Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
The Military Security

Military Spends $4.4M To Supersize Net Monitoring 76

Posted by CmdrTaco from the because-its-august dept.
coondoggie writes "Bigger, better, faster, more are the driving themes behind the advanced network monitoring technology BBN Technologies is building for the military. The high-tech firm got a $4.4 million contract today from the Defense Advanced Research Projects Agency (DARPA) to develop novel, scalable attack detection algorithms; a flexible and expandable architecture for implementing and deploying the algorithms; and an execution environment for traffic inspection and algorithm execution. The network monitoring system is being developed under DARPA's Scalable Network Monitoring program which seeks to bolt down network security in the face of cyber attacks that have grown more subtle and sophisticated."
This discussion has been archived. No new comments can be posted.

Military Spends $4.4M To Supersize Net Monitoring More

Military Spends $4.4M To Supersize Net Monitoring

Comments Filter:

  • Re:Military Spends $4.4M To Supersize Net Monitori (Score:3, Informative)

    by Rayeth ( 1335201 ) on Tuesday August 12, 2008 @01:01PM (#24570819)
    Considering the requirements laid out in TFA, I am exceedingly dubious that they will come up with anything for this price tag. Also note this same company got $13 Million for a program to quickly translate documents for the military. I'm guessing that one will also go nowhere. Security and Translation are two notoriously difficult things to get right.

  • Goals cannot be met as stated (Score:5, Informative)

    by tucuxi ( 1146347 ) on Tuesday August 12, 2008 @02:13PM (#24571825)

    That is lots of fundamental research we are talking about. I am no expert in network monitoring, but 4.4M to solve the following problems seems like peanuts:

    Probability of detection of malicious traffic greater than 99% per attack launched

    While some types of traffic are obviously not ham (say, spoofed IPs or syn scans), assigning intent to raw data flows requires nothing less than strong AI. Think of spam - anybody can fool a spam filter, no matter what filter, given enough time and motivation. You can also fool the human reading the mail, for that matter...

    A false alarm rate while monitoring traffic of not more than one false alarm per day.

    This makes a whitelist approach a lot harder. My guess is that any decent system will flag many, many things, and prioritize some over others. That way it is up to the network operator to dig deeper or not into each individual incident, using the program's classification as a starting point. I have no idea why email programs don't allow you to rank messages on "perceived spamminess" - it would make digging for false positives and negatives a lot easier...

    Support capabilities at conventional gateway line speeds of 1Gbps in Phase I of the contract, while Phase II will demonstrate the scalability of this capability at gateway line speeds of 100Gbps.

    This part, together with the "very high scalability" requirement, is the icing on the cake. It is impossible to detect complex threats in real-time, so the best bet would be to layer defenses. Very fast reflexes for certain behavior (say, DDOS), longer mulling times for patterns that are more deeply hidden (say, a covert channel somewhere).

    In any case, 4.4M is peanuts to meet these goals at full strength. The most probable outcome is some fundamental research, partial successes, and another grant in a few years (possibly to a different team) to try to get further along the track.

Slashdot Top Deals

With your bare hands?!?

Close