WO2023244190A1 - A cyber security device manufactured by using artificial intelligence technology - Google Patents

A cyber security device manufactured by using artificial intelligence technology Download PDF

Info

Publication number
WO2023244190A1
WO2023244190A1 PCT/TR2022/050778 TR2022050778W WO2023244190A1 WO 2023244190 A1 WO2023244190 A1 WO 2023244190A1 TR 2022050778 W TR2022050778 W TR 2022050778W WO 2023244190 A1 WO2023244190 A1 WO 2023244190A1
Authority
WO
WIPO (PCT)
Prior art keywords
artificial intelligence
network
cyber security
intelligence technology
security device
Prior art date
Application number
PCT/TR2022/050778
Other languages
French (fr)
Inventor
Yasin POYRAZ
Original Assignee
Teknodc Bi̇li̇şi̇m Teknoloji̇leri̇ Anoni̇m Şi̇rketi̇
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Teknodc Bi̇li̇şi̇m Teknoloji̇leri̇ Anoni̇m Şi̇rketi̇ filed Critical Teknodc Bi̇li̇şi̇m Teknoloji̇leri̇ Anoni̇m Şi̇rketi̇
Publication of WO2023244190A1 publication Critical patent/WO2023244190A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/16Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/10Active monitoring, e.g. heartbeat, ping or trace-route
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/50Testing arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/06Generation of reports
    • H04L43/062Generation of reports related to network traffic

Definitions

  • the invention may be used everywhere and in every position the internet network security, logging and monitoring are needed.
  • Device with its active learning artificial intelligence infrastructure and with the help of BPF, XDP, DPDK modules and development kits, on CentOS 7 or 8 operating system, analyzes the real or artificial (botnet, ddos, etc.) internet network traffics incoming to the system and itself takes actions for those required to be blocked.
  • artificial intelligence device is also open to teach manually.
  • the invention is related to a cyber security device manufactured by using artificial intelligence technology.
  • the biggest advantage offered by the invention is non-availability of any Firewall device using artificial intelligence.
  • the biggest convenience provided by the invention is that cyber attacks and weakness are no more a nightmare for the corporations or organisations using this device and service. They will now become a firm, corporation or organisation having great advantages, both materially and morally, with a network operation centre (NOC) not required to be controlled by 100 operators every second.
  • NOC network operation centre
  • BPF and XDP also really create a difference in terms of performance.
  • the invention is usable everywhere internet network is accessible (in all of the Internal or Public networks).
  • 3- Device is configurable according to each network situation.
  • the device is tested in laboratory environment with firms which have previously used and are actively using such security devices as HARPP, Arbor Sightline, and Juniper SRX, and is detected to show 700% better performance and package lifting capacity than other devices sold/leased in the marketplace at prices of more than 500 thousand dollars.
  • This device gives good results when it is actively used at 3-4 and 7 layers.
  • the invention informs the network administrator, saying “I have made a mistake, and understood it is a mistake, and corrected it.”
  • the invention can send SMS and E-Mail messages.
  • Log outputs may be shared with API sharing programs (like Discord) with an open source code. Logs are at all times recorded by timestamp, and are treated and accepted as evidence in potential legal proceedings.
  • traffic directly comes to server, and operates with examples and rules, and gatebot and bpftools.
  • the server contains NIC card, XDP and Iptables. It is moved from NIC card by RX Queue to XDP, and from thereto, to Iptables.
  • NIC Card is a network interface checker, while Iptables is an application.

Abstract

The invention may be used everywhere and in every position the internet network security, logging and monitoring are needed. Device, with its active learning artificial intelligence infrastructure and with the help of BPF, XDP, DPDK modules and development kits, on CentOS 7 or 8 operating system, analyzes the real or artificial (botnet, ddos, etc.) internet network traffics incoming to the system and itself takes actions for those required to be blocked. Albeit being artificial intelligence, device is also open to teach manually. Artificial intelligence infrastructure and BPF, XDP, DPDK modules are used in the invention. The invention is related to a cyber security device manufactured by using artificial intelligence technology.

Description

A CYBER SECURITY DEVICE MANUFACTURED BY USING ARTIFICIAL INTELLIGENCE TECHNOLOGY
TECHNICAL FIELD
The invention may be used everywhere and in every position the internet network security, logging and monitoring are needed. Device, with its active learning artificial intelligence infrastructure and with the help of BPF, XDP, DPDK modules and development kits, on CentOS 7 or 8 operating system, analyzes the real or artificial (botnet, ddos, etc.) internet network traffics incoming to the system and itself takes actions for those required to be blocked. Albeit being artificial intelligence, device is also open to teach manually.
Artificial intelligence infrastructure and BPF, XDP, DPDK modules are used in the invention. The invention is related to a cyber security device manufactured by using artificial intelligence technology.
STATE OF THE ART
In the state of the art, such firms as Facebook, Instagram and Twitter also have artificial intelligence BPF, XDP infrastructure-based Firewall devices. However, the sectors addressed by these firms and their servicing forms and methods are different. Facebook uses Firewall device only for protection of its own systems, and does not sell or lease it, because if they do so, they may create a weakness, and firms like Facebook may be exposed to attacks.
Everyday more than 50,000 cyber attack types and weaknesses occur in the world. They can, however, be followed up and prevented in a minimum time by use of artificial intelligence. A solution can be generated for each type of cyber attacks. In the past, Firewall devices sold at a device price of $ 500,000 and against an annual royalty of $ 50,000 were both not good in terms of performance, and not capable of standing up to high attacks, and not able to show satisfactory strength for customers. Some certain panels were given, the user was told to press on some buttons, and the attacks were tried to be prevented.
In the state of the art, the past invention titled “Network threat detection system and detection method”, application number CN201610970197A, was summarized as follows: “Invention is related to a network threat detection system and detection method. Detection system consists of a network data collection module, a feature extraction module, a traffic analysis module, a network threat confirmation module and a threat situation formation module; wherein network data collection module is used to collect and obtain network traffic data on real time basis; feature extraction module is used to extract feature information of network traffic data; traffic analysis module is used to match features on network traffic data according to feature information for the sake of detection of suspicious network threat events; and network threat confirmation module is used to determine depth on suspicious network threat events by using a test expression in order to be able to learn the real network threat events really having network threats; wherein a depth analysis information base stores more than one threat models together with detection rules corresponding thereto; and finally, threat situation formation module is used to perform big data analysis and data mining on suspicious network threat events and real network threat events in order to find out a correlation between the frequency of occurrence of more than one real network threat events or a certain real network threat event. Thus, a threat situation is formed. In comparison to the prior art, the system and method have such advantages as high network threat detection rate and low false alarm rate, etc.”
As a conclusion, because of the reasons described in the preceding paragraph and due to inadequacy of the existing solutions, it has become a necessity to make a technical development in the related field.
DEFINITION OF INVENTION
The present invention is related to a cyber security device manufactured by using artificial intelligence technology developed in order to eliminate the disadvantages mentioned above and offer new advantages to the related technical field. The invention is, in the most general sense, produced as a solution against (d)DoS and Application layered (application-oriented Layer 7) attacks existing all over the world.
Our device developed through this invention does not have the logic of “Press this or that, and activate it.” The device itself learns and detects all kinds of attacks - the customer may also manually teach them - creates a database, and blocks the incoming attacks in a reaction time of 0.1 ~ 0.5 ms. The most important problem intended to be resolved by the software is cyber attacks and weaknesses. By this invention, a device better, stronger and cheaper than other devices of millions of dollars both materially, and morally, and in terms of performance has been developed. Each Firewall device installed by us in our system or inserted in the systems is indeed a weakness. The intention is to create a more reliable and peaceful internet network than the Firewall devices available in the market which are of a type ruining the security due to being of closed source code (with some rule written places being of open source code).
The invention prevents all kinds of cyber attacks and hacking attempts incoming from external networks. It analyses each traffic incoming and logs each traffic with a timestamp. In each protocol (TCP, UDP, ICMP, GRE, etc... ), it analysis the incoming traffic according to port number, and only if it is a real traffic, lets it in, or otherwise, blocks this traffic. (Even if the incoming traffic is real, it continues to monitor the traffic, and in the case of any illegal act, blocks that traffic, and immediately informs the network administrator by SMS and MAIL. (It does Whitelist hacking blocking.)
DETAILED DESCRIPTION OF INVENTION
This detailed description describes the preferred alternatives of a cyber security device structure built by using artificial intelligence technology developed as the subject matter of invention, only for better understanding of the subject matter and without any limitation thereto. The invention uses artificial intelligence infrastructure and BPF, XDP, DPDK modules. Each traffic is signed.
The biggest advantage offered by the invention is non-availability of any Firewall device using artificial intelligence. The biggest convenience provided by the invention is that cyber attacks and weakness are no more a nightmare for the corporations or organisations using this device and service. They will now become a firm, corporation or organisation having great advantages, both materially and morally, with a network operation centre (NOC) not required to be controlled by 100 operators every second. The most important factor bringing these advantages is the use of artificial intelligence technology in software. BPF and XDP also really create a difference in terms of performance.
Internet network is a structure wherein cyber security weaknesses and attacks further develop and branch out as long as the human race continues to exist. The device is required to be further developed as long as the human race continues to exist and use of internet increases. As mentioned earlier, more than 50 thousand weaknesses and attacks are faced every day. The most important feature of the device is the use of high level hardware and performance products. The peak to be reached by the device is becoming a quantum computing based and artificial intelligence supported Firewall.
The invention is usable everywhere internet network is accessible (in all of the Internal or Public networks).
Details of use of the invention are as listed below:
1- Device is installed by one of routing, gateway and bridge modes.
2- Device supports and actively operates with a lot of protocols like BGP, GRE, etc.
3- Device is configurable according to each network situation.
4- After installation, its activeness and package exchange are determined by small ICMP tests. 5- Network addresses and netmasks to be protected are entered into the device.
6- Installation takes 30 minutes to 60 minutes, depending on the network status.
7- It does not need any other action. WAF (Website protection and application protection) may also be activated depending on the needs of network. Before installation of device, to perform a good SWOT analysis as to which type of a system is demanded, what the device is asked to do, and what is the purpose thereof will also provide advantages to network administrator.
Use of artificial intelligence on the software side indeed keeps the system safe and takes actions unmanned (without need for any control). C and Bash Script are dominantly used in the device software. BPF, XDP, NETFILTER and DPDK play active roles in the device. The system uses a program named screen in order to operate the program in the background. Device has a CentOS, i.e. REDHAT based kernel structure. Due to being of an open source code, the device is programmable according to all kinds of performances. It is determined that the invention prevents 99.10% of all cyber attacks. (For this determination, the device is tested in laboratory environment with firms which have previously used and are actively using such security devices as HARPP, Arbor Sightline, and Juniper SRX, and is detected to show 700% better performance and package lifting capacity than other devices sold/leased in the marketplace at prices of more than 500 thousand dollars.) This device gives good results when it is actively used at 3-4 and 7 layers. In the case of any wrong act, the invention informs the network administrator, saying “I have made a mistake, and understood it is a mistake, and corrected it.” The invention can send SMS and E-Mail messages. Log outputs may be shared with API sharing programs (like Discord) with an open source code. Logs are at all times recorded by timestamp, and are treated and accepted as evidence in potential legal proceedings.
In the invention, traffic directly comes to server, and operates with examples and rules, and gatebot and bpftools. The server contains NIC card, XDP and Iptables. It is moved from NIC card by RX Queue to XDP, and from thereto, to Iptables.
NIC Card is a network interface checker, while Iptables is an application.

Claims

CLAIMS - A cyber security device manufactured by using artificial intelligence technology, characterised in that it includes:
- A server to which traffic flows and which is operated with examples and rules, and gatebot and bpftools, and
- A network interface checker contained in the server, and
- An application which is contained in the server, and is operated with gatebot and bpftools by taking information coming from XDP. - A cyber security device manufactured by using artificial intelligence technology according to Claim 1 , characterised by the following process steps:
- Device is installed by one of routing, gateway and bridge modes, and
- Device supports and actively operates with a lot of protocols like BGP, GRE, etc., and
- After installation, its activeness and package exchange are determined by small ICMP tests, and
- Network addresses and netmasks to be protected are entered into the device, and
- WAF (Website protection and application protection) may also be activated depending on the needs of network.
PCT/TR2022/050778 2022-06-13 2022-07-22 A cyber security device manufactured by using artificial intelligence technology WO2023244190A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
TR2022/009771A TR2022009771A2 (en) 2022-06-13 2022-06-13 A CYBER SECURITY DEVICE MADE USING AI TECHNOLOGY
TR2022/009771 2022-06-13

Publications (1)

Publication Number Publication Date
WO2023244190A1 true WO2023244190A1 (en) 2023-12-21

Family

ID=84084212

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/TR2022/050778 WO2023244190A1 (en) 2022-06-13 2022-07-22 A cyber security device manufactured by using artificial intelligence technology

Country Status (2)

Country Link
TR (1) TR2022009771A2 (en)
WO (1) WO2023244190A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20210092464A (en) * 2020-01-16 2021-07-26 주식회사 윈스 Apparatus and method for analyzing network traffic using artificial intelligence
WO2021216163A2 (en) * 2020-02-17 2021-10-28 Qomplx, Inc. Ai-driven defensive cybersecurity strategy analysis and recommendation system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20210092464A (en) * 2020-01-16 2021-07-26 주식회사 윈스 Apparatus and method for analyzing network traffic using artificial intelligence
WO2021216163A2 (en) * 2020-02-17 2021-10-28 Qomplx, Inc. Ai-driven defensive cybersecurity strategy analysis and recommendation system

Also Published As

Publication number Publication date
TR2022009771A2 (en) 2022-07-21

Similar Documents

Publication Publication Date Title
Allodi et al. Security events and vulnerability data for cybersecurity risk estimation
US11057409B1 (en) Apparatus having engine using artificial intelligence for detecting anomalies in a computer network
US9503469B2 (en) Anomaly detection system for enterprise network security
CN100443910C (en) Active network defense system and method
Mukhopadhyay et al. A comparative study of related technologies of intrusion detection & prevention systems
JP2005517349A (en) Network security system and method based on multi-method gateway
Debar et al. Intrusion detection: Introduction to intrusion detection and security information management
GB2381722A (en) intrusion detection (id) system which uses signature and squelch values to prevent bandwidth (flood) attacks on a server
US11415425B1 (en) Apparatus having engine using artificial intelligence for detecting behavior anomalies in a computer network
Hammi et al. An empirical investigation of botnet as a service for cyberattacks
Khosravifar et al. An experience improving intrusion detection systems false alarm ratio by using honeypot
Pranggono et al. Intrusion detection systems for critical infrastructure
WO2023244190A1 (en) A cyber security device manufactured by using artificial intelligence technology
Balogh et al. LAN security analysis and design
Aquino et al. Enhancing cyber security in the Philippine academe: A risk-based it project assessment approach
Kishore et al. Intrusion Detection System a Need
WO2006103656A2 (en) Database security pre and post processor
JP2020161017A (en) Security incident visualization system
Giacobe Data fusion in cyber security: first order entity extraction from common cyber data
Lekkas et al. Handling and reporting security advisories: A scorecard approach
Mohammed Automatic Port Scanner
Gomathi et al. Identification of Network Intrusion in Network Security by Enabling Antidote Selection
Liu Investigating network security through firewall utilities: case: Cisco ASA
Gheorghe et al. Attack evaluation and mitigation framework
Blekos Intrusion Detection System in Financial Institutions

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22947011

Country of ref document: EP

Kind code of ref document: A1