Topic Information Award/Contract Number Proposal Information Company Performance


D07PC72589 (formerly NBCHC070124) 0612016
(FY06.1 Phase II)
Botnet Detection and Mitigation

Sonalysts, Inc.
215 Parkway North
Waterford, CT 06385-1209


This Phase II effort will develop a functional prototype of DMnet, a distributed botnet detection and mitigation system. Our Team will develop and integrate state-of-the-art research in ontology, data fusion, data mining, and data warehousing into DMnet nodes. These nodes will be distributed throughout a network and will work together in a "trusted grid" to provide increased cyber awareness for botnet detection and mitigation. This system will be sensor-neutral facilitating the integration of current and emerging sensor technology. The prototype will incorporate multiple algorithms for classification and correlation, a unique ontology, and an innovative user interface. We will create a threat management mechanism to evaluate collected events, provide for mitigation, and will develop recommended operating policies and procedures for DMnet users. Commercial Application. Current network prevention, intrusion detection, and prevention applications tend to be single scope rather than integrated. DMnet represents a convergence technology that will integrate security operations into a single system to minimize losses from the distributed threat of botnets. This technology is immediately applicable to federal Government cyber security efforts, large network operations, ISPs, and security management solution providers.

Source Surveillance

HSHQDC-08-C-00130 FY07.1-0711211-II
(FY07.1 Phase II)
Radiological Source Surveillance With RedStar Video-Centric Radiation Detection

Advanced Fuel Research, Inc.
87 Church Street
East Hartford, CT 06108-3728


Radiological sources are in everyday use in numerous industries. Illicit removal of this material from storage could result in construction of a Radiological Dispersal Device or "Dirty Bomb." A pervasive means of securing radiological materials and identifying breaches in security is required. Ideally, existing passive surveillance technology would be used, thereby enabling rapid and cost effective deployment. Advanced Fuel Research (AFR) developed and is commercializing a software solution designed to reduce the likelihood of malicious use of radiological materials. Analytical software (U.S. Patent #7,391,028) evaluates images from security cameras to search for the characteristic small "spots" that appear in images when a radiological source is nearby. AFR's RadiationEvent Detection System: Tracking And Recognition (RedStar(TM)) software detects these image artifacts. The software¿s data capture and analysis routines feed an alert messaging engine. When the software detects radiological sources, it sends alert messages using a variety of open protocols. Under the Phase 1 project, RedStar data flexibility was upgraded and tested at Hartford Hospital. During the week-long test, it detected the radiation source each time it was used, detected the source while it was still in its shielded container, and produced zero false alarms.

Highly Scalable Identity Management Tools

N10PC20106 0914001
(FY09.1 Phase II)
Location-based service for Federal Identity, Credential & Access Management

Queralt LLC
250 State Street
Unit G-1
North Haven, CT 06473-2182


Queralt LLC is developing a location-based service that increases security and scalability of access control for logical systems, by providing geospatial coordinates as attributes of policy decision requests using RFID & GPS sensor data. Government agencies temporarily share access to their logical systems, often during critical times (e.g. emergency events) but must do so in a way that protects both against system misuse and privacy concerns. Queralt`s service is based on open ratified standards that facilitate scalable interoperability between agencies. This service protects against system misuse by increasing the security options of policy creators, to include location-based attributes. During Phase II, Queralt will deliver an end-to-end Identification Management (IdM) prototype which gathers location of the person requesting access to the logical system, and formulates a request from the enforcement point to the decision point, with appended user location coordinates. Queralt will develop and test market a Policy Enforcement Point, and location-based service which can be deployed and seamlessly co-exist with current solutions in a Federated Identity Management system. Anticipated Benefits: The ability to use location in IdM will enable DHS, and customer agencies, to implement more rapid and secure information sharing protocol. The use of policies that reason with geographical boundaries of events and user locations drastically reduce the time required to setup secure sharing of sensitive information across agencies during critical events, something that will increase the effectiveness of rapid response operations. It will do so through an automated decision making process that requires less human resources, hence less costs, while enforcing more secure policies that check both user credentials and physical presence in the area of a rapid response operation before granting access to sensitive logical resources, hence less risk of system misuse.