Mobile Visualization Connectionist Agent-Based Intrusion Detection System

New and innovative aspects

So far there are very few technologies applied to the visualization of network trafficfor its monitoring and / or identification of anomalies.

Main advantages of its use

Regarding the few solutionsexisting, MOVICAB-IDS provides the following advantages:

• It offers a much more intuitive visualization than other tools, whichrequires little training for security personnel, as well as minimal setup.
• Network monitoring tasks can be relegated to personnel with little experience,thus freeing up the most experienced staff to carry out critical tasks.
• It can be used in the training of security personnel. Other security tools may be working at the same time, being able tocombine the output / display of both.
• Reduction in the time required to process the output compared to other IDSs, whichthey generate a large number of false positives and negatives.

Specifications

MOVICAB-IDS combines different paradigms from the field of Artificial Intelligenceconstituting a hybrid artificial intelligence system (HAIS). It is based on a systemmultiagent that includes deliberative agents capable of learning and evolving with theirenvironment. These agents combine a projectionist neural model based on non-learningSupervised and Case-Based Reasoning Paradigm.By applying the aforementioned neural model, MOVICAB-IDS extracts projectionsinteresting data from a set of network traffic data and presents them through adisplay, which can be mobile (telephone, PDA, etc.). As a result of viewing eachpacket and preserve the temporal context, MOVICAB-IDS offers the network administrator asynthetic and intuitive view of network traffic and interactions between differentprotocols. This visualization allows the detection of anomalous situations and intrusions of asimple glance and subsequent identification. In addition, it helps to know the internal structure and thebehavior of network traffic, allowing monitoring of the activity in it. Additionally, work is continuing on this technology to ensure that thereal-time display.

Applications

This technology can be applied for the supervision of any computer network,regardless of its size. For large networks or with a large volume of traffic, filtering and segmentation processes have been developed, which allow the correct visualization to be carried out.

Current development status

Device already developed and validated for industrialization.

Desired business relationship

Commercial Agreement, License Agreement, Technical Cooperation: further development; Technical Cooperation: testing new applications; Technical Cooperation: adaptation to specific needs.