Situation Aware Network Deception Management (SANDMan)

Period of Performance: 07/15/2016 - 03/14/2017


Phase 1 SBIR

Recipient Firm

Boston Fusion Corp.
70 Westview Street Array
Lexington, MA 02421
Firm POC
Principal Investigator


Defending against state-of-the-art cyber attacks such as Advanced Persistent Threats requires the capability to counter the adversarys actions after they have already gained a foothold within our networks. Network deception techniques, working in conjunction with normal cyber defense methods, can alter the underlying attack process, making it more difficult, time consuming, and cost prohibitive for the adversary. The Situation Aware Network Deception Management (SANDMan) program will address this important operational need by developing, evaluating, and transitioning an innovative capability to create situation aware, reactive deception for cyber network defense. SANDMan will employ a novel synthesis of machine learning, network operations and control, and policy-based management techniques to dynamically create and control deceptive views of the network structure that will mislead the adversary, while preserving own-force mission resilience. In Phase I we will: (1) develop an algorithmic approach and overall framework for learning network activity, performing policy-based strategy formation, and managing deceptive network operations; (2) conduct a series of focused investigations and evaluations of algorithms; and (3) demonstrate the implications of the proposed algorithms for network defense. The results of the Phase I program will demonstrate the feasibility and promise of the SANDMan system concept to be realized in Phase II.