Open Competition 3 - Information Technology
Artificial Intelligence to Protect the US Critical Infrastructure: A Heuristic Firewall Research Project
Develop a revolutionary computer network firewall that augments conventional rule-based screening with behavior-based screening using sets of artificial neural networks to recognize malicious traffic on first attack.
Sponsor: TechGuard Security, LLC743 Spirit 40 Park Drive
Chesterfield, MO 63005-1121
With reported computer attacks increasing 20-fold since 1998, virtually all U.S. computer and telecommunication networks are vulnerable to cybercrime and cyberterrorism. Current firewall "choke points that screen incoming data--are hard-pressed to shield networks against a growing variety of ever more sophisticated threats. With this three-year project, TechGuard Security aims to bolster network security by combining current rule-based approaches with neural network technology--a "one-two punch" that the small company believes can counter even the most devious and dynamic of attacks and intrusions, such as viruses that can evolve continuously to disguise their identity and avoid detection. For initial screening, the anticipated hybrid will use a rule-based primary filter to block data forms it is programmed to reject, the sole means of defense in today's firewalls. Once the initial filter rejects easily detected malicious traffic, the data packets that are allowed to pass will be scrutinized by a neural network screen "trained" to inspect for patterns of malicious traffic, rejecting it on first encounter or shunting it aside for further analysis. Neural networks are designed to function much like the human brain. For example, they can extrapolate, predict, estimate, and generalize on the basis of patterns discerned from disparate pieces of data processed by different, but connected, nodes. Inputs from each node must be weighted for their relative importance. Among the major challenges that TechGuard faces is the difficult task of generating data sets and developing algorithms that train the neural network to recognize patterns of behavior among volumes of data assessed by numerous processing nodes. A single erroneous character in a training data set could result in a vulnerability to be exploited by a hacker. Also, the neural network screen must be retrained almost continuously, given the ever-changing nature of computer attacks. Success in achieving these and other technical objectives must be scaled up to the massive proportions of computer and telecommunications networks. Potential outside funders of TechGuard's technology-development efforts await further proof of the feasibility of artificial intelligence-based firewall technology. The venture-capital community is reluctant to provide funding until a proof-of-concept is available. ATP funding will allow the company to break through the technical barriers and bring this technology to a point where it can be commercialized. Overt cyber attacks increased from 4,200 incidents in 1999 to 87,500 in 2002. Hacker attacks in 2001 caused an estimated $600 billion in losses to the U.S. economy. IT security expenditures are projected to be $21 billion in 2003. Vastly improved firewall technology has the potential to have enormous benefits for the U.S. economy and could significantly strengthen national defense and homeland security.