Abstract: An intrusion detection method, system and computer-readable media are disclosed. The system can include a processor programmed to perform computer network intrusion detection. The intrusion detection can include an identification module and a detection module. The identification module can be adapted to perform semi-supervised machine learning to identify key components of a network attack and develop MDL models representing those attack components. The detection module can cluster the MDL models and use the clustered MDL models to classify network activity and detect polymorphic or zero-day attacks.

Abstract: A system and method are provided that distill an organization's information security plan into a detailed and unambiguous security object model. The developed security object model provides a visualization of complex relationships between individual elements and levels that is usable to carry into effect the organization's information security plan. Configuration control and a verifiable level of security compliance are provided through implementation of the organization's information security plan by the developed security object model. The developed security object model is hosted on a computing platform in communication with at least the organization's network to provide information security plan compliance, configuration control and gap analysis in a usable form to the organization.

Abstract: A method and apparatus that provides information assurance attributes through a data providence architecture is disclosed. The method may include receiving a message having a data provenance wrapper, examining each data provenance record of the message and any attachments for discrepancies, identifying any discrepancies in the examination of each data provenance record of the message and any attachments; calculating a degree of trust based on any discrepancies identified in the examination of each data provenance record of the message and any attachments, and outputting the degree of trust to the user.

Abstract: A system and method are provided that distill an organization's information security plan into a detailed and unambiguous security object model. The developed security object model provides a visualization of complex relationships between individual elements and levels that is usable to carry into effect the organization's information security plan. Configuration control and a verifiable level of security compliance are provided through implementation of the organization's information security plan by the developed security object model. The developed security object model is hosted on a computing platform in communication with at least the organization's network to provide information security plan compliance, configuration control and gap analysis in a usable form to the organization.

Abstract: A method and apparatus that simulates a workflow and analyzes the behavior of information assurance attributes through a data providence architecture is disclosed. The method may include injecting one or more faults into a simulated workflow, receiving a message in the simulated workflow having a data provenance wrapper, examining each data provenance record of the message and any attachments for discrepancies, identifying any discrepancies in the examination of each data provenance record of the message and any attachments; calculating a degree of trust based on any discrepancies identified in the examination of each data provenance record of the message and any attachments, analyzing the calculated degree of trust with respect to the one or more injected faults and the information assurance attributes, and outputting the analysis to a user.

Abstract: An intrusion detection method, system and computer-readable media are disclosed. The system can include a processor programmed to perform computer network intrusion detection. The intrusion detection can include an identification module and a detection module. The identification module can be adapted to perform semi-supervised machine learning to identify key components of a network attack and develop MDL models representing those attack components. The detection module can cluster the MDL models and use the clustered MDL models to classify network activity and detect polymorphic or zero-day attacks.

Abstract: A method and apparatus that monitors and analyzes degree of trust and information assurance attributes information in a data providence architecture workflow is disclosed. The method may include receiving a message having a data provenance wrapper, examining each data provenance record of the message and any attachments for discrepancies, identifying any discrepancies in the examination of each data provenance record of the message and any attachments; calculating a degree of trust based on any discrepancies identified in the examination of each data provenance record of the message and any attachments, and presenting the degree of trust and information assurance attributes information to the user on a display.

Abstract: A method and apparatus that generate a figure of merit for use in transmission of messages in a multi-level secure environment. The method may include receiving a message having a data provenance wrapper, examining each data provenance record of the message and any attachments for discrepancies, identifying any discrepancies in the examination of each data provenance record of the message and any attachments, generating a figure of merit based on objective and subjective information, substituting the figure of merit for the data provenance information, and transmitting the figure of merit with the message across the security domain.

Abstract: Systems and methods of verifying identity through the use of a plurality of identifying devices is provided. The identity information may be acquired electronically from a plurality of identity devices, which may include credit cards, cell phones, or other personal items fitted with wireless communicators such as RFID tags, for example. In various embodiments, the transaction may be approved or denied based on a number of factors, including the number identity devices, the types of identity information provided by the identity devices, and the level of security specified for the requested transaction.

Abstract: A method and apparatus that simulates a workflow and analyzes the behavior of information assurance attributes through a data providence architecture is disclosed. The method may include injecting one or more faults into a simulated workflow, receiving a message in the simulated workflow having a data provenance wrapper, examining each data provenance record of the message and any attachments for discrepancies, identifying any discrepancies in the examination of each data provenance record of the message and any attachments; calculating a degree of trust based on any discrepancies identified in the examination of each data provenance record of the message and any attachments, analyzing the calculated degree of trust with respect to the one or more injected faults and the information assurance attributes, and outputting the analysis to a user.

Abstract: A method and apparatus that generate a figure of merit for use in transmission of messages in a multi-level secure environment. The method may include receiving a message having a data provenance wrapper, examining each data provenance record of the message and any attachments for discrepancies, identifying any discrepancies in the examination of each data provenance record of the message and any attachments, generating a figure of merit based on objective and subjective information, substituting the figure of merit for the data provenance information, and transmitting the figure of merit with the message across the security domain.

Abstract: A method and apparatus that provides information assurance attributes through a data providence architecture is disclosed. The method may include receiving a message having a data provenance wrapper, examining each data provenance record of the message and any attachments for discrepancies, identifying any discrepancies in the examination of each data provenance record of the message and any attachments; calculating a degree of trust based on any discrepancies identified in the examination of each data provenance record of the message and any attachments, and outputting the degree of trust to the user.

Abstract: A method and apparatus that monitors and analyzes degree of trust and information assurance attributes information in a data providence architecture workflow is disclosed. The method may include receiving a message having a data provenance wrapper, examining each data provenance record of the message and any attachments for discrepancies, identifying any discrepancies in the examination of each data provenance record of the message and any attachments; calculating a degree of trust based on any discrepancies identified in the examination of each data provenance record of the message and any attachments, and presenting the degree of trust and information assurance attributes information to the user on a display.

Abstract: A system a wireless ad hoc network. The system includes a plurality of nodes and a plurality of protocols for governing transmission of data between the plurality of nodes. The operation of the protocols is quantified by a complexity metric for determining whether an external source has altered the operation of the system.

Abstract: A system a wireless ad hoc network. The system includes a plurality of nodes and a plurality of protocols for governing transmission of data between the plurality of nodes. The operation of the protocols is quantified by a complexity metric for determining whether an external source has altered the operation of the system.

Abstract: A system operates a wireless ad hoc network. The system includes a plurality of nodes and a plurality of packets for transmission between the plurality of nodes. The packets contain code for routing the packets between the plurality of nodes. The code adapts to a changing configuration of the plurality of nodes.