Cyber Attacks, Zero-Day Attack Detection for Data Sanitization and Blocking Computer Network Attacks
Lead Inventor: Gabriela Cretu, PhD
Cyber Zero Day Attack Detection for Reduced Vulnerability Cyber attacks are modeled based on statistics drawn from traffic history, heuristics and known patterns. Zero day attacks are network attacks which occur before computer application vulnerabilities are known. Thus, there is a need to detect these intrusions.
Data Preparation Scheme for Computer Network Intrusion Detection Systems This technology is a data preparation scheme for computer network intrusion detection systems to improve unsupervised classification of normal versus anomalous traffic. Models of normal traffic are shared across cooperating networks in order to take advantage of different traffic patterns and novel zero-day attacks. Extensive testing demonstrates a tenfold improvement in data sanitization while intercepting all worms, leading to lighter network loads and fewer attacks.
Applications:
• Blocking network attacks without knowing vulnerabilities in advance
• Drastically reducing false-positives in attack modeling using a combination of statistics about traffic patterns and attack parameters. This eases the burden of a human operator monitoring suspicious traffic
• First known method that includes exchange of multi-system attack models to sanitize the training data of each participating network
Advantages:
• Software could be a front end to semi-supervised network security packages
• May possibly be useful in defending home broadband networks against zero-day attacks, for example to use consumer network traffic as part of analysis and then push out updated block lists to software firewalls
Cyber Zero Day Attack Detection for Reduced Vulnerability Cyber attacks are modeled based on statistics drawn from traffic history, heuristics and known patterns. Zero day attacks are network attacks which occur before computer application vulnerabilities are known. Thus, there is a need to detect these intrusions.
Data Preparation Scheme for Computer Network Intrusion Detection Systems This technology is a data preparation scheme for computer network intrusion detection systems to improve unsupervised classification of normal versus anomalous traffic. Models of normal traffic are shared across cooperating networks in order to take advantage of different traffic patterns and novel zero-day attacks. Extensive testing demonstrates a tenfold improvement in data sanitization while intercepting all worms, leading to lighter network loads and fewer attacks.
Applications:
• Blocking network attacks without knowing vulnerabilities in advance
• Drastically reducing false-positives in attack modeling using a combination of statistics about traffic patterns and attack parameters. This eases the burden of a human operator monitoring suspicious traffic
• First known method that includes exchange of multi-system attack models to sanitize the training data of each participating network
Advantages:
• Software could be a front end to semi-supervised network security packages
• May possibly be useful in defending home broadband networks against zero-day attacks, for example to use consumer network traffic as part of analysis and then push out updated block lists to software firewalls