Slashdot Mirror
Military Spends $4.4M To Supersize Net Monitoring
coondoggie writes "Bigger, better, faster, more are the driving themes behind the advanced network monitoring technology BBN Technologies is building for the military.
The high-tech firm got a $4.4 million contract today from the Defense Advanced Research Projects Agency (DARPA) to develop novel, scalable attack detection algorithms; a flexible and expandable architecture for implementing and deploying the algorithms; and an execution environment for traffic inspection and algorithm execution. The network monitoring system is being developed under DARPA's Scalable Network Monitoring program which seeks to bolt down network security in the face of cyber attacks that have grown more subtle and sophisticated."
That sounds like a lot, but it did come with fries.
If brevity is the soul of wit, then how does one explain Twitter?
to cater the meetings to discuss the project.
Don't mess with The Phone Company. Piss them off and you'll be using two tin cans and a piece of string.
All that money, down the tubes.
Considering the requirements laid out in TFA, I am exceedingly dubious that they will come up with anything for this price tag. Also note this same company got $13 Million for a program to quickly translate documents for the military. I'm guessing that one will also go nowhere. Security and Translation are two notoriously difficult things to get right.
Ummm... Honestly it is a waste. 98% of malware is written for one platform. Windows. Which, as everyone who knows anything about technology knows, Windows is one big security hole. The money spent on blocking individual viruses could be better used in stopping flaws that allow viruses access.
Taxation is legalized theft, no more, no less.
The article doesn't say, but it seems logical that they would want the US military network to be able to handle both an attack like the one launched earlier this year against Georgia's internet infrastructure (likely by Russia) and the almost-certainly Russian-based one during actual armed conflict this week.
DoD has a budget of about $439.3 billion and DARPA gets $3.2 billion of that (according to Wikipedia). $4.4 million doesn't sound like that much out of that kind of budget, but I'd be interested in what they actually come up with. Doubt the general public will see anything created by this project for at least 10 years, though.
Wrong, wrong, wrong... Net Monitoring is one of those disciplines that has no end. Hackers, viruses, and Trojans are ever changing. New threats, sites, and IPs appear every day. It is much like chess: your opponent makes a move, you counter it, and he makes yet another move. No one's network is without its threats, no matter the manufacturer or operating system.
What do I base my statements on? I do network security full-time for about 50,000 users.
Yes *A* Mac virus, compare that with the *thousands* of current Windows viruses. Sure there is probably even *A* Linux virus or even *A* Plan9 virus, but most viruses are written for Windows and the fact that there are like 1 current virus for alternate OSes isn't as bad as the *thousands* of Windows ones.
Taxation is legalized theft, no more, no less.
That is lots of fundamental research we are talking about. I am no expert in network monitoring, but 4.4M to solve the following problems seems like peanuts:
Probability of detection of malicious traffic greater than 99% per attack launched
While some types of traffic are obviously not ham (say, spoofed IPs or syn scans), assigning intent to raw data flows requires nothing less than strong AI. Think of spam - anybody can fool a spam filter, no matter what filter, given enough time and motivation. You can also fool the human reading the mail, for that matter...
A false alarm rate while monitoring traffic of not more than one false alarm per day.
This makes a whitelist approach a lot harder. My guess is that any decent system will flag many, many things, and prioritize some over others. That way it is up to the network operator to dig deeper or not into each individual incident, using the program's classification as a starting point. I have no idea why email programs don't allow you to rank messages on "perceived spamminess" - it would make digging for false positives and negatives a lot easier...
Support capabilities at conventional gateway line speeds of 1Gbps in Phase I of the contract, while Phase II will demonstrate the scalability of this capability at gateway line speeds of 100Gbps.
This part, together with the "very high scalability" requirement, is the icing on the cake. It is impossible to detect complex threats in real-time, so the best bet would be to layer defenses. Very fast reflexes for certain behavior (say, DDOS), longer mulling times for patterns that are more deeply hidden (say, a covert channel somewhere).
In any case, 4.4M is peanuts to meet these goals at full strength. The most probable outcome is some fundamental research, partial successes, and another grant in a few years (possibly to a different team) to try to get further along the track.
There goes 90% of the internet today then.
Even 'knowledgeable' sites like /. haven't stepped up to the plate yet.
At least my side of the email traffic is, but pretty sure the other side isn't, since people still don't understand.
---- Booth was a patriot ----