SYSTEM AND METHOD FOR NEURAL NETWORK BASED DETECTION OF CYBER INTRUSION VIA MODE-SPECIFIC SYSTEM TEMPLATES

摘要

A system and method for detecting and preventing cyberintrusion of a protected system incorporates neural networks having a training mode and a host-accessible (e.g., non-training) mode. When in training mode, the neural networks observe data exchanges with a protected system via interfaces (based on test inputs) and generate system templates corresponding to observed normal behaviors of the interfaces (including “gold standard” behavior indicative of optimal performance behaviors and/or minimal threat of cyberintrusion). When in host-accessible mode, the neural networks observe operating behaviors of the interfaces for each exchange via the interfaces and apply stored system templates to the system data to most closely approximate the optimal behavior set. If the divergence between the best-fit system template and the applied best-fit system template is sufficient to indicate anomalous behavior and a potential risk of cyberintrusion or cyberattack, an event monitor takes corrective action to prevent a cyberintrusion.