Situ, A Cyber Attack Discovery Technology

Cyber Attack Discovery Technology

UT-Battelle, LLC, acting under its Prime Contract No. DE-AC05-00OR22725 with the U.S. Department of Energy (DOE) for the management and operation of the Oak Ridge National Laboratory (ORNL), is seeking end-users and commercial distributors for its Situ technology for real-time situational understanding and discovery of cyber-attacks.

Technology Summary

Situ is a scalable, real-time platform for discovering and explaining suspicious computer network behavior. Situ helps network operators discover and understand suspicious events that would otherwise go undetected. The technology reduces the huge volumes of raw network data to a smaller, manageable number of events that should be examined by human domain experts. By highlighting suspicious activity, Situ enables the discovery of novel attacks, but can also alert operators to insider threats, policy violations, misconfigurations, and new kinds of behavior that may require some investigation.

The technology is a multi-anomaly detection approach based on unsupervised, probabilistic modeling. Key to the approach is modeling events in different contexts or at multiple scales; each event is modeled and scored by multiple anomaly detectors to identify different kinds of anomalous behavior. The anomaly detectors update the behavior models online as new data are streamed into the system. Situ was selected for the DHS Cyber Security Division’s FY15 Transition to Practice program.

Compatible Operating Systems

Windows XP or later

Apple OS X 10.8 or later

Linux 2.6.23 or later

(Other platforms, such as FreeBSD and Linux on PowerPC, should work, but these have not been tested.)

Compatible Processors

Intel 64-bit

Intel 32-bit

Licensing

The software is currently offered under a 6-month, non-exclusive R&D license, which includes a 60-day, no-cost test and evaluation (T&E) period. If the $1,000 payment is not made within the 60-day T&E period, the license automatically terminates and you owe nothing. The R&D license also includes an option for a non-exclusive end-user license or distribution license. And if you exercise the option, the $1,000 payment will be applied towards the Situ end-user or distribution license fee.

Distribution license applications will be evaluated based on prospective partners' ability and commitment to successfully commercialize the technology, with a preference for United States-based businesses and small businesses.

The R&D/End-User license application is available under the Resources section below. If you prefer a Word version of the application, would like end-user license prices or a distribution license application, or have any other questions, contact David Sims, Commercialization Manager, Oak Ridge National Laboratory, simsdl@ornl.gov , 865-241-3808.

Resources

Fact Sheet

DHS Technology Overview Video

Video Demo (non-audio)

SPARK! Technology Forum Video

ORNL Situ Project Page

R&D/End-User License Application

Intellectual Property

Detection of Anomalous Events. US Patent: 9,361,463 issued June 7, 2016  

Real-Time Detection and Classification of Anomalous Events in Streaming Data. US Patent: 9,319,421 issued April 19, 2016 

Situ. US Copyright Registration: pending