Protecting IT Systems From Cyber Attacks

Period of Performance: 05/13/2005 - 01/13/2006

$100K

Phase 1 SBIR

Recipient Firm

Cyber Spk, LLC
74 Northeastern Blvd., Suite 12
Nashua, NH 03062
Principal Investigator

Abstract

This proposal describes a plan to enhance cyber attack assessment abilities in a way that reduces both the threat to the network and the time it takes to defend it. It will be accomplished by fusing digital forensic data from 4 primary sources and then mining those sources. The data sources will include traditional Intrusion Detection Systems (including IDS/IPS/network management, etc.) and 3 additional sources not normally included. The additional sources will be system configuration snapshots, memory dumps, and both internal (private) and external (public) Cyber Threat Repositories (CTR). The system snapshots will provide all delta to the system configuration linearly over time while the memory dumps will report the state of the system in RAM in a vertical slice in time. The CTR will report actual threats experienced by others as well as any detail or resolutions added by IT staff. Mining will include direct searches as well as Bayesian probability filtering. To ensure that the process is as simple and efficient as possible, it will be incorporated into a design for a new software utility called Cyber SPKT (System Protection Kit). The Cyber SPK will represent a valuable product applicable to any component of the DoD as well as to any commercial office but will be especially valuable for industries including banking, investment, and insurance. Should this Phase I project prove the value it proposes, Phase II can follow on with the building of a demonstrable prototype.