Using this system, a variety of attacks will be detected. Upon an attack being launched, security components will alert each other of the attack and a component will be selected to initiate an automated response. Automated responses will vary with the attack but so far involve some sort of filtering of network packets.
The system described so far has been implemented and tested. Three different corporate entities have been brought together to produce the defense system: Boeing corporation, Trusted Information Systems, and UC Davis. Boeing has supplied the intelligent routers as well as the intruder detection and isolation protocol (IDIP) which enables the components to communicate. Trusted information systems has supplied a modified version of their firewall toolkit to work in this environment. And UC Davis has provided the intrusion detection system called the master intrustion detection system (MIDS).
The first contract was to build and test the system described. We have two new contracts to continue this work. The first contract will be to explore the idea of automated response and figure out what is an intelligent way to respond to reports of attacks. After all, we don't want the response to be more harmful than the attack itself. The second contract will be to harden this system, integrate it into other projects, and create a production quality defense system. This final system will be installed at various air force bases.
Contact person: Karl Levitt
levitt@cs.ucdavis.edu