Archive for January, 2012

Self-Aware, Self-Defending Adaptive Network Appliance Software (SASDANAS)

Thursday, January 12th, 2012

On November 29, 2011, our consulting partner Ariston Consulting submitted a proposal to the US Air Force to develop a new form of defense for cyber assets using machine learning for cyber awareness and resilience.  This proposal was partially developed by ai-one in an effort to bring the most advanced machine learning technologies to the Air Force at the lowest possible cost. 

Our proposal (below) was in response to BAA Number  AFRL-PK-11-0001 as a Rapid Innovation Funding program. Our proposal met all four operational criteria yet was rejected on January 6, 2012 due to our lack of prior history with the US Air Force. The AF simply preferred to do business with a company that they knew rather than a new vendor.

However, on December 20, 2011 the Air Force released a request to build a system very similar to what we proposed to build below under the contract BAA-RIK-12-03. Both projects were issued by the Department of the Air Force, Air Force Materiel Command, AFRL – Rome Research Site, AFRL/Information Directorate, 26 Electronic Parkway, Rome, NY, 13441-4514.

We are not accusing the Air Force of any wrong doing nor is there any evidence that they copied and pasted our ideas into another BAA. Quite to the contrary, the Air Force is a big place and we are not the only people thinking of ways for networks to defend themselves using autonomic machine learning technologies. However, we feel that our technology can be deployed at very minimal cost compared to the budget provided in the BAA issued a month after we proposed a smaller, more rapid solution.

We think it is valuable to share this information with the public for several reasons:

  1. To publish our findings in a public forum to prevent any other party from obtaining a patent for cyber security applications or network defense applications using the approach described herein.
  2. To encourage major defense contractors to contact Ariston Consulting and to use ai-one’s biologically inspired intelligence in cyber security applications.
  3. To encourage the Air Force to consider reducing the budget allocated for BAA-RIK-12-03 by 90%. There is simply no business reason to spend 10-times what we proposed.

Title:     SASDANAS: A network that protects itself from cyber attacks.

BAA Number:  AFRL-PK-11-0001

Firm:         Ariston Consulting LLC

P.O. Box 1721

Sierra Vista, AZ 85636

http://www.aristonhq.com

Phone: (520) 378-6112

CAGE CODE: 61E85

Duration of Effort:         24 months

Estimated Cost of Effort:          $2,800,000

Self Certification of Applicant:   Service-Disabled Veteran-Owned Small Business (SDVOSB)

Air Force Need Area:  02. Cyberspace Superiority and Mission Assurance

Air Force Primary User:  24th Air Force Wing, San Antonio, TX

Programs/Platforms for Proposed Technology:

DoD-Reimbursed IR&D:  NO

Proposed Approach Relate to Prior DoD-Funded SBIR or STTR:  NO

Foreign Participants for Effort:  NO

Funded by DoD or Another Federal Agency: NO

Percentage of Effort

by Offerer:                    60%

by Others:                    40%

 Preferred Funding Instrument:    Contract

Technical POC:     Jonathan Woodruff, CEO, Ariston Consulting

Phone: 520.378.6112

Email:  jonathan.woodruff@aristonhq.com

 

Business POC:        Steve Mecham, COO, Ariston Consulting

Phone: 520.378.6112

Email: steve.mecham@aristonhq.com

 

Project Description/Objective:  SASDANAS: A network that protects itself from cyber attacks.

Ariston Consulting LLC proposes to develop a Self-Aware, Self-Defending Adaptive Network Appliance Software (SASDANAS) system that acts as an intelligent agent to monitor network activity, content and behavior to augment the capacity of human analysts to identify and counteract all forms of cyber threats.

Ariston Consulting is a Service-Disabled Veteran-Owned Small Business (SDVOSB) based in Sierra Vista, AZ, provides advanced technology testing and engineering solutions. Expertise and experience in providing non-personal scientific and engineering services to test Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance (C4ISR) systems in support of the US Air Force (USAF), US Army, and DISA.

SASDANAS is an intelligent agent that learns and understands the threat level posed by every byte-pattern across a network. The software system uses a new form of machine learning to monitor every detail of a network to identify and isolate cyber security threats – including malware, application high-jacking, sabotage and illicit access, hacking and unauthorized use. It enables the Air Force to make all cyber assets self-aware, self-protecting and adaptive to any external or internal threat. The approach eliminates the opportunity for zero-day attacks because it detects all anomalous packet behavior and content. Furthermore, SASDANAS provides the Air Force with a first-mover advantage as the system learns through use and thus becomes more intelligent over time.

SASDANAS is a 64-bit multithread, massively parallel application that is deployable through a REpresentational state transfer (REST) architecture. Each instance of SASDANAS may be deployed in series and/or in parallel. This architecture provides the USAF the greatest degree of flexibility when deploying into field operations. This approach enables the USAF to use SANDANAS in either: a) moving-windows approach to read every packet as it flows across the network; or, b) identifying threats by capturing an image of the topology of network at byte- or packet-level of detail to understand the behavior and content of network. Each instance of SASDANAS will have the capacity to understand up to 18 exabytes of data at a time. Speed of SASDANAS is dependent on available memory and processing capacity. When deployed in parallel, SASDANAS has the theoretical capacity to monitor the activity of the entire Internet.

Unlike current approaches to cyber security, SASDANA uses a new technology called a HoloSemantic DataSpace (HSDS) to detect, classify and store every byte pattern. The HSDS is thus able to recognize every packet’s behavior and content to determine if the byte-pattern conforms to expectations or is anomalous and therefore subject to further scrutiny to determine if it is a threat. The HSDS is an adaptive, associative network that detects the relationship of every byte that is fed into the system. Thus, the HSDS is capable of identifying both known threat patterns while concurrently identifying and isolating anomalous patterns that may signify a zero-day attack or non-compliant use of the network (e.g., sabotage).

The HSDS is a newly discovered form of neuronal network that mimics the neurophysiology of the neocortex. It is commercially trademarked as a “biologically inspired intelligence” and operates similar to a human brain. It learns autonomically by detecting byte-patterns at the moment of stimulation. The HSDS stores each unique byte pattern only once regardless of how many times it encounters that specific pattern. It registers and adjusts the semiotic value for each byte pattern each time it is stimulated – adjusting the size of the net automatically. It determines the semiotic value for each byte pattern with the following dimensions, each of which may have many values: time of stimulation, place of stimulation, syntax of surrounding byte patterns, and packet payload and addressing. Thus, the HSDS creates an n-dimensional representation of the semiotic value of every byte-pattern; thereby capturing every detail within the complexity of data.

The HSDS technology is commercially available from ai-one inc. since June 2011. It is currently in use at Orange (France Telecom) and more than 40 additional installation sites around the world. The commercial version of the HSDS is offered in three versions: Topic-Mapper to analyze human languages, graphalizer to analyze sensor data, and Ultra-Match to analyze visual images. The technology has been used by The Federal Criminal Police Office of Germany (Bundeskriminalamt or BKA) to build a crime scene analysis tool for the Swiss Federal Department of Justice and Police (Eidgenössische Justiz- und Polizeidepartement or EJPD). The commercial versions of HSDS have a technology readiness level (TRL) of 9. The TRL for the proposed customization of current HSDS COTS technology is 7. Ariston Consulting will license ai-one’s technology to create a new software application to meet the unique needs of protecting USAF cyber assets.  The HSDS differs from current forms of neural networks, machine learning and artificial intelligence technologies in the following ways:

Transparency – HSDS generates a lightweight ontology (LWO) that adjusts dynamically with each passing byte (and/or packet). The LWO describes the relationship of every byte within the network. The LWO is machine generated, machine curated and accessible by humans.

Benefit: Humans can see how SASDANAS interprets the value and threat level of every packet.

 

Autonomic:  HSDS learns without any human intervention. It does not require any prior conditions or neighborhood functions. Rather, it automatically generates computational and data cells within the network as needed immediately upon network stimulation – just like the human brain.

Benefit: SASDANAS is objective and subject to cognitive biases that may distort threat detection.

 

Speed, Accuracy, Sensitivity: HSDS captures every detail regardless of the degree of complexity. In incremental learning situations, the proposed 64-bit architecture is expected to be at least 105 faster than latent Dirichlet allocation (LDA) or vectoring approaches such as COStf-idf.

Benefit: SASDANAS is very fast and accurate – even by neural net standards.

 

Trainability: The system can be trained and untrained by humans. It is aware of which patterns are learned through training and which patterns have been taught from humans.

Benefit: SASDANAS eliminates the risk of overtraining. It is flexible.

 

Compatible with Existing Technologies: The system is deployable using industry standard approaches as a cloud-based application.

Benefit: SASDANAS reduces the cost of maintaining and protecting cyber assets while extending their functionality.

Ariston Consulting proposes to build SASDANAS as a software proof-of-concept for further development as a hardware solution called Self-Aware, Self-Defending Adaptive Network Appliance Chipsets (SASDANACS). Based on preliminary tests of the core commercial technology, Ariston estimates that the hardware version will operate at least 10,000 times faster than the software version. This speed, combined with an estimated capacity of 18 exabytes per instance, enables the hardware version to monitor and protect cyber assets at wire-speed and at Internet scale.

SASDANA is deployable at any layer with network (from switch layers 1 through 7) and is compatible with known specifications for Wireless Network After Next (WNAN) as described in unclassified DARPA and AFRL reports. Its architecture provides the AF with a wide range of deployment options.

Approach:

Ariston Consulting LLC will adapt commercial-off-the-shelf (COTS) HSDS software from ai-one inc. to build SASDANA. Ariston Consulting has secured rights to license and modify technologies owned by ai-one inc.for the purpose of creating custom applications for agencies of the United States Government, including the Department of Defense.

Critical Need/JUPM Challenge Area Addressed:

02. Cyberspace Superiority and Mission Assurance

Benefits to the Warfighter:

Cyber security – Networks monitor and defend themselves.

Force leverage – SASDANA drastically increases the analytical capacity of human analysis.

Morale – SASDANA makes network security analysis and counter measures more interesting by eliminating mundane tasks.

Funding/Cost:              $2,800,000.

Program Plan:

a)     Period of Performance:  Not more than 24 months from commencement of contract for Phase 1.

i)      Ariston Consulting shall report progress on technical design, engineering and prototype development every 30 days throughout the project.

b)    Schedule – Total of 24 months:

i)      Detailed technical specification including use and test cases:  3 months

ii)     Technical development of software using Agile methodology: 12 months

iii)    Software testing: 3 months

iv)    Software revisions: 3 months

v)     Preparation and submission of final technical report: 3 months

c)     Deliverables:

i)      Scientific and Technical Reports every three (3) months, Final Report at conclusion

ii)     Funds and Man-hour Expenditure Report every three (3) months, Final Report at conclusion

iii)    Contract Status Report (CFSR)

iv)    Status Report

v)     Presentation Materials

vi)    Software: As proposed, on CD-ROM

d)    Metrics/Measure of Success:

i)      Ability to detect known malware compared to industry standard technology (e.g., McAfee).

ii)     Ability to detect unknown malware threat imposed by AFRL Red Team.

iii)    Ability to detect anomalous behavior of a packet within a network.

e)     Facilities/Equipment:

i)      All development will be completed at an Ariston consulting controlled Top Secret (TS) facility.

f)     Risk:

i)      Technical risk of SASDANAS is minimal as the technology currently is available for commercial use by ai-one inc. Ariston Consulting will mitigate risk by employing ai-one engineers to train Ariston staff, transfer knowledge and provide guidance based on commercial experience.

g)    Proposed Transition Plan:

i)      Technical data: Unlimited rights granted to USAF.

ii)     Non-commercial software (NCS): Unlimited rights granted for each additional instance of SASDANAS software shall be sold to the US Government.

iii)    NCS Documentation: Unlimited rights granted to USAF.

iv)    Commercial computer software rights: Not applicable. SASDANAS will be a modified version of ai-one technology that will not be commercially available.

v)     There are no restrictions on the use of a licensed instance of SASDANAS for use within the United States Air Force. The Air Force may deploy SASDANAS at its own discretion, in any manner it so chooses.

vi)    SASDANA’s application program interface (API) may be accessed by any entity authorized by the USAF.

h)     Other Key Participants:

i)      Commercial supplier of HSDS technology, software development kit and technical training:

ai-one inc. (a Delaware C-corporation)

Atten: Olin Hyde, Vice President

5711 La Jolla Blvd., La Jolla, CA 92037

Phone: 1-858-381-5897/Email: oh@ai-one.com