Prattle: Deception and Anti-Reconnaissance via CyberChaff

Period of Performance: 07/31/2015 - 04/30/2016


Phase 1 SBIR

Recipient Firm

Galois Connections, Inc.
421 SW Sixth Suite 300
Portland, OR 97204
Principal Investigator


ABSTRACT:Computer network defense tools are plagued with an excessive amount of information, frequently in the form of false positives. ?Rather than attempt to train automated tools to detect attack events more reliably, we propose to build upon existing 'honey-net' technologies to interfere with the reconnaissance phases of an adversary's attack. We will build upon our existing CyberChaff (TM) technology which can host hundreds of virtual 'chaff nodes' on a commodity system. The additions proposed in this SBIR will improve the plausibility of the virtual systems to attackers using passive and active techniques to examine a network.BENEFIT:Virtual honey-nets are a new approach to network security that is beginning to appear in research and prototype phases from assorted sources. ?Galois is positioned to take advantage of this growth of interest by leveraging our existing CyberChaff (TM) tools. ?The additional passive and active deceptive techniques proposed here will augment our current licensable technologies to add additional appeal to existing partners and potential clients.