Protection Without Detection: A Threat Mitigation Technique

Abstract

Networking systems and individual applications have traditionally been defended using signature-based tools that protect the perimeter, many times to the detriment of service, performance, and information flow. These tools require knowledge of both the system on which they run and the attack they are preventing. As such, by their very definition, they only account for what is known to be malicious and ignore the unknown. The unknown, or zero day threat, can occur when defenses have yet to be immunized via a signature or other identifier of the threat. In environments where execution of the mission is paramount, the networks and applications must perform their function of information delivery without endangering the enterprise or losing the salient information, even when facing zero day threats. In this paper we, describe a new defensive strategy that provides a means to more deliberately balance the oft mutually exclusive aspects of protection and availability. We call this new strategy Protection without Detection, since it focuses on network protection without sacrificing information availability. The current instantiation analyzes the data stream in real time as it passes through an in-line device. Critical files are recognized, and mission-specific trusted templates are applied as they are forwarded to their destination. The end result is a system which eliminates the opportunity for propagation of malicious or unnecessary payloads via the various containers that are inherent in the definition of standard file types. In some cases, this method sacrifices features or functionality that is typically inherent in these files. However, with the flexibility of the template approach, inclusion or exclusion of these features becomes a deliberate choice of the mission owners, based on their needs and amount of acceptable risk. The paper concludes with a discussion of future extensions and applications.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Apr 23, 2012
Accession Number
ADA634368

Entities

People

  • Joseph R. Mccoy
  • Joshua White
  • Paul Ratazzi

Organizations

  • Air Force Research Laboratory

Tags

Communities of Interest

  • Cyber
  • Human Systems
  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Air Force
  • Air Force Research Laboratories
  • Communication Systems
  • Computer Network Security
  • Data Analysis
  • Department Of Defense
  • Detection
  • Environment
  • Information Assurance
  • Information Systems
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Military Research
  • Network Protocols
  • Operating Systems
  • Standards

Fields of Study

  • Computer science

Readers

  • Critical Infrastructure Protection in CBRN and WMD Threats.
  • Database Systems and Applications
  • Systems Analysis and Design