Print Print  
Award Information
Proposal Number: DHSST-LRBAA14-02-CSD.10-0016-I
Proposal Title: Combining anomaly detection with signature generation for automated cyber defense
Topic Number: CSD.10
Topic Title: Internet Measurement and Attack Modeling Techniques
Organization: Oak Ridge National Laboratory
Address: P O Box 2008
MS 6242
Oak Ridge, TN 37831-6242  
Abstract: ORNL proposes to combine the best of two methods, anomaly detection and signature based intrusion detection, by leveraging two existing technologies, Situ and FAST, to enhance security across organizational boundaries. Situ, developed at Oak Ridge National Laboratory, is a scalable, real time platform for discovering and explaining suspicious behavior that current technologies cannot detect. Situ combines anomaly detection and data visualization to provide a distributed, streaming platform for discovery and explanation of suspicious behavior to enhance situation awareness. Framework for Auto generated Signature Technology ,FAST, developed at Raytheon BBN Technologies, is designed to receive anomalous packet samples and then extracts low false alarm rate signatures. These signatures are then distributed to remote Snort or Suricata instances. The integration of these two technologies will lead to shareable signatures based on novel attack patterns to increase the cyber security of the nations critical infrastructure.
Award/Contract Number: HSHQPM-16-X-00205
Period of Performance: 08/09/2016 - 08/31/2018
Award/Contract Value: $188,372.00
Award/Obligated Amount: $0.00