DOE Patents DOE Patents
DOE Patents title logo U.S. Department of Energy
Office of Scientific and Technical Information
Search DOE Patents

Title: Using new edges for anomaly detection in computer networks

Abstract

Creation of new edges in a network may be used as an indication of a potential attack on the network. Historical data of a frequency with which nodes in a network create and receive new edges may be analyzed. Baseline models of behavior among the edges in the network may be established based on the analysis of the historical data. A new edge that deviates from a respective baseline model by more than a predetermined threshold during a time window may be detected. The new edge may be flagged as potentially anomalous when the deviation from the respective baseline model is detected. Probabilities for both new and existing edges may be obtained for all edges in a path or other subgraph. The probabilities may then be combined to obtain a score for the path or other subgraph. A threshold may be obtained by calculating an empirical distribution of the scores under historical conditions.

Inventors:
Issue Date:
Research Org.:
Los Alamos National Lab. (LANL), Los Alamos, NM (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1368182
Patent Number(s):
9699206
Application Number:
14/609,836
Assignee:
Los Alamos National Security, LLC
Patent Classifications (CPCs):
G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
Show more
DOE Contract Number:  
AC52-06NA25396
Resource Type:
Patent
Resource Relation:
Patent File Date: 2015 Jan 30
Country of Publication:
United States
Language:
English
Subject:
97 MATHEMATICS AND COMPUTING

Citation Formats

Neil, Joshua Charles. Using new edges for anomaly detection in computer networks. United States: N. p., 2017. Web.
Copy to clipboard
Neil, Joshua Charles. Using new edges for anomaly detection in computer networks. United States.
Copy to clipboard
Neil, Joshua Charles. Tue . "Using new edges for anomaly detection in computer networks". United States. https://www.osti.gov/servlets/purl/1368182.
Copy to clipboard
@article{osti_1368182,
title = {Using new edges for anomaly detection in computer networks},
author = {Neil, Joshua Charles},
abstractNote = {Creation of new edges in a network may be used as an indication of a potential attack on the network. Historical data of a frequency with which nodes in a network create and receive new edges may be analyzed. Baseline models of behavior among the edges in the network may be established based on the analysis of the historical data. A new edge that deviates from a respective baseline model by more than a predetermined threshold during a time window may be detected. The new edge may be flagged as potentially anomalous when the deviation from the respective baseline model is detected. Probabilities for both new and existing edges may be obtained for all edges in a path or other subgraph. The probabilities may then be combined to obtain a score for the path or other subgraph. A threshold may be obtained by calculating an empirical distribution of the scores under historical conditions.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2017},
month = {7}
}
Copy to clipboard
Patent:
View Patent
Save / Share:
Export Metadata
Save to My Library
You must Sign In or Create an Account in order to save documents to your library.

Works referenced in this record:

Recent Advances in Intrusion Detection
book, January 2001

    [ × clear filter / sort ]

    Similar Records in DOE Patents and OSTI.GOV collections: