Packet Forensics pursues DARPA trusted computing project to devise cyber security for network botnet attacks

Sept. 5, 2019
HACCS seeks to defend against sophisticated cyber security threats while maintaining privacy -- even if network operators are unaware of the infection.

ARLINGTON, Va. – Cyber security experts at Packet Forensics LLC in Virginia Beach, Va., will continue a U.S. military project to identify and eliminate botnet attacks, large-scale malware, and other trusted computing threats from compromised military devices and networks.

Officials of the U.S. Defense Advanced Research Projects Agency (DARPA) in Arlington, Va., announced a $10 million order to Packet Forensics last week for the DARPA Harnessing Autonomy for Countering Cyberadversary Systems (HACCS) research project.

HACCS seeks the ability to find and eliminate sophisticated cyber security threats in a scalable, timely, safe, and reliable manner, while maintaining privacy and other legal safeguards -- even if the owners of botnet-conscripted networks are unaware of the infection and are not participating in neutralization.

Packet Forensics originally won a $1.2 million HACCS contract on 4 Sept. 2018, and then won a $10 million modification to this contract later that month, and then another $10 million modification last week.

Related: DARPA awards contracts for XD3 cyber security project to counter denial of service attacks

Packet Forensics is developing the techniques and software necessary to measure the accuracy of identifying botnet-infected networks, the accuracy of identifying the type of devices residing in a trusted-computing network, and the stability of potential access vectors.

Kudu Dynamics LLC in Chantilly, Va.; Sotera Defense Solutions Inc. in Herndon, Va.; and to Aarno Labs LLC in Cambridge, Mass., also have been involved in the HACCS project.

Packet Forensics will measure the effectiveness of denying, degrading, and disrupting botnets and individual botnet implants without affecting the systems and networks where they reside.

Malicious actors can penetrate and use with impunity large numbers of devices owned and operated by third parties, DARPA officials say. Such collections of compromised devices, commonly referred to as botnets, are used for criminal, espionage, and computer network attack purposes -- sometimes all three.

Related: DARPA to brief industry on trusted computing project to safeguard computing systems from cyber attacks

Recent examples of botnets and self-propagating malcode include Mirai, Hidden Cobra, WannaCry, and Petya/NotPetya. The scale of their potential and actualized effects make such malware a national security threat. Yet improving the security posture of U.S. military networks alone is insufficient to counter such threats, DARPA officials say. Current incident response methods are too resource- and time-consuming to address the problem at scale.

Active defense methods are insufficiently precise and predictable in their behavior, posing a risk that the “fix” may cause processing issues or other side effects. This is where the HACCS program comes in.

Packet Forensics will identify and fingerprint not only botnet-conscripted networks to determine the presence of botnet implants, but also the number and types of devices present on said networks, and the software services running on these devices.

Related: Government urges defense companies to keep pace with rapid changes in trusted computing and cyber security

The company will generate non-disruptive software exploits for many known vulnerabilities that could establish initial presence in each botnet-conscripted network without affecting legitimate system functionality.

In addition, Packet Forensics will create software agents that autonomously navigate within botnet-conscripted networks, identify botnet implants, and neutralize them or otherwise curtail their ability to operate, while minimizing network side effects.

On this order Packet Forensics will do the work in Virginia Beach, Va., and should be finished by August 2020. For more information contact Packet Forensics online at www.packetforensics.com, or DARPA at www.darpa.mil.

About the Author

John Keller | Editor-in-Chief

John Keller is the Editor-in-Chief, Military & Aerospace Electronics Magazine--provides extensive coverage and analysis of enabling electronics and optoelectronic technologies in military, space and commercial aviation applications. John has been a member of the Military & Aerospace Electronics staff since 1989 and chief editor since 1995.

Voice your opinion!

To join the conversation, and become an exclusive member of Military Aerospace, create an account today!