Accession Number:

ADA625882

Title:

Automatic Identification & Mitigation of Unauthorized Information Leaking from Enterprise Networks

Descriptive Note:

Final rept. 10 Nov 2009-9 Nov 2013

Corporate Author:

SECURE COMMAND LLC CENTREVILLE VA

Report Date:

2012-11-27

Pagination or Media Count:

16.0

Abstract:

Malicious code such as spyware, adware, key loggers, Trojans, rootkits, botnets and other unauthorized software pose serious threats to the DoD enterprise as they may be used to collect information, provide access, respond to remote commands, and exfiltrate data. The goal of this project was to develop and evaluate novel mechanisms to classify and identify malicious software running in the enterprise by examining program network traffic and automatically generate the appropriate profiles of network behavior for each program, which we call application network behavior signatures. Where current approaches develop signatures of known attacks, our approach is to validate all outgoing network sessions based on their application network behavior signatures. Our approach is two pronged 1 we passively examine the network characteristics of applications using a set of transparent proxies located on the network edges that use packet fingerprinting algorithms, and 2 in addition to pure passive monitoring, we are developing active content challenge approaches to verifying the authenticity of programs sending outbound data.

Subject Categories:

  • Computer Programming and Software
  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE