SBIR-STTR Award

AMAP-based Autonomic Security Operations Center (ASoC)
Award last edited on: 7/7/2023

Sponsored Program
SBIR
Awarding Agency
DOD : AF
Total Award Amount
$1,648,076
Award Phase
2
Solicitation Topic Code
AF151-031
Principal Investigator
Douglas Kelly

Company Information

Avirtek Inc

1236 East Grant Road
Tucson, AZ 85719
   (520) 829-6981
   info@avirtek.com
   www.avirtec.com
Location: Single
Congr. District: 07
County: Pima

Phase I

Contract Number: FA8750-15-C-0218
Start Date: 7/27/2015    Completed: 4/27/2016
Phase I year
2015
Phase I Amount
$149,841
Current analysis, detection and protection systems are mainly static and manually intensive. At the same time, the complexity of networked computing systems, their dynamic behavior, and the availability of many heterogeneous devices that are static and mobile make these tools incapable to accurately characterize current states, detect malicious attacks, and stop them or their fast propagation and/or minimize their impacts. ?In this phase I project, we propose a closed-loop control system (AMAP) that continuously monitors the cyber resources and services 24 by 7, performs anomaly behavior analysis to detect malicious activities and proactively either recommends actions to stop attacks and minimize their impacts and/or responds automatically depending on the severity of the detected malicious attacks and their potential impacts on the overall system operations. Our proposed solution is based on the following novel features: Novel data structure that we refer to as Cyber DNA (CDNA) that will be the basis of our anomaly behavior analysis as well as root-cause analysis, Self-Management Engine (SME), and Knowledge Representation and Visualization. ?

Benefit:
The benefits include the unprecedented autonomic management and protection capabilities for cyber resources and their applications as well as the knowledge representation and visualization tools. ?The AMAP will be able to accurately characterize current states, detect malicious attacks, and stop them or their fast propagation and/or minimize their impacts.

Phase II

Contract Number: FA8750-17-C-0279
Start Date: 9/3/2019    Completed: 9/3/2020
Phase II year
2017
(last award dollars: 2019)
Phase II Amount
$1,498,235

Current cyber-services critically need characterization of cyber-resources to identify malicious activities and components and, then, to apply automated/semi-automated actions to remove and/or mitigate the impacts. However, current data analytics, detecti ---------- In this STTP project, AVIRTEK will leverage the tools and algorithms developed in the AMAP Phase II SBIR to develop an AMAP-based Autonomic Security Operations Center (ASoC) system that continuously monitors the cyber resources and services 24 by 7, performs anomaly behavior analysis to detect malicious activities and proactively recommends actions to stop attacks and minimize their impacts. AMAP-based ASoC architecture is based on the autonomic paradigm that is inspired by the human autonomic nervous system that handles complexity and uncertainties, and aims at realizing computing systems and applications capable of managing themselves with minimum human intervention. In this STTP project, we will extend the current AMAP prototype to develop an innovative security architecture that assumes any cyber component (resources, data, applications, and any external data (obtained from the Internet or from an open source)) is malicious until it can be verified that it is free from any malicious components. The autonomic computing provides the mechanisms to take proactive actions to stop cyber-attacks, their propagation as well as mitigate their impacts. The main modules of the ASoC are: Continuous Threat Modeling (CTM), Cyber Situation Awareness (CSA), Anomaly Behavior Analysis (ABA), and Intelligent Cyber Security Assistant (ICSA).