Print Print  
Award Information
Proposal Number: 0421135
Proposal Title: A Heuristic Approach to Detecting Anomalous Protocol Payloads
Topic Number: H-SB04.2-002
Phase: Phase I
Topic Title: Real-Time Malicious Code Identification
Organization: Cigital, Inc.
Address: Suite #400
21351 Ridgetop Circle
Sterling, VA 20166-6561  
Abstract: Internet worms have become a common occurrence, but they have yet to inflict significant damage on our information infrastructure. Security experts predict the dawn of a new age of superworms that are far more dangerous than those we have encountered, and whose speed, stealth, and destructive power pose a significant threat. One promising approach to preventing the spread of future worms is to examine network traffic for unusual content. Certain types of content do not belong in particular application protocols, and yet such inappropriate content is often part of worm-based attacks. To combat the growing threat of Internet worms, Cigital proposes to develop a network traffic filtering capability based on the detection of anomalous data in network protocols. During this project we will validate our approach by applying it against known attacks and gathering information concerning its detection rate, false positive rate, and impact on system performance. The results will indicate the viability of expanding this approach to cover additional protocols and of extending our heuristics to cover additional categories of threats.
Award/Contract Number: NBCHC050011
Period of Performance: 11/01/2004 - 05/15/2005
Award/Contract Value: $94,027.00
Award/Obligated Amount: $94,027.00