Early Warning Detection of Computer Network Attacks Against Mobile Networks

Period of Performance: 11/25/2003 - 11/25/2005

$730K

Phase 2 SBIR

Recipient Firm

Xprt Solutions, Inc.
12 Christopher Way
Eatontown, NJ 07724
Principal Investigator

Abstract

The XPRT Solutions, Inc./New Jersey Institute of Technology /Network Security Solutions, Inc (XNN) team proposes to develop the prototype of the Early Warning System (EWS) tool. EWS is an anomaly detection technology tool for prediction of network attacks against mobile networks. Phase I was used to refine the concepts of EWS, prototype its components, and obtain extremely encouraging results on tests against the DARPA''''98-99 and our Testbed collected attacks (non-stealth as well as stealth and distributed highly stealth attacks). Phase II will emphasize optimization of the Phase I EWS prototype components, leading into a full prototype for testing and evaluation on a mobile environment, such as the Future Combat System (FCS). EWS focuses on Reconnaissance attacks, that may transition into Escalation of Privilege (EoP) and/or Denial of Service (DoS) attacks. The first stage of EWS conducts stateful inspection of sessions and session state transitions that generate prompt alerts, while the second performs alert fusion that quickly detects evolving attack scenarios. Because of our significant accomplishments early on during the Phase I of this effort, we have allocated considerable resources to incorporate the EWS to the FCS environment in Phase II. Several potential partners have expressed interest in commercializing this technology. The proposed technology can be used in the commercial world to not only protect networks, but also to react to network attacks prior to their occurrence. This enhances the state of the art technology where typically only protection mechanisms are put in place.