Using new edges for anomaly detection in computer networks
Creation of new edges in a network may be used as an indication of a potential attack on the network. Historical data of a frequency with which nodes in a network create and receive new edges may be analyzed. Baseline models of behavior among the edges in the network may be established based on the analysis of the historical data. A new edge that deviates from a respective baseline model by more than a predetermined threshold during a time window may be detected. The new edge may be flagged as potentially anomalous when the deviation from the respective baseline model is detected. Probabilities for both new and existing edges may be obtained for all edges in a path or other subgraph. The probabilities may then be combined to obtain a score for the path or other subgraph. A threshold may be obtained by calculating an empirical distribution of the scores under historical conditions.
- Research Organization:
- Los Alamos National Laboratory (LANL), Los Alamos, NM (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC52-06NA25396
- Assignee:
- Los Alamos National Security, LLC (Los Alamos, NM)
- Patent Number(s):
- 9,038,180
- Application Number:
- 13/826,995
- OSTI ID:
- 1179789
- Resource Relation:
- Patent File Date: 2013 Mar 14
- Country of Publication:
- United States
- Language:
- English
Using new edges for anomaly detection in computer networks
|
patent | May 2015 |
Similar Records
Using new edges for anomaly detection in computer networks
Using new edges for anomaly detection in computer networks