skip to main content
DOE Patents title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Detection of anomalous events

Abstract

A system is described for receiving a stream of events and scoring the events based on anomalousness and maliciousness (or other classification). The system can include a plurality of anomaly detectors that together implement an algorithm to identify low-probability events and detect atypical traffic patterns. The anomaly detector provides for comparability of disparate sources of data (e.g., network flow data and firewall logs.) Additionally, the anomaly detector allows for regulatability, meaning that the algorithm can be user configurable to adjust a number of false alerts. The anomaly detector can be used for a variety of probability density functions, including normal Gaussian distributions, irregular distributions, as well as functions associated with continuous or discrete variables.

Inventors:
; ;
Issue Date:
Research Org.:
Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1255959
Patent Number(s):
9361463
Application Number:
14/103,703
Assignee:
UT-Batelle, LLC (Oak Ridge, TN)
Patent Classifications (CPCs):
G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
DOE Contract Number:  
AC05-00OR22725
Resource Type:
Patent
Resource Relation:
Patent File Date: 2013 Dec 11
Country of Publication:
United States
Language:
English
Subject:
97 MATHEMATICS AND COMPUTING; 99 GENERAL AND MISCELLANEOUS

Citation Formats

Ferragut, Erik M., Laska, Jason A., and Bridges, Robert A.. Detection of anomalous events. United States: N. p., 2016. Web.
Ferragut, Erik M., Laska, Jason A., & Bridges, Robert A.. Detection of anomalous events. United States.
Ferragut, Erik M., Laska, Jason A., and Bridges, Robert A.. Tue . "Detection of anomalous events". United States. https://www.osti.gov/servlets/purl/1255959.
@article{osti_1255959,
title = {Detection of anomalous events},
author = {Ferragut, Erik M. and Laska, Jason A. and Bridges, Robert A.},
abstractNote = {A system is described for receiving a stream of events and scoring the events based on anomalousness and maliciousness (or other classification). The system can include a plurality of anomaly detectors that together implement an algorithm to identify low-probability events and detect atypical traffic patterns. The anomaly detector provides for comparability of disparate sources of data (e.g., network flow data and firewall logs.) Additionally, the anomaly detector allows for regulatability, meaning that the algorithm can be user configurable to adjust a number of false alerts. The anomaly detector can be used for a variety of probability density functions, including normal Gaussian distributions, irregular distributions, as well as functions associated with continuous or discrete variables.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2016},
month = {6}
}

Patent:

Save / Share:

Works referenced in this record:

Integration of Self-Organizing Map (SOM) and Kernel Density Estimation (KDE) for network intrusion detection
conference, September 2009


Anomaly detection: A survey
journal, July 2009


VAST Challenge 2012: Visual analytics for big data
conference, October 2012


An Intrusion-Detection Model
journal, February 1987


Tracking User Mobility to Detect Suspicious Behavior
conference, December 2013