Smart FireWall

Inspiration

We were originally inspired by the thought that sensitive, life sustaining equipment, like those found in hospitals, is susceptible to bugs and malware. We set out to create a firewall to defend these machines and the lives they protect.

Running software that supports critical functions cannot allow for vulnerability, however no defense is perfect. This software will still need to be updated periodically to address bugs and exploits. In order to update do that the entire software must restart. Vital software cannot afford to restart as it pleases, but it also can't be left unprotected against new exploits.

What it does

Smart Fire Wall, provides customers with the ability to dynamically defend against a world of ever evolving cyber attacks. It is a fire wall, compatible with pre-existing ones, that utilizes unsupervised machine learning to update the list of packages that it defends against based on external information and previous experience.

Smart FireWall will constantly be on the lookout for any possible bugs within the software. To compare with existing firewalls, Smart FireWall will only focus on the areas of code that needs to be protected the most while the existing firewalls protect the overall system. Another feature of Smart FireWall is it will take in current hacking trends, exploits, and new software bugs and adjusts the defense mainframe to prepare for these possible threats.

How we built it

Using publicly available data sets with labeled attack/normal packets, and Keras, we developed our initial AI FireWall. Next the data packets are all placed in an N dimensional space (where N is the number of fields considered per packet) where we define initial clusters by each of the given attack/normal packet labels. Then, using Spectral clustering algorithms, we determine whether incoming packets are forming new clusters, and if they are, we use spectral clustering techniques to separate our total data into their new clusters. (we use spectral clustering because it did a good job conserving the sets of data in our original clusters, ie. we don’t lose many initial data points to the new cluster, instead it’s made up of mainly “new” packets). Upon the creation of a new cluster, we re-train (from scratch) the AI such that each packet is associated to it’s new labeled cluster, where the new cluster is always considered an attack. After re-training the AI, all new incoming packets will still be sifted into the potential categories, and if it classifies as a member of the new cluster’s label, it will not be let through the firewall. Now this packet won’t be let through, where based on the past AI, if it was classified closest to a “safe” packet, it would have been let through. Over all, the Intelligent FireWall, upon seeing a significant degree of “unusual” and similar packets, will react by retraining itself to not let packets of that kind through.

Challenges we ran into

After some research, realizing that we were entering a currently open field of study "Clustering Concept-Drifting Categorical Data," was incredibly daunting. Having little to reference in way of model development, we had to implement our own design and model for the solution to problems involving "Clustering Concept-Drifting Categorical Data."