Dynamic defense and network randomization for computer systems

Title: Dynamic defense and network randomization for computer systems

Full Record
Other Related Research

Abstract

The various technologies presented herein relate to determining a network attack is taking place, and further to adjust one or more network parameters such that the network becomes dynamically configured. A plurality of machine learning algorithms are configured to recognize an active attack pattern. Notification of the attack can be generated, and knowledge gained from the detected attack pattern can be utilized to improve the knowledge of the algorithms to detect a subsequent attack vector(s). Further, network settings and application communications can be dynamically randomized, wherein artificial diversity converts control systems into moving targets that help mitigate the early reconnaissance stages of an attack. An attack(s) based upon a known static address(es) of a critical infrastructure network device(s) can be mitigated by the dynamic randomization. Network parameters that can be randomized include IP addresses, application port numbers, paths data packets navigate through the network, application randomization, etc.

Inventors:: Chavez, Adrian R.; Stout, William M. S.; Hamlet, Jason R.; Lee, Erik James; Martin, Mitchell Tyler

Issue Date:: 2018-05-29

Research Org.:: Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

Sponsoring Org.:: USDOE

OSTI Identifier:: 1452909

Patent Number(s):: 9,985,984

Application Number:: 14/923,049

Assignee:: National Technology & Engineering Solutions of Sandia, LLC (Albuquerque, NM) SNL-A

DOE Contract Number:: AC04-94AL85000

Resource Type:: Patent

Resource Relation:: Patent File Date: 2018 May 29

Country of Publication:: United States

Language:: English

Subject:: 97 MATHEMATICS AND COMPUTING

Citation Formats


                    Chavez, Adrian R., Stout, William M. S., Hamlet, Jason R., Lee, Erik James, and Martin, Mitchell Tyler. Dynamic defense and network randomization for computer systems.  United States: N. p., 2018. 
        Web.

Copy to clipboard


                    Chavez, Adrian R., Stout, William M. S., Hamlet, Jason R., Lee, Erik James, & Martin, Mitchell Tyler. Dynamic defense and network randomization for computer systems.  United States.

Copy to clipboard


                    Chavez, Adrian R., Stout, William M. S., Hamlet, Jason R., Lee, Erik James, and Martin, Mitchell Tyler. Tue .  
        "Dynamic defense and network randomization for computer systems".  United States.  https://www.osti.gov/servlets/purl/1452909.

Copy to clipboard


                    
@article{osti_1452909,

  title        = {Dynamic defense and network randomization for computer systems},

  author       = {Chavez, Adrian R. and Stout, William M. S. and Hamlet, Jason R. and Lee, Erik James and Martin, Mitchell Tyler},

  abstractNote = {The various technologies presented herein relate to determining a network attack is taking place, and further to adjust one or more network parameters such that the network becomes dynamically configured. A plurality of machine learning algorithms are configured to recognize an active attack pattern. Notification of the attack can be generated, and knowledge gained from the detected attack pattern can be utilized to improve the knowledge of the algorithms to detect a subsequent attack vector(s). Further, network settings and application communications can be dynamically randomized, wherein artificial diversity converts control systems into moving targets that help mitigate the early reconnaissance stages of an attack. An attack(s) based upon a known static address(es) of a critical infrastructure network device(s) can be mitigated by the dynamic randomization. Network parameters that can be randomized include IP addresses, application port numbers, paths data packets navigate through the network, application randomization, etc.},

  doi          = {},

  journal      = {},
number       = ,

  volume       = ,

  place        = {United States},

  year         = {2018},

  month        = {5}

}

Copy to clipboard

Patent:

View Patent

Save / Share:

Export Metadata

Save to My Library

Similar records in DOE Patents and OSTI.GOV collections:

Computer network defense system

Patent Urias, Vincent; Stout, William M. S.; Loverro, Caleb

A method and apparatus for protecting virtual machines. A computer system creates a copy of a group of the virtual machines in an operating network in a deception network to form a group of cloned virtual machines in the deception network when the group of the virtual machines is accessed by an adversary. The computer system creates an emulation of components from the operating network in the deception network. The components are accessible by the group of the cloned virtual machines as if the group of the cloned virtual machines was in the operating network. The computer system moves networkmore »« less
Full Text Available
Methods, systems, and computer program products for network firewall policy optimization

Patent Fulp, Errin W [Winston-Salem, NC]; Tarsa, Stephen J [Duxbury, MA]

Methods, systems, and computer program products for firewall policy optimization are disclosed. According to one method, a firewall policy including an ordered list of firewall rules is defined. For each rule, a probability indicating a likelihood of receiving a packet matching the rule is determined. The rules are sorted in order of non-increasing probability in a manner that preserves the firewall policy.
Full Text Available
Method, systems, and computer program products for implementing function-parallel network firewall

Patent Fulp, Errin W [Winston-Salem, NC]; Farley, Ryan J [Winston-Salem, NC]

Methods, systems, and computer program products for providing function-parallel firewalls are disclosed. According to one aspect, a function-parallel firewall includes a first firewall node for filtering received packets using a first portion of a rule set including a plurality of rules. The first portion includes less than all of the rules in the rule set. At least one second firewall node filters packets using a second portion of the rule set. The second portion includes at least one rule in the rule set that is not present in the first portion. The first and second portions together include all ofmore » the rules in the rule set.« less
Full Text Available
Network Randomization and Dynamic Defense for Critical Infrastructure Systems

Technical Report Chavez, Adrian R. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)]; Martin, Mitchell Tyler [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)]; Hamlet, Jason [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)]; ...

Critical Infrastructure control systems continue to foster predictable communication paths, static configurations, and unpatched systems that allow easy access to our nation's most critical assets. This makes them attractive targets for cyber intrusion. We seek to address these attack vectors by automatically randomizing network settings, randomizing applications on the end devices themselves, and dynamically defending these systems against active attacks. Applying these protective measures will convert control systems into moving targets that proactively defend themselves against attack. Sandia National Laboratories has led this effort by gathering operational and technical requirements from Tennessee Valley Authority (TVA) and performing research and developmentmore »« less
DOI: 10.2172/1179040

Full Text Available
Dynamic Defense and Network Randomization within Industrial Control Systems.

Conference Hamlet, Jason; Stout, William M.S.; Martin, Mitchell Tyler; ...

Abstract not provided.
Full Text Available

Similar Records