By John Rhea
HERNDON, Va. — Engineers at Logicon, a Northrop Grumman company in Herndon, Va., are using probabilistic techniques for predicting equipment failures in a new system aimed at anticipating intrusions into computer networks.
These techniques were developed over the past 10 years by experts at the Defense Advanced Research Projects Agency (DARPA) in Arlington, Va.
The system, known as NEWS for network early warning system, uses a combination of data fusion, probabilistic forecasting, neural networks, and fuzzy logic to create a set of "self-learning tools," says Paul Zavidniak, a member of the technical staff at Logicon`s Tactical Systems Division in San Diego
Increasingly sophisticated hackers have developed new techniques that simple signature-based detection systems cannot counter, he explains. Hackers tend to attack as a group from distributed locations, rather than from a single point.
The pre-prototype NEWS demonstrated at the GovTechNet show in Washington in June is still strictly a man-in-the-loop system requiring experienced analysts to monitor suspected break-ins, Zavidniak adds. Still, Logicon officials are pushing the supporting technologies to create a set of countermeasures on a computer menu that experts could use to foil hacker attacks.
Logicon engineers completed a feasibility demonstration for the U.S. Air Force Information Warfare Battlelab at Kelly Air Force Base, Texas, earlier this year. The next step is to start working on a prototype with additional DARPA funding through the Air Force Research Laboratory Information Directorate in Rome, N.Y. Zavidniak says he expects that to happen toward the end of next year.
In the feasibility tests NEWS was able to identify the indicators (called precursors) that precede a coordinated attack and to recommend software solutions.
The software is basically Unix running on Sun workstations. By the time of the prototype phase Zavidniak says he also expects to use commercial off-the-shelf hardware in the prototype in preparation for developing a system that can be fielded with military units.
