In-situ trainable intrusion detection system

Title: In-situ trainable intrusion detection system

Full Record
Other Related Research

Abstract

A computer implemented method detects intrusions using a computer by analyzing network traffic. The method includes a semi-supervised learning module connected to a network node. The learning module uses labeled and unlabeled data to train a semi-supervised machine learning sensor. The method records events that include a feature set made up of unauthorized intrusions and benign computer requests. The method identifies at least some of the benign computer requests that occur during the recording of the events while treating the remainder of the data as unlabeled. The method trains the semi-supervised learning module at the network node in-situ, such that the semi-supervised learning modules may identify malicious traffic without relying on specific rules, signatures, or anomaly detection.

Inventors:: Symons, Christopher T.; Beaver, Justin M.; Gillen, Rob; Potok, Thomas E.

Issue Date:: 2016-11-15

Research Org.:: Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)

Sponsoring Org.:: USDOE

OSTI Identifier:: 1332095

Patent Number(s):: 9,497,204

Application Number:: 14/468,000

Assignee:: UT-Battelle, LLC (Oak Ridge, TN)

DOE Contract Number:: AC05-00OR22725

Resource Type:: Patent

Resource Relation:: Patent File Date: 2014 Aug 25

Country of Publication:: United States

Language:: English

Subject:: 97 MATHEMATICS AND COMPUTING; 99 GENERAL AND MISCELLANEOUS

Citation Formats


                    Symons, Christopher T., Beaver, Justin M., Gillen, Rob, and Potok, Thomas E. In-situ trainable intrusion detection system.  United States: N. p., 2016. 
        Web.

Copy to clipboard


                    Symons, Christopher T., Beaver, Justin M., Gillen, Rob, & Potok, Thomas E. In-situ trainable intrusion detection system.  United States.

Copy to clipboard


                    Symons, Christopher T., Beaver, Justin M., Gillen, Rob, and Potok, Thomas E. Tue .  
        "In-situ trainable intrusion detection system".  United States.  https://www.osti.gov/servlets/purl/1332095.

Copy to clipboard


                    
@article{osti_1332095,

  title        = {In-situ trainable intrusion detection system},

  author       = {Symons, Christopher T. and Beaver, Justin M. and Gillen, Rob and Potok, Thomas E.},

  abstractNote = {A computer implemented method detects intrusions using a computer by analyzing network traffic. The method includes a semi-supervised learning module connected to a network node. The learning module uses labeled and unlabeled data to train a semi-supervised machine learning sensor. The method records events that include a feature set made up of unauthorized intrusions and benign computer requests. The method identifies at least some of the benign computer requests that occur during the recording of the events while treating the remainder of the data as unlabeled. The method trains the semi-supervised learning module at the network node in-situ, such that the semi-supervised learning modules may identify malicious traffic without relying on specific rules, signatures, or anomaly detection.},

  doi          = {},

  journal      = {},
number       = ,

  volume       = ,

  place        = {United States},

  year         = {2016},

  month        = {11}

}

Copy to clipboard

Patent:

View Patent

Save / Share:

Export Metadata

Save to My Library

Similar Records in DOE Patents and OSTI.GOV collections:

Intrusion detection apparatus, system and methods

Patent Jenkins, Chris; Roesler, Alexander

Described herein are various technologies for detection and mitigation of rogue terminal attacks on multiplex data buses. An intrusion detection device is incorporated between a bus controller and a bus of a multiplex data bus. The intrusion detection device receives message that are communicated among the bus controller and a plurality of remote terminals (by way of the bus). The intrusion detection device determines whether messages are unauthorized based upon origins of the messages and predefined rules. When a message is determined to be unauthorized, the intrusion detection device outputs a notification that the unauthorized message has been detected andmore » can block the unauthorized message.« less
Full Text Available
Hardware intrusion detection system

Patent Edwards, Nathan J.

An apparatus for intrusion detection includes processing circuitry, a switch, signal detection circuitry, and an analog-to-digital converter (“ADC”). The processing circuitry is coupled to send a challenge signal to a device when the device is coupled to the processing circuitry. The switch is coupled to be enabled and disabled by the processing circuitry. The switch is for coupling to the device to receive a response signal in response to the challenge signal sent by the processing circuitry. The signal detection circuitry is coupled to receive the response signal in via the switch, when the processing circuitry enables the switch. Themore »« less
Full Text Available
Systems and methods for intrusion detection using GHz beams

Patent Russell, John L.; Prather, Dennis; Schuetz, Christopher

The present disclosure is directed to systems and methods that use 1 GHz to 1000 GHz sources and sensors to create an intrusion detection array that does not have the physical limitations of an Active IR sensor. The array is created by a plurality of wave sources and sensor pairs that form a plane of wave break beams. The plane detects an intruder as he/she passes through the beams.
Full Text Available
PLC backplane analyzer for field forensics and intrusion detection

Patent Mulder, John; Schwartz, Moses Daniel; Berg, Michael; ...

The various technologies presented herein relate to the determination of unexpected and/or malicious activity occurring between components communicatively coupled across a backplane. Control data, etc., can be intercepted at a backplane where the backplane facilitates communication between a controller and at least one device in an automation process. During interception of the control data, etc., a copy of the control data can be made, e.g., the original control data can be replicated to generate a copy of the original control data. The original control data can continue on to its destination, while the control data copy can be forwarded tomore »« less
Full Text Available
Intrusion detection using secure signatures

Patent Nelson, Trent Darnel; Haile, Jedediah

A method and device for intrusion detection using secure signatures comprising capturing network data. A search hash value, value employing at least one one-way function, is generated from the captured network data using a first hash function. The presence of a search hash value match in a secure signature table comprising search hash values and an encrypted rule is determined. After determining a search hash value match, a decryption key is generated from the captured network data using a second hash function, a hash function different form the first hash function. One or more of the encrypted rules of themore »« less
Full Text Available

Similar Records