Security Experts:

DARPA to Study Network Traffic to Stay Ahead of Attackers

The Defense Advanced Research Projects Agency (DARPA) has said that a new project will help the government make sense of the massive amounts of network data that’s collected, and use it to stay ahead of cyber attackers.

According to a news release from the think tank, traditional approaches to defending networks include firewalls on the perimeter, and patching holes as they are discovered. However, that doesn’t always work, and the larger the network the harder the process is. In addition, massive networks, such as those used by the Department of Defense (US DOD), makes the task almost impossible.

DARPA GlobeThus, DARPA researchers are seeking new approaches to the task, including one that focuses on knowing the “terrain within the network, and understanding how information across the enterprise is connected to find actions associated with an attack buried under or within all the normal data.”

The Cyber Targeted-Attack Analyzer program is DARPA’s latest endeavor, correlating all of a network’s data sources to understand how information is connected as the network grows and changes.

Performers for the program will address three challenges: Automatically indexing data sources on a network without human intervention; Integration of all data structures through a common language for security-related data, and; Development of tools to allow reasoning over the federated database

"The Cyber Targeted-Attack Analyzer program relies on a new approach to security, seeking to quickly understand the interconnections of the systems within a network without a human having to direct it," said Richard Guidorizzi, DARPA program manager.

"Cyber defenders should then be capable of more quickly discovering attacks hidden in normal activities."

This isn’t the first cybersecurity related project from DARPA. Previously, DARPA publically discussed a plan that will improve the government’s cyberwar capabilities, Plan X, and the VET program that will verify the security and functionality of commodity IT devices to ensure they are free of hidden backdoors and malicious functionality.

It is anticipated that the BAA for this effort will be posted to www.fbo.gov within the next month.

Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.