Scalable Intrusion Detection System for Rapid Global Detection of Network Attacks

Award Information
Agency:
Department of Energy
Branch:
N/A
Amount:
$750,000.00
Award Year:
2006
Program:
SBIR
Phase:
Phase II
Contract:
DE-FG02-05ER84136
Agency Tracking Number:
78652S05-I
Solicitation Year:
2006
Solicitation Topic Code:
40
Solicitation Number:
DE-FG02-06ER06-09
Small Business Information
Advanced Science and Novel Technology Company
27 Via Porto Grande, Rancho Palos Verdes, CA, 90275
Hubzone Owned:
N
Socially and Economically Disadvantaged:
N
Woman Owned:
N
Duns:
N/A
Principal Investigator
 Alexander Tartakovsky
 Dr.
 (310) 292-7847
 tartakov@usc.edu
Business Contact
 Vladimir Katzman
Title: Dr.
Phone: (310) 377-6029
Email: traffic405@cox.net
Research Institution
N/A
Abstract
Current ultra high­speed networks carry massive aggregate data ¿ows that must be monitored and pro­cessed to detect and counteract intrusions. The problem is further compounded by the sheer number and complexity of attacks. As a result, the challenges of intrusion detection in ultra-high-­speed networks are outstripping our ability to de­tect, track, fuse, and interpret them. This project will develop a distributed anomaly-­based intrusion detection system, consisting of sensing nodes for local (e.g., host­ level) detection and fusion nodes to combine the output from the sens­ing nodes. Advanced statistical methods will be used to identify hidden patterns and to optimize the operating characteristics of the intrusion detection system. In Phase I, a novel detection system, which detects attacks with minimal delays for a given (low) false alarm rate at extremely high data rates, was developed. An adaptive parallel architecture allowed for an efficient auto-selection of the best possible configuration under existing conditions, thereby reducing susceptibility to a changing envi­ronment. The algorithms were evaluated using asymptotic analysis, Monte Carlo experiments, and deployment in a testbed. Phase II will: (1) develop statistical meth­ods for an efficient, anomaly-­based local detector with a low false alarm rate, as well as a hybrid anomaly-­signature local detector with profiling capability; (2) develop an architecture for the distributed deployment of detectors, along with fusion algorithms to combine outputs for network-­level detections; (3) design and implement sensor and fusion nodes using commercial-­off-­the-­shelf technologies; and (4) develop a laboratory testbed to support implementation and testing. Commercial Applications and other Benefits as described by the awardee: The new intrusion detection system should be of particular relevance to DOE networks that support large-­scale science applications. Advantages over existing systems include an increased probability of detecting unknown attacks, and a lower false alarm rate and detection time

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government