Business Contact:
Vladimir Katzman
Dr.
(310) 377-6029
traffic405@cox.net
Research Institute:
n/a
Abstract
Current ultra high­speed networks carry massive aggregate data ¿ows that must be monitored and pro­cessed to detect and counteract intrusions. The problem is further compounded by the sheer number and complexity of attacks. As a result, the challenges of intrusion detection in ultra-high-­speed networks are outstripping our ability to de­tect, track, fuse, and interpret them. This project will develop a distributed anomaly-­based intrusion detection system, consisting of sensing nodes for local (e.g., host­ level) detection and fusion nodes to combine the output from the sens­ing nodes. Advanced statistical methods will be used to identify hidden patterns and to optimize the operating characteristics of the intrusion detection system. In Phase I, a novel detection system, which detects attacks with minimal delays for a given (low) false alarm rate at extremely high data rates, was developed. An adaptive parallel architecture allowed for an efficient auto-selection of the best possible configuration under existing conditions, thereby reducing susceptibility to a changing envi­ronment. The algorithms were evaluated using asymptotic analysis, Monte Carlo experiments, and deployment in a testbed. Phase II will: (1) develop statistical meth­ods for an efficient, anomaly-­based local detector with a low false alarm rate, as well as a hybrid anomaly-­signature local detector with profiling capability; (2) develop an architecture for the distributed deployment of detectors, along with fusion algorithms to combine outputs for network-­level detections; (3) design and implement sensor and fusion nodes using commercial-­off-­the-­shelf technologies; and (4) develop a laboratory testbed to support implementation and testing. Commercial Applications and other Benefits as described by the awardee: The new intrusion detection system should be of particular relevance to DOE networks that support large-­scale science applications. Advantages over existing systems include an increased probability of detecting unknown attacks, and a lower false alarm rate and detection time

* information listed above is at the time of submission.

Agency Micro-sites


SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government