In-situ trainable intrusion detection system
Abstract
A computer implemented method detects intrusions using a computer by analyzing network traffic. The method includes a semi-supervised learning module connected to a network node. The learning module uses labeled and unlabeled data to train a semi-supervised machine learning sensor. The method records events that include a feature set made up of unauthorized intrusions and benign computer requests. The method identifies at least some of the benign computer requests that occur during the recording of the events while treating the remainder of the data as unlabeled. The method trains the semi-supervised learning module at the network node in-situ, such that the semi-supervised learning modules may identify malicious traffic without relying on specific rules, signatures, or anomaly detection.
- Inventors:
- Issue Date:
- Research Org.:
- Oak Ridge National Laboratory (ORNL), Oak Ridge, TN (United States)
- Sponsoring Org.:
- USDOE
- OSTI Identifier:
- 1332095
- Patent Number(s):
- 9497204
- Application Number:
- 14/468,000
- Assignee:
- UT-Battelle, LLC (Oak Ridge, TN)
- Patent Classifications (CPCs):
-
G - PHYSICS G06 - COMPUTING G06N - COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- DOE Contract Number:
- AC05-00OR22725
- Resource Type:
- Patent
- Resource Relation:
- Patent File Date: 2014 Aug 25
- Country of Publication:
- United States
- Language:
- English
- Subject:
- 97 MATHEMATICS AND COMPUTING; 99 GENERAL AND MISCELLANEOUS
Citation Formats
Symons, Christopher T., Beaver, Justin M., Gillen, Rob, and Potok, Thomas E.. In-situ trainable intrusion detection system. United States: N. p., 2016.
Web.
Symons, Christopher T., Beaver, Justin M., Gillen, Rob, & Potok, Thomas E.. In-situ trainable intrusion detection system. United States.
Symons, Christopher T., Beaver, Justin M., Gillen, Rob, and Potok, Thomas E.. Tue .
"In-situ trainable intrusion detection system". United States. https://www.osti.gov/servlets/purl/1332095.
@article{osti_1332095,
title = {In-situ trainable intrusion detection system},
author = {Symons, Christopher T. and Beaver, Justin M. and Gillen, Rob and Potok, Thomas E.},
abstractNote = {A computer implemented method detects intrusions using a computer by analyzing network traffic. The method includes a semi-supervised learning module connected to a network node. The learning module uses labeled and unlabeled data to train a semi-supervised machine learning sensor. The method records events that include a feature set made up of unauthorized intrusions and benign computer requests. The method identifies at least some of the benign computer requests that occur during the recording of the events while treating the remainder of the data as unlabeled. The method trains the semi-supervised learning module at the network node in-situ, such that the semi-supervised learning modules may identify malicious traffic without relying on specific rules, signatures, or anomaly detection.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2016},
month = {11}
}
Works referenced in this record:
Computer intrusion detection system and method based on application monitoring
patent, February 2007
- Ghosh, Anup K.; Schatz, Michael; Michael, Christoph C.
- US Patent Document 7,181,768
System for intrusion detection and vulnerability assessment in a computer network using simulation and machine learning
patent, August 2010
- Benjamin, Paul
- US Patent Document 7,784,099
Semi-supervised learning based on semiparametric regularization
patent, September 2013
- Guo, Zhen; Zhang, Zhongfei
- US Patent Document 8,527,432
Anomaly detection system for enterprise network security
patent, August 2015
- Lin, Derek
- US Patent Document 9,112,895
Method and system for anomaly detection using a collective set of unsupervised machine-learning algorithms
patent-application, December 2007
- Lim, Keng Leng Albert
- US Patent Application 11/449533; 20070289013
Method and Apparatus for Automatic Online Detection and Classification of Anomalous Objects in a Data Stream
patent-application, August 2008
- Muller, Klaus-Robert; Laskov, Pavel; Tax, David
- US Patent Application 10/568217; 20080201278