skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Path scanning for the detection of anomalous subgraphs and use of DNS requests and host agents for anomaly/change detection and network situational awareness

Patent ·
OSTI ID:1409817
; ; ; ; ; ;

A system, apparatus, computer-readable medium, and computer-implemented method are provided for detecting anomalous behavior in a network. Historical parameters of the network are determined in order to determine normal activity levels. A plurality of paths in the network are enumerated as part of a graph representing the network, where each computing system in the network may be a node in the graph and the sequence of connections between two computing systems may be a directed edge in the graph. A statistical model is applied to the plurality of paths in the graph on a sliding window basis to detect anomalous behavior. Data collected by a Unified Host Collection Agent ("UHCA") may also be used to detect anomalous behavior.

Research Organization:
Los Alamos National Laboratory (LANL), Los Alamos, NM (United States)
Sponsoring Organization:
USDOE
DOE Contract Number:
AC52-06NA25396
Assignee:
Los Alamos National Security, LLC (Los Alamos, NM)
Patent Number(s):
9,825,979
Application Number:
15/419,673
OSTI ID:
1409817
Resource Relation:
Patent File Date: 2017 Jan 30
Country of Publication:
United States
Language:
English

References (49)

Features generation for use in computer network intrusion detection patent December 2003
Anomaly detection patent March 2008
Intrusion detection system patent October 2009
Intelligent intrusion detection system utilizing enhanced graph-matching of network activity with context data patent November 2009
Attack graph aggregation patent December 2009
Distributed network management patent December 2011
System and method for credit scoring using an identity network connectivity patent February 2013
Method and system for content distribution network security patent March 2013
Using social graphs to combat malicious attacks patent April 2013
Adaptive behavioral intrusion detection systems and methods patent May 2013
Wireless network edge guardian patent November 2013
Peer-to-peer (P2P) botnet tracking at backbone level patent January 2014
System and method for exposing malicious sources using mobile IP messages patent February 2014
Machine learning based botnet detection using real-time connectivity graph based traffic features patent June 2014
Proactive on-line diagnostics in a manageable network patent-application February 2002
Method and apparatus for verifying the integrity and security of computer networks and implementing counter measures patent-application November 2002
Flow-based detection of network intrusions patent-application June 2003
Detect and qualify relationships between people and find the best path through the resulting social network patent-application June 2004
Network security monitoring system patent-application July 2004
Adaptive behavioral intrusion detection systems and methods patent-application February 2005
Database user behavior monitor system and method patent-application September 2005
Method and system for analyzing multidimensional data patent-application March 2006
Systems and methods for testing and evaluating an intrusion detection system patent-application November 2006
Intelligent intrusion detection system utilizing enhanced graph-matching of network activity with context data patent-application September 2007
Tactical And Strategic Attack Detection And Prediction patent-application September 2007
Method of Detecting Anomalous Behaviour in a Computer Network patent-application October 2007
Traffic Control System And Management Server patent-application April 2008
Data Partitioning and Critical Section Reduction for Bayesian Network Structure Learning patent-application November 2008
Methods and Systems for Determining Entropy Metrics for Networks patent-application January 2009
Source Detection Device For Detecting A Source Of Sending A Virus And/Or A Dns Attack Linked To An Application, Method Thereof, And Program Thereof patent-application December 2009
Systems And Methods For A Simulated Network Attack Generator patent-application December 2009
Method And Apparatus For Network Anomaly Detection patent-application November 2010
Apparatuses And Methods For Detecting Anomalous Event In Network patent-application June 2011
Device and Method for Detecting and Diagnosing Correlated Network Anomalies patent-application June 2011
Generating A Multiple-Prerequisite Attack Graph September 2011
Applying Antimalware Logic without Revealing the Antimalware Logic to Adversaries patent-application December 2012
Systems and Methods for Virtualized Malware Detection patent-application May 2013
Method And Apparatus For Machine To Machine Network Security Monitoring In A Communications Network patent-application May 2013
Predicting Attacks Based On Probabilistic Game-Theory patent-application November 2013
System and Method for Assessing Whether a Communication Contains an Attack patent-application February 2014
Method For Detecting Anomaly Action Within A Computer Network patent-application June 2014
A survey of coordinated attacks and collaborative intrusion detection journal February 2010
Bayesian anomaly detection methods for social networks journal August 2010
Botnets: A survey journal February 2013
Identifying botnets by capturing group activities in DNS traffic journal January 2012
The link-prediction problem for social networks
  • Liben-Nowell, David; Kleinberg, Jon
  • Journal of the American Society for Information Science and Technology, Vol. 58, Issue 7, p. 1019-1031 https://doi.org/10.1002/asi.20591
journal January 2007
Scan Statistics for the Online Detection of Locally Anomalous Subgraphs journal August 2013
Adaptive ROC-based ensembles of HMMs applied to anomaly detection journal January 2012
Two-tier data-driven intrusion detection for automatic generation control in smart grid conference December 2014

Similar Records

Related Subjects

97 MATHEMATICS AND COMPUTING