A New Integrated Approach to Intrusion Prevention, Detection, and Response

Period of Performance: 04/24/1998 - 04/24/2000

$746K

Phase 2 SBIR

Recipient Firm

Stottler Henke Associates
1650 South Amphlett Boulevard, Suite 300
San Mateo, CA 94402
Principal Investigator

Research Topics

Abstract

We propose to develop a unique system for defensive information warfare that utilizes on an innovative combination of artificial intelligence (AI) techniques. By drawing on our experience developing intrusion detection systems software agents and machine learning techniques, we propose to provide system administrators with a powerful unified computer security tool that integrates intrusion preventions detection and response capabilities. Within our system we will utilize a new technique we developed called Active Evidential Reasoning that draws inspiration from model-based reasoning, plan recognition, and automated diagnosis systems. Our tool will be capable of determining system vulnerability based on the correlation of evidence from: configuration examination, state-transition based intrusion detection, network sniffers, and predictive analysis. Further, our system will be capable of detecting a wide range of attacks with reduced false alarm rates due to its use of a uniquely comprehensive set of evidence sources. Finally, our system will provide software agents as a means for efficient and effective incident handling. Our Phase II effort will build on the strong foundation established in Phase I and lead to the creation of a fully operational intrusion prevention, detection, and response system for heterogeneous networks of computers.