University of Southern California


DARPA-BAA-16-34: Enhanced Attribution


Proposers may only submit one proposal as lead institution to the Enhanced Attribution program. Each proposal may cover one or more technical areas. Proposers may include additional pages for each technical area addressed in the technical approach               
LOI:                                                   Not mentioned in proposal.
Internal Deadline:                         May 6, 2016, 5pm PDT
External Deadline:                      June 7, 2016, 12 pm EST
Award Information:                       
Type:  Grant
Estimated Number of Awards: Multiple awards are anticipated.
Anticipated Amount: The level of funding for individual awards made under this solicitation has not been predetermined and will depend on the quality of the proposals received and the availability of funds.

Cost Sharing:                                 Cost sharing is not required; however, it will be carefully considered where there is an applicable statutory condition relating to the selected funding instrument.

Submission Process:                    PIs must submit their application as a Limited Submission through the Office of Research Application Portal:

Materials to submit:

Link to Award:         

Who May Serve as PI:                  

All responsible sources capable of satisfying the Government’s needs may submit a proposal that shall be considered by DARPA. See more information in solicitation regarding eligibility of foreign participation and federally-funded research and development centers (FFRDCs) and government entities.


The program will develop techniques and tools for generating operationally and tactically relevant information about multiple concurrent independent malicious cyber campaigns, each involving several operators, and the means to share such information with any of a number of interested parties (e.g., as part of a response option). The program seeks to develop:

The Enhanced Attribution program will produce basic technologies and an integrated experimental prototype comprising an end-to-end data collection, fusion, analysis, and validation and enrichment engine.

The program is divided into three technical areas (TA) that will be working in parallel, starting at program kickoff, and will span three 18-month Phases.

TA1: Behavior and Activity Tracking and Summarization – Performers will develop technologies for network behavior and activity tracking and summarization.

TA2: Fusion and Predictive Analysis – Performers will develop technologies for fusion of TA1-generated data and for predictive analysis of malicious cyber operator activities, and will serve as the architect and integrator of the experimental prototype.

TA3: Validation and Enrichment –  Performers will focus on validation and enrichment of TA1- collected and TA2-fused data with non-sensitive information (e.g., publicly available data feeds) with the goal of generating a description of the malicious activities using only such data that the Government can publicly reveal in order to expose the actions of individual malicious cyber operators without damaging sources and methods.

Note: Task areas 2 and 3 require a special compartmentalized intelligence facility clearance.

Visit our Institutionally Limited Submission webpage for updates and other announcements.