You are here

DECISIVE ANALYTICS Corporation Response to Cross-Domain Attack Correlation Technologies

Award Information
Agency: Department of Homeland Security
Branch: N/A
Contract: NBCHC050006
Agency Tracking Number: 0421204
Amount: $99,999.00
Phase: Phase I
Program: SBIR
Solicitation Topic Code: H-SB04.2-001
Solicitation Number: N/A
Timeline
Solicitation Year: 2004
Award Year: 2004
Award Start Date (Proposal Award Date): 2004-10-29
Award End Date (Contract End Date): 2005-05-15
Small Business Information
1235 South Clark St. Suite 400
Arlington, VA 22202
United States
DUNS: N/A
HUBZone Owned: No
Woman Owned: No
Socially and Economically Disadvantaged: No
Principal Investigator
 James Nolan
 Sr Scientist/Engineer, Sys Analy Div
 (703) 414-5002
 jim.nolan@dac.us
Business Contact
 Kelly McClelland
Title: Manager, Business Operations
Phone: (703) 414-5024
Email: kelly.mcclelland@dac.us
Research Institution
N/A
Abstract

The DECISIVE ANALYTICS Team presents a suite of novel technique to perform distributed event correlation across distinct administrative domains while preserving privacy. Our approach for detecting attacks is based on the facts, prerequisites, and consequences of an attack. Such an approach allows us to detect well-known and stealthy attacks while also minimizing false alarms. Normal and suspicious activities are represented by graphs that are automatically constructed where nodes of the graph represent an event in the system, and arcs represent their relationships. We use data mining techniques such as clustering, classification, and frequent episodes mining to correlate events and attacks within an administrative boundary We perform event correlation across administrative boundaries by utilizing probabilistic statistical causality techniques, and preserve privacy by using Secure 2-Party Computational techniques such as multivariate statistical analysis to enable secure collaboration across domains. These techniques are implemented as a set of intelligent agents that collaborate across administrative domains and provide alerts to the security analyst as attacks against the Homeland¿s critical infrastructure are identified. We anticipate commercial benefits as we transition the technology to our partner, Cisco Systems, for deployment as part of their PIX Security Appliance. Potential spinoff applications include intelligence analysis and securities fraud.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government