Entity

Time filter

Source Type


Grant
Agency: Department of Homeland Security | Branch: | Program: SBIR | Phase: Phase II | Award Amount: 750.00K | Year: 2005

This proposal by CounterStorm, Inc. (formerly System Detection) concerns the second phase of research, development, and commercial release of Worminator, an innovative and effective approach to anonymously sharing and correlating security information in real-time. The overriding principle of Worminator is that cross-domain collaboration enhances accuracy and efficacy by enabling rapid detection of worms, zero-day exploits, and slow-and-stealthy attacks currently undetected by existing products. The overarching goal of this Phase 2 effort is to fully incorporate the Worminator technology into CounterStorm`s AntiWorm-1 commercial security product, providing an effective defense against emerging threats. CounterStorm`s Phase 1 effort oversaw the successful development and deployment of the first-generation Worminator architecture at commercial and academic sites. Using Worminator to correlate alerts from CounterStorm¿s Surveillance Detection Engine, we demonstrated a dramatic reduction in the alert stream, yielding a manageable number of actionable alarms. This Phase 2 effort is organized into four components. First, we will extend Worminator`s collaboration capabilities beyond the sharing of attack source addresses. As a part of this effort, we will integrate Worminator with CounterStorm¿s Payload Anomaly Sensor (PAYL is the topic of another SBIR Phase 2 proposal). PAYL and Worminator together provide real-time sharing of automatically-generated content signatures to inoculate collaborating sites against attack. Second, we aim to support anonymous collaboration. Third, we plan a fully commercialized implementation of Worminator as an extension of CounterStorm¿s AntiWorm1 architecture. Finally, in collaboration with Columbia University, we plan to conduct a comprehensive study of real-world attack behaviors over time, including coverage, response rates, and efficiency under different exchange algorithms. Incorporation of the Worminator technology enhances AntiWorm-1 by allowing rapid and anonymous sharing and correlation of threat information in real time, thus giving sites the ability to block malicious activity before it is seen locally.


Yue Z.,CAS Shanghai Institute of Technical Physics | Yue Z.,System Detection | Li F.-M.,CAS Shanghai Institute of Technical Physics | Li F.-M.,System Detection
Journal of Applied Optics | Year: 2014

Based on the characteristics that the infrared polarization image can restrain background noise greatly, and can be more sensitive to target edge information, a polarization image fusion algorithm based on wavelet transform is proposed. It is mainly used in image fusion between the infrared radiation intensity image and the polarization degree image in order to increase the amount of information of the image. First, wavelet transform can make different wavelet scaling decomposition in each involved image respectively, and get the wavelet coefficients of each scale. Second, it uses the method of neighborhood average gradient on each scaling wavelet coefficients to get each scaling wavelet fusion coefficients. Last, it makes image reconstruction based on wavelet transform to get fused image. The comparison between the images and fused images shows that this method can keep image clarity of the radiation intensity image, as well as highlight the edge and contour information. Compared to the radiation intensity image, the average gradient of fused images increases by 112%, while compared to the polarization degree image, the standard deviation of fused images increases by 151%, and the information entropy of fused images increases by 38%.


Ballarotti M.G.,National Institute for Space Research | Medeiros C.,National Institute for Space Research | Saba M.M.F.,National Institute for Space Research | Schulz W.,System Detection | Pinto Jr. O.,National Institute for Space Research
Journal of Geophysical Research: Atmospheres | Year: 2012

This paper presents some parameters of negative cloud-to-ground lightning flashes in terms of frequency distribution. All data are based on so-called "accurate-stroke-count studies" from different climatological regions in the world and were already published in the literature with the exception of our measurements. We used GPS synchronized data from two digital high-speed cameras (at 1-8,000 frames/sec). The parameters considered in this study are: (1) continuing current duration, (2) time intervals between strokes, (3) number of strokes per flash and (4) total flash duration. The analysis includes Berger's data of Monte San Salvatore (Switzerland), which is the basis for lightning protection standards. The comparison suggests that despite of overall agreement of those parameters that some of them, currently used in protection standards, should be revised in order to be more realistic. © 2012 by the American Geophysical Union.


Patent
System Detection | Date: 2011-04-20

The present disclosure provides an optical device for selecting specific matter, such as plant matter. The device comprises a light source for emitting light having at least (3) wavelengths and for generating a combined beam of light having the at least 3 wavelengths. The device further comprises an optical element for directing a plurality of light beams towards matter including the specific matter. The optical element has first surface portions through which in use the plurality of component light beams are directed to the matter including the specific matter. Each component light beam is directed through a respective first surface portion that has an optical property that is selected so that light intensity differences between the component light beams are reduced. The optical device also comprises an optical filter for filtering reflected component light beams such that an intensity of light is reduced in a wavelengths range outside one or more wavelengths ranges that include the at least three wavelengths. Further, the optical device comprises a detector for detecting the reflected component light beams.


Grant
Agency: Department of Homeland Security | Branch: | Program: SBIR | Phase: Phase II | Award Amount: 750.00K | Year: 2005

This proposal by CounterStorm Inc. (formerly System Detection) concerns the second phase for research, development and commercial release of a novel method to detect malicious code exploits in network traffic. The successful Phase 1 project led to several new innovations and improvements, and commercial development is under way. The PAYL Payload Anomaly Detection sensor will be completely implemented in the CounterStorm AntiWorm-1 product platform and introduced to commercial and government sites. New features of the PAYL anomalous payload detection sensor created under Phase 1 funding demonstrated highly accurate detection and generate signatures for zero-day worm exploits. Experimental evidence demonstrated that ¿site-specific models¿ trained and used for testing by PAYL can detect new worms with high accuracy in a collaborative security system. In Phase 2 we continue to build on a new approach that correlates ingress/egress payload alerts to identify the worm¿s initial propagation. The method also enables automatic signature generation very early in the worm¿s propagation stage. These signatures can be deployed immediately to network firewalls and content filters to proactively protect other hosts. Tests and evaluations of sensor performance are also proposed for Phase 2. Collaborative research and development by CounterStorm and Columbia University will address several basic problems dealing with handling encrypted content traffic and scaling the sensor to high speed network rates. Significant engineering activities are needed to embed solutions to these performance issues into the CounterStorm AntiWorm-1 Platform. The speed of gigabit networks strains the limits of what can be detected in real-time, especially when decrypting content flows. There are currently no Commercial Off-the-Shelf (COTS) solutions offered today that provide highly efficient content-based anomaly detectors operating on high-speed networks without packet loss. By overcoming these obstacles, we can provide the first effective content-based anomaly detection system to secure high speed networks. The CounterStorm AntiWorm-1 platform with PAYL technology improves accuracy for all worm detection and blocking. More importantly, PAYL facilitates the detection and blocking of non-scanning ¿zero-day¿ worms, adding a significant layer of security to critical IT infrastructures for commercial and government entities.

Discover hidden collaborations