Print Print  
Award Information
Proposal Number: 0421210
Proposal Title: Detection & Containment of Computer Epidemics Through Correlation of Communication Anomalies
Topic Number: H-SB04.2-002
Phase: Phase I
Topic Title: Real-Time Malicious Code Identification
Organization: Cs3 Inc.
Address: 5777 W Century Blvd
Suite 1185
Los Angeles, CA 90045-5600  
Abstract: This Phase I SBIR project investigates the detection and mitigation of fast-spreading computer infections that we call network epidemics. We wish to avoid packet payload inspection for several reasons. For one, increasing use of encrypted communication makes it impossible to interpret the payload. Further, payload anomaly analysis introduces delays that can be unacceptable when stopping fast-spreading epidemics. In our project, detection of a network epidemic is based upon communication anomalies and the detection of similar shifts in behavior in a very large number of machines across the network. It is our hypothesis that epidemics can be detected by analyzing just communication patterns of the machines, without reference to packet payloads. Innovations of our approach include efficient traffic summaries that can store traffic data indefinitely. We also include sophisticated correlation features that make it possible to detect shifts in behavior of many machines across an entire network. Both exponential and slow spreading epidemics are discovered using this approach. The approach also generates filters for the traffic that spreads the infection thereby providing a defense. In Phase I, we validate the approach with a proof of concept prototype, and analyze the scalability issues of the approach to larger and faster networks.
Award/Contract Number: NBCHC050010
Period of Performance: 11/01/2004 - 05/15/2005
Award/Contract Value: $99,867.00
Award/Obligated Amount: $99,867.00