Cross-layer correlation in secure cognitive network
First Claim
1. A method for defending a communication network from an adversarial attack using a distributed infrastructure that leverages coordination across disparate abstraction levels, comprising:
- at each node computing device of a plurality of node computing devices comprising a communication network, using a stored event list to detect at least one node event occurring at a machine code level which is known to have the potential to interfere directly with the internal operation of the node computing device;
responsive to detecting the at least one node event at a first node computing device of the plurality of node computing devices,automatically selectively determining an optimal network-level defensive action involving a plurality of network nodes comprising the communication network, the network-level defensive action based on the at least one node event which was detected and upon a set of known communication requirements established for said communication network; and
causing an increase in at least one second node computing device'"'"'s sensitivity to unexpected variations in network performance, the at least one second node computing device being (a) different from the first node computing device and (b) part of a potential threat path within the communication network; and
wherein the at least one node event comprises an instruction-set level event exclusive of an event within a network communication domain.
1 Assignment
0 Petitions
Accused Products
Abstract
A communication network is defended using a distributed infrastructure that leverages coordination across disparate abstraction levels. At each node computing device comprising a communication network, a stored event list is used to detect at least one node event which occurs at a machine code level and is known to have the potential to interfere directly with the internal operation of the node computing device. The at least one node event is one which is exclusive of an event within a network communication domain. In response to detecting the at least one node event at one of the plurality of network nodes, an optimal network-level defensive action is automatically selectively determined by the network. The network level defensive action will involve a plurality of network nodes comprising the communication network.
-
Citations
21 Claims
-
1. A method for defending a communication network from an adversarial attack using a distributed infrastructure that leverages coordination across disparate abstraction levels, comprising:
-
at each node computing device of a plurality of node computing devices comprising a communication network, using a stored event list to detect at least one node event occurring at a machine code level which is known to have the potential to interfere directly with the internal operation of the node computing device; responsive to detecting the at least one node event at a first node computing device of the plurality of node computing devices, automatically selectively determining an optimal network-level defensive action involving a plurality of network nodes comprising the communication network, the network-level defensive action based on the at least one node event which was detected and upon a set of known communication requirements established for said communication network; and causing an increase in at least one second node computing device'"'"'s sensitivity to unexpected variations in network performance, the at least one second node computing device being (a) different from the first node computing device and (b) part of a potential threat path within the communication network; and wherein the at least one node event comprises an instruction-set level event exclusive of an event within a network communication domain. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A communication network which defends itself from adversarial attack using a distributed infrastructure that leverages coordination across disparate abstraction levels, comprising:
-
a plurality of node computing devices comprising a communication network, each said node computing device using a stored event list to detect at least one node event occurring at a machine code level which is known to have the potential to interfere directly with the internal operation of the node computing device; at least one processing device which is responsive to detecting the at least one node event at a first node computing device of the plurality of node computing devices, and which automatically selectively determines an optimal network-level defensive action involving a plurality of network nodes comprising the communication network, the network-level defensive action based on the at least one node event which was detected and upon a set of known communication requirements established for said communication network, and causes an increase in at least one second node computing device'"'"'s sensitivity to unexpected variations in network performance, the at least one second node computing device being (a) different from the first node computing device and (b) part of a potential threat path within the communication network; and wherein the at least one node event comprises an instruction-set level event exclusive of an event within a network communication domain. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
-
Specification