Anyone who has flown on a commercial flight, crossed an international border, visited a government building or attended a concert knows you’re not getting inside until you pass the security guards.
Placing guards outside the gates is a centuries-old defense strategy used to protect people, places and things from those who seek to do harm.
Like those guards, Idaho National Laboratory’s newest network anomaly detection technology —Sentinel — is designed to keep viruses, malware and other malicious software from invading critical communication networks.
Sentinel isn’t the first product in the market to fight against cyber threats, said INL researcher Matt Anderson. However, Sentinel is the first to fight threats at the network level by using machine learning to sequester malicious network packets — digital containers filled with data — before they reach their intended destination, such as a cell phone or laptop. The ability to capture and sequester malicious data in transit opens a new front in the cyber battlefield.
“The conventional cybersecurity viewpoint is to just secure the end-point system rather than sequestering malicious software in the network while still in flight,” Anderson said. “Cyber criminals can send malware across networks with near impunity since the network packets aren’t being scanned, leaving the end-point systems to defend themselves. Sentinel aims to defend against malicious behavior at the network level rather than at the end-point system.”
How does Sentinel work?
Sentinel examines cyber data packets on a network in real-time, efficiently identifying and stopping anomalous or malicious packets almost instantaneously — roughly 300 microseconds — before they can move through the network. Sentinel captures these packet anomalies without disrupting network flow.
The technology works like a border crossing where thousands of vehicles pass through the border check every millisecond, Anderson said. Because of its speed, Sentinel can scan each vehicle, pulling aside suspicious cars without interrupting the flow of traffic.
This quick and efficient process is important to network managers because it takes only moments for malicious packets to cause harm down the road.
Sentinel’s ability to prevent digital incursions at the network level required multiple hardware and software innovations to capture malicious behavior that would otherwise be difficult to detect. The technology’s innovations include combining different genres of machine learning to best identify and reduce false alerts, and a programmable logic device that allows the hardware to run faster on very little power and at low cost.
Taking Sentinel to market
Cleveland Electric Laboratories (CEL) — a 100-plus-year-old U.S.-based company specializing in sensors — licensed Sentinel for use in broad application in network cybersecurity, according to CEL director Robert Riegle. Sentinel is outside CEL’s wheelhouse, Riegle said, but the company sees a future for the technology and plans to create a startup company to sell Sentinel to network managers and providers.
CEL will specifically market Sentinel to companies and entities that build, manage and secure telecommunication networks.
Partnerships with INL
CEL was motivated to license the technology not just because of Sentinel’s novelty, but because past collaborations with INL demonstrated the laboratory’s reputation for quality technologies and research, Riegle said.
“At the end of the day what we like about INL tech is that it’s proven,” Riegle said.
INL Director of Technology Transitions Jason Stolworthy said strategic partnerships and industry engagement are key to moving the lab forward.
“There’s a long list of innovations and technologies that are making a meaningful impact in our communities,” Stolworthy said. “When we pair INL’s innovations with skilled entrepreneurs like Robert Riegle who turn them into cutting-edge commercial products, our lives are improved and America strengthens its global technological leadership.”
