Self-learning security system for computer networks

July 9, 2009

Cyber attacks on computer networks are becoming increasingly commonplace. To counter the threat, they are protected by so-called network intrusion detection systems. But these fail to identify some attacks, or do not spot them until it is too late. To improve matters, Damiano Bolzoni of the University of Twente (The Netherlands) has developed a system which paves the way for a new generation of network security. This forms the subject of his doctorate, awarded by the Faculty of Electrical Engineering, Mathematics and Computer Science on 25 June.

A network intrusion detection system (NIDS) is like a kind of virus scanner, but for an entire network rather than a single computer. There are two types. The first draws upon a database of all known attacks, such as those attempted by computer hackers. It works by recognizing the ‘signatures’ of methods previously used. But this means that it will not at first spot a new and as yet unknown method.

The second kind of NIDS uses anomaly detection. In other words, it learns how the network is normally used and if it spots a deviation from this standard pattern it will alert the system administrator so that the suspected attack can be investigated. In practice, however, this type is not widely used because no really good systems are yet available commercially.

Bolzoni has been trying to change that by developing a new anomaly detection NIDS, which he has named SilentDefense. His system is based upon self-learning algorithms, which make it far more accurate than existing systems of this kind. Moreover, the chance of ‘false positive’ alerts is about 1000 times lower than in the systems currently available.

The system is now being further developed by SecurityMatters, the company recently founded by Bolzoni and fellow researchers Emmanuele Zambon and Sandro Etalle. They expect to launch SilentDefense commercially in mid-2010.

In Bolzoni’s view, the ideal NIDS is not of one type or the other but combines the two. For that to be possible, however, a good system based upon anomaly detection first needs to become available.

Provided by University of Twente (news : web)

Rate this story - not rated yet

rank
1
2
3
4
5

view popular

Other News

Hackers leak e-mails, stoke climate debate

Technology / Internet

4 hours ago | 4.6 / 5 (10) | 4

(AP) -- Computer hackers have broken into a server at a well-respected climate change research center in Britain and posted hundreds of private e-mails and documents online - stoking debate over whether some scientists have ...

Pulling the plug on hybrid myths

Technology / Energy

Nov 19, 2009 | 3.8 / 5 (12) | 17

(PhysOrg.com) -- Whether you call them myths, urban legends, fables or old wives' tales, there's a lot of misinformation out there about plug-in electric hybrid vehicles. These vehicles, abbreviated PHEVs, ...

UK police make 2 Trojan computer virus arrests

Technology / Internet

Nov 18, 2009 | 5 / 5 (1) | 10

(AP) -- A couple suspected of helping spread some of the Internet's most aggressive computer viruses has been arrested in the English city of Manchester, police said Wednesday.

A sign marks the entrance to IBM Corporate Headquarters

IBM makes Big Blue cloud

Technology / Software

Nov 16, 2009 | 2.9 / 5 (8) | 8

IBM on Monday announced it has created the world's largest business computing "cloud" capable of holding an amount of digital data on a par with 250 billion iTunes songs.

Google's SPDY will speed up downloads

Technology / Internet

Nov 16, 2009 | 4.4 / 5 (16) | 7

(PhysOrg.com) -- As part of its effort to speed up the Web, Google is experimenting with SPDY, a new application layer protocol, that it hopes will speed up the conversation between browsers and Web servers ...