Reflections on CATCH

I attended the Cybersecurity Applications and Technology Conference for Homeland Security conference on March 3-4, 2009 in Washington, DC. I had to leave on Sunday to escape the snowstorm but it was well worth the effort. The keynote speech American Crisis in Innovation by Pascal Levensohn was the most thought provoking presentation. (See related BusinessWeek blog.) Pascal articulated the broken ecosystem of innovation in USA, and argued forcefully about the need for promoting effective innovation partnerships between government and university research organizations, corporations, and entrepreneurs. Pascal quoted several statistics from Judy Estrin's book Closing the Innovation Gap. Estrin has empirically proven that America has relied too much on incremental innovation in recent years at the expense of the open-ended scientific research that eventually leads to truly breakthrough innovation. How true! NRL funded the development of GPS in 1970s when no one could foresee the applications it spawned today. How many American organizations are investing today in the GPSs of the future? More importantly, how many decision makers are heeding Levensohn's alarm? 

Another interesting session was the panel discussion on the second day. I was particularly impressed with the comments of DHS Cybersecurity Chief Rod Beckstrom, who called for the adoption of Web 2.0 platforms within the government and the development of a generalized model for sensorizing the Internet. I was sad to read that Rod Beckstrom resigned today. It's great loss for DHS.

Our presentation on Real-time Detection of Fast Flux Service Networks was received well. The presentation generated lots of questions, and considerable interest in our Fast Flux Monitor demo at the expo. Tina Williams of Unisys asked one of the more interesting questions: From the tens of thousands of IPs in your DB, what user segments (ISP, edu, enterprise...) have this problem? Is the solution policy or technology? There is no question that ISPs and universities in USA are most seriously inflicted with the fast flux problem. The enterprise has a botnet problem with its mobile workforce. The government has started doing a better job in protecting its machines being recruited into zombies. The solution is both technology and policy. You can't be aware of the problem without the technology. However, you still need to train your personnel for effective remedies.

One final note. Congratulations to Dr. Doug Maughan, who runs the cybersecurity R&D at DHS using a collaborative model. As Milcord, we have participated in this program for the last three years. Open collaboration did improve our botnet defense solution with the suggestions of our colleagues in this program. Collaborative research programs in information technology are rare within the government. I wish more Program Managers adopted such a philosophy.

Milcord presents FastFlux Botnet Intelligence service at CATCH Conference

Milcord, LLC. - WALTHAM, MA – Milcord LLC presented findings from and announced the launch of a Cyber Security Intelligence Web service that detects and monitors Fast Flux botnets at the CATCH (Cybersecurity Applications and Technology Conference for Homeland Security) Conference in Washington D.C. The Web service was developed under a Phase II STTR (Small Business Innovation Research – Technology Transfer) project funded by DHS Cyber S&T.  Milcord also received support from Sandia National Labs. The FastFlux Monitor service is a tool for cyber defenders in government and enterprises that detects and tracks the behavior of key components (domain names, IP addresses, domain name servers, ISPs) in fast flux botnets.  The service is available for evaluation and subscription. About Milcord: Since 2003 Milcord has been delivering knowledge management technologies and solutions for a range of applications including cyber defense, human and social modeling, geospatial intelligence, and information management. Milcord’s federal customers include Air Force Research Labs, Office of Naval Research, Army Research Labs, Army Geospatial Center, Office of Secretary of Defense, Department of Energy, and NASA.  For more information see

DHS Conference on Cyber Security (CATCH)

How can an organization defend against cybercrime enabled by botnets operating as fast flux service networks? Milcord will present its solution for "Real-time Detection of Fast Flux Service Networks" and botnets at the Cybersecurity Applications and Technology Conference for Homeland Security conference scheduled March 3-4, 2009 in Washington, DC. Very soon afterwards we'll be announcing the beta release of our new product Fast Flux Monitor that was the foundation for our research investigation.  To find out more about our research, visit the [[Botnet Defense]] project page.

Here's the abstract:

Here we present the first empirical study of
detecting and classifying fast flux service networks
(FFSNs) in real time. FFSNs exploit a network of
compromised machines (zombies) for illegal activities
such as spam, phishing and malware delivery using
DNS record manipulation techniques. Previous studies
have focused on actively monitoring these activities
over a large window (days, months) to detect such
FFSNs and measure their footprint. In this paper, we
present a Fast Flux Monitor (FFM) that can detect and
classify a FFSN in the order of minutes using both
active and passive DNS monitoring, which
complements long term surveillance of FFSNs.

Milcord extends Political Instability Task Force model to insurgency forecasting

Using the COIN and Stability Operations Field Manuals as a process model, Milcord's [[Predictive Societal Indicators of Radicalism]] (PSIR) analytical model predicts future radicalization based on current and historical societal indicators by finding the causal relationships between governance, economic, grievance, essential service indicators, and radicalization metrics. Find out more about our [[PSIR]] project.

Forecasting Traffic

Milcord extends its [[risk-based route planning]] solution to handle forecasted traffic patterns, social and cultural events. The model forecasts future environment from current conditions and historical data and optimizes the mission utility based on the forecasted conditions, thus enabling an agile capability for [[Sense and Respond Logistics]].

Commander's Learning Agent demo

Milcord demonstrates [[Commander's Learning Agent]]. The demonstration shows the capability of software agents to automatically capture the commander’s current mission, augment with contextual knowledge, and assign priorities to resources supporting the commander’s mission.

Battling Botnets

Dr. Alper Caglayan was quoted within Military Information Technology journal's recent issue in an article titled Battling Botnets: Whether the U.S. Military Should Establish Its Own Botnet Capability is Debatable, But Defending Against Them is a Necessity.

Some organizations have developed backlists of suspicious Web pages and sources of e-mail in order to protect their systems from malware, noted Alper Caglayan, a principal investigator at Milcord, a software solutions company.

A step further would be to restrict access to the system from all sources except those appearing on an approved list. “This would not allow anything on the computer unless it is registered with your organization and certified to be free of malware,” he said. “This eliminates the effort of trying to figure out whether something belongs on the blacklist or not.”

Click here to read the full article...

Personalized Web 2.0 Service for Authoritative Content

How can you separate authoritative content from the rest on the Internet? With support from the Department of Energy (DoE), Milcord announced a Web 2.0 Service that will accelerate discovery and collaboration in the R&D community by making it easier for scientists and researchers to collaborate and find authoritative and trusted sources of scientific blogs, podcasts, videos, and documents, and by making it easier for scientific publishers to syndicate their content. Find out more about our [[Personalized Web 2.0 Service for Authoritative Content]] project.

Milcord at 2007 Monterey Homeland Security Conference

Milcord exhibited its [[Botnet Defense|botnet defense]] technology in a poster session and presented a paper in the Infrastructure Protection session at the Naval Postgraduate School. The conference is a showcase for innovative research being performed at U.S. Academic and other research institutions, including National Laboratories and Federally Funded Research and Development Centers. [[Botnet Defense|more...]]

Milcord in C4ISR - The Journal of Network-Centric Warfare

Ross Stapleton-Gray discusses "How to Reclaim Computer Networks from Botnets" with particular insight into the cyber attack on Estonia.

Alper Caglayan is the principal investigator at Milcord LLC of Waltham, Mass., which, with the University of Wisconsin and its Wisconsin Advanced Internet Laboratory, was one of the HS-ARPA’s STTR awardees. Milcord’s approach is aimed at reducing the overall bot “ecosystem,” which would reduce their availability for use in attacks such as that conducted against the Estonian Internet sites.

“Our product probably would help Estonia indirectly,” Caglayan said. “If ISPs and corporate networks were using our product to detect and mitigate infected computers, the attacks on Estonia’s government resources would be much less effective. Our goal in this project is not so much to stop systems from being infected, but to detect the infection as soon as possible, then to mitigate the infection.”

Read more about our [[Botnet Defense]] project.

Milcord at MobiSensors'07

Milcord presented a position paper titled "A Commercial Perspective: Collaborating on Application Prototypes as anInfrastructure Provider"at the NSF Workshop on Data Management for Mobile Sensor Networks (MobiSensors).

Sensor data management and fusion is a technical component in a number of our projects across a range of applications and technologies, including: · Monitoring [[SPE|Earth Science]] Data – NASA · [[GEMI|Intelligent Video Surveillance]] – Army · Enemy [[Course of Action Forecasting|Course of Action]] Analysis – Army · Quality of Service in Tactical Networks – Air Force · [[Botnet Defense|Botnet Detection]] and Mitigation – DHS

StreamBase, Milcord team up on NASA data app

... Milcord and StreamBase collaborated to complete an initial phase of a research and development project sponsored by NASA. The project demonstrated the application of the StreamBase CEP software for processing oceanographic, atmospheric and meteorological data, StreamBase officials said ...

See Article on Mass High Tech issue November 6, 2006 and the Full Press Release from Streambase