Tactical Immune System based on Dynamically Assigned Sense of Self

Period of Performance: 08/26/2016 - 03/01/2017

$150K

Phase 1 STTR

Recipient Firm

CyberRock Inc.
13785 Laurel Rock Drive Array
Clifton, VA 20124
Firm POC, Principal Investigator

Research Institution

George Mason University
4400 University Drive MS 4C6
Fairfax, VA 22030
Institution POC

Abstract

Inspired by the self-nonself discrimination in our natural immune system, we propose to develop the first practical immune system that will provide unprecedented real-time protection for identified tactical platforms and networks in ARMY's Common Operating Environment (COE). Unlike previous models of self which are passive reflection of the exiting being of the protected program or system, our model of self is active in that it dynamically assign a unique mark to the protected program and system. Such a dynamically assigned sense of self eliminates training and re-alignment needed by other models of self and enables us to effectively and efficiently detect and block the first nonself system call of any control flow hijacking attack with no false positive. Such an unprecedented capability further enables us to accurately capture the system call sequence right before and after the detected cyberattack as well as the memory buffer that contains the attack code. Our proof-of-concept prototype in Linux has successfully immunized real-world, unpatched, vulnerable applications (e.g., Snort 2.6.1 with over 140,000 lines of C code) against otherwise working exploits with no more than 4% overall run time performance overhead.