Real-time detection and classification of anomalous events in streaming data

Ferragut, Erik M.; Goodall, John R.; Iannacone, Michael D.; Laska, Jason A.; Harrison, Lane T.

Advanced Search OptionsAdvanced Search queries use a traditional Term Search. For more info, see our FAQ.

All Fields:

Patent Title:

Abstract:

Assignee:

Inventor(s):

Patent Number:

Patent Classification (CPC):

All Classifications
A - human necessities
A01 - agriculture
A21 - baking
A22 - butchering
A23 - foods or foodstuffs
A24 - tobacco
A41 - wearing apparel
A42 - headwear
A43 - footwear
A44 - haberdashery
A45 - hand or travelling articles
A46 - brushware
A47 - furniture
A61 - medical or veterinary science
A62 - life-saving
A63 - sports
A99 - subject matter not otherwise provided for in this section
B - performing operations
B01 - physical or chemical processes or apparatus in general
B02 - crushing, pulverising, or disintegrating
B03 - separation of solid materials using liquids or using pneumatic tables or jigs
B04 - centrifugal apparatus or machines for carrying-out physical or chemical processes
B05 - spraying or atomising in general
B06 - generating or transmitting mechanical vibrations in general
B07 - separating solids from solids
B08 - cleaning
B09 - disposal of solid waste
B21 - mechanical metal-working without essentially removing material
B22 - casting
B23 - machine tools
B24 - grinding
B25 - hand tools
B26 - hand cutting tools
B27 - working or preserving wood or similar material
B28 - working cement, clay, or stone
B29 - working of plastics
B30 - presses
B31 - making articles of paper, cardboard or material worked in a manner analogous to paper
B32 - layered products
B33 - additive manufacturing technology
B41 - printing
B42 - bookbinding
B43 - writing or drawing implements
B44 - decorative arts
B60 - vehicles in general
B61 - railways
B62 - land vehicles for travelling otherwise than on rails
B63 - ships or other waterborne vessels
B64 - aircraft
B65 - conveying
B66 - hoisting
B67 - opening, closing {or cleaning} bottles, jars or similar containers
B68 - saddlery
B81 - microstructural technology
B82 - nanotechnology
B99 - subject matter not otherwise provided for in this section
C - chemistry
C01 - inorganic chemistry
C02 - treatment of water, waste water, sewage, or sludge
C03 - glass
C04 - cements
C05 - fertilisers
C06 - explosives
C07 - organic chemistry
C08 - organic macromolecular compounds
C09 - dyes
C10 - petroleum, gas or coke industries
C11 - animal or vegetable oils, fats, fatty substances or waxes
C12 - biochemistry
C13 - sugar industry
C14 - skins
C21 - metallurgy of iron
C22 - metallurgy
C23 - coating metallic material
C25 - electrolytic or electrophoretic processes
C30 - crystal growth
C40 - combinatorial technology
C99 - subject matter not otherwise provided for in this section
D - textiles
D01 - natural or man-made threads or fibres
D02 - yarns
D03 - weaving
D04 - braiding
D05 - sewing
D06 - treatment of textiles or the like
D07 - ropes
D10 - indexing scheme associated with sublasses of section d, relating to textiles
D21 - paper-making
D99 - subject matter not otherwise provided for in this section
E - fixed constructions
E01 - construction of roads, railways, or bridges
E02 - hydraulic engineering
E03 - water supply
E04 - building
E05 - locks
E06 - doors, windows, shutters, or roller blinds in general
E21 - earth drilling
E99 - subject matter not otherwise provided for in this section
F - mechanical engineering
F01 - machines or engines in general
F02 - combustion engines
F03 - machines or engines for liquids
F04 - positive - displacement machines for liquids
F05 - indexing schemes relating to engines or pumps in various subclasses of classes f01-f04
F15 - fluid-pressure actuators
F16 - engineering elements and units
F17 - storing or distributing gases or liquids
F21 - lighting
F22 - steam generation
F23 - combustion apparatus
F24 - heating
F25 - refrigeration or cooling
F26 - drying
F27 - furnaces
F28 - heat exchange in general
F41 - weapons
F42 - ammunition
F99 - subject matter not otherwise provided for in this section
G - physics
G01 - measuring
G02 - optics
G03 - photography
G04 - horology
G05 - controlling
G06 - computing
G07 - checking-devices
G08 - signalling
G09 - education
G10 - musical instruments
G11 - information storage
G12 - instrument details
G16 - information and communication technology [ict] specially adapted for specific application fields
G21 - nuclear physics
G99 - subject matter not otherwise provided for in this section
H - electricity
H01 - basic electric elements
H02 - generation
H03 - basic electronic circuitry
H04 - electric communication technique
H05 - electric techniques not otherwise provided for
H99 - subject matter not otherwise provided for in this section
Y - new / cross sectional technologies
Y02 - technologies or applications for mitigation or adaptation against climate change
Y04 - information or communication technologies having an impact on other technology areas
Y10 - technical subjects covered by former uspc

More Options ...

Title: Real-time detection and classification of anomalous events in streaming data

Abstract

A system is described for receiving a stream of events and scoring the events based on anomalousness and maliciousness (or other classification). The events can be displayed to a user in user-defined groupings in an animated fashion. The system can include a plurality of anomaly detectors that together implement an algorithm to identify low probability events and detect atypical traffic patterns. The atypical traffic patterns can then be classified as being of interest or not. In one particular example, in a network environment, the classification can be whether the network traffic is malicious or not.

Inventors:: Ferragut, Erik M.; Goodall, John R.; Iannacone, Michael D.; Laska, Jason A.; Harrison, Lane T.

Issue Date:: Tue Apr 19 00:00:00 EDT 2016

Research Org.:: Oak Ridge National Laboratory (ORNL), Oak Ridge, TN (United States)

Sponsoring Org.:: USDOE

OSTI Identifier:: 1247988

Patent Number(s):: 9319421

Application Number:: 14/053,248

Assignee:: UT-Battelle, LLC (Oak Ridge, TN)

Patent Classifications (CPCs):: H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION

Show more

H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
H04L63/1408 - {by monitoring network traffic
H04L63/1416 - {Event detection, e.g. attack signature detection}
H04L63/1425 - {Traffic logging, e.g. anomaly detection}
H04L63/1433 - {Vulnerability analysis}

Show less

DOE Contract Number:: AC05-00OR22725

Resource Type:: Patent

Resource Relation:: Patent File Date: 2013 Oct 14

Country of Publication:: United States

Language:: English

Subject:: 97 MATHEMATICS AND COMPUTING; 99 GENERAL AND MISCELLANEOUS

Citation Formats


                    Ferragut, Erik M., Goodall, John R., Iannacone, Michael D., Laska, Jason A., and Harrison, Lane T. Real-time detection and classification of anomalous events in streaming data.  United States: N. p., 2016. 
        Web.

Copy to clipboard


                    Ferragut, Erik M., Goodall, John R., Iannacone, Michael D., Laska, Jason A., & Harrison, Lane T. Real-time detection and classification of anomalous events in streaming data.  United States.

Copy to clipboard


                    Ferragut, Erik M., Goodall, John R., Iannacone, Michael D., Laska, Jason A., and Harrison, Lane T. Tue .  
        "Real-time detection and classification of anomalous events in streaming data".  United States.  https://www.osti.gov/servlets/purl/1247988.

Copy to clipboard


                    
@article{osti_1247988,

  title        = {Real-time detection and classification of anomalous events in streaming data},

  author       = {Ferragut, Erik M. and Goodall, John R. and Iannacone, Michael D. and Laska, Jason A. and Harrison, Lane T.},

  abstractNote = {A system is described for receiving a stream of events and scoring the events based on anomalousness and maliciousness (or other classification). The events can be displayed to a user in user-defined groupings in an animated fashion. The system can include a plurality of anomaly detectors that together implement an algorithm to identify low probability events and detect atypical traffic patterns. The atypical traffic patterns can then be classified as being of interest or not. In one particular example, in a network environment, the classification can be whether the network traffic is malicious or not.},

  doi          = {},

  journal      = {},
number       = ,

  volume       = ,

  place        = {United States},

  year         = {Tue Apr 19 00:00:00 EDT 2016},

  month        = {Tue Apr 19 00:00:00 EDT 2016}

}

Copy to clipboard

Patent:

Save / Share:

Export Metadata

Save to My Library

Works referenced in this record:

Integration of Self-Organizing Map (SOM) and Kernel Density Estimation (KDE) for network intrusion detection
conference, September 2009

Cao, Yuan; He, Haibo; Man, Hong
SPIE Europe Security + Defence, SPIE Proceedings
https://doi.org/10.1117/12.834890

Anomaly detection: A survey
journal, July 2009

Chandola, Varun; Banerjee, Arindam; Kumar, Vipin
ACM Computing Surveys, Vol. 41, Issue 3, p. 1-58
https://doi.org/10.1145/1541880.1541882

VAST Challenge 2012: Visual analytics for big data
conference, October 2012

Cook, Kristin; Grinstein, Georges; Whiting, Mark
2012 IEEE Conference on Visual Analytics Science and Technology (VAST)
https://doi.org/10.1109/VAST.2012.6400529

An Intrusion-Detection Model
journal, February 1987

Denning, D. E.
IEEE Transactions on Software Engineering, Vol. SE-13, Issue 2
https://doi.org/10.1109/TSE.1987.232894

Method and apparatus for detecting malicious code in an information handling system
patent, June 2010

Obrecht, Mark; Alagna, Michael Tony; Payne, Andy
US Patent Document 7,748,039
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/7748039

Computer-implemented modeling systems and methods for analyzing and predicting computer network intrusions
patent, September 2011

Wu, Lizhong; Barker, Terrance Gordon; Desai, Vijay S.
US Patent Document 8,015,133
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/8015133

Statistical method and system for network anomaly detection
patent, December 2013

Mullarkey, Peter; Johns, Michael Charles
US Patent Document 8,601,575
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/8601575

Similar Records in DOE Patents and OSTI.GOV collections:

Real-time simulator and controller of power system using distributed data streaming server

Patent Li, Fangxing; Cui, Hantao; AhmadzadehRaji, MohammadReza; ...

Systems and methods for simulating and controlling a power system in real time, using a controller, are provided. The controller includes a simulation layer to simulate an operation of the power system, a disturbance generation layer to provide data to the simulation layer to disturb the simulated operation of the power system, an application layer to display the simulated operation of the power system and generate a control signal to control, based on the simulated operation of the power system, at least one element of the power system, and a distributed data streaming server (D2S2) to allow interoperability among themore » « less
Full Text Available
Detection of anomalous events

Patent Ferragut, Erik M.; Laska, Jason A.; Bridges, Robert A.

A system is described for receiving a stream of events and scoring the events based on anomalousness and maliciousness (or other classification). The system can include a plurality of anomaly detectors that together implement an algorithm to identify low-probability events and detect atypical traffic patterns. The anomaly detector provides for comparability of disparate sources of data (e.g., network flow data and firewall logs.) Additionally, the anomaly detector allows for regulatability, meaning that the algorithm can be user configurable to adjust a number of false alerts. The anomaly detector can be used for a variety of probability density functions, including normalmore » « less
Full Text Available
Real-time forecasting of electricity demand in a streams-based architecture with applications

Patent Ghosh, Soumyadip; Hosking, Jonathan R.; Natarajan, Ramesh; ...

A streams platform is used. Multiple streams of electricity usage data are received, each from an electrical meter providing periodic updates to electrical usage for devices connected to the electrical meter. Weather information is received corresponding to locations where the electrical meters are. Real-time predictive modeling of electricity demand is performed based on the received multiple streams of electricity usage data and the received weather information, at least by performing: updating a state space model for electrical load curves using the usage data from the streams and the weather, wherein the updating uses current load observations for the multiple streamsmore » « less
Full Text Available
Real-time object detection, tracking and occlusion reasoning

Patent Divakaran, Ajay; Yu, Qian; Tamrakar, Amir; ...

A system for object detection and tracking includes technologies to, among other things, detect and track moving objects, such as pedestrians and/or vehicles, in a real-world environment, handle static and dynamic occlusions, and continue tracking moving objects across the fields of view of multiple different cameras.
Full Text Available
Real-time method for establishing a detection map for a network of sensors

Patent Nguyen, Hung D; Koch, Mark W; Giron, Casey; ...

A method for establishing a detection map of a dynamically configurable sensor network. This method determines an appropriate set of locations for a plurality of sensor units of a sensor network and establishes a detection map for the network of sensors while the network is being set up; the detection map includes the effects of the local terrain and individual sensor performance. Sensor performance is characterized during the placement of the sensor units, which enables dynamic adjustment or reconfiguration of the placement of individual elements of the sensor network during network set-up to accommodate variations in local terrain and individualmore » « less
Full Text Available

Similar Records

Title: Real-time detection and classification of anomalous events in streaming data

Abstract

Citation Formats

Integration of Self-Organizing Map (SOM) and Kernel Density Estimation (KDE) for network intrusion detection conference, September 2009

Anomaly detection: A survey journal, July 2009

VAST Challenge 2012: Visual analytics for big data conference, October 2012

An Intrusion-Detection Model journal, February 1987

Method and apparatus for detecting malicious code in an information handling system patent, June 2010

Computer-implemented modeling systems and methods for analyzing and predicting computer network intrusions patent, September 2011

Statistical method and system for network anomaly detection patent, December 2013

Integration of Self-Organizing Map (SOM) and Kernel Density Estimation (KDE) for network intrusion detection
conference, September 2009

Anomaly detection: A survey
journal, July 2009

VAST Challenge 2012: Visual analytics for big data
conference, October 2012

An Intrusion-Detection Model
journal, February 1987

Method and apparatus for detecting malicious code in an information handling system
patent, June 2010

Computer-implemented modeling systems and methods for analyzing and predicting computer network intrusions
patent, September 2011

Statistical method and system for network anomaly detection
patent, December 2013