Print Print  
Award Information
Proposal Number: 0421001
Proposal Title: Real-time Malicious Code Detection in Network Traffic: The PAYL Payload Anomaly Detector
Topic Number: H-SB04.2-002
Phase: Phase I
Topic Title: Real-Time Malicious Code Identification
Organization: CounterStorm Inc.
Address: 15 W. 26th Street
7th Floor
New York, NY 10010-1002  
Abstract: This proposal, a collaboration between Columbia University and System Detection Inc., concerns the research of a new payload anomaly detector, we call PAYL, that has been demonstrated to detect malicious code in network traffic. The core concept is to statistically model normal content and detect anomalous packet content indicative of malicious exploit code. The approach is very fast to compute, is state-less, does not parse the input stream, generates a small model, and can be easily modified to an incremental online learning algorithm to deal with changing network traffic. The method provides a compact signature of newly detected exploits, and preserves the privacy of content data. We believe the method will be highly competitive with other approaches that are based upon code emulation or simulation techniques. We focus on solving the false positive problem, typically associated with anomaly detectors, by employing other correlated models to identify true positives with high accuracy and confidence by analyzing only a subset of network data in each packet or connection. The successful results of the research and development will be commercialized by System Detection Inc., by embedding a new plug-in detector to their Antura security product for the prevention of new attack exploits.
Award/Contract Number: NBCHC050007
Period of Performance: 11/01/2004 - 05/15/2005
Award/Contract Value: $98,597.00
Award/Obligated Amount: $98,597.00