Detection of anomalous events
A system is described for receiving a stream of events and scoring the events based on anomalousness and maliciousness (or other classification). The system can include a plurality of anomaly detectors that together implement an algorithm to identify low-probability events and detect atypical traffic patterns. The anomaly detector provides for comparability of disparate sources of data (e.g., network flow data and firewall logs.) Additionally, the anomaly detector allows for regulatability, meaning that the algorithm can be user configurable to adjust a number of false alerts. The anomaly detector can be used for a variety of probability density functions, including normal Gaussian distributions, irregular distributions, as well as functions associated with continuous or discrete variables.
- Research Organization:
- Oak Ridge National Laboratory (ORNL), Oak Ridge, TN (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC05-00OR22725
- Assignee:
- UT-Batelle, LLC (Oak Ridge, TN)
- Patent Number(s):
- 9,361,463
- Application Number:
- 14/103,703
- OSTI ID:
- 1255959
- Resource Relation:
- Patent File Date: 2013 Dec 11
- Country of Publication:
- United States
- Language:
- English
Similar Records
Compression Analytics for Classification and Anomaly Detection within Network Communication
Profile-based adaptive anomaly detection for network security.