|
Category |
Opportunity |
|
DoD Communities of Interest |
C4I |
|
Subject |
SBIR Opportunity: Accurate Passive Processes for Remote Analysis of Internal Structure via Externals (APPRAISE) |
|
Due Date |
29 June 2021 |
|
Government Organization |
Defense Advanced Research Projects Agency (DARPA) |
|
Description This SBO will open to proposals on May 07, 2021, and close at 12:00 p.m. ET on June 29, 2021. I. INTRODUCTION This SBO is issued under the Broad Agency Announcement (BAA) for SBIR/STTR, HR001121S0007. All proposals in response to the technical area(s) described herein will be submitted in accordance with the instructions provided under HR001121S0007, found here: https://beta.sam.gov/opp/d0cde4fb668d40b1982da8296d5349c0/view. II. TOPIC OVERVIEW a. Objective In addition to the increases in device counts, a consequence of connectivity for these devices is the network's reach into new locations and the ability for these devices to access network services, transforming the nature of the network edge. As user-facing services are Web-oriented, beyond simple Internet Protocol (IP) access, many IoT devices will use and must be accessible to Web services, requiring full participation in the network. Alarmingly, tools and analytic approaches necessary for diagnosing implementation and configuration errors, localizing performance problems, and monitoring and maintaining system robustness have not advanced apace. They scale poorly, create unwanted traffic, and perhaps most significantly, packet types used by their active probing are commonly deleted by packet filters, gateways, and firewalls. A major reason for this elision is probing as part of reconnaissance performed before a cyberattack. Accurate Passive Processes for Remote Analysis of Internal Structure via Externals (APPRAISE) seeks to close this analytic gap with novel approaches to passive collection and analysis of available external data. Successful APPRAISE proposals will identify how the proposed combinations of data and analytic techniques will provide high accuracy results within the context of specified use cases. b. Description The small devices comprising the IoT are being attached to networks, with a tidal wave of new devices envisioned for connection at the IoT edge via 5G networks, with counts in the tens of billions, with some estimates reaching counts of hundreds of billions [1]. Novel analytic approaches using passive data collection that may involve aggregation, Current approaches and tools had not progressed much beyond the primitive traceroute and ping, developed when the Internet was small in scale and consequently less burdened with malicious actors. Active probing, as used by these tools, sends Internet Control Message Protocol (ICMP) packets towards selected hosts and uses the replies to infer Tools such as nmap provide mechanisms for overcoming certain classes of filtering. Nmap, in addition, incorporates capabilities for identifying software and software configurations running on remote machines. Nmap, unlike traceroute and ping, is fundamentally a host diagnosis tool rather than a basis for a scalable analysis scheme. Consequently, tools needed by administrators, auditors, and security engineers have neither matured nor scaled with the global Internet or even modern enterprise networks (which are likely to incorporate extensive private IoT capabilities). Even the most powerful analytic methods (such as bdrmap [2] (border map) and MAP-IT [3] (Multipass Accurate Passive Inferences from Traceroute), combined in bdrmapit [4]) rely on the vast collections of probe data gathered by (and available from) the Center for Applied Internet Data Analysis (CAIDA) [5]. Telemetry is, in principle, possible to collect passively as packets traverse routers. The increasing use of end-to-end encryption (such as SSL (Secure Sockets Layer)) inhibits the formerly useful approach of Deep Packet Inspection (DPI). Telemetry inside enterprise networks, once traffic is decrypted at a gateway or inside an enclave, remains available but is of limited use in analytics. It provides only very localized views of the network and is enterprise-specific. APPRAISE seeks proposals to close this analytic gap. Successful proposals will: (1) rely solely on passive collection to avoid adding network traffic and overcome the negative consequences of packet filtering; (2) use data readily available as a natural byproduct of normal network operations and without needing access to sensitive data internal to the system under analysis (e.g., decrypted data); and (3) provide very high accuracy results (perhaps in a form such as a network map with failing, misconfigured, compromised or illicit components identified) such that over time, more than 75% of distinct components (such as hosts and routers) and 75% of component interactions (such as data transfers) are included in the map. |
|
|
Website |
https://beta.sam.gov/opp/f62f73443777458ab15adcb366b1a8ab/view |
|
|
|
DARPA: SBIR Opportunity: Accurate Passive Processes for Remote Analysis of Internal Structure via Externals (APPRAISE)
Suspense Date: 29 June 2021 Description: The Defense Advanced Research Projects Agency (DARPA) Small Business Programs Office (SBPO) is issuing an SBIR/STTR Opportunity (SBO) inviting submissions of innovative research concepts in the technical domain(s) of Information Systems. In particular, DARPA is interested in understanding the feasibility of Accurate Passive Processes for Remote Analysis of Internal Structure via Externals (APPRAISE).