Dynamic defense and network randomization for computer systems
Abstract
The various technologies presented herein relate to determining a network attack is taking place, and further to adjust one or more network parameters such that the network becomes dynamically configured. A plurality of machine learning algorithms are configured to recognize an active attack pattern. Notification of the attack can be generated, and knowledge gained from the detected attack pattern can be utilized to improve the knowledge of the algorithms to detect a subsequent attack vector(s). Further, network settings and application communications can be dynamically randomized, wherein artificial diversity converts control systems into moving targets that help mitigate the early reconnaissance stages of an attack. An attack(s) based upon a known static address(es) of a critical infrastructure network device(s) can be mitigated by the dynamic randomization. Network parameters that can be randomized include IP addresses, application port numbers, paths data packets navigate through the network, application randomization, etc.
- Inventors:
- Issue Date:
- Research Org.:
- Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)
- Sponsoring Org.:
- USDOE
- OSTI Identifier:
- 1452909
- Patent Number(s):
- 9985984
- Application Number:
- 14/923,049
- Assignee:
- National Technology & Engineering Solutions of Sandia, LLC (Albuquerque, NM)
- Patent Classifications (CPCs):
-
G - PHYSICS G06 - COMPUTING G06N - COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- DOE Contract Number:
- AC04-94AL85000
- Resource Type:
- Patent
- Resource Relation:
- Patent File Date: 2018 May 29
- Country of Publication:
- United States
- Language:
- English
- Subject:
- 97 MATHEMATICS AND COMPUTING
Citation Formats
Chavez, Adrian R., Stout, William M. S., Hamlet, Jason R., Lee, Erik James, and Martin, Mitchell Tyler. Dynamic defense and network randomization for computer systems. United States: N. p., 2018.
Web.
Chavez, Adrian R., Stout, William M. S., Hamlet, Jason R., Lee, Erik James, & Martin, Mitchell Tyler. Dynamic defense and network randomization for computer systems. United States.
Chavez, Adrian R., Stout, William M. S., Hamlet, Jason R., Lee, Erik James, and Martin, Mitchell Tyler. Tue .
"Dynamic defense and network randomization for computer systems". United States. https://www.osti.gov/servlets/purl/1452909.
@article{osti_1452909,
title = {Dynamic defense and network randomization for computer systems},
author = {Chavez, Adrian R. and Stout, William M. S. and Hamlet, Jason R. and Lee, Erik James and Martin, Mitchell Tyler},
abstractNote = {The various technologies presented herein relate to determining a network attack is taking place, and further to adjust one or more network parameters such that the network becomes dynamically configured. A plurality of machine learning algorithms are configured to recognize an active attack pattern. Notification of the attack can be generated, and knowledge gained from the detected attack pattern can be utilized to improve the knowledge of the algorithms to detect a subsequent attack vector(s). Further, network settings and application communications can be dynamically randomized, wherein artificial diversity converts control systems into moving targets that help mitigate the early reconnaissance stages of an attack. An attack(s) based upon a known static address(es) of a critical infrastructure network device(s) can be mitigated by the dynamic randomization. Network parameters that can be randomized include IP addresses, application port numbers, paths data packets navigate through the network, application randomization, etc.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2018},
month = {5}
}
Works referenced in this record:
Method and apparatus for automatic filter generation and maintenance
patent, October 2008
- Foschiano, Marco; Paggen, Christophe; Kouzmitch, Andrei
- US Patent Document 7,434,254
System and method for remote network access
patent, December 2012
- Dispensa, Steve; Miller, Matt; Schroeder, Wayne W.
- US Patent Document 8,332,464
Systems and methods for computer network defense II
patent, June 2013
- Singhal, Tara Chand
- US Patent Document 8,464,334
Detecting and protecting against worm traffic on a network
patent-application, January 2005
- Bar, Anat Bremler; Touitou, Dan; Rivlin, Rami
- US Patent Document 10/774169; 20050021740
Information embedding method
patent-application, November 2005
- Bounkong, Stephane; Lowe, David; Saad, David
- US Patent Document 10/514619; 20050257099
Network threat detection and mitigation
patent-application, July 2007
- Elrod, Craig T.; Kashyap, Prakash
- US Patent Document 11/322942; 20070157306
White Listing DNS Top-Talkers
patent-application, August 2013
- Osterweil, Eric; McPherson, Danny
- US Patent Document 13/829634; 20130198803
Switch for Communicating Data in a Dynamic Computer Network
patent-application, November 2013
- Smith, Wayne B.; Powers, Charles; Knepper, Margaret
- US Patent Document 13/461022; 20130294446
Security Mediation for Dynamically Programmable Network
patent-application, March 2014
- Porras, Phillip A.; Fong, Martin W.; Yegneswaran, Vinod
- US Patent Document 13/801855; 20140075519
Mitigation Of Processing Loops In A Communication Network
patent-application, September 2014
- Khan, Sohel; Boone, Jon A.
- US Patent Document 14/046208; 20140280992
Method of Defending Against a Spoofing Attack by Using a Blocking Server
patent-application, October 2014
- Kim, Jun Seob; Jung, Woo Young
- US Patent Document 14/117131; 20140325651
System and Method for Distributed Flow State P2P Setup in Virtual Networks
patent-application, April 2016
- Nunes, Duarte; Ontanon, Guillermo
- US Patent Document 14/883016; 20160105471
Restricting Communications in Industrial Control
patent-application, September 2016
- Southerland, Derrick
- US Patent Document 15/028850; 20160269363
Multiattribute SCADA-Specific Intrusion Detection System for Power Networks
journal, June 2014
- Yang, Y.; McLaughlin, K.; Sezer, S.
- IEEE Transactions on Power Delivery, Vol. 29, Issue 3, p. 1092-1102
Defending against hitlist worms using network address space randomization
journal, August 2007
- Antonatos, S.; Akritidis, P.; Markatos, E. P.
- Computer Networks, Vol. 51, Issue 12, p. 3471-3490
Host Side Dynamic Reconfiguration with InfiniBand
conference, September 2010
- Guay, Wei Lin; Reinemo, Sven-Arne; Lysne, Olav
- 2010 IEEE International Conference on Cluster Computing
Improving Performance of Anomaly-Based IDS by Combining Multiple Classifiers
conference, July 2011
- Kishimoto, Kazuya; Yamaki, Hirofumi; Takakura, Hiroki
- 2011 IEEE/IPSJ International Symposium on Applications and the Internet
Nonparametric semi-supervised learning for network intrusion detection: combining performance improvements with realistic in-situ training
conference, January 2012
- Symons, Christopher T.; Beaver, Justin M.
- AISec '12 Proceedings of the 5th ACM workshop on Security and artificial intelligence, p. 49-58