Con esta herramienta te facilitamos un acceso a todas las ofertas y demandas de tecnología europeas y a búsquedas de socios para participar en propuestas europeas de I+D publicadas en la red Enterprise Europe Network, pudiendo filtrar los resultados para facilitar las búsquedas más acordes con tus necesidades.

¿Quieres recibir estos listados de oportunidades de colaboración en tu correo de forma periódica y personalizada? Date de alta en nuestro Boletín

Para optimizar los resultados de la búsqueda, se recomienda utilizar términos en inglés.

Universidad británica busca acuerdos de comercialización con asistencia técnica o financiación para validación en el mercado y desarrollo técnico de un motor de análisis de inteligencia artificial para detección y neutralización de amenazas cibernéticas

Resumen

Tipo:
Oferta Tecnológica
Referencia:
TOUK20170919001
Publicado:
25/09/2017
Caducidad:
25/09/2018
Resumen:
Una universidad británica ha desarrollado un ecosistema de detección y neutralización de amenazas en entornos de tráfico de redes y big data de alto rendimiento, como proveedores de servicios en la nube, sistemas de control industrial, Internet de las Cosas y ciudades inteligentes. La técnica se basa en el protocolo IPFIX (Internet Protocol Flow Information). El método de captura de tráfico aprovecha las plantillas IPFIX para capturar cualquier dato dentro de un paquete de tráfico a nivel de red o aplicación. La universidad busca socios con el fin de establecer acuerdos de comercialización con asistencia técnica o financiación para validar la tecnología en el mercado y continuar con el desarrollo técnico de los elementos del ecosistema.

Details

Tittle:
UK university seeks a commercial agreement with technical assistance or financial agreement for the market validation/technical development of a big data reduction and AI analysis engine for cyber threat detection and quarantine.
Summary:
This UK university is developing a threat detection and neutralisation ecosystem in high throughput, big data network traffic environments; such as cloud providers, industrial control systems, Internet of Things and Smart Cities. The university seeks partners for a commercial agreement with technical assistance or a financial agreement for market validation and the further technical development of ecosystem elements.
Description:
Threat intelligence feeds come from a variety of sources; such as network traffic data, system logs and event management (SIEM). In a high throughput network, this can rapidly escalate into a big data challenge. A single packet capture probe on a 10 Gbps network backbone has the potential to capture Terabytes of data over the course of a day. Large, disperse networks require many probes to cover the entire network.
Organisations have started to use NetFlow flow export protocols to attempt to reduce data volumes. However, proprietary NetFlow v5 and NetFlow v9 are network management protocols, which were not specifically designed with threat intelligence and digital forensics in mind.
The University has developed a technique using the IPFIX (Internet Protocol Flow Information) export protocol. IPFIX supports template extensibility, variable length fields, and probe protection against flow interception, tampering attacks, replay attacks and probe DoS (Denial of Service) attacks. Furthermore, as an open standard IPFIX is vendor neutral. This traffic capture method takes advantage of IPFIX templates to capture any data from within a traffic packet at network or application level. Thus allowing network analysts to tune traffic data capture at both the network and application layer; either for pre-emptive, pre-attack forensics or on-going incident analysis.
Reducing the volume of captured data makes data analysis more efficient, which in turn decreases threat reaction time. The University is looking to develop machine learning algorithms to further automate the detection process, so as to distinguish between actual threats and threat characteristics that initially appear to malicious but are in fact benign. In parallel to this work, the University is developing threat neutralisation techniques based upon Software Defined Networking.
A concept demonstrator has been developed for the detection of botnets. The demonstrator also shows how this can be applied to Internet of Things sensor networks. Current research is also developing templates to detect malicious HTTP content, SPAM and attacks upon SCADA (Supervisory Control and Data Acquisition) devices. Design of capture templates is limited only by the imagination of our partners and research team.
The University seeks commercial partners for a commercial agreement with technical assistance to further test the market viability of the product and develop it or partners who would like to invest in the technology for a financial agreement to develop the solution further.
Advantages and Innovations:
Cyber threat detection can rapidly generate big data volumes of analysis traffic. This innovative traffic capture mechanism allows organisations to capture only the data that matters, reducing data capture volumes by up to 98% over traditional packet capture based systems.
One obvious advantage of this technique is the reduction in data storage requirements. However, reducing big data volumes of traffic means that SOC (Security Operations Centre) analysts can react more quickly to an event.
The capture mechanism takes advantage of the IPFIX (Internet Protocol Flow Information Export) protocol. Capture templates are custom designed around specific threat indicators or data attributes from the network layer through to application level, allowing detection within protocols that are often misused in cyber security attacks such as HTTP (Hyper Text Transfer Protocol), SMTP (Simple Mail; transfer Protocol) and DNS (Domain name system).
Many packet capture solutions rely on mirrored or SPAN (Switched Port Analyser) ports, which can mean large volumes of replicated data must be transported across a network to an analyse system. Our in-band capture system uses aggregation techniques and TAP(Test Access Point)ports. Resulting manageable quantities of data means network traffic can be efficiently stored for pre-event application and network forensics, or lawful interception.
The solution developed by this University is a proof of concept case study, a template that captures botnet traffic in cloud services providers. Compared to PCAP (packet capture) the captured data volumes were 8000% smaller. When compared with NetFlow, and industry leader, the University solution was 27% faster.
Stage of Development:
Available for demonstration
IPs:
Secret Know-how,Copyright
CommeR Statunts Regarding IPR Status:
Trade Marks currently under consideration as are patents

Partner sought

Type and Role of Partner Sought:
The University is looking to partner with
· investors
· commercial organisations who wish to proactively threat monitor their own network infrastructure or applications
· managed service providers who are interested in developing the technology further in order to bring to the market
· commercial organisations with large threat and non-threat PCAP samples or other network traffic capture repositories
· IoT developers looking to incorporate situational awareness into their products

The University is looking for assistance in establishing the market viability of the solution and well as cooperation to develop the product further according to market needs. The University seeks partners for a commercial agreement with technical assistance or financial agreement.

Client

Type and Size of Client:
University
Already Engaged in Trans-National Cooperation:
Si
Languages Spoken:
English

Keywords

Technology Keywords:
01003006 Computer Software
01003009 Data Protection, Storage, Cryptography, Security