SBIR-STTR Award

Advances in multi-core computing systems, networking, mobile and smart devices, complex software and Internet have enabled the development of revolutionary capabilities that have served many fields across industry, military and academia. However, along with these advances, vulnerabilities in the computing systems stemming from failure to enforce the semantics of computation, have led to an ever increasing number of attacks and their sophistication leading to heavy financial losses and Army mission risks. The current security techniques are mainly labor intensive (e.g., patch update), signature based, and not flexible enough to handle the complexity, dynamism and epidemic-style propagation of attacks. Furthermore, the organization boundaries are gradually disappearing so that the idea of creating a defendable perimeter becomes useless, and on top of that the attackers that we need to protect against, can be corrupted components or software modules within the system and yet who are trusted and have full access to computing system resources and services. Labor intensive are rapidly becoming infeasible in todays technological and data-driven climate. Data are collected at a rate that renders decision-based systems made by humans. Therefore, an autonomous decision making system that can adapt, react, and learn from real-time computer systems cannot be overstated enough.

Our goal in Phase II STTR proposal is to leverage the tools and data analytics algorithms developed in Phase I to demonstrate the full functionality of the proposed Tactical Cyber Immune System (TCIS). We have developed a modular and adaptive cyber immunity system to overcome security deficiencies of current computing systems. We have developed algorithms and tools to characterize the self-behavior of “Computer”, “User”, and “Application” so that each behavior can be identified as either "Self" or "Non-Self". The Phase I results that will be leveraged are: 1) Self-behavior Model for Computers: Data analytics techniques are used to build the self-behavior model. Our results show that our approach achieved almost 100% accurate detection rate; 2) Self-behavior Model for Users: Data analytics techniques are used to build the self-behavior model. Phase 1 results show that our approach can successfully classify user normal versus malicious with accuracy more than 99%; and 3) Self-behavior Model for Applications: The self-behavior model produced zero false negatives and detection accuracy was around 99.51%. In Phase II, we will build a fully function TCIS prototype using AVIRTEK autonomic cyber security technology and the tools and data analytics algorithms developed in Phase I.