DOE Patents title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Using new edges for anomaly detection in computer networks

Abstract

Creation of new edges in a network may be used as an indication of a potential attack on the network. Historical data of a frequency with which nodes in a network create and receive new edges may be analyzed. Baseline models of behavior among the edges in the network may be established based on the analysis of the historical data. A new edge that deviates from a respective baseline model by more than a predetermined threshold during a time window may be detected. The new edge may be flagged as potentially anomalous when the deviation from the respective baseline model is detected. Probabilities for both new and existing edges may be obtained for all edges in a path or other subgraph. The probabilities may then be combined to obtain a score for the path or other subgraph. A threshold may be obtained by calculating an empirical distribution of the scores under historical conditions.

Inventors:
Issue Date:
Research Org.:
Los Alamos National Laboratory (LANL), Los Alamos, NM (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1368182
Patent Number(s):
9699206
Application Number:
14/609,836
Assignee:
Los Alamos National Security, LLC
Patent Classifications (CPCs):
G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
G - PHYSICS G06 - COMPUTING G06N - COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
DOE Contract Number:  
AC52-06NA25396
Resource Type:
Patent
Resource Relation:
Patent File Date: 2015 Jan 30
Country of Publication:
United States
Language:
English
Subject:
97 MATHEMATICS AND COMPUTING

Citation Formats

Neil, Joshua Charles. Using new edges for anomaly detection in computer networks. United States: N. p., 2017. Web.
Neil, Joshua Charles. Using new edges for anomaly detection in computer networks. United States.
Neil, Joshua Charles. Tue . "Using new edges for anomaly detection in computer networks". United States. https://www.osti.gov/servlets/purl/1368182.
@article{osti_1368182,
title = {Using new edges for anomaly detection in computer networks},
author = {Neil, Joshua Charles},
abstractNote = {Creation of new edges in a network may be used as an indication of a potential attack on the network. Historical data of a frequency with which nodes in a network create and receive new edges may be analyzed. Baseline models of behavior among the edges in the network may be established based on the analysis of the historical data. A new edge that deviates from a respective baseline model by more than a predetermined threshold during a time window may be detected. The new edge may be flagged as potentially anomalous when the deviation from the respective baseline model is detected. Probabilities for both new and existing edges may be obtained for all edges in a path or other subgraph. The probabilities may then be combined to obtain a score for the path or other subgraph. A threshold may be obtained by calculating an empirical distribution of the scores under historical conditions.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2017},
month = {7}
}

Works referenced in this record:

Features generation for use in computer network intrusion detection
patent, December 2003


Anomaly detection
patent, March 2008


Intrusion detection system
patent, October 2009


Attack graph aggregation
patent, December 2009


Distributed network management
patent, December 2011


System and method for credit scoring using an identity network connectivity
patent, February 2013


Method and system for content distribution network security
patent, March 2013


Using social graphs to combat malicious attacks
patent, April 2013


Wireless network edge guardian
patent, November 2013


Peer-to-peer (P2P) botnet tracking at backbone level
patent, January 2014


System and method for exposing malicious sources using mobile IP messages
patent, February 2014


Proactive on-line diagnostics in a manageable network
patent-application, February 2002


Method and apparatus for verifying the integrity and security of computer networks and implementing counter measures
patent-application, November 2002


Flow-based detection of network intrusions
patent-application, June 2003


Detect and qualify relationships between people and find the best path through the resulting social network
patent-application, June 2004


Network security monitoring system
patent-application, July 2004


Adaptive behavioral intrusion detection systems and methods
patent-application, February 2005


Database user behavior monitor system and method
patent-application, September 2005


Method and system for analyzing multidimensional data
patent-application, March 2006


Systems and methods for testing and evaluating an intrusion detection system
patent-application, November 2006


Tactical And Strategic Attack Detection And Prediction
patent-application, September 2007


Method of Detecting Anomalous Behaviour in a Computer Network
patent-application, October 2007


Traffic Control System And Management Server
patent-application, April 2008


Data Partitioning and Critical Section Reduction for Bayesian Network Structure Learning
patent-application, November 2008


Methods and Systems for Determining Entropy Metrics for Networks
patent-application, January 2009


Systems And Methods For A Simulated Network Attack Generator
patent-application, December 2009


Intrusion Event Correlation System
patent-application, July 2010


Method And Apparatus For Network Anomaly Detection
patent-application, November 2010


Apparatuses And Methods For Detecting Anomalous Event In Network
patent-application, June 2011


Device and Method for Detecting and Diagnosing Correlated Network Anomalies
patent-application, June 2011


Generating A Multiple-Prerequisite Attack Graph
September 2011


Applying Antimalware Logic without Revealing the Antimalware Logic to Adversaries
patent-application, December 2012


Systems and Methods for Virtualized Malware Detection
patent-application, May 2013


Method And Apparatus For Machine To Machine Network Security Monitoring In A Communications Network
patent-application, May 2013


Predicting Attacks Based On Probabilistic Game-Theory
patent-application, November 2013


System and Method for Assessing Whether a Communication Contains an Attack
patent-application, February 2014


Method For Detecting Anomaly Action Within A Computer Network
patent-application, June 2014


A survey of coordinated attacks and collaborative intrusion detection
journal, February 2010


Alert correlation in a cooperative intrusion detection framework
conference, January 2002


Recent Advances in Intrusion Detection
book, January 2001


Adaptive ROC-based ensembles of HMMs applied to anomaly detection
journal, January 2012


Scan Statistics for the Online Detection of Locally Anomalous Subgraphs
journal, August 2013


Two-tier data-driven intrusion detection for automatic generation control in smart grid
conference, December 2014