Cyber Security Systems
We Develop Cyber Security Solutions to Cases Where Traditional Methods Fall Behind
While traditional methods used in the field of cyber security can respond to a significant number of threats, they fall short in some cases. With our genuine technology, we develop Cyber Attack/Intrusion Detection System (IDS) and Cyber Attack/Intrusion Prevention System (IPS) solutions that can be used effectively in such cases.
The Problem
Due to recent developments in device technologies and extensive access to Internet, a wide range of commercial and governmental activities are carried out over Internet networks. Continuously increasing number of computers and intelligent devices are connected over sub and wide area networks over the Internet. However, due to excessive usage of Internet for both commercial and governmental activities, these networks are constantly under cyber-attacks, which progressively improve as the attackers become more sophisticated and better funded. Although firewalls and cryptography technologies are improving and widely used in the current architectures, it is apparent that the cyber-attacks will continue to danger Internet networks and improve in time. Hence in addition to these prevention measures, governments and big commercial enterprises are increasingly investing into cyber attack detection systems. However, as shown by recently publicized cyber-attacks (such as the ones directed against Estonia in 2007), the classical cyber-attack detection systems such as SNORT, BRO and IBM QRadar IDS are less than adequate to detect the ever sophisticated cyber threats. These classical methods, which are signature based and perform detection based on their repository of historical attacks, drastically fail since cyber attackers constantly update and optimize their attacks to avoid detection by such fixed and rigid systems.
To remedy these problems, anomaly based intrusion detection systems are recently introduced to catch both historical and new ‘zero day’ attacks. However, although the anomaly based cyber-attack detection systems provide certain improvements over the classical signature based methods, they are not as widely used since
The Internet traffic is highly erratic and hard to model,
An event which is considered as normal in the past can be considered as anomaly in the future, and vice versa,
The definition of anomaly may change not in time but also from user to user, e.g., the activities of system administrators usually seem highly unusual.
Hence due to these difficulties most of the current state of the art anomaly based cyber-attack detection systems have high false alarm rates, which significantly deter their usage in real life applications.
The Solution
To remedy all these shortcomings, we build cyber-attack detection and prevention systems over Internet network loads based on deep recurrent neural networks and Support Vector Machines. Our system processes the network loads in real time to provide anomaly detection. Our algorithms are generic such that they can process network loads in different levels including packet, request, connection or session levels, and can be used in different applications such as ın HTTP, FTP, SMTP etc.
To this end, we have built autoencoders to extract semantically rich feature vectors from sequentially observed network loads using recurrent neural network architectures and construct anomaly detection algorithms based on deep recurrent neural networks and Support Vector Machines. Due to this joint optimization we provide to the optimal detection performance under any false alarm rate for IDS and IPS.