A Space-Time Separated and Jointly Evolving Relationship-Based Network Access and Data Protection System with NP-complete Defenses

Abstract

Attacks on information networks have been increasing in frequency and success in recent years. Attack methods are becoming increasingly sophisticated, and network defense systems have not kept pace. IDS and IPS systems utilizing signature- and statistics-based methods are not agile enough for today's environment. This paper presents an alternative solution; the Intrusion-resilient, Denial-of-Service resistant, Agent-assisted Cybersecurity system (IDACS). IDACS utilizes the concept of a space-time separated and jointly-evolving relationship to provide network defenses that can defend against zero-day and metamorphic attacks. IDACS provides network security in three key areas: attack detection and prevention, digital forensics to identify the origin of the attack, and deep protection of at-rest encrypted data in case of a successful network breach. IDACS combines these three aspects into a complex space-time relationship that provides mutual reinforcement between these aspects. A mathemtical analysis of IDACS reveals that several facets of its network defense are NP-complete, presenting a potential attacker with an incredibly complex problem to solve. Multiple simulations of a fielded IDACS system demonstrate the high attack detection rate, network traitor identification rate, and data protection capabilities provided by this system.