To address the current national emergency, U.S. entities may be eligible to license select Sandia intellectual property at no cost for a limited time. Learn more.

Search/Browse Tech

ADDSec: Artificial Diversity & Defense Security


Networks and systems that monitor our grid or other critical infrastructure environments use predictable communications and static configurations, making them vulnerable to attack. Sandia researchers have developed a technology that automatically detects and responds to potential threats in under 1 millisecond—preventing an attack that can have a devastating impact on the nation’s economy and public health and safety.


Sandia’s detection approach is a set of machine learning algorithms that recognizes anomalous behavior and then subsequently classifies those anomalies into categories of attacks. Depending on the attack categorization, an appropriate response is activated to mitigate the detected threat. Our responses include several moving target defense strategies that modify the underlying environment so that the attack must be re-targeted by the adversary. The moving target defense strategies include randomizing Internet Protocol (IP) addresses, application port numbers, communication paths, and application library function locations. Our technology is being applied towards Industrial Control Systems (ICS), which requires real-time detection and response to maintain high levels of availability. For wide-scale industry adoption, our detection and response algorithms have been demonstrated to successfully inter-operate with several commercial and open source solutions currently available.


  • Real-time detection and response to threats (under 1 millisecond)
  • Automates network monitoring and surveillance
  • Utilizes a “moving target defense” approach to improve security
  • Proven on a representative industrial control system

Applications and Industries

  • Any critical infrastructure environment such as utilities and power grid, finance, and telecommunications

Additional Information

2019 R&D100 Award Winner - Software / Services

Intellectual Property

ID Number
Patent Number
Dynamic defense and network randomization for computer systems 13240.1 9,985,984 05/29/2018
Technology IDSD#13240Development StageProduction - Sandia estimates this technology at a Technology Readiness Level 6/7. Representative of the deliverable demonstrated in relevant environments.AvailabilityAvailablePublished03/29/2019Last Updated03/29/2019