Galois Awarded Air Force Grant For Advanced Cyber Deception Technology
Award part of a growing number of Galois projects focused on helping organizations deploy safe, and cost-effective deception technology to deal with cyber threats.
Galois announced today that it has been awarded a $750,000 grant from the Air Force Research Lab (AFRL) to develop a new, advanced network cyber deception technology: Prattle. Prattle generates realistic traffic to tag adversaries monitoring network activity, mislead them about things they may have learned, and cause them to make mistakes that increase the likelihood of detection. The overall goal: to dramatically reduce the capabilities of an attacker that has gained a foothold on a network.
For the two-year SBIR Phase II grant, Galois and Tufts University will lead the research efforts into high fidelity network protocol emulation, while Galois’ subsidiary Formaltech, Inc. will serve as a subcontractor on the grant. Formaltech’s CyberChaff™ cyber deception system – which creates decoy devices on networks that appear as valid, active devices to attackers – will be one commercialization strategy and implementation target for the Prattle project. The other core team members are Fidelis Cybersecurity and PacStar, makers of cybersecurity and networking equipment optimized for defense and enterprise deployment. Their expertise will be used in an additional integration opportunity, in which Prattle is combined with classical defensive solutions to provide more effective traps for attackers.
In Phase I of the project, the project team showed how the Prattle prototype generates highly realistic traffic based on observations of local traffic. For example, Prattle was capable of creating user browsing sessions and encrypted protocol sessions that were extremely difficult to distinguish from real traffic, even for expert observers. The first capability can be used in practice to hide real user browsing traffic – including search histories – amongst a tide of false traffic, while the second can be used to direct adversaries towards attacking less-critical servers and honeypots. Phase II will focus on expanding the generation capability across a wider variety of protocols, and using “honey data” – data tailor-made to misdirect the attacker – to cause them to take some action that is to our advantage.
“The Air Force contract continues our focus on innovative network defense and cyber deception research, targeted at real-world applications,” said Adam Wick, research lead at Galois and principal investigator on the project. “The possible collaboration opportunities with Fidelis offer incredible synergies between classical defensive mechanisms and cyber deception, and the potential future integration with CyberChaff can create truly compelling deception campaigns for a fraction of the cost of traditional honeypots.”
To learn more about Prattle, visit https://galois.com/project/prattle
CyberChaff is available for enterprises and defense networks today, and complements initial Prattle technologies completed under an AFRL SBIR Phase I, also available today. To learn more about CyberChaff, visit www.cyberchaff.com.
Galois has been performing computer science research and development since 1999. With many of the world’s foremost experts in computer science and mathematics and a world-class team of programmers and engineers, Galois is uniquely positioned to take on the world’s most difficult challenges in computer science. Galois is a trusted partner in the defense and intelligence industries, proving the feasibility of cutting edge research as it applies to critical systems. Technology companies turn to Galois to build reliability, safety and security into their product development efforts from day one. For additional information, visit http://www.galois.com.
Approved for Public Release; Distribution Unlimited: 88ABW-2016-6325 & 20161208