Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF OCTOBER 12, 2018 FBO #6167
SPECIAL NOTICE

D -- Heartbeat - Cyber Anomaly Detection through Side-Channel Analysis of Periodic System Function Invocation

Notice Date
10/10/2018
 
Notice Type
Special Notice
 
NAICS
541519 — Other Computer Related Services
 
Contracting Office
Department of Energy, Oak Ridge National Laboratory - UT Battelle LLC (DOE Contractor), Oak Ridge National Laboratory, Bethel Valley Road, P.O. Box 2008, Oak Ridge, Tennessee, 37831-6192
 
ZIP Code
37831-6192
 
Solicitation Number
ORNL-TT-2018-06
 
Archive Date
1/15/2019
 
Point of Contact
Michael J Paulus, Phone: 8655741051, David Sims,
 
E-Mail Address
paulusmj@ornl.gov, simsdl@ornl.gov
(paulusmj@ornl.gov, simsdl@ornl.gov)
 
Small Business Set-Aside
N/A
 
Description
UT-Battelle, LLC, acting under its Prime Contract No. DE-AC05-00OR22725 with the U.S. Department of Energy (DOE) for the management and operation of Oak Ridge National Laboratory (ORNL), is seeking a commercialization partner(s) for a promising commercial technology entitled, "Heartbeat - Cyber Anomaly Detection through Side-Channel Analysis of Periodic System Function Invocation." Problem Malware infections and cyberattacks are escalating in frequency, sophistication, and severity, creating an urgent demand for next generation sensor and analysis technologies. In response to this, the cyber security market reached $150 billion in 2017. However, legacy signature or heuristics-based solutions are unable to keep up with the food of new polymorphic malware samples, or to address the powerful and stealthy tactics of kernel-level rootkits. Solution Heartbeat responds to this problem by focusing instead on the physical behavior of the device being protected, under the hypothesis that malware infection will produce a measurable change in the power consumption state of a device that can be picked up by an outside detector. All code execution uses power, so the execution of malware-especially polymorphic variants-will leave a trace on a power consumption record. The Heartbeat system collects power trace measurements directly from the hardware and so is invisible to malware and resilient to internet service interruption. By collecting power measurement data only during the periodic invocation of a single or of several system functions, Heartbeat will address several challenges that plague current anomaly-based intrusion detection systems and is operational-context agnostic. Impact Heartbeat will provide a significant market advantage to three main industries: threat intelligence, endpoint security, and unified threat management industries. First, Heartbeat will achieve efficiency, scalability, and flexibility by implementing a data collection process that has low computational requirements, is fast, and makes use of mechanisms- namely, system and API calls-that are present in almost all modern computing systems. Second, Heartbeat will achieve accuracy through execution-independent data collection and a flexible algorithm that is modular and analysis agnostic, permitting different analysis techniques for different device classes. Finally, because the Heartbeat data collection will require minimal configuration and user knowledge, Heartbeat will achieve ease of use and user friendliness. Intellectual Property · Tampering Detection Heartbeat; US Patent Application 62/506,170 · System and Method for Monitoring Power Consumption to Detect Malware; US Patent Application 62/506,114 · An Anomaly Detection Ensemble for Time Series Data; US Patent Application 62/608,750 Publications · J. M. Hernández, R. A. Bridges, J. A. Nichols, K. Goseva-Popstojanova, and S. Prowell, "Towards a Malware Detection Framework Based on Power Consumption Monitoring," Proc. of the 12th Annual Cyber and Information Security Research (CISR) Conference, Oak Ridge, TN, April 4-6, 2017. · J. M. Hernández, A. Ferber, S. Prowell, and L. Hively, "Phase-Space Detection of Cyber Events," Proc. of the 10th Annual Cyber and Information Security Research (CISR) Conference, Oak Ridge, TN, April 7-9, 2015. · S. J. Prowell and C. Rathgeb, "Statistical Fingerprinting for Malware Detection and Classification," US Patent 9,135,440, filed July 31, 2013. This technology was originally developed using federal funds and selected for further development under the laboratory's Technology Innovation Program (TIP). The ORNL TIP supports technology development using royalties from existing technology licenses to accelerate the market readiness of high potential technologies available for license. When a technology enters the ORNL TIP process, it is initially made unavailable for licensing to provide the R&D team with time to improve its marketability and to give prospective licensees time to evaluate its potential. When the technology has matured, typically 6-9 months after project start, ORNL issues a call for license applications. This call is announced via email and posted on FedBizOpps.gov approximately around Oct. 30, 2018. A TIP/TCF Showcase will be held at Oak Ridge National Laboratory on Oct. 18, 2018 and all technologies will offer presentations, laboratory tours, and time for questions on the technologies and licensing. A response date of Dec. 31, 2018 is required for your application to be considered. If more than one prospective partner seeks an exclusive license in the same field of use, the licensing applications are scored to objectively identify the prospective licensee most capable of commercializing the technology. Heartbeat - Cyber Anomaly Detection through Side-Channel Analysis of Periodic System Function Invocation ( summary, video ) ORNL Technology Innovation Program (TIP): https://www.ornl.gov/partnerships/technology-innovation-program How to license ORNL technologies: https://www.ornl.gov/partnerships/how-license-ornl-technologies https://www.ornl.gov/partnerships/licensing-guidelines https://www.ornl.gov/sites/default/files/license_application.pdf
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/DOE/ORNL/ORNL/ORNL-TT-2018-06/listing.html)
 
Place of Performance
Address: One Bethel Valley Road, Oak Ridge National Laboratory, Oak Ridge, Tennessee, 37831-619, United States
 
Record
SN05119315-W 20181012/181010230749-88ceb7a7d338dc1919b942f9ce54b1f3 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  © 1994-2020, Loren Data Corp.