DOE CODE   /    Search Results   /    Artificial Diversity and Defense Security (ADDSec)

Artificial Diversity and Defense Security (ADDSec)

RESOURCE

Project Landing Page
https://ip.sandia.gov/contact-form
https://doi.org/10.11578/dc.20210806.1

SAVE / SHARE



SNL Badge

Abstract

Artificial Diversity and Defense Security (ADDSec) machine learning algorithms are used to classify and cluster threats so that an appropriate response can be initiated as a mitigation strategy. The package includes an ensemble of machine learning algorithms such as Support Vector Machines, naïve bayes, logistic regression, and random forest that evolve with the data to recognize anomalous behavior at the host and network levels. Inputs into the machine learning algorithms include end host system calls, system utilization, packet captures, and syslog messages. The machine learning algorithms can be retrained based on user defined intervals or on the number of packets received. ADDSEC's threat responses include Internet Protocol (IP) Address randomization, application port number randomization, and application library randomization. The IP randomization implementation is built on top of a Software Defined Networking (SDN) framework. The SDN controller installs flows on each of the SDN switches with randomized source and destination IP addresses. The application port numbers are randomized using iptables. The application library randomization is created with a LLVM compiler. All randomization schemes are transparent to the endpoints on the network. Sandia National Laboratories is a multimission laboratory managed and operated by National Technology & Engineering Solutions of Sandia, LLC, a  More>>
Developers:
Cox, Rebecca [1][2][3] Martin, Mitchell [1][2][3] Chavez, Adrian [1][2][3] Hamlet, Jason [1][2][3] Lee, Erik [1][2][3] Stout, William [1][2][3]
  1. Sandia National Lab. (SNL-CA), Livermore, CA (United States)
  2. Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)
  3. Sandia National Laboratories (SNL), Albuquerque, NM, and Livermore, CA (United States)
Release Date:
2021-05-27
Project Type:
Closed Source
Software Type:
Scientific
Programming Languages:
Python
Version:
2.0
Sponsoring Org.:
Code ID:
61761
Site Accession Number:
SCR 2166.1
Research Org.:
Sandia National Laboratories (SNL-NM), Albuquerque, NM (United States)
Country of Origin:
United States

RESOURCE

Project Landing Page
https://ip.sandia.gov/contact-form
https://doi.org/10.11578/dc.20210806.1

SAVE / SHARE



SNL Badge

Citation Formats

Cox, Rebecca E., Martin, Mitchell T., Chavez, Adrian R., Hamlet, Jason, Lee, Erik, and Stout, William M. Artificial Diversity and Defense Security (ADDSec). Computer Software. USDOE. 27 May. 2021. Web. doi:10.11578/dc.20210806.1.
Cox, Rebecca E., Martin, Mitchell T., Chavez, Adrian R., Hamlet, Jason, Lee, Erik, & Stout, William M. (2021, May 27). Artificial Diversity and Defense Security (ADDSec). [Computer software]. https://doi.org/10.11578/dc.20210806.1.
Cox, Rebecca E., Martin, Mitchell T., Chavez, Adrian R., Hamlet, Jason, Lee, Erik, and Stout, William M. "Artificial Diversity and Defense Security (ADDSec)." Computer software. May 27, 2021. https://doi.org/10.11578/dc.20210806.1.
@misc{ doecode_61761,
title = {Artificial Diversity and Defense Security (ADDSec)},
author = {Cox, Rebecca E. and Martin, Mitchell T. and Chavez, Adrian R. and Hamlet, Jason and Lee, Erik and Stout, William M.},
abstractNote = {Artificial Diversity and Defense Security (ADDSec) machine learning algorithms are used to classify and cluster threats so that an appropriate response can be initiated as a mitigation strategy. The package includes an ensemble of machine learning algorithms such as Support Vector Machines, naïve bayes, logistic regression, and random forest that evolve with the data to recognize anomalous behavior at the host and network levels. Inputs into the machine learning algorithms include end host system calls, system utilization, packet captures, and syslog messages. The machine learning algorithms can be retrained based on user defined intervals or on the number of packets received. ADDSEC's threat responses include Internet Protocol (IP) Address randomization, application port number randomization, and application library randomization. The IP randomization implementation is built on top of a Software Defined Networking (SDN) framework. The SDN controller installs flows on each of the SDN switches with randomized source and destination IP addresses. The application port numbers are randomized using iptables. The application library randomization is created with a LLVM compiler. All randomization schemes are transparent to the endpoints on the network. Sandia National Laboratories is a multimission laboratory managed and operated by National Technology & Engineering Solutions of Sandia, LLC, a wholly owned subsidiary of Honeywell International Inc., for the U.S. Department of Energy’s National Nuclear Security Administration under contract DE-NA0003525. SAND2021-3379 O},
doi = {10.11578/dc.20210806.1},
url = {https://doi.org/10.11578/dc.20210806.1},
howpublished = {[Computer Software] \url{https://doi.org/10.11578/dc.20210806.1}},
year = {2021},
month = {may}
}