skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Using new edges for anomaly detection in computer networks

Patent ·
OSTI ID:1735092

Creation of new edges in a network may be used as an indication of a potential attack on the network. Historical data of a frequency with which nodes in a network create and receive new edges may be analyzed. Baseline models of behavior among the edges in the network may be established based on the analysis of the historical data. A new edge that deviates from a respective baseline model by more than a predetermined threshold during a time window may be detected. The new edge may be flagged as potentially anomalous when the deviation from the respective baseline model is detected. Probabilities for both new and existing edges may be obtained for all edges in a path or other subgraph. The probabilities may then be combined to obtain a score for the path or other subgraph. A threshold may be obtained by calculating an empirical distribution of the scores under historical conditions.

Research Organization:
Los Alamos National Laboratory (LANL), Los Alamos, NM (United States)
Sponsoring Organization:
USDOE
DOE Contract Number:
AC52-06NA25396
Assignee:
Triad National Security, LLC (Los Alamos, NM)
Patent Number(s):
10,728,270
Application Number:
16/002,870
OSTI ID:
1735092
Resource Relation:
Patent File Date: 06/07/2018
Country of Publication:
United States
Language:
English

References (63)

Method and apparatus for verifying the integrity and security of computer networks and implementing counter measures patent-application November 2002
Detecting Anomalies Using End-to-End Path Measurements conference April 2008
Attack graph aggregation patent December 2009
Traffic Control System And Management Server patent-application April 2008
Device and Method for Detecting and Diagnosing Correlated Network Anomalies patent-application June 2011
Systems and Methods for Virtualized Malware Detection patent-application May 2013
Method for Testing the Security Posture of a System patent-application February 2011
Features generation for use in computer network intrusion detection patent December 2003
Probabilistic Alert Correlation book January 2001
Anomaly detection patent March 2008
Machine learning based botnet detection using real-time connectivity graph based traffic features patent June 2014
Cyber Defense Systems and Methods patent-application August 2014
Using social graphs to combat malicious attacks patent April 2013
Systems And Methods For A Simulated Network Attack Generator patent-application December 2009
Adaptive behavioral intrusion detection systems and methods patent May 2013
Adaptive behavioral intrusion detection systems and methods patent-application February 2005
Adaptive ROC-based ensembles of HMMs applied to anomaly detection journal January 2012
Peer-to-peer (P2P) botnet tracking at backbone level patent January 2014
Network security monitoring system patent-application July 2004
Method And Apparatus For Machine To Machine Network Security Monitoring In A Communications Network patent-application May 2013
Proactive on-line diagnostics in a manageable network patent-application February 2002
Method and system for content distribution network security patent March 2013
Source Detection Device For Detecting A Source Of Sending A Virus And/Or A Dns Attack Linked To An Application, Method Thereof, And Program Thereof patent-application December 2009
A survey of coordinated attacks and collaborative intrusion detection journal February 2010
Method For Detecting Anomaly Action Within A Computer Network patent-application June 2014
Generating A Multiple-Prerequisite Attack Graph September 2011
New statistical approaches for anomaly detection journal January 2009
Systems and methods for testing and evaluating an intrusion detection system patent-application November 2006
Apparatuses And Methods For Detecting Anomalous Event In Network patent-application June 2011
Intrusion detection system patent October 2009
Wireless network edge guardian patent November 2013
Botnets: A survey journal February 2013
Distributed network management patent December 2011
System and method for exposing malicious sources using mobile IP messages patent February 2014
Predicting Attacks Based On Probabilistic Game-Theory patent-application November 2013
Applying Antimalware Logic without Revealing the Antimalware Logic to Adversaries patent-application December 2012
Automated Computer System Security Compromise patent-application August 2007
Method and system for analyzing multidimensional data patent-application March 2006
Probabilistic model for cyber risk forecasting patent June 2017
The link-prediction problem for social networks
  • Liben-Nowell, David; Kleinberg, Jon
  • Journal of the American Society for Information Science and Technology, Vol. 58, Issue 7, p. 1019-1031 https://doi.org/10.1002/asi.20591
journal January 2007
Scan Statistics for the Online Detection of Locally Anomalous Subgraphs journal August 2013
Anomaly detection: A survey journal July 2009
System and Method for Probabilistic Attack Planning patent-application March 2011
Detect and qualify relationships between people and find the best path through the resulting social network patent-application June 2004
System and method for credit scoring using an identity network connectivity patent February 2013
Database user behavior monitor system and method patent-application September 2005
Malware detection using clustering with malware source information patent July 2017
Traffic dispersion graph based anomaly detection conference January 2011
Multi-Scale Network Traffic Generator patent-application February 2008
Flow-based detection of network intrusions patent-application June 2003
System and Method for Assessing Whether a Communication Contains an Attack patent-application February 2014
Method And Apparatus For Network Anomaly Detection patent-application November 2010
System and Method for Simulating Computer Network Attacks patent-application January 2009
Method of Detecting Anomalous Behaviour in a Computer Network patent-application October 2007
Bayesian anomaly detection methods for social networks journal August 2010
Tactical And Strategic Attack Detection And Prediction patent-application September 2007
Methods and Systems for Determining Entropy Metrics for Networks patent-application January 2009
System and Method for Providing Network Penetration Testing patent-application October 2008
Intrusion Event Correlation System patent-application July 2010
Intelligent intrusion detection system utilizing enhanced graph-matching of network activity with context data patent November 2009
Identifying botnets by capturing group activities in DNS traffic journal January 2012
Data Partitioning and Critical Section Reduction for Bayesian Network Structure Learning patent-application November 2008
Intelligent intrusion detection system utilizing enhanced graph-matching of network activity with context data patent-application September 2007

Similar Records

Using new edges for anomaly detection in computer networks
Patent · Tue Jul 04 00:00:00 EDT 2017 · OSTI ID:1735092
Using new edges for anomaly detection in computer networks
Patent · Tue May 19 00:00:00 EDT 2015 · OSTI ID:1735092
Using new edges for anomaly detection in computer networks
Patent · Tue Jul 03 00:00:00 EDT 2018 · OSTI ID:1735092

Related Subjects

97 MATHEMATICS AND COMPUTING