Print Print  
Award Information
Proposal Number: 0421021
Proposal Title: A New Generation of Collaborative Cross-domain Security Technologies: Worminator
Topic Number: H-SB04.2-001
Phase: Phase I
Topic Title: Cross-Domain Attack Correlation Technologies
Organization: CounterStorm Inc.
Address: 15 W. 26th Street
7th Floor
New York, NY 10010-1002  
Abstract: This proposal, a collaboration between Columbia University and System Detection Inc., concerns the research of a new collaborative, cross-domain security system, which we call Worminator, to detect and prevent the exploitation of and attack against networked computer systems, especially those critical to the nation's infrastructure. The core concept is to deploy a number of strategically placed sensors across the internet that detect stealthy attacks and share this information in real-time among anonymous sites as an early warning of impending attack. The alerts include "profiles" of attackers and suspect packet content signatures indicative of new zero-day attacks and worm outbreaks. We seek to establish scientific proof that correlating scan and probe alerts - specifically, the detection of intelligence gathering and probing activities that attempt to deliver malicious code - across many sites produces a more accurate means of predicting latter attack stages and that the system in question scales to large numbers of participating sites. The proof of concept system will also demonstrate the means by which information about sources and profiles of new attacks are represented efficiently, and effective methods of distributing alert information in real-time maintaining the anonymity and privacy among the participants.
Award/Contract Number: NBCHC050004
Period of Performance: 11/01/2004 - 05/15/2005
Award/Contract Value: $99,628.00
Award/Obligated Amount: $99,628.00