Elevated security execution mode for network-accessible devices
US-2024411878-A1 · Dec 12, 2024 · US
Dynamic defense and network randomization for computer systems
US9985984B1 · US · B1
| Field | Value |
|---|---|
| Publication number | US-9985984-B1 |
| Application number | US-201514923049-A |
| Country | US |
| Kind code | B1 |
| Filing date | Oct 26, 2015 |
| Priority date | Oct 27, 2014 |
| Publication date | May 29, 2018 |
| Grant date | May 29, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The various technologies presented herein relate to determining a network attack is taking place, and further to adjust one or more network parameters such that the network becomes dynamically configured. A plurality of machine learning algorithms are configured to recognize an active attack pattern. Notification of the attack can be generated, and knowledge gained from the detected attack pattern can be utilized to improve the knowledge of the algorithms to detect a subsequent attack vector(s). Further, network settings and application communications can be dynamically randomized, wherein artificial diversity converts control systems into moving targets that help mitigate the early reconnaissance stages of an attack. An attack(s) based upon a known static address(es) of a critical infrastructure network device(s) can be mitigated by the dynamic randomization. Network parameters that can be randomized include IP addresses, application port numbers, paths data packets navigate through the network, application randomization, etc.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for improving security of a network to attacks, the method comprising: repeatedly modifying addresses of a plurality of devices on a local network, wherein repeatedly modifying an address of a device in the plurality of devices comprises: generating a first pair of addresses for the device on the local network, wherein the first pair of addresses comprises an original address of the device and a first reconfigured address, wherein the first reconfigured address is randomly generated; distributing the first pair of addresses to a first switch on the local network to facilitate routing of a first data packet to the device, wherein the original device address in the first data packet has been replaced with the first reconfigured address, wherein the first reconfigured address is generated and distributed to the first switch to dynamically alter the address of the device on the local network, and further wherein the first reconfigured address is generated and distributed in accordance with one of a schedule having a defined configuration timing or a schedule having a random configuration timing; receiving, at the first switch, the first data packet having the first reconfigurable address; identifying, at the first switch, the original device address of the device based upon the first reconfigurable address in the first data packet; at the first switch, responsive to identifying the original device address of the device, routing the first data packet to the device based upon the original device address of the device; generating a second pair of addresses for the device on the local network, wherein the second pair of addresses comprises the original address of the device and a second reconfigured address, wherein the second reconfigured address is randomly generated; and distributing the second pair of addresses to a second switch on the local network to facilitate routing of a second data packet to the device, wherein the original device address in the second data packet has been replaced with the second reconfigured address, the second reconfigured address being different from the first reconfigured address; receiving, at the second switch, the second data packet having the second reconfigurable address; identifying, at the second switch, the original device address of the device based upon the second reconfigurable address in the second data packet; and at the second switch, responsive to identifying the original device address of the device, routing the second data packet to the device based upon the original device address of the device. 2. The method of claim 1 , wherein the local network is an industrial control network. 3. The method of claim 1 , further comprising: storing the first pair of addresses in a local database at the first switch; and determining, at the first switch, that the first data packet includes the first reconfigured address. 4. The method of claim 1 , wherein the first data packet originates from a second device, the second device is located on a regional network, the regional network is communicatively coupled to the local network, the method further comprising facilitating transmission of the first data packet from the second device on the regional network to the device on the local network. 5. The method of claim 1 , wherein the second reconfigured address is generated and distributed in response to receiving notification that an attack on the local network has been detected. 6. The method of claim 5 , wherein the attack notification is determined by a data analyzer, the data analyzer is located on a third switch, wherein the third switch is configured to route the second data packet from the second device to the device. 7. The method of claim 6 , wherein the data analyzer utilizes a machine learning algorithm to determine whether the second data packet includes expected data or unexpected data, wherein the unexpected data comprises the attack on the local network, or whether a behavior on the host device is normal or anomalous. 8. The method of claim 1 , wherein the first data packet is routed to the device via a first route in the local network, and the second data packet is routed to the device via a second route in the local network, wherein the first route and the second route are different. 9. A non-transitory computer-readable storage medium comprising instructions that, when executed by a processor, cause the processor to perform acts comprising: repeatedly reconfiguring addresses of a plurality of devices on a local area network, wherein reconfiguring an address for a device on the local area network comprises: generating a pair of addresses for the device on the local area network, wherein the pair of addresses comprises an original device address of the device and a first reconfigured device address, wherein the first reconfigured address is randomly generated; distributing the pair of addresses to a switch on the local area network to facilitate routing of a first data packet to the device, wherein the original device address in the first data packet has been replaced with the first reconfigured device address, wherein the first reconfigured address is generated and distributed to the switch to dynamically alter the address of the device on the local network, and further wherein the first reconfigured address is generated and distributed in accordance with one of a schedule having a defined configuration timing or a schedule having a random configuration timing; receiving, at the switch, the first data packet having the first reconfigurable address; identifying, at the switch, the original device address of the device based upon the first reconfigurable address in the first data packet; at the switch, responsive to identifying the original device address of the device, routing the first data packet to the device based upon the original device address of the device; subsequent to generating the pair of addresses, generating a second reconfigured device address for the device on the local area network, wherein the second reconfigured address is randomly generated, the second reconfigured address being different from the first reconfigured address; and distributing the second reconfigured device address to the switch on the local network to facilitate routing of a second data packet to the device, wherein the original device address in the second data packet has been replaced with the second reconfigured address; receiving, at the switch, the second data packet having the second reconfigurable address; identifying, at the switch, the original device address of the device based upon the second reconfigurable address in the second data packet; and at the switch, responsive to identifying the original device address of the device, routing the second data packet to the device based upon the original device address of the device. 10. The computer-readable storage medium of claim 9 , wherein the local area network is an industrial control network. 11. A system comprising: a configuration component configured to repeatedly reconfigure addresses of devices on a local network, wherein repeatedly reconfiguring an address of a device on the local network comprises: generating a first pair of addresses for the device on the local network, wherein the first pair of addresses comprises an original address of the device and a first reconfigured address, wherein the first reconfigured address is randomly generated; distributing the first pair of addresses to a first switch on the local network to facilitate routing of a first data packet to the device, wherein the original device address in the first data packet has been
Assignees
Inventors
Classifications
Probabilistic graphical models, e.g. probabilistic networks · CPC title
Combinations of networks · CPC title
Dynamic search techniques; Heuristics; Dynamic trees; Branch-and-bound · CPC title
Supervised learning · CPC title
Programmable logic controllers, e.g. simulating logic interconnections of signals according to ladder diagrams or function charts · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9985984B1 cover?
- The various technologies presented herein relate to determining a network attack is taking place, and further to adjust one or more network parameters such that the network becomes dynamically configured. A plurality of machine learning algorithms are configured to recognize an active attack pattern. Notification of the attack can be generated, and knowledge gained from the detected attack patt…
- Who is the assignee on this patent?
- Nat Tech & Eng Solutions Sandia Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1441. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 29 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).