Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
Lightweight Process for Interactive Vector Correlation
Aliases:IVECTechnical Challenge:An attacker can easily mask his originating IP through publicly available or illicit "hops" across administrative domains. The target of the attack can only conclude that the last hop IP address may belong to the attacker. A method for correlating activity from independent data sets is required to make a more accurate threat assessment. A cost-effective solution that can also work at backbone speeds must be lightweight.Description:IVEC is designed to detect correlated malicious activity for the purpose of automatically and more accurately identifying the true source. The technology is a series of processes implemented in the form of software. Interactive session packets (short packets such as those of typed characters in telnet sessions) are extracted from network traffic (live devices or files). Sequences of packets in a flow (unique host/port pairs) form vectors that can be correlated in time with those from other flows and/or datasets. The IVEC Correlation tool could be used by any organization that needs to analyze large volumes of data to protect their computer networks.Demonstration Capability:A briefing is available that illustrates the creation of vectors and correlation results from actual network traffic. Scripts are available to process pcap files (tcpdump).Potential Commercial Application(s):Network Security Applications and Information Assurance Products.Patent Status:A patent application has been filed with USPTO.Reference Number: 1281If you are interested in exploring this technology further, please call 443-445-7159 or express your interest in writing to the: National Security Agency |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15 2009 |