DARPA Wants to Find New Ways to Attribute Cyber Attacks
The Pentagon wants a better way to identify who is executing cyber attacks in the Defense Advanced Projects Agency’s (DARPA) new Broad Agency Announcement (BAA) called the Enhanced Attribution program.
It’s difficult to identify hackers in cyber attacks making it even harder for the military to quickly respond to attacks without knowing who executed it. DARPA issued the BAA to change that by “providing high-fidelity visibility into all aspects of malicious cyber operator actions” and allow the government to publicly identify the hackers without “damaging sources and methods,” according to the BAA writeup.
DARPA officials outlined what they wanted to develop through the Enhanced Attribution program below:
- Technologies to extract behavioral and physical biometrics from a range of devices and vantage points to consistently identify virtual personas and individual malicious cyber operators over time and across different endpoint devices and C2 infrastructures
- Techniques to decompose the software tools and actions of malicious cyber operators into semantically rich and compressed knowledge representations
- Scalable techniques to fuse, manage, and project such ground-truth information over time, toward developing a full historical and current picture of malicious activity
- Algorithms for developing predictive behavioral profiles within the context of cyber campaigns
- Technologies for validating and perhaps enriching this knowledge base with other sources of data, including public and commercial sources of information.
The proposal due date for the BAA is June 7, the same day as the BAA’s Closing Date. The program manager overseeing the BAA is Angelos Keromytis.
The program is broken down into three technical areas — Behavior and Activity Tracking and Summarization; Fusion and Predictive Analysis; and Validation and Enrichment.
Along with identifying who committed the cyber attack, DARPA emphasized that it wants developers to create ways to share the information without giving up how they identified the malicious attacks.
To learn more about the BAA, find it here on FedBizOpps.gov.