Search

US-20260129075-A1 - ARTIFICIAL INTELLIGENCE-DRIVEN CYBERSECURITY SYSTEM AND CYBERSECURITY METHOD WITH DYNAMIC REVERSE AUTHENTICATION

US20260129075A1US 20260129075 A1US20260129075 A1US 20260129075A1US-20260129075-A1

Abstract

An AI-driven network security system that proactively detects and mitigates threats in enterprise environments is provided. The system integrates AI-based behavioral analysis to model normal activity and identify anomalies. It implements a Reverse Authentication Algorithm (RAA) to generate a unique 32-hex-character (128-bit) authentication (“au”) string formed from random hexadecimal values, a complement-masked timestamp, and a search string dynamically derived from an ASCII random string table. Incoming requests are validated by reconstructing and verifying the timestamp and by recomputing the search string extracted from the au string. Upon anomaly detection or authentication failure, the system triggers layered defenses including packet filtering, IP blocking via a blocklist, execution of custom threat-neutralization scripts, and integration with content delivery networks (CDNs) to mitigate volumetric attacks. The modular architecture enables real-time detection and response while integrating with existing infrastructure.

Inventors

  • Chao-Hung Lin

Assignees

  • Chao-Hung Lin
  • Farxun Wisdom INC.

Dates

Publication Date
20260507
Application Date
20251027
Priority Date
20241030

Claims (6)

  1. 1 . A network security system for detecting and responding to threats in a network environment, the network security system comprising: a data collection module configured to collect network data including a timestamp; hexadecimal (base- 16 ) and applying a bitwise one's-complement with respect to 0xFFFFFFFF to mask the original value, and combining the complement-masked timestamp with the random string; and a defense response module configured to initiate layered defense responses upon detection of the anomalous pattern or upon authentication failure.
  2. 2 . The network security system of claim 1 , wherein the Reverse Authentication Algorithm periodically updates the ASCII random string table to enhance security and prevent predictability.
  3. 3 . The network security system of claim 1 , wherein the authentication module verifies an incoming network request by decomposing a received authentication string to extract and verify the complement-masked timestamp, the random string, and the search string, the verification comprising: reversing the complement operation applied to the complement-masked timestamp to restore an original timestamp and verifying that the restored timestamp is within a permissible time window to prevent replay attacks; and recomputing the search string and comparing the recomputed search string with a search string extracted from the authentication string to ensure integrity.
  4. 4 . The network security system of claim 1 , wherein the defense response module comprises: a packet-filtering component configured to remove malicious data; an IP-address blocking component configured to block suspicious IP addresses by adding their sources to a blocklist; an active threat-neutralization component configured to execute at least one custom script to proactively neutralize identified threats; and a content-delivery-network (CDN) integration component configured to distribute network traffic so as to mitigate volumetric distributed-denial-of-service attacks.
  5. 5 . The network security system of claim 1 , wherein the AI analysis engine further comprises an AI auditor component configured to perform in-depth analysis of user-behavior patterns to detect insider threats.
  6. 6 . A network security method automatically performed by a network security system, the method comprising: collecting, by a data collection module, network data including a timestamp; analyzing, by an AI analysis engine, the collected data using AI-based behavioral analysis to identify anomalous patterns indicative of network-security threats; generating, by an authentication module using a Reverse Authentication Algorithm, a unique authentication string comprising: a random string composed of random hexadecimal numbers generated within a specified range; a complement-masked timestamp obtained by acquiring a current timestamp, converting the timestamp to hexadecimal, applying a complement operation, and combining the complement-masked timestamp with the random hexadecimal numbers; and a search string produced by: selecting, based on a modulo operation on one of the random hexadecimal numbers, an ASCII data-source row from an ASCII random string table; identifying a position of a predetermined character in the selected row; and adding the one random hexadecimal number and the position and extracting specific hexadecimal digits to form the search string; verifying an incoming network request by decomposing a received authentication string to extract and verify the complement-masked timestamp, the random hexadecimal numbers, and the search string, including: reversing the masking to restore an original timestamp and verifying that the restored timestamp is within a permissible time window to prevent replay attacks; and recomputing the search string and comparing the recomputed search string with a search string extracted from the authentication string to ensure integrity; and initiating, by a defense response module, a layered defense response upon detecting the anomalous pattern or an authentication failure.

Description

FIELD OF THE INVENTION The present disclosure relates generally to network security systems and, more specifically, to an AI-driven cybersecurity solution configured to proactively detect and respond to diverse network threats by leveraging advanced machine-learning techniques and novel authentication mechanisms to improve an enterprise network's security posture. BACKGROUND OF THE INVENTION Organizations increasingly depend on complex network infrastructures to support operations, store sensitive data, and facilitate communications, while the frequency and sophistication of threats continue to rise, jeopardizing the integrity, confidentiality, and availability of critical information systems. Traditional rule-based measures-such as firewalls and intrusion detection systems-rely on predefined signatures and static rules and thus face limitations in coping with emerging and targeted attacks that fall outside known signatures. Insider threats are likewise difficult to detect due to legitimate privileges that obscure the boundary between normal and malicious behavior. Distributed Denial-of-Service (DDOS) attacks overwhelm network resources, and rate-limiting or static traffic filtering may be insufficient against large-scale or volumetric variants. Connection-oriented attacks (e.g., Slow HTTP and CC) further complicate the landscape by exploiting protocol or application-layer weaknesses, demanding continuous monitoring and dynamic response strategies. To address these challenges, there is a growing need for solutions that combine advanced analytics and adaptive learning. AI and machine learning enhance threat detection and response by analyzing large-scale data, identifying anomalous patterns, and adapting in real time. Robust authentication is also vital: static passwords or token-based schemes remain vulnerable to credential theft and replay, motivating authentication algorithms that generate dynamic, unique identifiers. Integrating these technologies into a comprehensive framework requires tight coupling of data collection, behavioral analysis, detection, and response, while maintaining scalability, compatibility, and minimal disruption to legitimate activity. SUMMARY OF THE INVENTION This disclosure provides an advanced network security system that combines AI-driven behavioral analysis with a novel Reverse Authentication Algorithm (RAA) to proactively detect and respond to security threats. The system improves security posture beyond rule-based measures by integrating dynamic authentication with continuous anomaly detection. A behavior-analysis module collects comprehensive network data—including traffic logs, geolocation, network parameters, timestamps, and device information—and applies machine-learning models to model normal behavior and identify anomalies in real time, enabling adaptation to evolving threats. In one embodiment, the RAA generates a unique 32-hex-character (128-bit) au string composed of a complement-masked timestamp, random hexadecimal values, and a search string derived from an ASCII random string table. By resisting prediction and replay, the au string serves as a time-sensitive authentication marker that complements existing credentials. Upon anomaly detection or authentication failure, the system initiates layered defense responses, including packet filtering to remove malicious data, automatic IP blocking via a blocklist, execution of custom scripts (e.g., Python, Bash, or C/C++), and CDN integration to distribute traffic and mitigate DDOS attacks, thereby maintaining availability during large-scale events. The system also monitors user-behavior patterns to detect potential insider threats. Overall, by combining AI-based analysis, dynamic authentication, and layered defenses, the architecture offers a modular, scalable, and infrastructure-compatible solution for protecting enterprise networks against known and emerging threats. BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings are provided to illustrate exemplary embodiments of the present invention and are not intended to limit the scope thereof. Identical reference numerals denote identical elements throughout the drawings. FIG. 1 is a block diagram illustrating an architecture of a network security system according to an embodiment. FIG. 2 is a block diagram illustrating a data collection module of the network security system. FIG. 3 is a block diagram illustrating an AI analysis engine of the network security system. FIG. 4 illustrates an example authentication (“au”) string generated by the Reverse Authentication Algorithm (RAA). FIG. 5A and FIG. 5B are flowcharts illustrating an example process for generating the authentication string by a Reverse Authentication Algorithm (RAA). FIG. 6A and FIG. 6B are flowcharts illustrating an example process for verifying the authentication string by the Reverse Authentication Algorithm (RAA). FIG. 7 is a block diagram illustrating a defense response module of the network securi