The NODE™ system uses data mining and machine learning technologies to provide a more advanced and adaptable computer network defense. The technology executes data mining and machine learning technologies and algorithms over the network hosts; i.e., over the entire computing fabric.
The ubiquity of computing systems and networks has vastly improved the speed and ease of gathering, storing, and disseminating information. Networking on a global scale, however, also gives rise to a significant disadvantage: network vulnerability. Securing data, particularly with respect to sensitive national security data and data transmissions, is a paramount concern, particularly given the increasing sophistication of computer terrorism.
To address these challenges, KBSI developed the Netcentric Operations Defense Environment (NODE™). The NODE™ technology uses data mining and machine learning technologies to provide a more advanced and adaptable computer network defense. Current approaches to network security focus on characterizing known attack exploits and on a perimeter-based defense, making them vulnerable to new attack variants and leaving them open to integrity compromises and insider attacks. The NODE™ technology addresses these shortcomings by executing data mining and machine learning technologies and algorithms over the network hosts; i.e., over the entire computing fabric.
The NODE™ technology identifies and characterizes behavior patterns in network communications. Unlike current computer network defense systems, this occurs without recourse to signatures cataloged prior to event detection, to heuristic rules, or to profiles of “normal” system behavior. The NODE™ technology dynamically learns to filter network traffic by recursively discovering common patterns and using these patterns to compress the communication data. The NODE™ technology’s characterization of behavior patterns among networks provides accurate and pointed statistics of traffic patterns that can then be used to detect covert threat activity and to predict future attacks.
The NODE™ technology represents a highly innovative approach to network security that is a paradigm shift from current computer network defense technologies, architectures, and methods. Unlike current computer network defense systems, the NODE™ technology is fault tolerant, ensuring that the security system itself cannot be compromised. The technology can also be applied homogeneously across the network, leaving no undefended network nodes.