SBIR-STTR Award

his document proposes development of PURSUIT, a cross-domain intrusion detection system that relies upon state-of-the-art privacy-preserving distributed data-mining (PPDM) technology. PURSUIT has a distributed multi-agent architecture that supports formation of ad-hoc peer-to-peer, hierarchical, and other collaborative coalitions with due attention to the security and privacy issues. It will be equipped with PPDM algorithms so that the patterns can be computed and shared across the sites without sharing the privacy-sensitive data. The algorithmic foundation of the approach is based on combination of secured multi-party computation and randomized transformation techniques that allow sharing of attack patterns not the raw data. This research will be performed by Agnik, Tresys, and University of Minnesota (UNM) Army High Performance Computing research Center. Agnik team has a strong track record in distributed and privacy preserving data mining. Tresys is a security company with strong record in working with several major governmental agencies dealing with national security. The UMN team has a strong record in building intrusion detection systems, including the MINDS IDS that is currently being deployed in more than sixty different army locations. Being a plug-in IDS PURSUIT has the commercial potential to be marketed to all organizations that currently use one or more IDS.

This proposal proposes development of PURSUIT, a cross-domain intrusion detection and prevention system that relies upon state-of-the-art privacy-preserving distributed data mining (PPDM) technology. PURSUIT has a distributed multi-agent architecture that supports formation of adhoc collaborative coalitions with due attention to security and privacy issues. PURSUITÀs foundation is based on different PPDM techniques such as k-ring of privacy, secured multiparty computation, and randomized transformations that allow privacy-sensitive sharing of attack patterns, not the raw data. This project will be performed by Agnik, Tresys, and University of Minnesota Army High Performance Computing research Center. The Agnik team has a strong track record in distributed and privacy preserving data mining. Tresys is a security company with strong record in working with many governmental agencies dealing with national security. The UMN team has a strong record in building intrusion detection systems, including the MINDS system. Since the PURSUIT links up available intrusion detection and prevention systems, it has the commercial potential to be marketed to all organizations that currently use such systems. An early PURSUIT coalition has already been set up and it includes organizations such as University of Illinois, SRI International, Purdue University, Ohio State University, and Stevens Institute of Technology.