PrintPrint

Awards

Topic Information Award/Contract Number Proposal Information Company Performance
Period
Award/Contract
Value
Abstract

H-SB04.2-001
Cross-Domain Attack Correlation Technologies

NBCHC050005 0421200
(FY04.2 Phase I)
Intelligent Distributed Intrusion Detection via Collaboration

PnP Networks, Inc.
1525 Siesta Drive
Los Altos, CA 94024-6157

11/01/2004
to
05/15/2005
$99,000.00

We propose to design a cognitive, automated Distributed Intrusion Detection System that correlates IDS data from nodes across multiple administrative domains. In Phase I we will demonstrate that for multiple types of attacks across multiple administrative domains, such a system can detect incipient attacks and inhibit their success, where no single local IDS can be reasonably expected to do so. We will build on our existing multicast IP protocol, Collaboration Bus (CB), that enables local IDS data sharing. CB also allows remote connection to external listeners outside a LAN or local administrative domain. We will design and deploy a cognitive algorithm on a CB listener that uses Bayesian methods to correlate incoming IDS data and make diagnoses and judgments about action(s) to take. Using Emulab at the University of Utah, we will deploy CB on at least three independent target administrative domains together with a remote listener. We will deploy at least three known effective distributed attacks, and target them in an isolated environment at the target domains. We will run the cognitive listener and confirm that it has made appropriate judgments. We will generate innocuous traffic and confirm that the cognitive listener has not erroneously detected attacks.

H-SB04.2-002
Real-Time Malicious Code Identification

NBCHC050008 0421052
(FY04.2 Phase I)
MACE - Malicious Application Code Elimination

Avenda Systems
14125 Berry Hill Lane
Los Altos Hills, CA 94022-1840

11/01/2004
to
05/15/2005
$99,900.00

The IDS/IDP market will gain considerable traction as more organizations protect each application server instead of relying on network security. Proactive security as embodied in intrusion prevention will take a larger share of the market than reactive security as represented by intrusion detection. Avenda Systems proposes a solution called MACE (Malicious Application Code Elimination). It is a proactive real-time malicious code and payload anomaly detection system that focuses on application protocols; this will be extremely useful in defending against network attacks. This is a feature gap in the current IDS/IDP products. Avenda Systems has the expertise to develop a practical and highly effective malicious code detection system. MACE can be used by all organizations that have a computer network. The software modules developed in this project can be integrated into existing IPS/IDS solutions. The technologies employed in this product are practical and innovative and have not been implemented in commercially available comparable products. Organizations, both military and civilian enterprises, can use this system to defend their networks against attacks. Prototype development in Phase-I will provide the knowledge and foundation for building a complete product in Phase-II, and a commercially viable product in Phase-III.

H-SB04.2-002
Real-Time Malicious Code Identification

NBCHC050009 0421196
(FY04.2 Phase I)
Solidifying Malware Identification

Solidcore
3408 Hillview Ave Suite 180
Palo Alto, CA 94304-1321

11/01/2004
to
05/15/2005
$99,491.00

Solidcore's approach to malware-ID is to decouple packet payload analysis from the capture of packets in transit and the resulting necessity of (a) network-speed analysis, (b) analysis of large numbers of packets, only a minority of which contain malicious payloads.Phase I activities will consist of extending Solidcore's existing technology so that it can perform both of: - malware identification (malware-ID) for new and unknown attacks as well as known attacks, and - real-time generation and dissemination of attack identification data for existing security mechanisms.

H-SB04.2-002
Real-Time Malicious Code Identification

NBCHC050010 0421210
(FY04.2 Phase I)
Detection & Containment of Computer Epidemics Through Correlation of Communication Anomalies

Cs3 Inc.
5777 W Century Blvd
Suite 1185
Los Angeles, CA 90045-5600

11/01/2004
to
05/15/2005
$99,867.00

This Phase I SBIR project investigates the detection and mitigation of fast-spreading computer infections that we call network epidemics. We wish to avoid packet payload inspection for several reasons. For one, increasing use of encrypted communication makes it impossible to interpret the payload. Further, payload anomaly analysis introduces delays that can be unacceptable when stopping fast-spreading epidemics. In our project, detection of a network epidemic is based upon communication anomalies and the detection of similar shifts in behavior in a very large number of machines across the network. It is our hypothesis that epidemics can be detected by analyzing just communication patterns of the machines, without reference to packet payloads. Innovations of our approach include efficient traffic summaries that can store traffic data indefinitely. We also include sophisticated correlation features that make it possible to detect shifts in behavior of many machines across an entire network. Both exponential and slow spreading epidemics are discovered using this approach. The approach also generates filters for the traffic that spreads the infection thereby providing a defense. In Phase I, we validate the approach with a proof of concept prototype, and analyze the scalability issues of the approach to larger and faster networks.

H-SB04.2-005
Innovative Techniques for Concealed Weapons or Explosive Detection at a Distance

NBCHC050019 0421144
(FY04.2 Phase I)
Polychromic Imaging for Standoff Detection of Explosives and Weapons

Intelligent Optical Systems, Inc.
2520 W. 237th Street
Torrance, CA 90505-5217

11/01/2004
to
05/15/2005
$99,995.00

Terahertz (THz) radiation imaging and sensing is one of the most promising technologies for standoff detection of concealed threats. New THz sources and detectors are emerging on the commercial market. Existing methods for data processing and image construction, however, are either too cumbersome or fail to provide much of the required data for detecting concealed weapons and explosives. Intelligent Optical Systems (IOS) proposes an innovative solution to these shortcomings. By integrating the use of polychromic imaging, advanced spectral analysis, synthetic aperture processing, fusion with conventional surveillance data, the IOS approach will produce real-time detection and imaging of concealed threats at a distance. What is novel in the proposed effort is that terahertz spectroscopy will be combined with conventional video imaging to enhance identification and to enable the tracking of potential threats at standoff distances. The potential benefits of this program are enormous, and include saving many lives, and neighborhoods. Commercial potential is in the $Billions. Images from security systems showing physiological details have caused some concern. IOS`s approach will eliminate this possible embarrassment. In Phase II, IOS will design a Phase II Prototype System to obtain Multispectral THz Reflection Images at distances of 50 m or greater.

H-SB04.2-005
Innovative Techniques for Concealed Weapons or Explosive Detection at a Distance

NBCHC050020 0421180
(FY04.2 Phase I)
A Novel Sensor for Concealed Object Detection

WaveBand Corporation
17152 Armstrong Ave
Irvine, CA 92614-5718

11/01/2004
to
05/15/2005
$99,816.00

Building on previous and ongoing research in concealed object detection (COD), WaveBand Corporation (WaveBand) proposes a novel approach specifically aimed at extended range of detection with a goal of up to 50 meters. Among various sensors tested and proposed to date, those working in the millimeter wave (MMW) spectral region have been proven to have the unique characteristics of providing adequate clothing penetration while attaining acceptable spatial resolution at a distance. The Phase I research effort will focus on the demonstration of the feasibility of the proposed approach through both prototype design and characterization as well as critical experimental demonstration of the system principle. The prototype of the system built in Phase II is expected to provide a detection range superior to all known COD systems while operating with minimal latency, regardless of atmospheric conditions, illumination, indoor or outdoor settings. Detection and rough classification functions are expected to be automated with minimal operator supervision needed. Utilizing mostly commercially available components, we expect the system to be affordable, even in low quantity production.