skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Path scanning for the detection of anomalous subgraphs and use of DNS requests and host agents for anomaly/change detection and network situational awareness

Abstract

A system, apparatus, computer-readable medium, and computer-implemented method are provided for detecting anomalous behavior in a network. Historical parameters of the network are determined in order to determine normal activity levels. A plurality of paths in the network are enumerated as part of a graph representing the network, where each computing system in the network may be a node in the graph and the sequence of connections between two computing systems may be a directed edge in the graph. A statistical model is applied to the plurality of paths in the graph on a sliding window basis to detect anomalous behavior. Data collected by a Unified Host Collection Agent (“UHCA”) may also be used to detect anomalous behavior.

Inventors:
; ; ; ; ; ;
Publication Date:
Research Org.:
Los Alamos National Lab. (LANL), Los Alamos, NM (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1568133
Patent Number(s):
10,243,984
Application Number:
15/809,297
Assignee:
Triad National Security, LLC (Los Alamos, NM)
DOE Contract Number:  
AC52-06NA25396
Resource Type:
Patent
Resource Relation:
Patent File Date: 11/10/2017
Country of Publication:
United States
Language:
English

Citation Formats

Neil, Joshua Charles, Fisk, Michael Edward, Brugh, Alexander William, Hash, Jr., Curtis Lee, Storlie, Curtis Byron, Uphoff, Benjamin, and Kent, Alexander. Path scanning for the detection of anomalous subgraphs and use of DNS requests and host agents for anomaly/change detection and network situational awareness. United States: N. p., 2019. Web.
Neil, Joshua Charles, Fisk, Michael Edward, Brugh, Alexander William, Hash, Jr., Curtis Lee, Storlie, Curtis Byron, Uphoff, Benjamin, & Kent, Alexander. Path scanning for the detection of anomalous subgraphs and use of DNS requests and host agents for anomaly/change detection and network situational awareness. United States.
Neil, Joshua Charles, Fisk, Michael Edward, Brugh, Alexander William, Hash, Jr., Curtis Lee, Storlie, Curtis Byron, Uphoff, Benjamin, and Kent, Alexander. Tue . "Path scanning for the detection of anomalous subgraphs and use of DNS requests and host agents for anomaly/change detection and network situational awareness". United States. https://www.osti.gov/servlets/purl/1568133.
@article{osti_1568133,
title = {Path scanning for the detection of anomalous subgraphs and use of DNS requests and host agents for anomaly/change detection and network situational awareness},
author = {Neil, Joshua Charles and Fisk, Michael Edward and Brugh, Alexander William and Hash, Jr., Curtis Lee and Storlie, Curtis Byron and Uphoff, Benjamin and Kent, Alexander},
abstractNote = {A system, apparatus, computer-readable medium, and computer-implemented method are provided for detecting anomalous behavior in a network. Historical parameters of the network are determined in order to determine normal activity levels. A plurality of paths in the network are enumerated as part of a graph representing the network, where each computing system in the network may be a node in the graph and the sequence of connections between two computing systems may be a directed edge in the graph. A statistical model is applied to the plurality of paths in the graph on a sliding window basis to detect anomalous behavior. Data collected by a Unified Host Collection Agent (“UHCA”) may also be used to detect anomalous behavior.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2019},
month = {3}
}

Patent:

Save / Share:

Works referenced in this record:

Peer-to-peer (P2P) botnet tracking at backbone level
patent, January 2014


Using social graphs to combat malicious attacks
patent, April 2013


Anomaly detection
patent, March 2008


Method and system for content distribution network security
patent, March 2013


Attack graph aggregation
patent, December 2009


Intrusion detection system
patent, October 2009


System and method for credit scoring using an identity network connectivity
patent, February 2013


Systems And Methods For A Simulated Network Attack Generator
patent-application, December 2009


System and method for exposing malicious sources using mobile IP messages
patent, February 2014


Wireless network edge guardian
patent, November 2013


Distributed network management
patent, December 2011


Machine learning based botnet detection using real-time connectivity graph based traffic features
patent, June 2014


Features generation for use in computer network intrusion detection
patent, December 2003