MANA
ADAM
Machine learning is the subfield of computer science that gives
"computers the ability to learn without being explicitly programmed."
Evolved from the study of pattern recognition and computational
learning theory in artificial intelligence, machine learning explores
the study and construction of algorithms that can learn from and make
predictions on data. Algorithms overcome following strictly static
program instructions by making data-driven predictions or decisions
through building a model from sample inputs. Machine learning is
employed in a range of computing tasks where designing and programming
explicit algorithms with good performance is difficult or infeasible.
Machine learning is closely related to and often overlaps with
computational statistics, which also focuses on prediction-making
through the use of computers. It has strong ties to mathematical
optimization, which delivers methods, theory and application domains
to the field.
Wikipedia Contributors. "Machine learning."
Wikipedia: The Free Encyclopedia.
Wikimedia Foundation, Inc. 13 Sept. 2017. Web. 13 Sept. 2017.,
en.wikipedia.org/wiki/Machine_learning
Resurgo LLC’s machine learning IDS employs both machine learning-based and
anomaly-based sensing methods. The sensor is designed to use different
algorithms during the training process, selecting the most effective
algorithms for each type of sensing method.
The MANA IDS can be configured to employ a variety of algorithms per
instance and to work with sensors of different modality.
MANA's implementation of machine learning solves the industry-wide problem
with patented concepts and processes with proven test results for ICS/SCADA
defense.
Available as a hardware or a software solution.
Contact us
The ATMS Automated Data Analytics Manager (ADAM) encompasses the modular
feature sets involved with the preparation of network traffic PCAP data to
create Labeled Data Sets used to generate machine-learning models.
A DARPA-funded project to produce a software suite of tools to enable
machine learning intrusion detection for any organization despite a lack of
expertise within the field of machine learning theory. These tools allow
machine learning IDS to be employed in a similar fashion to current
signature-based IDS solutions.
ADAM encapsulates the following sub-features:
Data Management/Automation
The Data Management feature set includes the core data product management
features and management services for automating the connection and execution
of multiple functional modules as applicable in the “normal” user experience
model. The Data Management feature also manages an Attack Repository, which
provides management capabilities for a universal database of cyber-attacks
in the form of attack plays.
Network Packet Analysis
The Network Packet Analysis feature set includes all the functional
capabilities required to analyze and filter network traffic to be used for
generating machine-learning sensor training samples. This includes IP
filtering, characterizing and extraction of “malicious” and “suspicious”
traffic flows in raw network packet captures.
Labeled Data Set Generation
The Labeled Data Set Generation feature set includes all the functional
capabilities required to manipulate normal packet capture files and packet
capture files that contain known, cataloged attacks to create categorized
“labeled” data sets. These categorized data sets, which include the
“normal”, “attack” and “unlabeled” category labels, are used to train
specific instances of machine-learning sensor models. The feature set is
able to perform IP filtering and traffic merging on clean packet capture
data to create optimal labeled “normal” samples, as well as injecting attack
PCAPs into normal background traffic to create labeled “attack” samples.
This same functionality can also be used to generate Validation Test Input
data sets for use in lab validation tests of sensor models.
Finally, this functional piece will package the files that comprise the
Labeled Data Set into the appropriate vendor-specific format and structure.
Available as a hardware or a software solution.
Contact us
The Event Validation Engine (EVE) encompasses the modular features sets
involved with the analysis sensor performance in lab validation tests and
live-network operation performance.
A DARPA-funded project to produce a software suite of tools to enable
machine learning intrusion detection for any organization despite a lack of
expertise within the field of machine learning theory. These tools allow
for the testing and validation of trained machine learning models.
EVE encapsulates the following sub-features:
Lab Performance Assessment
The Performance Assessment feature set provides the ability to analyze
machine-learning sensor performance with given sensor training-sets against
a prepared dataset containing known attack plays. The focus of the
Performance Assessment feature set is nsor pre-deployment training
performance validation and verification within the deployment environment.
EVE will consume machine-learning sensor logs and correlate the alerts
contained within those logs with validation input test data set metadata to
calculate and catalog model performance. EVE will also interface ADAM and
store sensor performance calculations back into the ATMS database for
performance reporting.
Available as a hardware or a software solution.
Contact us