ADDSec: Artificial Diversity & Defense Security

Networks and systems that monitor our grid and other critical infrastructure environments use predictable communications and static configurations that make them vulnerable to attack.

Sandia researchers have developed a technology that automatically detects and responds to potential threats in under 1 millisecond—preventing an attack that can have a devastating impact on the nation’s economy and public health and safety.

Sandia’s detection approach is a set of machine learning algorithms that recognizes anomalous behavior and then subsequently classifies those anomalies into categories of attacks. Depending on the attack categorization, an appropriate response is activated to mitigate the detected threat. Our responses include several moving target defense strategies that modify the underlying environment so that the attack must be re-targeted by the adversary. The moving target defense strategies include randomizing Internet Protocol (IP) addresses, application port numbers, communication paths, and application library function locations. Our technology is being applied towards Industrial Control Systems (ICS), which requires real-time detection and response to maintain high levels of availability. For wide-scale industry adoption, our detection and response algorithms have been demonstrated to successfully inter-operate with several commercial and open source solutions currently available.