Share Email Print

Proceedings Paper

Protection without detection: a threat mitigation technique
Author(s): Joshua White; Joseph R. McCoy; Paul Ratazzi
Format Member Price Non-Member Price
PDF $17.00 $21.00

Paper Abstract

Networking systems and individual applications have traditionally been defended using signature-based tools that protect the perimeter, many times to the detriment of service, performance, and information flow. These tools require knowledge of both the system on which they run and the attack they are preventing. As such, by their very definition, they only account for what is known to be malicious and ignore the unknown. The unknown, or zero day threat, can occur when defenses have yet to be immunized via a signature or other identifier of the threat. In environments where execution of the mission is paramount, the networks and applications must perform their function of information delivery without endangering the enterprise or losing the salient information, even when facing zero day threats. In this paper we, describe a new defensive strategy that provides a means to more deliberately balance the oft mutually exclusive aspects of protection and availability. We call this new strategy Protection without Detection, since it focuses on network protection without sacrificing information availability. The current instantiation analyzes the data stream in real time as it passes through an in-line device. Critical files are recognized, and mission-specific trusted templates are applied as they are forwarded to their destination. The end result is a system which eliminates the opportunity for propagation of malicious or unnecessary payloads via the various containers that are inherent in the definition of standard file types. In some cases, this method sacrifices features or functionality that is typically inherent in these files. However, with the flexibility of the template approach, inclusion or exclusion of these features becomes a deliberate choice of the mission owners, based on their needs and amount of acceptable risk. The paper concludes with a discussion of future extensions and applications.

Paper Details

Date Published: 3 May 2012
PDF: 7 pages
Proc. SPIE 8405, Defense Transformation and Net-Centric Systems 2012, 84050B (3 May 2012); doi: 10.1117/12.918272
Show Author Affiliations
Joshua White, Everis, Inc. (United States)
Joseph R. McCoy, Everis, Inc. (United States)
Paul Ratazzi, Air Force Research Lab. (United States)

Published in SPIE Proceedings Vol. 8405:
Defense Transformation and Net-Centric Systems 2012
Raja Suresh, Editor(s)

© SPIE. Terms of Use
Back to Top
Sign in to read the full article
Create a free SPIE account to get access to
premium articles and original research
Forgot your username?