DARPA to Study Network Traffic to Stay Ahead of Attackers

DARPA GlobeThe Defense Advanced Research Projects Agency (DARPA) has said that a new project will help the government make sense of the massive amounts of network data that’s collected, and use it to stay ahead of cyber attackers.

According to a news release from the think tank, traditional approaches to defending networks include firewalls on the perimeter, and patching holes as they are discovered. However, that doesn’t always work, and the larger the network the harder the process is. In addition, massive networks, such as those used by the Department of Defense (US DOD), makes the task almost impossible.

DARPA researchers are seeking new approaches to the task, including one that focuses on knowing the “terrain within the network, and understanding how information across the enterprise is connected to find actions associated with an attack buried under or within all the normal data.”

The Cyber Targeted-Attack Analyzer program is DARPA’s latest endeavor, correlating all of a network’s data sources to understand how information is connected as the network grows and changes.

Performers for the program will address three challenges: Automatically indexing data sources on a network without human intervention; Integration of all data structures through a common language for security-related data, and; Development of tools to allow reasoning over the federated database

“The Cyber Targeted-Attack Analyzer program relies on a new approach to security, seeking to quickly understand the interconnections of the systems within a network without a human having to direct it,” said Richard Guidorizzi, DARPA program manager.

“Cyber defenders should then be capable of more quickly discovering attacks hidden in normal activities.”

This isn’t the first cybersecurity related project from DARPA. Previously, DARPA publicly discussed a plan that will improve the government’s cyberwar capabilities, Plan X, and the VET program that will verify the security and functionality of commodity IT devices to ensure they are free of hidden backdoors and malicious functionality.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of the author. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided "as-is". The author shall not be liable for any damages whatsoever arising out of the content or use of this blog.
%d bloggers like this: