Military Spends $4.4M To Supersize Net Monitoring 76
coondoggie writes "Bigger, better, faster, more are the driving themes behind the advanced network monitoring technology BBN Technologies is building for the military.
The high-tech firm got a $4.4 million contract today from the Defense Advanced Research Projects Agency (DARPA) to develop novel, scalable attack detection algorithms; a flexible and expandable architecture for implementing and deploying the algorithms; and an execution environment for traffic inspection and algorithm execution. The network monitoring system is being developed under DARPA's Scalable Network Monitoring program which seeks to bolt down network security in the face of cyber attacks that have grown more subtle and sophisticated."
Military Spends $4.4M To Supersize Net Monitoring (Score:5, Funny)
Re:Military Spends $4.4M To Supersize Net Monitori (Score:2, Insightful)
It doesn't actually sound like all that much to me. Frankly, I'm surprised that they're not spending 10x as much already. Of course, maybe they are...
Re: (Score:3, Informative)
Re: (Score:3, Insightful)
What do I base my statements on? I do network security full-time for about 50,000 users.
Re: (Score:2)
Well DARPA invented the internet (not to mention a large number of other achievements that are significantly more sophisticated). What are your qualifications, Mr. Smartguy, for forming an opinion on what can be done?
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
So much for ordering off the dollar menu.
Re: (Score:1)
Re: (Score:2)
That's such a tiny budget that it in effect suggests that no real work is being done at all.
These days building a new high school can eat up more than 16 million dollars. Net security and monitoring migh call for a multi billion dollar project.
Re:Military Spends $4.4M To Supersize Net Monitori (Score:2)
Actually it sounds like far too little.
The root of the problem is that the USA has been pissing everyone else off for the better part of a century. Were it not for that key fact, the military probably wouldn't be afraid of everyone everywhere, including their own citizens.
Interesting (Score:1)
Re:Interesting (Score:4, Funny)
All that money, down the tubes.
Re: (Score:2)
Re: (Score:1, Insightful)
Re: (Score:2)
I didn't read the article, but it doesn't sound like they are getting paid to develop was of thwarting, only detecting, based on monitoring network traffic.
Even if the attacker changes their vector and packages, the goal would appear to be to pick up on the trends of network traffic in assaults to better identify weak points, communications bottle necks, sources, etc...
-Rick
Re: (Score:1)
No, not shortsighted, just realistic. The fact remains that enormous amounts of money is spent to thwart these attackers and most of them don't get paid $4.4 million to hack.
I had to comment here (also note i logged in to make this) while I have not much tech experience, I have a lot of life experience. And that experience has taught me that criminals will work for nearly free becasue of there own psychological problems.
I used to steal cars, not smart of course, no I did not make much money, I just did it because it was fun... Now why do we hack class?
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
Re: (Score:3, Insightful)
Re: (Score:3, Interesting)
Re: (Score:1)
The money spent on blocking individual viruses could be better used in stopping flaws that allow viruses access.
By 'stopping flaws' do you mean sending money to Microsoft, or just outright replacing Windows?
Because only one of those two options is likely to work well.
Re: (Score:2)
One reason for this is because windows is the dominant platform, especially for those who are not that technically literate; (and likely those who are own at least one machine running windows).
Certianly I am not saying that OSX and linux (or any unix variant) don't present more of a challenge, but if their adoption was as widespread and in as many areas as windows there would likely be much, much more malware to contend with.
All in all there is no perfect system. There will likely always be something to exp
Re: (Score:1)
Users are willing to run software from untrusted sources and give it administrative access when prompted. In my limited experience, this is far and away the most common cause of infections. There is nothing that can be done to prevent this (in any operating system). This can be somewhat mitigated by providing a repository for trusted software (as implemented in most Linux distributions), but there
Re: (Score:1)
Re: (Score:2)
Although monitoring is important, it seems like it might be more cost effective to release code that spreads and patches vulnerable/infected machines. If the number of those could be cut way down, maybe DDoS attacks wouldn't be such a threat.
There's already malware that removes other malware to increase the available resources. If malware can do that, why not something friendly doing it?
While antivirus products do help people, I can see why some would question their value.
If a home or auto security produ
$4.4 million is almost enough ... (Score:3, Funny)
to cater the meetings to discuss the project.
Re: (Score:1)
Re: (Score:1)
to cater the meetings to discuss the project.
There might be enough left over for a few print outs of the ping man page or something else networky.
Re: (Score:2)
No kidding. Factor in another $4 mil for hookers and blow, and then we can worry about actual money going to curb our civil liberties.
Re: (Score:2)
They make their own pr0n at Abu Ghraib.
$.4.4 million? (Score:1, Offtopic)
Above thread is NOT off topic... (Score:1)
As posted by CmdrTaco:
$.4.4 million
That's not off topic. The post as it reads right now is "$.4.4 million". Sure, we can assume it is 4.4 million because it seems like an nonsensical number otherwise, but this is very unclear and should be corrected.
Novel... (Score:1)
to develop novel, scalable attack detection algorithms
'novel' just doesn't carry the same meaning anymore. USPTO is a prime example.
Re: (Score:2)
You are so very right. Several of the higher-ranked scientific journals don't accept articles that contain claims of novelty. I think phys rev lett is an example. Because that's just not the way science works, it is based upon an incremental increase of understanding.
As for the rest, 4.4 million is about enough to have a team of about 10 low paid scientists work for 3 years (not just the salary, at least half goes to administrative overhead anyway). Good for them, of course, but hardly a major project.
Re: (Score:1)
>
This article asks for nothing specific other than 'algorithms' to detect things. They didn't say anything like network (AI) behavioral based IDS. Nothing new here, move along.
from the article "New technologies and applications provide new attack routes and have made traditional signature-based and anomaly detection-based defensive measures inadequate in both speed and sensitivity, BBN added." Anomaly detection is mentioned. They claim that signature based and other techniques they have tried didn't work quite to what they wanted. Nothing new in that. IDS have never been perfect.
Re: (Score:2)
Money down the drain (Score:1)
It's all fun and games until some kid from Finland renders your new-bought toy obsolete.
Sounds cheap for the job (Score:2, Interesting)
The article doesn't say, but it seems logical that they would want the US military network to be able to handle both an attack like the one launched earlier this year against Georgia's internet infrastructure (likely by Russia) and the almost-certainly Russian-based one during actual armed conflict this week.
DoD has a budget of about $439.3 billion and DARPA gets $3.2 billion of that (according to Wikipedia). $4.4 million doesn't sound like that much out of that kind of budget, but I'd be interested in what
Re: (Score:1)
I am sure it just had to do with buying a bunch more of brand new routers, that weren't
coming with pre-installed malwares from the chinese. They would have to replace all the router intfrastructure and that is probably what is costing this money. My 2 cents
Re: (Score:2)
Both of these services are located on the wrong side of a hostile network and are woefully inaccurate when really understanding the content of the document is necessary.
Re: (Score:2)
I wouldn't want people's lives depending on either of those two if I was in the military. They're at "send three and fourpence we're going to a dance" levels of accuracy at the moment.
Encryption (Score:2)
Ok people, is it time yet? We need to encrypt ALL traffic.
Re: (Score:2)
Re: (Score:3, Interesting)
There goes 90% of the internet today then.
Even 'knowledgeable' sites like /. haven't stepped up to the plate yet.
At least my side of the email traffic is, but pretty sure the other side isn't, since people still don't understand.
Re: (Score:1, Funny)
Re: (Score:2)
The content isn't the point. Doesn't matter what the content is, its not the governments business unless you are under a court blessed surveillance order.
Re: (Score:1)
Re: (Score:2)
Not sure if its even different goals. Its to protect people's privacy.
Re: (Score:2)
Goals cannot be met as stated (Score:5, Informative)
That is lots of fundamental research we are talking about. I am no expert in network monitoring, but 4.4M to solve the following problems seems like peanuts:
Probability of detection of malicious traffic greater than 99% per attack launched
While some types of traffic are obviously not ham (say, spoofed IPs or syn scans), assigning intent to raw data flows requires nothing less than strong AI. Think of spam - anybody can fool a spam filter, no matter what filter, given enough time and motivation. You can also fool the human reading the mail, for that matter...
A false alarm rate while monitoring traffic of not more than one false alarm per day.
This makes a whitelist approach a lot harder. My guess is that any decent system will flag many, many things, and prioritize some over others. That way it is up to the network operator to dig deeper or not into each individual incident, using the program's classification as a starting point. I have no idea why email programs don't allow you to rank messages on "perceived spamminess" - it would make digging for false positives and negatives a lot easier...
Support capabilities at conventional gateway line speeds of 1Gbps in Phase I of the contract, while Phase II will demonstrate the scalability of this capability at gateway line speeds of 100Gbps.
This part, together with the "very high scalability" requirement, is the icing on the cake. It is impossible to detect complex threats in real-time, so the best bet would be to layer defenses. Very fast reflexes for certain behavior (say, DDOS), longer mulling times for patterns that are more deeply hidden (say, a covert channel somewhere).
In any case, 4.4M is peanuts to meet these goals at full strength. The most probable outcome is some fundamental research, partial successes, and another grant in a few years (possibly to a different team) to try to get further along the track.
Re: (Score:2)
Probability of detection of malicious traffic greater than 99% per attack launched
While some types of traffic are obviously not ham (say, spoofed IPs or syn scans), assigning intent to raw data flows requires nothing less than strong AI.
I would like to add that the remaining 1% happens to be the preferred vector of Chinese attacks. Many Human Rights NGO received apparently totally legit emails about current events with an infected .doc or a .pdf (itself containing perfectly interesting information)
Re: (Score:1)
4.4 million? So What? (Score:2)
Ever work on a big project? One that was over due by a significant amount? Yeah, easily $4M.
That amount is like the military paying someone to think about it and give them a paper on it. I've been on civilian-side government projects that were well beyond $4M. Sounds like someone got a "sure, toss some cash at it and see what happens" approval, but not an official "this is a priority, make it so" approval.
Now, $40M is where we start to see some serious thinking about the issue. Yeah, it's an arbitrary a
Skynet? (Score:1)
The good news... (Score:2)