Print Print  
Award Information
Proposal Number: 0421200
Proposal Title: Intelligent Distributed Intrusion Detection via Collaboration
Topic Number: H-SB04.2-001
Phase: Phase I
Topic Title: Cross-Domain Attack Correlation Technologies
Organization: PnP Networks, Inc.
Address: 1525 Siesta Drive
Los Altos, CA 94024-6157  
Abstract: We propose to design a cognitive, automated Distributed Intrusion Detection System that correlates IDS data from nodes across multiple administrative domains. In Phase I we will demonstrate that for multiple types of attacks across multiple administrative domains, such a system can detect incipient attacks and inhibit their success, where no single local IDS can be reasonably expected to do so. We will build on our existing multicast IP protocol, Collaboration Bus (CB), that enables local IDS data sharing. CB also allows remote connection to external listeners outside a LAN or local administrative domain. We will design and deploy a cognitive algorithm on a CB listener that uses Bayesian methods to correlate incoming IDS data and make diagnoses and judgments about action(s) to take. Using Emulab at the University of Utah, we will deploy CB on at least three independent target administrative domains together with a remote listener. We will deploy at least three known effective distributed attacks, and target them in an isolated environment at the target domains. We will run the cognitive listener and confirm that it has made appropriate judgments. We will generate innocuous traffic and confirm that the cognitive listener has not erroneously detected attacks.
Award/Contract Number: NBCHC050005
Period of Performance: 11/01/2004 - 05/15/2005
Award/Contract Value: $99,000.00
Award/Obligated Amount: $99,000.00