Network Security Section
Code 5544 is the Network Security Section in the Center for High Assurance Computer Systems Branch of the Information Technology Division.
Code 5544 provides the Navy's core in-house expertise in the research and development of Network Security solutions. Engineers work closely with the warfighter, Navy policy managers and other government agencies to develop network security architectures and solutions (e.g., components, toolkits, equipment, and systems) to meet Navy and joint service requirements. Code 5544 also performs in-house analyses and testing to evaluate current and emerging network security solutions and determine their applicability to Navy and DoD network security architectures. The major areas of work are listed as follows:
Computer Network Defense
Security Information and Event Management
- Development and implementation of high assurance systems to aggregate security data feeds from diverse sources across networks.
- Development of high assurance systems that normalize network-wide security data to provide a single, holistic view of network health and status.
- Optimization of existing network monitoring processes utilizing developed systems to increase the efficiency and area of coverage for the network security operator.
- Utilization of Business Intelligence framework to maximize the usefulness of historical and near real-time computer network defense data.
- Developed and implemented the first system of its kind to allow an enterprise to track threats/warnings over time to understand historical trends and their relation to current network state.
- Implementation of I/O separation of read-centric operations from write-centric optimized relational databases.
Slow and Low Intrusion Detection
- Development of capabilities utilizing existing security architecture platform to detect network misuse/compromises potentially indicative of an intrusion not visible to traditional network security appliances.
- Implementation of systems to dynamically and visually display the network topological/geographical location of actors, targets and hops of a detected intrusion.
Malicious Code Analysis
Static Reverse Code Engineering
- Analysis of malicious code (malware) via sophisticated analysis software developed in-house.
- Disassembly/Decompilation of low-level processor instructions to higher level pseudo-code to determine program structure and flow.
- Identification of communication protocols, communication endpoints (e.g. Hosts, Domains, IP Addresses, etc.), and command set capabilities within malware.
- Identification and defusal of built-in code obfuscation, executable packing algorithms, and other anti-forensic/anti-reversing techniques.
Dynamic Reverse Code Engineering
- Controlled execution of malicious code in secure, virtual environment to analyze runtime behavior.
- Step-by-step walkthrough of malware instructions for the purpose of identifying changes made to infected system and artifacts indicating infection.
- Identification and defusal of anti-debugging/anti-reversing techniques affecting malware runtime behavior.
- Analysis of network activity from infected system to confirm malware communication methods and endpoints.
- Compilation of malware research findings to provide incident responders and/or criminal investigators with an understanding of the malicious code.
- Identification of unique malware characteristics necessary for the detection malware on other systems.
- Scrutinization of coding techniques, language usage/proficiency, and file format properties to identify the level of code sophistication and potential origin.
Network Defense Software Development
- Application of knowledge of malicious code trends and concepts to provide support to protect Naval networks through the customization of existing security tools.
- Customization and maintenance of in-house malware analysis tools to incorporate new trends detected in malicious coding techniques.
Cross Domain Solutions
Research and Development
- Development of high assurance system to facilitate information sharing and decision-making across disjointed networks and data repositories (ML Web).
- Development of high assurance device to support chat across multiple domains (ML Chat).
- Development of device to support web-based information sharing across multiple domains (CoDS).
- Development of system to support Lotus Domino replication across one-way link (DORS).
- Design of future Navy and DoD Coalition security architectures
- Security assessment and review of proposed Coalition security architectures
- Accreditation process support for Navy and DoD Coalition security architectures.
- Configuration and policy guidance for cross domain solutions
- Penetration testing of existing and emerging cross domain systems