Networks and systems that monitor our grid and other critical infrastructure environments use predictable communications and static configurations that make them vulnerable to attack.
Sandia researchers have developed a technology that automatically detects and responds to potential threats in under 1 millisecond—preventing an attack that can have a devastating impact on the nation’s economy and public health and safety.
Sandia’s detection approach is a set of machine learning algorithms that recognizes anomalous behavior and then subsequently classifies those anomalies into categories of attacks. Depending on the attack categorization, an appropriate response is activated to mitigate the detected threat. Our responses include several moving target defense strategies that modify the underlying environment so that the attack must be re-targeted by the adversary. The moving target defense strategies include randomizing Internet Protocol (IP) addresses, application port numbers, communication paths, and application library function locations. Our technology is being applied towards Industrial Control Systems (ICS), which requires real-time detection and response to maintain high levels of availability. For wide-scale industry adoption, our detection and response algorithms have been demonstrated to successfully inter-operate with several commercial and open source solutions currently available.
- Real-time detection and response to threats (under 1 millisecond)
- Automates network monitoring and surveillance
- Utilizes a “moving target defense” approach to improve security
- Proven on a representative industrial control system
- Any critical infrastructure environment such as utilities and power grid, finance, and telecommunications
- Cybersecurity researchers take spotlight at national showcase
Sandia National Laboratories media release (Friday, July 31, 2020)
- Sandia researchers honored with numerous awards in annual competition
Sandia National Laboratories media release (Thursday, November 21, 2019)
- R&D 100 Winner 2019
|ADDSec: Artificial Diversity & Defense Security||04/08/2020