This project employs a massively parallel, low cost, low power, associative-memory pattern detection processor soon-to-market by a major semiconductor producer. Phase 1 will use a microprocessor emulator to develop, test, and analyze ?very large scale anomaly detectors? (developed under a prior SBIR project) organized in a 3-level hierarchical sense-making architecture of spatial, temporal, and correlative pattern detectors ? for employment at network endpoints. A fourth level in the sense-making hierarchy will be deferred until Phase 2, and provide cross-endpoint network-wide correlative pattern detection. The Phase 1 project has three principle objectives: 1) to establish performance and values of the very large scale anomaly detectors for detecting zero-day and advanced persistent threat attacks, and 2) to develop a semi-supervised learning process that converges on a sparse but sufficiently optimal pattern dictionary for each of the three levels in the hierarchy. and 3) to demonstrate capability to discover previously unseen attacks with high true positives and low false positives.
Keywords: Very Large Scale Anomaly Detection, Rare Occurrence Patterns, Advanced Persistent Threat, Zero Day Attack, Associative Memory Pattern Processor, Hierarchical Sense-Making
