May 10, 2016 -
According to a U.S. government request for proposal, Defense Advanced Research Projects Agency (DARPA) is soliciting innovative research proposals from IT providers in the area of cyber attribution.
The goal of the agency’s new “Enhanced Attribution” program is to develop technologies for generating operationally and tactically relevant information about multiple concurrent independent malicious cyber campaigns, involving several operators. The program will also seek the means to share such information with any of a number of interested parties without putting at risk the sources and methods used for collection.
DARPA is asking for proposed research from contractors that would “investigate innovative approaches that enable revolutionary advances in science, devices, or systems”. The Enhanced Attribution program will aim to make currently “opaque malicious cyber adversary actions and individual cyber operator attribution transparent by providing high-fidelity visibility into all aspects of malicious cyber operator actions, along with increasing the government’s ability to publicly reveal the actions of individual malicious cyber operators without damaging sources and methods”.
Specifically, the program will seek to develop: technologies to extract behavioral and physical biometrics from a range of devices and vantage points to consistently identify virtual personas and individual malicious cyber operators over time and across different endpoint devices and command and control infrastructures.
The program will also develop techniques to decompose the software tools and actions of malicious cyber operators into semantically rich and compressed knowledge representations. The program will also seek scalable techniques to fuse, manage, and project such ground-truth information over time, toward developing a full historical and current picture of malicious activity.
The program will also create algorithms for developing predictive behavioral profiles within the context of cyber campaigns; and technologies for validating and perhaps enriching this knowledge base with other sources of data, including public and commercial sources of information.
The Enhanced Attribution program’s ultimate objective will be to produce basic technologies and an integrated experimental prototype comprising an end-to-end data collection, fusion, analysis, along with an validation and enrichment engine.
Individual contracts for multiple technical areas are expected to be awarded. Winners will be expected to cooperate with one another. Proposals for the Enhanced Attribution project from IT vendors will be due June 7, 2016 at 12:00 noon ET.