System and method for neural network based detection of cyber intrusion via mode-specific system templates

Assignee

• Rockwell Collins, Inc. · US

Inventors

• Reginald D. Bean · Center Point, US
• Gregory W. Rice · Cedar Rapids, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/034
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A system and method for detecting and preventing cyberintrusion of a protected system incorporates neural networks having a training mode and a host-accessible (e.g., non-training) mode. When in training mode, the neural networks observe data exchanges with a protected system via interfaces (based on test inputs) and generate system templates corresponding to observed normal behaviors of the interfaces (including “gold standard” behavior indicative of optimal performance behaviors and/or minimal threat of cyberintrusion). When in host-accessible mode, the neural networks observe operating behaviors of the interfaces for each exchange via the interfaces and apply stored system templates to the system data to most closely approximate the optimal behavior set. If the divergence between the best-fit system template and the applied best-fit system template is sufficient to indicate anomalous behavior and a potential risk of cyberintrusion or cyberattack, an event monitor takes corrective action to prevent a cyberintrusion.