SBIR Phase I: Transforming Incident Response: A Platform for High-Fidelity Network Forensics at Scale

SBIR 第一阶段：转变事件响应：大规模高保真网络取证平台

• 批准号: 1549386
• 负责人: Matthias Vallentin
• 金额: $ 14.99万
• 依托单位: Broala, LLC
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-01-01 至 2016-06-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1549386&HistoricalAwards=false
• 关键词: SBIR; Phase; Transforming; Incident; Response

The broader impact/commercial potential of this Small Business Innovation Research (SBIR) Phase I project concerns improving the security of the Internet, at a time when virtually all sectors of the U.S. economy depend on the safety and stability of that critical infrastructure. The commercialization of this innovation will benefit multiple sectors of the US economy, including government, defense, critical infrastructure, utilities, financial services, manufacturing, education, and research. By transforming the workflow of computer professionals who analyze and respond to cyber security incidents, this innovation will enable the nation's private and public organizations to respond to the rapidly-increasing levels of external threats much more quickly and effectively. The project will release the underlying core technology as open-source software to the public, making its capabilities freely available to the broader network security community, while exploiting the added value of tightly integrating the system into its existing product line to drive revenue. This Small Business Innovation Research (SBIR) Phase I project will develop an early prototype of a novel network forensics platform that provides highly interactive access to a long-term forensic archive of a customer's network activity. The platform will support real-time analysis of cyber events at a variety of scales and contexts by employing an efficient, compact representation of network events that enables a unified view of network activity at much finer granularity than with traditional products. The primary technical challenges for bringing the product to market include scaling current prototype technology into high-performance production-grade software, integrating it into an existing commercial appliance platform without impairing the performance of either, and designing an interactive user interface that supports forensic investigations effectively.

这项小型企业创新研究（SBIR）I阶段项目的更广泛的影响/商业潜力涉及改善互联网的安全性，而美国经济的所有部门几乎都取决于该关键基础设施的安全性和稳定性。这项创新的商业化将使美国经济的多个部门受益，包括政府，国防，关键基础设施，公用事业，金融服务，制造业，教育和研究。通过改变分析和响应网络安全事件的计算机专业人员的工作流程，这项创新将使国家的私人和公共组织能够更快，有效地对迅速增强的外部威胁的迅速响应。该项目将向公众发布基础核心技术作为开源软件，使其功能可自由地提供给更广泛的网络安全社区，同时利用将系统紧密整合到其现有产品线中以驱动收入的附加值。这项小型企业创新研究（SBIR）I阶段项目将开发一个新型网络取证平台的早期原型，该原型可提供高度互动的访问，以访问客户网络活动的长期法医档案。该平台将通过采用高效，紧凑的网络事件表示网络事件来支持对网络事件的实时分析，这比传统产品比传统产品更精细的网络活动视图。将产品推向市场的主要技术挑战包括将当前的原型技术扩展到高性能生产级软件中，将其集成到现有的商业设备平台中，而不会损害任何一个的性能，并设计一个有效地支持法医调查的交互式用户界面。