SBIR-STTR Award

The goal of this SBIR Phase I project is to design and prototype key elements of a reactive, event-based framework for automating network security, diagnosis and management. Events are the common formalism used to describe simple and complex conditions related to network performance, security, and quality of service. A high-level language is used to state the runtime monitoring conditions (event specifications) that might trigger key network management responses. Our technology automatically compiles the event specification, dynamically distributing the necessary computations to detect those conditions automatically throughout a network. The most significant results will include the design of a customized notation for network events distributed over arbitrary distributed networks and the dynamic specification of new monitoring conditions and responses - all scalable over the volume and diversity of events required to solve problems in a typical real-world network. The ability for the network to monitor and correct itself dynamically forms the technology base for the next generation of self-adaptive networks.

This Phase II SBIR project seeks to implement an architecture of cooperative distributed agents spread throughout a network infrastructure (such as the Internet) that can collectively achieve security and performance benefits. Algorithms will be developed using this architecture that rapidly and effectively defend against distributed coordinated attacks including but not limited to the recent distributed denial of service attacks - a problem that is currently unsolved. The network of reactive agents, called "ReagentNet", is controlled through the use of an event specification language - making it easier to dynamically change what the agents do without manual re-programming. While the initial focus is on distributed denial of service attacks, the RegentNet framework provides natural extensions to other important network services such as packet source tracing, packet forwarding, and more intelligent routing schemes. Phase I of this project has derived the important algorithms and laid conceptual groundwork.In Phase II, product prototypes will be built and field-tested in a realistic implementation of the RegentNet. An evaluation team drawn from a cross-section of the network security community will be used to test these results. Markets for these products are quite extensive, and prospects for the completion and commercialization of these products look excellent.

Keywords:
Denial Of Service Attack; Router Control; Distributed Coordinated Attack; Packet Source Tracing