Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
Autonomous Metadata ProducerAliases:AMP, beFlowTechnical Challenge:Current flow-based metadata production systems are inadequate to produce records that are accurate, easy-to-collect, and valuable for intrusion detection. Many routers are capable of producing flow records for analysis purposes, however these records are often inaccurate and never customizable. The intrusion detection value of these records is minimal. There is strong need for a custom flow-producing apparatus that circumvents current flow-production issues and generates records valuable for intrusion detection.Description:The Autonomous Metadata Producer (AMP) is a server configured with specialized, commercially available hardware to collect packet headers at high rates and software to turn those packet headers into valuable metadata for export. It generates custom records of network traffic independent of any network hardware (i.e.: Routers). It circumvents a number of problems that arise when these records are generated by routers or other devices, and perform analysis for intrusion detection as these records. AMP enhances flow-based metadata systems by allowing customization to optimize flow collection and analysis. AMP typical flow aggregation scheme is enhanced to become an intrusion detection and analysis tool. The AMP delivers more accurate data records with better precision and reliability than router-generated flow systems.Demonstration Capability:There is a presentation and a proof-of-concept available to show the ability of a server to generate flow records at the rates needed.Potential Commercial Application(s):This technology applies to applications that use flow base processing, network intrusion and metadata production.Patent Status:Patent Application has been filed with USPTO. (Update)Reference Number: 1291If you are interested in exploring this technology further, please call 443-445-7159 or express your interest in writing to the: National Security Agency |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15 2009 |