MLIDS—Machine Learning Intrusion Detection System

High-fidelity simulation environments using Distributed Mission Operations (DMO) may be attacked by enemies wishing to subvert the simulation performance and results. To detect, mitigate, and inoculate against such attacks, ATC-NY, in collaboration with Architecture Technology Corporation, and Cornell University Professor Thorsten Joachims, developed the Machine Learning Intrusion Detection System (MLIDS). In Phase I, we located specific features in Distributed Interactive Simulation (DIS) that prove to be significant indicators when attacks occur, and built a DIS Validator that discriminates between valid and invalid DIS packets. MLIDS employs Support Vector Machines, a new learning system based on recent advances in statistical learning theory, to build simulation traffic profiles, which it uses to detect malicious DMO network traffic in real time. The MLIDS interface alerts the network administrator to abnormal–and hence possibly malicious–traffic in real time and provide guidance in dealing with attacks. To create MLIDS, the ATC-NY team developed novel technologies for monitoring network intrusions in HLA and DIS simulation environments.