CSE498, Collaborative Design, Fall 2016
Computer Science and Engineering
Michigan State University

Rook Security, based in Indianapolis, Indiana, is a managed threat response force that is dedicated to providing global IT security solutions that anticipate, manage and eliminate threats.

Among Rook's security solutions is the Anomaly Detection Suite (ADS) v1.0, which clients use to protect their networks against a wide range of cybersecurity threats. Through network traffic analysis, a specialized computer running patent-pending Rook software detects anomalies allowing action to be taken before an attack occurs. However, the recent advent of large-scale, cloud-based, virtual computing has created a need for a more distributed approach.

Our ADS v2.0 adds new capability by deploying highly specialized “intelligent” agents running on all of the client’s computers. These agents perform analysis locally, thus creating a distributed workload model. We’ve also added machine learning to detect attacks sooner and with greater accuracy.

In addition, ADS v2.0 includes a new web-based management dashboard providing real-time visual representations of detected anomalies, threat statistics, as well as information regarding agent health. The dashboard allows admins to deploy and configure agents remotely. It also ensures that analysts can quickly find and act upon infringing anomalies, as well as ensures that all agents are working properly.

Our ADS v2.0 agent software is written in C. Our ADS v2.0 dashboard is written in JavaScript using ReactJS and is supported by a RESTful Python web service, which leverages the Django framework.