Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

Using new edges for anomaly detection in computer networks

Patent ·
OSTI ID:1459412
Creation of new edges in a network may be used as an indication of a potential attack on the network. Historical data of a frequency with which nodes in a network create and receive new edges may be analyzed. Baseline models of behavior among the edges in the network may be established based on the analysis of the historical data. A new edge that deviates from a respective baseline model by more than a predetermined threshold during a time window may be detected. The new edge may be flagged as potentially anomalous when the deviation from the respective baseline model is detected. Probabilities for both new and existing edges may be obtained for all edges in a path or other subgraph. The probabilities may then be combined to obtain a score for the path or other subgraph. A threshold may be obtained by calculating an empirical distribution of the scores under historical conditions.
Research Organization:
Los Alamos National Laboratory (LANL), Los Alamos, NM (United States)
Sponsoring Organization:
USDOE
DOE Contract Number:
AC52-06NA25396
Assignee:
Los Alamos National Security, LLC (Los Alamos, NM)
Patent Number(s):
10,015,183
Application Number:
15/637,475
OSTI ID:
1459412
Country of Publication:
United States
Language:
English

References (14)

Anomaly detection: A survey journal July 2009
Alert correlation in a cooperative intrusion detection framework conference January 2002
Adaptive ROC-based ensembles of HMMs applied to anomaly detection journal January 2012
Probabilistic Alert Correlation book January 2001
Exploiting dynamicity in graph-based traffic analysis: techniques and applications
  • Iliofotou, Marios; Faloutsos, Michalis; Mitzenmacher, Michael
  • CoNEXT '09 Proceedings of the 5th international conference on Emerging networking experiments and technologies, p. 241-252 https://doi.org/10.1145/1658939.1658967
conference January 2009
Two-tier data-driven intrusion detection for automatic generation control in smart grid conference December 2014
Discovering Collaborative Cyber Attack Patterns Using Social Network Analysis conference January 2011
Botnets: A survey journal February 2013
A survey of coordinated attacks and collaborative intrusion detection journal February 2010
Identifying botnets by capturing group activities in DNS traffic journal January 2012
Bayesian anomaly detection methods for social networks journal August 2010
The link-prediction problem for social networks
  • Liben-Nowell, David; Kleinberg, Jon
  • Journal of the American Society for Information Science and Technology, Vol. 58, Issue 7, p. 1019-1031 https://doi.org/10.1002/asi.20591
journal January 2007
Scan Statistics for the Online Detection of Locally Anomalous Subgraphs journal August 2013
Detecting Anomalies Using End-to-End Path Measurements conference April 2008

Similar Records

Related Subjects

97 MATHEMATICS AND COMPUTING