Global to push GA events into
skip to main content

Title: Using new edges for anomaly detection in computer networks

Creation of new edges in a network may be used as an indication of a potential attack on the network. Historical data of a frequency with which nodes in a network create and receive new edges may be analyzed. Baseline models of behavior among the edges in the network may be established based on the analysis of the historical data. A new edge that deviates from a respective baseline model by more than a predetermined threshold during a time window may be detected. The new edge may be flagged as potentially anomalous when the deviation from the respective baseline model is detected. Probabilities for both new and existing edges may be obtained for all edges in a path or other subgraph. The probabilities may then be combined to obtain a score for the path or other subgraph. A threshold may be obtained by calculating an empirical distribution of the scores under historical conditions.
Inventors:
Issue Date:
OSTI Identifier:
1179789
Assignee:
Los Alamos National Security, LLC (Los Alamos, NM) LANL
Patent Number(s):
9,038,180
Application Number:
13/826,995
Contract Number:
AC52-06NA25396
Resource Relation:
Patent File Date: 2013 Mar 14
Research Org:
Los Alamos National Lab. (LANL), Los Alamos, NM (United States)
Sponsoring Org:
USDOE
Country of Publication:
United States
Language:
English
Subject:
97 MATHEMATICS AND COMPUTING

Other works cited in this record:

Scan Statistics on Enron Graphs
journal, October 2005
  • Priebe, Carey E.; Conroy, John M.; Marchette, David J.
  • Computational and Mathematical Organization Theory, Vol. 11, Issue 3, p. 229-247
  • DOI: 10.1007/s10588-005-5378-z

The link-prediction problem for social networks
journal, January 2007
  • Liben-Nowell, David; Kleinberg, Jon
  • Journal of the American Society for Information Science and Technology, Vol. 58, Issue 7, p. 1019-1031
  • DOI: 10.1002/asi.20591

A survey of coordinated attacks and collaborative intrusion detection
journal, February 2010
  • Zhou, Chenfeng Vincent; Leckie, Christopher; Karunasekera, Shanika
  • Computers & Security, Vol. 29, Issue 1, p. 124-140
  • DOI: 10.1016/j.cose.2009.06.008

Botnets: A survey
journal, February 2013
  • Silva, Sérgio S. C.; Silva, Rodrigo M. P.; Pinto, Raquel C. G.
  • Computer Networks, Vol. 57, Issue 2, p. 378-403
  • DOI: 10.1016/j.comnet.2012.07.021

Identifying botnets by capturing group activities in DNS traffic
journal, January 2012

Probabilistic Alert Correlation
book, January 2001
  • Valdes, Alfonso; Skinner, Keith; Goos, Gerhard
  • Recent Advances in Intrusion Detection, p. 54-68
  • DOI: 10.1007/3-540-45474-8_4

Features generation for use in computer network intrusion detection
patent, December 2003

Anomaly detection
patent, March 2008

Intrusion detection system
patent, October 2009

Method and system for content distribution network security
patent, March 2013

Adaptive behavioral intrusion detection systems and methods
patent, May 2013

Peer-to-peer (P2P) botnet tracking at backbone level
patent, January 2014

System and method for exposing malicious sources using mobile IP messages
patent, February 2014

Similar records in DOepatents and OSTI.GOV collections: