AUSTIN, Texas—Researchers at the Applied Research Laboratories at The University of Texas at Austin (ARL:UT) have developed a new line of defense to help protect e-commerce and other computer-based systems. The new system is called the Network Exploitation Detection Analyst Assistant (NEDAA), and it provides a method for detection of computer intrusion and misuse as they occur.
ARL:UT conducts programs of basic and applied research, development, engineering, testing and evaluation that are used by the U.S. Department of Defense and other government agencies.
ARL:UT’s Cyber Information Assurance and Decision Support Group (CIADS), led by Program Manager Sara Matzner, developed the NEDAA system. Matzner said ARL:UT houses one of the major national efforts sponsored by the U.S. government to detect computer intrusion.
Matzner explained that recent hacker attacks launched against major electronic commerce sites have called attention to the need to improve computer network security and to develop systems that detect security breaches rapidly. Matzner said the new system is significantly faster than those currently available.
“To grasp NEDAA’s potential, think of it in terms of a technology that can be expanded in a number of ways to protect computers by incorporating the knowledge of human experts in computer network security and artificial intelligence techniques,” Matzner said.
Matzner said her group, which is a part of ARL:UT’s Information Systems Laboratory, is evolving new ways to adapt and deploy NEDAA in the highly flexible manner referred to as plug-and-play implementation. Matzner said the system plugs in various combinations of artificial intelligence techniques coupled with the domain knowledge of human experts.
Matzner said the system can react while an attack is taking place. It also can detect past attacks through analysis of attack patterns. Matzner said NEDAA guards against network intrusions by assisting human analysts to filter through the large volumes of data traveling on computer networks.
“NEDAA employs advanced database access techniques and applies domain knowledge and artificial intelligence to perform that monitoring. At the same time, it can retrieve information about past attacks for forensic offline analysis,” Matzner said. Matzner added that the system “can prevent damage as it occurs. One of the main advantages of the NEDAA system is the speed and efficiency with which it can do this monitoring.”
Matzner said an initial system already has been installed at a military site. NEDAA also is being considered as a standard for several government installations.
Matzner said NEDAA’s plug-and-play capability means the system is ideally suited for adaptation to a wide variety of computer security applications, including those for e-commerce.
“The viability of e-commerce, already a major sector of the U.S. economy, depends upon the security and confidentiality of network transactions, which makes protecting e-business a critical priority,” she said. “Besides commerce, other components of critical infrastructure relying on electronic security include the nation’s financial, telecommunication and military networks.”
Matzner has worked at ARL:UT since 1986, starting in the Signal Physics Group in the area of underwater acoustics. She joined the Information Systems Laboratory at ARL:UT in 1997, when she began the development of the NEDAA and found government funding for the program. She now directs and manages the Cyber Information Assurance and Decision Support Group (CIADS) of 17 researchers in the development of expert systems for computer security.
Note to Editors: For more information, contact Sara Matzner, Information Systems Laboratory, Applied Research Laboratories at (512) 835-3176 or Dr. Clark S. Penrod, ARL:UT executive director (512) 835-3200. Photos are available from Marsha Miller at the Office of Public Affairs at marsha@opa.wwh.utexas.edu or on the Web at /opa/news/00newsreleases/nr_200004/nr_matzner.html.
