GGrantIndex
← Search

SBIR Phase I: Network Anomaly Detection Using a Self-Similar Traffic Model

$99,998FY2004TIPNSF

Shadowband Systems, Inc., Norcross GA

Investigators

Abstract

This Small Business Innovation Research (SBIR) Phase I project targets the development of a new network anomaly detection method. The proposed method uses the deviations in the self-similarity characteristics of the network traffic to detect network attacks such as denial of service (DoS) and distributed denial of service (DDoS). DoS, and DDoS attacks are extremely popular in the Internet, and cause significant financial damage to the U.S. economy every year. The proposed innovation can be used as a standalone IDS or as a module in an IDS framework. The potential advantages of the proposed concept are its speed, efficiency, and its ability to detect new and unknown attacks. The relationship between the existence of a network anomaly, and a change in the self-similarity characteristics of the network traffic will be studied. Existing methods for the real-time estimation of the self-similarity parameter H (Hurst parameter) will be evaluated, and new approaches will be investigated. Possible improvements for accurate anomaly detection with minimum false-alarm rates will be discussed, once the desired relations between attacks and the changes in the H parameter have been established. The results of this project will provide valuable information about the feasibility of real-time, automated network anomaly detectors. The development of these mechanisms is critical for the success of the next generation of intrusion detection systems, and more importantly, intrusion prevention systems (IPSs). The concept of intrusion prevention has great commercial potential, because it allows networks to detect and stop attacks before any considerable damage occurs. An IPS requires not only fast but also accurate anomaly detectors for successful deployment in real networks. The proposed innovation will be a promising step towards the realization of the next-generation of robust network security devices.

View original record on NSF Award Search →