The Artificial Intelligence Intrusion Prevention System (AIIPS) represents a new generation of IPS technology. IPS technology artificial intelligence (AI) is not based on statistical attack signatures – as in traditional systems – but on a neural network.

The system is comprised of three components:

The first component is responsible for isolating individual connections in network traffic. The individual bytes of these network packets are then transformed into the grayscale pixels of a PNG image.

These images always have a specific number of pixels (512 x 512). In this way, pixel PNGs of attacks and also of normal network traffic are generated.

Based on a specialized approach to artificial intelligence, the “Deep Learning” component uses a “convolutional neural network”. It is an unusual kind of neural network, which – particularly encouraged by Google research – is extremely specialized in image recognition. Similarities between images and how they relate to one another are recognized very well and accurately.

This network is now trained with all the images, which were generated with the help of the first component (from attacks as well as normal data traffic). This way the neural network learns to differentiate between attacks and harmless traffic. At the same time, it identifies which patterns are typical for attacks and which aren’t.

Convolutional neural networks

Convolutional neural networks are a special kind of neural network on the cutting edge of research in image recognition. Among others they are used by Google’s Tensorflow framework in Google Street View. 

They are a system of connected units comprised of artificial neurons. The connections between them are weighted during the training process.

The neural network consists of multiple layers of character-detecting neurons. Each of these layers reacts to the input of the next layer.

A well-trained neural network supplies the correct output for the graphic input.

Now the trained convolutional neural network can inspect network traffic and reliably differentiate between attacks (even if unfamiliar) and normal traffic.

The result is a new generation of IPS technology. It is faster, requires less memory space, is less susceptible to false positives and at the same time capable of recognizing unfamiliar zero-day exploits.

Constant signature updates, as they are known in classic IPS systems or antivirus software, are no longer necessary.

The Benefits at a glance

  • Techniques for automated gathering and analyzing

  • Different intelligence feeds for harmful IPs, phishing and malware
  • 500,000 distributed access points worldwide work as sensors

Innovative Threat Analyzer

Combination of different Security Systems
By combining the range of security systems in the ECS2 architecture with a global security cloud infrastructure, companies receive a powerful, scalable solution, which ensures comprehensive security in real time for every device, in every location.

Multiple analyzers are put to use in each Secucloud Access Node (SAN) instance that guarantee security according to the industry standard:

Global Cloud Intelligence
Next Generation Firewall
DNS Layer Analyzer
SSL Scan Decision Engine
Trust & Reputation Analyzer
APT Sandbox Analyzer
Content Analyzer