The challenge faced by Cyber-security is an evolving challenge. Attack vectors are not static and threat techniques evolve faster than defenses can be constructed or counterattacks launched against them. Though the network and nodes may display anomalous behaviors under use, those anomalies are rarely, analyzed before an attack occurs. The objective of the Security Architecture via Cognitive Behavior Analysis (SACBA) project is to demonstrate the feasibility of combining Behavioral Analysis with a Learning System. By analyzing the behavior of its parts, SACBA will have the ability to spot emerging behaviors that do not match static patterns. By learning its environment, SACBA will protect against new threats by determining levels of trust and define morphing patterns of Good vs. Bad behavior. This protection will be without reliance on static attack signatures and fixed patterns of behavior. The result will be a new Security Architecture positioned to address the new and evolving threats both inside and external to Cyber Infrastructures.
Benefit: SACBA is a security architecture that combines behavioral analysis and learning (cognition) to counter current, evolving, and new threats and attacks to Cyber infrastructures. This is done in real and near-real time, with minimal impact to the infrastructure. With the properties of both an in-line and hierarchical structure, SACBA is applicable to any network. SACBA may be deployed in commercial and non-military government systems. Critical applications involving financial infrastructures, health services, information systems, transportation, navigation, flight systems and others will benefit from SACB. How is SACBA deployed in real-life situations? Under current architectures, new forms of attack and unseen signatures remain undetected until an attack is underway or completed. SACBA can protect these infrastructures by analyzing their behavior and identifying levels of trust. This capability, combined with learning its environment allows new patterns to be detected and classification of good versus bad to be determined and appropriate measures applied. Regardless of the infrastructure in which it is deployed, SACBA will provide the real and near-real time performance and agility needed in todays evolving government, financial, manufacturing and service infrastructures.
Keywords: Attack Detection, Behavioral Analysis, Identification, Authentication, Security Architecture, Insider Threat, Trust