Navy SBIR FY2014.1

Sol No.: Navy SBIR FY2014.1
Topic No.: N141-071
Topic Title: BONSAI
Proposal No.: N141-071-0556
Firm: Barnstorm Research Corporation
65 Bower St
Malden, Massachusetts 02148
Contact: Jorge Tierno
Phone: (339) 224-2562
Web Site:
Abstract: Security Information and Event Management (SIEM) systems are only able to support static analysis based on predefined event rules. Instead, a flexible user-programmable information triage approach is needed tha can process the volume, variety and velocity of all relevant internal and external data. Bonsai will provide security managers the ability to quickly craft data triage workflows using natural language expressions Bonsai will: + Guide the user to alternate between two broad categories of short natural language queries: ones that narrow collection and ones tha expand it. Alternating narrowing and expanding queries are naturally composable, and produce expressive sequences. + Translate into Language Integrated Query each natural language query in the sequence. LIQ was developed from strong mathematical foundations that guarantee composability, and can translate into most major databases, streaming data and unstructured data query frameworks We will demonstrate the value of Bonsai in relevant scenario such as a potential phishing attack. Bonsai will combine and triage textual sources (such as emails or webpages), structured sources such as networking logs and semistructured sources such as new threat information. To enhance commercialization potential, Bonsai will operate on the data in-situ, and will integrate its components using the http protocol and RESTful interfaces.
Benefits: Enable faster detection of network intrusions by making it easy for the front line IT security manager to quickly create new workflows to identify malicious operations.