PACKET ANALYZER with AI-IPS
NEW GENERATION OF IPS TECHNOLOGY
The Artificial Intelligence Intrusion Prevention System (AIIPS) represents a new generation of IPS technology. IPS technology artificial intelligence (AI) is not based on statistical attack signatures – as in traditional systems – but on a neural network.
The system is comprised of three components:
The first component is responsible for isolating individual connections in network traffic. The individual bytes of these network packets are then transformed into the grayscale pixels of a PNG image.
These images always have a specific number of pixels (512 x 512). In this way, pixel PNGs of attacks and also of normal network traffic are generated.
Based on a specialized approach to artificial intelligence, the “Deep Learning” component uses a “convolutional neural network”. It is an unusual kind of neural network, which – particularly encouraged by Google research – is extremely specialized in image recognition. Similarities between images and how they relate to one another are recognized very well and accurately.
This network is now trained with all the images, which were generated with the help of the first component (from attacks as well as normal data traffic). This way the neural network learns to differentiate between attacks and harmless traffic. At the same time, it identifies which patterns are typical for attacks and which aren’t.
Convolutional neural networks
Convolutional neural networks are a special kind of neural network on the cutting edge of research in image recognition. Among others they are used by Google’s Tensorflow framework in Google Street View.
They are a system of connected units comprised of artificial neurons. The connections between them are weighted during the training process.
The neural network consists of multiple layers of character-detecting neurons. Each of these layers reacts to the input of the next layer.
A well-trained neural network supplies the correct output for the graphic input.
Now the trained convolutional neural network can inspect network traffic and reliably differentiate between attacks (even if unfamiliar) and normal traffic.
The result is a new generation of IPS technology. It is faster, requires less memory space, is less susceptible to false positives and at the same time capable of recognizing unfamiliar zero-day exploits.
Constant signature updates, as they are known in classic IPS systems or antivirus software, are no longer necessary.
Techniques for automated gathering and analyzing
- Different intelligence feeds for harmful IPs, phishing and malware
- 500,000 distributed access points worldwide work as sensors