Multi-Community Cyber Defense (MCCD)

Abstract

This program developed and demonstrated automated technologies enabling security devices to cooperatively respond to network intrusions across small-to-very-large-scale networks while spanning administrative domains. Theatre-wide network defense is achieved by enabling cooperative intrusion tracking and by sharing attack-related information and response recommendations between neighboring domains. This effort extended the Intruder Detection and Isolation Protocol (IDIP), which uses intrusion detection systems and cooperating boundary controllers within a single administrative domain to track network intruders to their origin and dynamically change network-level access control policies to stop the attacks in real-time. The focus of this effort was to develop, implement, and demonstrate enhancements to IDIP extending the intrusion tracing, response, and reporting mechanisms over organizational boundaries, enabling organizations to control the intrusion-related information they share and the degree of cooperation they provide, and to provide a policy-driven service that recommendations changes to local cooperation policies based on the threat status of neighboring communities. A real-time, strategic-level intrusion correlation engine was developed and demonstrated using the inter-community information sharing services to receive anomaly reports from neighboring communities, enabling early detection of widespread, stealthy scanning activities that would otherwise go undetected.

Document Details

Document Type

Technical Report

Publication Date

Nov 01, 2002

Accession Number

ADA408408

Entities

Tags