|
• Overview
•
Publications
Fig. 1: Distributed
Framework
|
DIDAC is an integrated cyber
security framework for identifying and containing attacks within an
organizational network domain. This framework is distributed,
autonomous, and capable of detecting new attacks. It integrates
existing cyber security systems and provides a single picture of the
entire network, which allows real-time situational awareness of large
scale network systems. It consists of individual components for
host-level anomaly detection, attack source localization, and attack
containment. DIDAC was developed to address the sheer number
and sophistication of cyber attacks being made against our
nation’s critical computer networks and infrastructure. These
networks are being called upon to play a key role in processing, data
storage, monitoring and control of critical infrastructures such as
energy, transportation, and finance. Disruption of these networks can
have highly damaging affects on our Nation. Current cyber security
systems are not capable of protecting from all attacks or capable of
providing near real-time response. Host-based intrusion detection
systems are not sufficient to protect these networks due to the sheer
volume, distributed nature of data, and real-time response
requirements. Further current systems and technologies only detect
known attacks. The DIDAC technologies overcome these
limitations.
- S. Batsell, N. Rao, and M.
Shankar. "Distributed Intrusion Detection and Attack Containment for
Organizational Cyber Security." (PDF).
|
