Using new edges for anomaly detection in computer networks

Neil, Joshua Charles

Title: Using new edges for anomaly detection in computer networks

Patent · Tue May 19 00:00:00 EDT 2015

OSTI ID:1179789

Neil, Joshua Charles

Creation of new edges in a network may be used as an indication of a potential attack on the network. Historical data of a frequency with which nodes in a network create and receive new edges may be analyzed. Baseline models of behavior among the edges in the network may be established based on the analysis of the historical data. A new edge that deviates from a respective baseline model by more than a predetermined threshold during a time window may be detected. The new edge may be flagged as potentially anomalous when the deviation from the respective baseline model is detected. Probabilities for both new and existing edges may be obtained for all edges in a path or other subgraph. The probabilities may then be combined to obtain a score for the path or other subgraph. A threshold may be obtained by calculating an empirical distribution of the scores under historical conditions.

View Patent

Cite

Export

Save

Research Organization:: Los Alamos National Laboratory (LANL), Los Alamos, NM (United States)

Sponsoring Organization:: USDOE

DOE Contract Number:: AC52-06NA25396

Assignee:: Los Alamos National Security, LLC (Los Alamos, NM)

Patent Number(s):: 9,038,180

Application Number:: 13/826,995

OSTI ID:: 1179789

Resource Relation:: Patent File Date: 2013 Mar 14

Country of Publication:: United States

Language:: English

References (33)

Bayesian anomaly detection methods for social networks Heard, Nicholas A.; Weston, David J.; Platanioti, Kiriaki The Annals of Applied Statistics, Vol. 4, Issue 2, p. 645-662 https://doi.org/10.1214/10-AOAS329	journal	August 2010
Scan Statistics on Enron Graphs Priebe, Carey E.; Conroy, John M.; Marchette, David J. Computational and Mathematical Organization Theory, Vol. 11, Issue 3, p. 229-247 https://doi.org/10.1007/s10588-005-5378-z	journal	October 2005
The link-prediction problem for social networks Liben-Nowell, David; Kleinberg, Jon Journal of the American Society for Information Science and Technology, Vol. 58, Issue 7, p. 1019-1031 https://doi.org/10.1002/asi.20591	journal	January 2007
A survey of coordinated attacks and collaborative intrusion detection Zhou, Chenfeng Vincent; Leckie, Christopher; Karunasekera, Shanika Computers & Security, Vol. 29, Issue 1, p. 124-140 https://doi.org/10.1016/j.cose.2009.06.008	journal	February 2010
Alert correlation in a cooperative intrusion detection framework Cuppens, F.; Miege, A. Proceedings 2002 IEEE Symposium on Security and Privacy https://doi.org/10.1109/SECPRI.2002.1004372	conference	January 2002
Botnets: A survey Silva, Sérgio S. C.; Silva, Rodrigo M. P.; Pinto, Raquel C. G. Computer Networks, Vol. 57, Issue 2, p. 378-403 https://doi.org/10.1016/j.comnet.2012.07.021	journal	February 2013
Identifying botnets by capturing group activities in DNS traffic Choi, Hyunsang; Lee, Heejo Computer Networks, Vol. 56, Issue 1, p. 20-33 https://doi.org/10.1016/j.comnet.2011.07.018	journal	January 2012
Probabilistic Alert Correlation Valdes, Alfonso; Skinner, Keith; Goos, Gerhard Recent Advances in Intrusion Detection, p. 54-68 https://doi.org/10.1007/3-540-45474-8_4	book	January 2001
Scan Statistics for the Online Detection of Locally Anomalous Subgraphs Neil, Joshua; Hash, Curtis; Brugh, Alexander Technometrics, Vol. 55, Issue 4, p. 403-414 https://doi.org/10.1080/00401706.2013.822830	journal	August 2013
Features generation for use in computer network intrusion detection Diep, Thanh A.; Botros, Sherif; Izenson, Martin D. https://doi.org/https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/6671811 US Patent Document 6,671,811	patent	December 2003
Anomaly detection Ide, Tsuyoshi; Yoda, Kunikazu; Kashima, Hisashi https://doi.org/https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/7346803 US Patent Document 7,346,803	patent	March 2008
Intrusion detection system Scheidell, Michael https://doi.org/https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/7603711 US Patent Document 7,603,711	patent	October 2009
Method and system for content distribution network security Macwan, Sanjay; Chawla, Deepak; de los Reyes, Gustavo https://doi.org/https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/8397298 US Patent Document 8,397,298	patent	March 2013
Adaptive behavioral intrusion detection systems and methods Stute, Michael Roy https://doi.org/https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/8448247 US Patent Document 8,448,247	patent	May 2013
Peer-to-peer (P2P) botnet tracking at backbone level Coskun, Baris; Baliga, Arati https://doi.org/https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/8627473 US Patent Document 8,627,473	patent	January 2014
System and method for exposing malicious sources using mobile IP messages Choyi, Vinod Kumar; Abdel-Aziz, Bassem https://doi.org/https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/8650630 US Patent Document 8,650,630	patent	February 2014
Method and apparatus for verifying the integrity and security of computer networks and implementing counter measures Hrabik, Michael; Guilfoyle, Jeffrey; Mac Beaver, Edward https://doi.org/https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20020178383 US Patent Application 10/196472; 20020178383	patent-application	November 2002
Flow-based detection of network intrusions Copeland, John A. III https://doi.org/https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20030105976 US Patent Application 10/000396; 20030105976	patent-application	June 2003
Network security monitoring system Bhattacharya, Partha; Lawrence, Jan Christian https://doi.org/https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20040133672 US Patent Application 10/443946; 20040133672	patent-application	July 2004
Adaptive behavioral intrusion detection systems and methods Stute, Michael https://doi.org/https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20050044406 US Patent Application 10/504731; 20050044406	patent-application	February 2005
Method and system for analyzing multidimensional data Ashiri, Amir https://doi.org/https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20060053136 US Patent Application 11/199383; 20060053136	patent-application	March 2006
Systems and methods for testing and evaluating an intrusion detection system Rubin, Shai A.; Jha, Somesh; Miller, Barton P. https://doi.org/https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20060253906 US Patent Application 11/294585; 20060253906	patent-application	November 2006
Intelligent intrusion detection system utilizing enhanced graph-matching of network activity with context data Coffman, Thayne Richard https://doi.org/https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20070209074 US Patent Application 11/367943; 20070209074	patent-application	September 2007
Tactical And Strategic Attack Detection And Prediction Gilbert, Logan; Morgan, Robert J.; Keen, Arthur A. https://doi.org/https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20070226796 US Patent Application 11/688540; 20070226796	patent-application	September 2007
Method of Detecting Anomalous Behaviour in a Computer Network Belakhdar, Omar; Bados, Pedro; Flatings, Boi https://doi.org/https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20070240207 US Patent Application 11/578866; 20070240207	patent-application	October 2007
Methods and Systems for Determining Entropy Metrics for Networks Johnson, Joseph E. https://doi.org/https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20090024549 US Patent Application 12/158424; 20090024549	patent-application	January 2009
Systems And Methods For A Simulated Network Attack Generator White, Christopher Dyson; Ratcliffe, III, Chester Randolph; Espinosa, John Christian https://doi.org/https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20090320137 US Patent Application 12/487633; 20090320137	patent-application	December 2009
Intrusion Event Correlation System Noel, Steven E.; Robertson, Eric B.; Jajodia, Sushil https://doi.org/https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20100192226 US Patent Application 12/758135; 20100192226	patent-application	July 2010
Device and Method for Detecting and Diagnosing Correlated Network Anomalies Wang, Jia; Lall, Ashwin; Mahimkar, Ajay https://doi.org/https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20110154119 US Patent Application 12/646388; 20110154119	patent-application	June 2011
Generating A Multiple-Prerequisite Attack Graph Lippmann, Richard P.; Ingols, Kyle W.; Piwowarski, Keith J. https://doi.org/https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20110231937 US Patent Application 13/104454; 20110231937		September 2011
Systems and Methods for Virtualized Malware Detection Golshan, Ali; Binder, James S. https://doi.org/https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20130117849 US Patent Application 13/288917; 20130117849	patent-application	May 2013
Method And Apparatus For Machine To Machine Network Security Monitoring In A Communications Network Sheleheda, Daniel; Bowen, Donald J.; Cama, Cynthia https://doi.org/https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20130127618 US Patent Application 13/301529; 20130127618	patent-application	May 2013
Predicting Attacks Based On Probabilistic Game-Theory Christodorescu, Mihai; Korzhyk, Dmytro; Sailer, Reiner https://doi.org/https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20130318615 US Patent Application 13/478290; 20130318615	patent-application	November 2013

Cited By (1)

Using new edges for anomaly detection in computer networks Neil, Joshua Charles https://doi.org/https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/9038180 US Patent Document 9,038,180	patent	May 2015

Similar Records

Using new edges for anomaly detection in computer networks

Patent · Tue Jul 04 00:00:00 EDT 2017 · OSTI ID:1179789

Neil, Joshua Charles

Using new edges for anomaly detection in computer networks

Patent · Tue Jul 03 00:00:00 EDT 2018 · OSTI ID:1179789

Neil, Joshua Charles

Using new edges for anomaly detection in computer networks

Patent · Tue Jul 28 00:00:00 EDT 2020 · OSTI ID:1179789

Neil, Joshua Charles

Related Subjects

97 MATHEMATICS AND COMPUTING

Title: Using new edges for anomaly detection in computer networks

Citation Formats

References (33)

Cited By (1)

Similar Records

Related Subjects