Network security is a key issue for the successful implementation of the ESnet and the collaborative/grid environment for DOE science. As identified by DOE, network security includes self-defensive networks, firewall compatibility across different domains, and user authentication and authorization. Of particular interest is defense against worms, a highly problematic and dangerous threat because they self propagate and can rapidly debilitate a high-speed network. This project will design a high accuracy Intrusion Detection (ID) system that can scale to detect anomalies in a large distributed high speed network. Emerging approaches in Computational Immunology (CI), which applies principles of the biological immune system to computation problems, will be used to protect the network fabric. Phase I will design a highly-automated multi-layered Intrusion Detection System (IDS) capable of detecting and arresting zero-day worms that have never before been encountered. It will incorporate a dedicated, high-speed packet preprocessor and software for analyzing packet anomalies. A prototype for a cooperative, highly-scalable IDS, which provides high-accuracy worm detection and defense strategies, will be designed in Phase II.
Commercial Applications and Other Benefits as described by the awardee: Commercial IDS systems typically exhibit accuracy problems and cannot accommodate normal changes in user activity, leading to a distinct danger that classified data will be compromised or vital communications capabilities will be impaired. As a result, widespread work disruptions could occur, or highly sensitive enterprise or military data could be leaked. The new worm detection software should overcome these problems. In addition to the government, two other potential sets of customers would
Benefit: (1) hardware networking vendors; and (2) the IT departments of enterprises, which have already procured hardware but are looking for security software
