This Phase II SBIR project seeks to implement an architecture of cooperative distributed agents spread throughout a network infrastructure (such as the Internet) that can collectively achieve security and performance benefits. Algorithms will be developed using this architecture that rapidly and effectively defend against distributed coordinated attacks including but not limited to the recent distributed denial of service attacks - a problem that is currently unsolved. The network of reactive agents, called "ReagentNet", is controlled through the use of an event specification language - making it easier to dynamically change what the agents do without manual re-programming. While the initial focus is on distributed denial of service attacks, the RegentNet framework provides natural extensions to other important network services such as packet source tracing, packet forwarding, and more intelligent routing schemes. Phase I of this project has derived the important algorithms and laid conceptual groundwork.In Phase II, product prototypes will be built and field-tested in a realistic implementation of the RegentNet. An evaluation team drawn from a cross-section of the network security community will be used to test these results. Markets for these products are quite extensive, and prospects for the completion and commercialization of these products look excellent.
Keywords: Denial Of Service Attack; Router Control; Distributed Coordinated Attack; Packet Source Tracing