In-situ Trainable Intrusion Detection System

UT-Battelle, LLC, acting under its Prime Contract No. DE-AC05-00OR22725 with the U.S. Department of Energy (DOE) for the management and operation of the Oak Ridge National Laboratory (ORNL), is seeking licensees to commercialize its In-situ Trainable Intrusion Detection System.    

Almost every major computer network is defended by signature-based Intrusion Detection Systems (IDSs) that are designed to alert whenever a pattern that indicates a known exploit is detected.  Researchers at ORNL have developed an advanced, non-signature-based, learning IDS that requires few training samples and can therefore be trained in a cost-effective manner. The approach has demonstrated the ability to catch almost every previously unseen attack (which cannot be detected by signature IDSs) while generating false positive alerts at a much lower rate than signature IDS systems. With this capability, a new machine-learning sensor can be set up in place and trained in approximately one day with support from a penetration testing team. The resulting sensor offers a very high level of defense against unknown exploits (for which there was previously no proven defense).

License applications will be evaluated based on prospective partners' ability and commitment to successfully commercialize the technology, with a preference for United States based businesses and small businesses.

For additional information and license application, contact David Sims, Commercialization Manager, Oak Ridge National Laboratory, simsdl@ornl.gov , 865.241.3808.

Intellectual Property

“In-situ Trainable Intrusion Detection System,” US Patent Application No. 14/468,000 filed August 25, 2014 (ID-2902).

Software copyright in progress.

Resources

Publications

Symons, C., Beaver, J. (2012). Nonparametric semi-supervised learning for network intrusion detection: combining performance improvements with realistic in-situ training. Proceedings of the 5th ACM Workshop on Security and Artificial Intelligence. ACM, New York, NY (pages 49-58).

Beaver, J, Symons, C., Gillen R. (2013). A learning system for discriminating variants of malicious network traffic. Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop, ACM, New York, NY (Article 23).