Modeling behavior in a network using event logs
Patent
·
OSTI ID:1568688
A framework is provided for modeling the activity surrounding user credentials and/or machine level activity on a computer network using computer event logs by viewing the logs attributed to each user as a multivariate data stream. The methodology performs well in detecting compromised user credentials at a very low false positive rate. Such a methodology may detect both users of compromised credentials by external actors and otherwise authorized users who have begun engaging in malicious activity.
- Research Organization:
- Los Alamos National Laboratory (LANL), Los Alamos, NM (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC52-06NA25396
- Assignee:
- Triad National Security, LLC (Los Alamos, NM); IP2IPO Innovations Limited (London, GB)
- Patent Number(s):
- 10,375,095
- Application Number:
- 15/355,142
- OSTI ID:
- 1568688
- Country of Publication:
- United States
- Language:
- English
Similar Records
Authscan, version 1.x
User Behavior Analytics
Authscan 2.x
Software
·
Fri Oct 27 00:00:00 EDT 2017
·
OSTI ID:1406021
User Behavior Analytics
Technical Report
·
Mon Feb 27 23:00:00 EST 2017
·
OSTI ID:1345176
Authscan 2.x
Software
·
Wed Jun 06 00:00:00 EDT 2018
·
OSTI ID:1468781