Large Scale Intelligent Intrusion Detection

Period of Performance: 02/21/2017 - 12/20/2017

$230K

Phase 1 SBIR

Recipient Firm

Physical Optics Corp.
1845 West 205th Street Array
Torrance, CA 90501
Firm POC
Principal Investigator

Abstract

The facilities, centers, infrastructure, or resources of the sponsor of the proposed project are designed to be easily accessible to users over the worldwide network, while ensuring effective cybersecurity monitoring, situational awareness, logging, reporting, intrusion prevention, remediation, etc., is an increasingly important task. Although many existing cybersecurity (detection or prevention) software tools have been developed, all of them have limitations and, thus, cannot deliver protection against cyberattacks in large-scale systems: Cybersecurity in a high-performance computing environment is still an open problem. A new approach must be developed that provides more intelligent shields to fend off known and new-generation cyberattacks to help secure high-performance computing facilities, infrastructure, or large-scale distributed systems. General statement of how this problem or situation is being addressed. The proposed anomaly-based intrusion detection system integrates: (1) statistical analysis (based on Markov decision processes), (2) intelligent action policy, (3) machine learning techniques, and (4) an open-source intrusion detection system’s event managing engine. These provide the artificial intelligence needed to detect and mitigate both known and new cyberattacks in high-performance computing systems and hosts. The new tool allows for continuous monitoring of network traffic and/or hosts in high-performance computing clusters, detection and classification of attacks in near-real time, and response to attacks. Cybersecurity information collected from observable indicators is converted into events and system states. Sequences of system states are then analyzed using statistical analysis and compared against a “malicious behavior” profile and action policy to make intrusion detection and response decisions. Incorporation of machine learning techniques reduces false positives and false negatives. What is to be done in Phase I? A large-scale intelligent intrusion detection system architecture, framework, and algorithms will be developed to evaluate system performance. Feasibility of the approach will be demonstrated by assembling and testing a technology readiness level 4 prototype. The prototype will demonstrate the capability to detect attack patterns and predict attacks in real time in a large- bandwidth (10 Gbps) network. The metrics that determine the prototype’s efficacy and performance will be identified. Commercial Applications and Other Benefits. The proposed technology is expected to have widespread applications in cybersecurity including many in large simulations, computational fluid dynamics applications, fly-by-wire avionics, advanced communications, financial and healthcare services, and others. Well-known cyberattacks have cost businesses more than $10B annually. Companies are looking for intrusion detection/protection systems such as the proposed system.