Dynamic defense and network randomization for computer systems
| DWPI Title: Method for improving security of network to attacks, involves routing data packet to device based upon original device address of device at switch responsive to identifying original device address of device |
| Abstract: The various technologies presented herein relate to determining a network attack is taking place, and further to adjust one or more network parameters such that the network becomes dynamically configured. A plurality of machine learning algorithms are configured to recognize an active attack pattern. Notification of the attack can be generated, and knowledge gained from the detected attack pattern can be utilized to improve the knowledge of the algorithms to detect a subsequent attack vector(s). Further, network settings and application communications can be dynamically randomized, wherein artificial diversity converts control systems into moving targets that help mitigate the early reconnaissance stages of an attack. An attack(s) based upon a known static address(es) of a critical infrastructure network device(s) can be mitigated by the dynamic randomization. Network parameters that can be randomized include IP addresses, application port numbers, paths data packets navigate through the network, application randomization, etc. |
| Use: Method for improving security of network to attacks. |
| Advantage: The information generated from processing both safe data packets and attack data packets as well as safe and unsafe system behaviors is reapplied to the framework, and the machine learning algorithms to retrain the framework thus, continuously improving the ability for the data analyzer component to recognize a subsequent attack vector. The first routing component determines based upon the identify the replacement parameter value and original parameter value pairing, the data packet is routed to a destination device. |
| Novelty: The method involves generating a second pair of addresses for the device on a local network, the second pair of addresses comprises the original address of the device and a second reconfigured address. The second reconfigured address is randomly generated. The second pair of addresses is distributed to a second switch on the local network to facilitate routing of a second data packet to the device. The original device address in the second data packet is replaced with the second reconfigured address, the second reconfigured address is different from the first reconfigured address. The second data packet having the second reconfigurable address is received at the second switch. The original device address of the device is identified based upon the second reconfigurable address in the second data packet. The second data packet is routed to the device based upon the original device address of the device responsive to the original device address of the device is identified. |
| Filed: 10/26/2015 |
| Application Number: US14923049A |
| Tech ID: SD 13240.1 |
| This invention was made with Government support under Contract No. DE-NA0003525 awarded by the United States Department of Energy/National Nuclear Security Administration. The Government has certain rights in the invention. |
| Data from Derwent World Patents Index, provided by Clarivate All rights reserved. Republication or redistribution of Clarivate content, including by framing or similar means, is prohibited without the prior written consent of Clarivate. Clarivate and its logo, as well as all other trademarks used herein are trademarks of their respective owners and used under license. |