• 
• 
• 
• 

Business Opportunities

Alert Trend Change Detection Tool (ATRaCT)

The Alert TRend Change Detection Tool, ATRaCT, is used by security analysts to automatically detect and display trends in intrusion detection system alerts that may indicate new threats. Network-based intrusion detection (ID) systems generally produce large numbers of alerts. The analyst responsible for monitoring these alerts often spends so much time analyzing each alert that he fails to see the large trends in alert levels, such as which alerts are becoming more common, or which alerts are no longer occurring. ATRaCT provides an overview of the current trends and alarms when significant trend changes occur. ATRaCT takes as input the alerts produced by Snort or other ID systems. It collects that data into hourly and daily segments, and stores the number of alerts and the number of source IP addresses causing alerts in each time period. The running mean and standard deviation are also calculated for each alert and time period. These data are used to create graphs showing the trends in the alerts, as well as to determine when to issue an alarm.

ATRaCT runs on either a Linux or Solaris workstation. It parses alerts in either the Snort format (Snort is an open source IDS in widespread use) or in IDMEF format (a standard of the IETF). Because the FAA uses Snort, this has been tested much more extensively. The output of ATRaCT is standard HTML pages, viewable by the analyst in any standard web browser. It requires several freely available support software packages, most notably the MySQL database, all of which are included in the package.

ATRaCT is available for licensing and commercialization from the developer, Massachusetts Institute of Technology, Lincoln Laboratory.

• Home
• About CTTSO
• Business Opportunities
• Technology Transition
• Contract Awards
• International Partners
• Contact Information
• Related Links
• Forums

2007 CTTSO Review Book (PDF)

CTTSO Employee Users Website and Security Notices | Privacy Policy | FOIA | USA.gov