skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Detection of anomalous events

Abstract

A system is described for receiving a stream of events and scoring the events based on anomalousness and maliciousness (or other classification). The system can include a plurality of anomaly detectors that together implement an algorithm to identify low-probability events and detect atypical traffic patterns. The anomaly detector provides for comparability of disparate sources of data (e.g., network flow data and firewall logs.) Additionally, the anomaly detector allows for regulatability, meaning that the algorithm can be user configurable to adjust a number of false alerts. The anomaly detector can be used for a variety of probability density functions, including normal Gaussian distributions, irregular distributions, as well as functions associated with continuous or discrete variables.

Inventors:
; ;
Publication Date:
Research Org.:
Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1255959
Patent Number(s):
9,361,463
Application Number:
14/103,703
Assignee:
UT-Batelle, LLC (Oak Ridge, TN) ORNL
DOE Contract Number:  
AC05-00OR22725
Resource Type:
Patent
Resource Relation:
Patent File Date: 2013 Dec 11
Country of Publication:
United States
Language:
English
Subject:
97 MATHEMATICS AND COMPUTING; 99 GENERAL AND MISCELLANEOUS

Citation Formats

Ferragut, Erik M., Laska, Jason A., and Bridges, Robert A. Detection of anomalous events. United States: N. p., 2016. Web.
Ferragut, Erik M., Laska, Jason A., & Bridges, Robert A. Detection of anomalous events. United States.
Ferragut, Erik M., Laska, Jason A., and Bridges, Robert A. Tue . "Detection of anomalous events". United States. https://www.osti.gov/servlets/purl/1255959.
@article{osti_1255959,
title = {Detection of anomalous events},
author = {Ferragut, Erik M. and Laska, Jason A. and Bridges, Robert A.},
abstractNote = {A system is described for receiving a stream of events and scoring the events based on anomalousness and maliciousness (or other classification). The system can include a plurality of anomaly detectors that together implement an algorithm to identify low-probability events and detect atypical traffic patterns. The anomaly detector provides for comparability of disparate sources of data (e.g., network flow data and firewall logs.) Additionally, the anomaly detector allows for regulatability, meaning that the algorithm can be user configurable to adjust a number of false alerts. The anomaly detector can be used for a variety of probability density functions, including normal Gaussian distributions, irregular distributions, as well as functions associated with continuous or discrete variables.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2016},
month = {6}
}

Patent:

Save / Share: