In-situ trainable intrusion detection system

Title: In-situ trainable intrusion detection system

Full Record
Other Related Research

Abstract

A computer implemented method detects intrusions using a computer by analyzing network traffic. The method includes a semi-supervised learning module connected to a network node. The learning module uses labeled and unlabeled data to train a semi-supervised machine learning sensor. The method records events that include a feature set made up of unauthorized intrusions and benign computer requests. The method identifies at least some of the benign computer requests that occur during the recording of the events while treating the remainder of the data as unlabeled. The method trains the semi-supervised learning module at the network node in-situ, such that the semi-supervised learning modules may identify malicious traffic without relying on specific rules, signatures, or anomaly detection.

Inventors:: Symons, Christopher T.; Beaver, Justin M.; Gillen, Rob; Potok, Thomas E.

Issue Date:: 2016-11-15

Research Org.:: Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)

Sponsoring Org.:: USDOE

OSTI Identifier:: 1332095

Patent Number(s):: 9,497,204

Application Number:: 14/468,000

Assignee:: UT-Battelle, LLC (Oak Ridge, TN) ORNL

DOE Contract Number:: AC05-00OR22725

Resource Type:: Patent

Resource Relation:: Patent File Date: 2014 Aug 25

Country of Publication:: United States

Language:: English

Subject:: 97 MATHEMATICS AND COMPUTING; 99 GENERAL AND MISCELLANEOUS

Citation Formats


                    Symons, Christopher T., Beaver, Justin M., Gillen, Rob, and Potok, Thomas E. In-situ trainable intrusion detection system.  United States: N. p., 2016. 
        Web.

Copy to clipboard


                    Symons, Christopher T., Beaver, Justin M., Gillen, Rob, & Potok, Thomas E. In-situ trainable intrusion detection system.  United States.

Copy to clipboard


                    Symons, Christopher T., Beaver, Justin M., Gillen, Rob, and Potok, Thomas E. Tue .  
        "In-situ trainable intrusion detection system".  United States.  https://www.osti.gov/servlets/purl/1332095.

Copy to clipboard


                    
@article{osti_1332095,

  title        = {In-situ trainable intrusion detection system},

  author       = {Symons, Christopher T. and Beaver, Justin M. and Gillen, Rob and Potok, Thomas E.},

  abstractNote = {A computer implemented method detects intrusions using a computer by analyzing network traffic. The method includes a semi-supervised learning module connected to a network node. The learning module uses labeled and unlabeled data to train a semi-supervised machine learning sensor. The method records events that include a feature set made up of unauthorized intrusions and benign computer requests. The method identifies at least some of the benign computer requests that occur during the recording of the events while treating the remainder of the data as unlabeled. The method trains the semi-supervised learning module at the network node in-situ, such that the semi-supervised learning modules may identify malicious traffic without relying on specific rules, signatures, or anomaly detection.},

  doi          = {},

  journal      = {},
number       = ,

  volume       = ,

  place        = {United States},

  year         = {2016},

  month        = {11}

}

Copy to clipboard

Patent:

View Patent

Save / Share:

Export Metadata

Save to My Library

Similar records in DOE Patents and OSTI.GOV collections:

Intrusion detection using secure signatures

Patent Nelson, Trent Darnel; Haile, Jedediah

A method and device for intrusion detection using secure signatures comprising capturing network data. A search hash value, value employing at least one one-way function, is generated from the captured network data using a first hash function. The presence of a search hash value match in a secure signature table comprising search hash values and an encrypted rule is determined. After determining a search hash value match, a decryption key is generated from the captured network data using a second hash function, a hash function different form the first hash function. One or more of the encrypted rules of themore »« less
Full Text Available
Systems and methods for intrusion detection using GHz beams

Patent Russell, John L.; Prather, Dennis; Schuetz, Christopher

The present disclosure is directed to systems and methods that use 1 GHz to 1000 GHz sources and sensors to create an intrusion detection array that does not have the physical limitations of an Active IR sensor. The array is created by a plurality of wave sources and sensor pairs that form a plane of wave break beams. The plane detects an intruder as he/she passes through the beams.
Full Text Available
PLC backplane analyzer for field forensics and intrusion detection

Patent Mulder, John; Schwartz, Moses Daniel; Berg, Michael; ...

The various technologies presented herein relate to the determination of unexpected and/or malicious activity occurring between components communicatively coupled across a backplane. Control data, etc., can be intercepted at a backplane where the backplane facilitates communication between a controller and at least one device in an automation process. During interception of the control data, etc., a copy of the control data can be made, e.g., the original control data can be replicated to generate a copy of the original control data. The original control data can continue on to its destination, while the control data copy can be forwarded tomore »« less
Full Text Available
Seismic intrusion detector system

Patent Hawk, Hervey L. (Albuquerque, NM); Hawley, James G. (Albuquerque, NM); Portlock, John M. (Albuquerque, NM); ...

A system for monitoring man-associated seismic movements within a control area including a geophone for generating an electrical signal in response to seismic movement, a bandpass amplifier and threshold detector for eliminating unwanted signals, pulse counting system for counting and storing the number of seismic movements within the area, and a monitoring system operable on command having a variable frequency oscillator generating an audio frequency signal proportional to the number of said seismic movements.
Full Text Available
Distributed fiber optic moisture intrusion sensing system

Patent Weiss, Jonathan D. (Albuquerque, NM)

Method and system for monitoring and identifying moisture intrusion in soil such as is contained in landfills housing radioactive and/or hazardous waste. The invention utilizes the principle that moist or wet soil has a higher thermal conductance than dry soil. The invention employs optical time delay reflectometry in connection with a distributed temperature sensing system together with heating means in order to identify discrete areas within a volume of soil wherein temperature is lower. According to the invention an optical element and, optionally, a heating element may be included in a cable or other similar structure and arranged in amore »« less
Full Text Available

Similar Records