Detection of anomalous events
A system is described for receiving a stream of events and scoring the events based on anomalousness and maliciousness (or other classification). The system can include a plurality of anomaly detectors that together implement an algorithm to identify low-probability events and detect atypical traffic patterns. The anomaly detector provides for comparability of disparate sources of data (e.g., network flow data and firewall logs.) Additionally, the anomaly detector allows for regulatability, meaning that the algorithm can be user configurable to adjust a number of false alerts. The anomaly detector can be used for a variety of probability density functions, including normal Gaussian distributions, irregular distributions, as well as functions associated with continuous or discrete variables.
- Research Organization:
- Oak Ridge National Laboratory (ORNL), Oak Ridge, TN (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC05-00OR22725
- Assignee:
- UT-Batelle, LLC (Oak Ridge, TN)
- Patent Number(s):
- 9,361,463
- Application Number:
- 14/103,703
- OSTI ID:
- 1255959
- Country of Publication:
- United States
- Language:
- English
Tracking User Mobility to Detect Suspicious Behavior
|
conference | December 2013 |
Anomaly detection: A survey
|
journal | July 2009 |
Integration of Self-Organizing Map (SOM) and Kernel Density Estimation (KDE) for network intrusion detection
|
conference | September 2009 |
VAST Challenge 2012: Visual analytics for big data
|
conference | October 2012 |
An Intrusion-Detection Model
|
journal | February 1987 |
Similar Records
Detection of anomalous computer session activity
Compression Analytics for Classification and Anomaly Detection within Network Communication