Intrusion Detection using Object Access Graphs

Description:

Intrusion Detection Using Object Access Graphs

 

Timely detection and elimination of advanced mal-ware is a pressing concern to even the most modern computer network system. Consequently, intrusion detection is a very active area of research that continually evolves to combat mal-ware.

The objective of this technology is to provide defense mechanisms for cyber physical computer systems that will successfully address the threat of targeted attacks. It operates as a security software deployed within a critical infrastructure industrial computer network interacting with other industrial networks, business intelligence networks, or consumer systems. The system automatically extracts a library of functionalities fully describing normal operation of the network and hosts within the network. The resultant Customized Normalcy Profile is then utilized as the major component of an anomaly based Intrusion Detection System.

The technology is capable of detecting "low and slow" targeted attacks at the earliest stages of their deployment, manifesting themselves as "extracurricular" activities of the system processes, observed as anomalous functionalities. The technology is ideally suited for the deployment within limited access government/industrial networks running a fixed number of approved applications. It is suitable for immediate deployment within a Industrial Control Systems/SCADA type environment for the detection of cyber attacks and/or any unauthorized activity.

 

KEY ELEMENTS

 

 Creation of individual defenses for systems that could be targeted by information attack

 

 Capable of detecting any "extracurricular" activities, either malicious or benign

 

 Seamlessly upgraded normalcy profile

 

APPLICATIONS

 

 Development of customized normalcy profiles is for limited access computer networks, running approved, legitimate applications that include computer networks providing service for power plants, pow-er grid, various government facilities, etc.

 

ADVANTAGES

 

 Provides the basis for the creation of individual defenses for systems that could be targeted by specially designed information attack

 

 Capable of detecting any "extracurricular" activities, either malicious or benign, thus facilitating the detection of targeted attacks at their very early stages

 

 Addresses approved changes in the protected environment by seamlessly upgrading the normalcy profile

 

PATENTING

Patent strategy is currently under evaluation.

 

INVENTORS

 

Dr. Viktor Skormin is a Distinguished Service Professor of Electrical Engineering and Director/Founder of Center for Advanced Information Technologies at the State University of New York (SUNY) at Binghamton. His research/teaching focus includes modern control theory and applications (motion control, pointing-acquisition-tracking systems in laser com-munication, novel robotics-based gimbals systems, high-performance hybrid laser positioning systems); computer network/information security (biological approach to system information security, detection of self-replication in malicious codes, immunocomputing); mathematical modeling and system optimization; technical diagnostics system.

 

Dr. Andrey Dolgikh is a Research Scientist/Assistant at the State University of New York (SUNY) at Binghamton. His research interests include computer security, network security, security for industrial control systems (SCADA), robotics security, behavioral malware detection, data and graph mining.

 

 

Patent Information:
For Information, Contact:
Scott Hancock
Director, IP Management and Licensing
Binghamton University
(607) 777-5874
shancock@binghamton.edu
Inventors:
Andrey Dolgikh
Victor Skormin
Alexander Volynkin
Arnur Tokhtabayev
Keywords:
© 2017. All Rights Reserved. Powered by Inteum