K3Y’s Visual-based Intrusion Detection System
K3VIDS is a visual-based intrusion detection and prevention solution, which takes full advantage of signature/specification-based methods, Artificial Intelligence (AI) techniques and visual analytics in order to detect potential intrusions and anomalies
K3VIDS is composed of several detectors and open-source cybersecurity-related sensors, such as Snort, Suricata, Nmap, OpenWAS and honeypot applications, thus providing continuously a plethora of security logs that are normalised and correlated with each other, utilising association rules. With respect to the AI-based detectors, K3VIDS includes a variety of Machine Learning (ML) / Deep Learning (DL) based detectors devoted to recognising cyberattacks and anomalies related mainly to industrial communication protocols like Modbus/TCP, DNP3, IEC 61850, IEC 60870-5-104, MQTT, NTP, SSH and FTP.
K3VIDS platform offers the following services
– Advanced Data Analysis & VisualisationK3VIDS adopts dimensionality reduction techniques, binary representations and visual analytics in order to discriminate unknown anomalies.
– AI-enabled Anomaly Detection
AI models relying on operational measurements are utilised for recognising potential anomalies.
– Decentralised Architecture
The various detectors and cybersecurity sensors can be deployed in a remote manner individually, while the security events and alerts are stored in a scalable database and visualised by a dynamic dashboard with real-time statistics.
– Large-scale Deployment
K3VIDS has been designed in order to support large-scale industrial environments related to critical infrastructures.
– SDN-enabled MitigationRegarding the mitigation activities, K3VIDS takes advantage of the Software-Defined Networking (SDN) technology, guiding the SDN controller to disrupt and/or re-direct the malicious network flows. Ιf SDN is not supported, then K3VIDS uses mitigation agents that update the firewall configuration based on the information of the security events and alerts.