Dynamic Quarantine of Computer-Based Worm Attacks

The goal of the Dynamic Quarantine of Worms is to develop dynamic quarantine defenses for U.S. military networks against large-scale malicious code attacks such as computer-based worms. The ever-growing sophistication of the malicious code threat has surpassed the ability of commercial industry to address this problem. As the U.S. military pushes forward with network-centric warfare, terrorists and other nation-states are likely to develop and employ malicious code to impede our ability to fight efficiently and effectively. This program will develop the capability to automatically detect and respond to worm-based attacks against military networks, provide advanced warning to other DoD enterprise networks, study and determine the worm's propagation and epidemiology, and provide off-line rapid response forensic analysis of malicious code to identify its capabilities, modalities, and future behavior. Further, the program will develop defenses against cyber attacks on mobile ad hoc network (MANET) systems that can to sense failures and attacks and auto-recover in real-time. Technical approaches include the automatic and dynamic quarantine response and forensics analysis of malicious code that will employ static and dynamic code analysis for program understanding. Defense Against Cyber Attacks on MANET Systems project under this program will develop the means to monitor and control the trustworthiness of distributed tactical applications used in network centric warfare operations. This program will develop technology to ensure network centric warfare systems are able to fulfill their mission in spite of cyber attacks such as computer worms unleashed on MANETs and runtime failures.