Towards Third Generation Network Intrusion Detection and Prevention Systems

Abstract

In todays computing environments, Network Intrusion Detection and Prevention System (NIDPS) is one of the fundamental network compo,nents to monitor and analyze traffic to find possible attacks. NIDPS was first introduced two decades ago as SNORT and quickly becam,e a key cybersecurity control. In its first incarnation, NIDPS used rules, signature, and behavior-based detection engines to analyz,e passing traffic and match the traffic to the library of known attacks. Last decade has witnessed a wave of (deep) machine learning, (ML) and AI technologies for network and application threat detection like the NSFOCUS Threat Analysis System, which could be calle,d the second generation of NIDPS approaches. Due to the black-box nature of learning models, both ML developers and security opera,tions team (NIDPS users) are involved IN the loop, leveraging human intelligence to create effective ML models. This project investi,gates the shortcomings of up-to-date security systems and proposes a novel framework towards the design, development, and deployment, of the third generation NIDPS. The proposed studies re-consider the role of the security operations team: Once an attack is identif,ied by the system, an alert will be sent to the team. Their involvement should become a check on the alert, to ensure processes are, running normally and verify accuracy. Their job is not to understand the language of ML/AI and help design the ML models. To hold, to the principle so-called human-ON-the-loop, this project will design and develop cutting edge intelligent technologies that provi,de informative explanations to the model decisions for the NIDPS users, such as theory-ensured, counterfactual, knowledge-enhanced,, and styled explanations. The project team is well equipped with knowledge and skills needed from cybersecurity, data mining and ano,maly detection, explainable AI, causal inference, knowledge graph, and natural language processing.*** Approved for Public Release *,**

Document Details

Document Type
DoD Grant Award
Publication Date
Jul 08, 2022
Source ID
N000142212507

Entities

People

  • Meng Jiang

Organizations

  • Office of Naval Research
  • United States Navy
  • University of Notre Dame

Tags

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Geospatial Intelligence and Artificial Intelligence Analytics
  • Neural Network Machine Learning.

Technology Areas

  • AI & ML
  • AI & ML - DoD AI Strategy
  • Cyber