Army aims to take guesswork out of cyberdefense
The Army Research Office (ARO) is funding work by a consortium of private companies to develop predictive technologies that could improve the efficiency of cybersecurity tools.
The idea is to create a global system to gather and correlate security events, giving users early warning about coming attacks and aiding in the configuration of sensors, filters and other devices that detect and respond to these events, said Livio Ricciulli, chief scientist at MetaFlows, of Redlands, Calif.
MetaFlows is a member of the Cyber-Threat Analytics (Cyber-TA) project, funded by ARO. The goal of this program is a commercial service that could be used to help program security devices.
'Obviously, there is a heavy focus on making it meet Army requirements as well,' Ricciulli said. 'But there definitely is a commercial component.'
Also participating in the effort is Cyber-TA member Emerging Threats, an open-source organization that provides specialized threat signatures to complement signature updates from Sourcefire for its open-source Snort intrusion detection and prevention system.
Ricciulli compared the tools being developed to Google's algorithms for ranking pages returned in a Web search, which he said are considered 'the most successful data correlation application ever built. We're applying similar principles to cybersecurity warfare' using data gathered through Emerging Threats and Cyber-TA members.
Sensors and filters protecting networks, such as intrusion detection and prevention systems, now come out of the box configured to a one-size-fits-all lowest common denominator. They then must be configured or tuned based on local conditions, which can be time-consuming and inefficient.
'We want to provide a way to configure sensors with a global understanding of what is going on,' Ricciulli said.
MetaFlows is building on previousre Cyber-TA research, expanding algorithms for programming network security devices. 'There is still quite a bit of work to be done at the core,' Ricciulli said. 'We are starting to generalize the results for commercial application.'
The project is funded by ARO through the end of 2009 and has some additional funding from the National Science Foundation that will last through 2010. The project is focused on field trials and defining data requirements. Commercialization probably will be done with NSF money and possible funding from commercial investors.
'Eventually this will evolve into a service' provided by MetaFlows, probably Web based, that will help subscribers configure security tools and provide up-to-date data on threats culled from around the world.
About the Author
William Jackson is a senior writer of GCN and the author of the CyberEye column.