SBIR/STTR Award attributes
Detecting cyber attacks before they have the chance to damage or compromise high-value or mission-critical systems is of critical importance to the US Navy. While there are many defenses available against cyber attacks, many are narrowly focused or usable only at the system levels of the software stack. In particular, application-level software is frequently the target of attacks, and can be extremely difficult to protect for a variety of reasons we will discuss. More specifically, attacks that operate on the memory space of applications are common, effective, and hard to detect using current approaches. Our system for Detecting Anomalies in Application Memory Space (DAAMS) will provide attack-detection capabilities for applications’ memory space that extend state-of-the-art anomaly detection techniques. We complement these anomaly detectors with an intelligent scenario generator that generates a representative range of scenarios and inputs for the application to create offline learning data that we use to train our system how to detect normal and abnormal memory behavior during operations. This approach lets DAAMS detect memory-space anomalies without affecting the application’s mission-time performance.
