The objective of this joint proposal between Hotspot Dynamics and the Naval Postgraduate School (NPS) is to design and evaluate a large-network deployable computer network defense (CND) system based on thermodynamical traffic analysis (TTA). The system has linear scalability with increased network size (number of hosts and traffic level) that is superior to the exponential scalability of conventional approaches (signature- and heuristic-based) that will not be applicable to future network sizes. In addition to improved performance, TTA also represents the only known scientific approach for describing computer networks with the potential to provide significant improvements in false alarm rates for larger scale networks. It is applicable to the detection of novel (0-day) attacks, covert channels, encryption-based techniques, and the increased traffic diversity anticipated in future large-scale networks. The Phase I effort will result in a clearly articulated architecture capable of faithfully taking TTA into the mainstream. By allowing the now fully-developed underlying principles to be incorporated into a carefully planned architecture, the foundation will be laid for freeing CND from its present reliance on ad hoc methods. In short, the Phase I work will provide a blueprint for the subsequent development of a production system beginning in Phase II.
Keywords: Thermodynamical Traffic Analysis (Tta), Ehrenfest Metaformat, Temperature, Bucketspace
