SIGMO-IDS detects unknown network cyberattacks with a high degree of precision. Moreover, it also reduces the occurrence of false positives and steers the attack response. This means that even non-cybersecurity experts can use it reliably.
Communications network security depends on two major capabilities: reliable detection and rapid response. SIGMO-IDS uses several levels of artificial intelligence to deliver both.
The first level of AI in SIGMO-IDS is characterized by specific AI primitives for each detecting probe. These AI primitives each analyze a particular protocol layer for each data packet received. The results of these analyses are then combined using a smart data fusion algorithm.
The second level of AI, part of the overall orchestration system, controls the detection policy followed by all of the probes. This centralized probe management system can be implemented as an IDS Manager running on a NEON controller. Periodically or upon alert, it determines the specific detection policy reconfiguration orders to send to the various probes so that they can act together to identify threats. Several probes can help each other analyze large data streams, and single probes can dynamically receive the order to switch to a certain wireless subnetwork to check for suspected compromised nodes.
Finally, the third level of AI allows SIGMO-IDS to recognize attacks in unusual behavior patterns, determine the parameters of these attacks, and respond to them by recommending the most appropriate countermeasures to the user.