Browse Prior Art Database

Analytic Forecasting of Future Electronic Cyber Threats with Deep Learning and Coevolutionary Strategies

IP.com Disclosure Number: IPCOM000243925D
Publication Date: 2015-Oct-28
Document File: 5 page(s) / 154K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a method for analytic forecasting of future electronic cyber threats that applies deep learning and coevolutionary strategies. The method uses unconventional and external data, and the coevolutionary approach is to fuse Natural Language Processing (NLP), external, and internal security related data in order to produce accurate forecasting of threats to cyber security.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 48% of the total text.

Page 01 of 5

Analytic Forecasting of Future Electronic Cyber Threats with Deep Learning and Coevolutionary Strategies

Most current cyber security tools react to cyber-attacks in progress and perform a postmortem to understand the characteristics of the attacks. Common attacks include Denial of Service (DoS), Unauthorized Access, Port Scans, Malicious Code, Intellectual Property Destruction, and Intellectual Property theft. Cyber security solutions, technologies, and policies focus intrusion and infection prevention, detection, and alerting. System administrators need to know what is happening in the network or on internal systems in order to take some preventative or forensic action. The main concern how to prevent a malicious attack or, in the event an infection is already present, how to detect and remediate it.

Known cyber security tools and solutions include Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Security Information and Event Management (SIEMs), etc.); almost all employ rule and signature based analyses, rather than machine learning techniques, to look for known attack activities. These techniques have difficulty adapting in real-time to changing Advanced Persistent Threat (APT) attack vectors or to discovering new attack methods so that preventative action or real-time alerting can take place.

A system and method are needed for forecasting and classifying the cyber-attacks before such attacks occur in order to deter cyber criminals and ultimately create a secure computational infrastructure

Some alternative approaches come from various classes of Intrusion Detection Systems (IDS). IDSs are commonly classified into:


 Host-based (HIDS), used to monitor behavior on individual machines. HIDS are primarily log-based, but can also perform simple inspection of network traffic. Using an analogy, HIDS inspect "trees" very closely, but do not know anything about the "forest". HIDS can generate a tremendous amount of data for security analysts and hence are very powerful tools, but this also increases the burden on the security analyst to find the truly useful information out of the data that they generate.


 Network-based (NIDS), analyze large segments of network traffic. This is a common approach and features distributed sensors that use some sort of command, control, and communications node(s) to assess the importance of detections and report to security analysts or other systems/devices. Most NIDS classify traffic based on static rules or signatures created by a vendor analyst that are uploaded periodically to its rules tables. The benefit to this approach is that it is a real-time detection system. However, it usually requires a lot of storage and cannot detect attacks that have not already been classified by rules or signatures (a single bit change is adequate to foil signature-based detection).


 Hybrid systems are some combination of the other two and are not separately discussed here

1


Page 02 of 5

T...