Global to push GA events into
skip to main content

Title: Path scanning for the detection of anomalous subgraphs and use of DNS requests and host agents for anomaly/change detection and network situational awareness

A system, apparatus, computer-readable medium, and computer-implemented method are provided for detecting anomalous behavior in a network. Historical parameters of the network are determined in order to determine normal activity levels. A plurality of paths in the network are enumerated as part of a graph representing the network, where each computing system in the network may be a node in the graph and the sequence of connections between two computing systems may be a directed edge in the graph. A statistical model is applied to the plurality of paths in the graph on a sliding window basis to detect anomalous behavior. Data collected by a Unified Host Collection Agent ("UHCA") may also be used to detect anomalous behavior.
; ; ; ; ; ;
Issue Date:
OSTI Identifier:
Los Alamos National Security, LLC (Los Alamos, NM) LANL
Patent Number(s):
Application Number:
Contract Number:
Resource Relation:
Patent File Date: 2017 Jan 30
Research Org:
Los Alamos National Lab. (LANL), Los Alamos, NM (United States)
Sponsoring Org:
Country of Publication:
United States

Other works cited in this record:

Features generation for use in computer network intrusion detection
patent, December 2003

Anomaly detection
patent, March 2008

Intrusion detection system
patent, October 2009

Intelligent intrusion detection system utilizing enhanced graph-matching of network activity with context data
patent, November 2009

Attack graph aggregation
patent, December 2009

Distributed network management
patent, December 2011

System and method for credit scoring using an identity network connectivity
patent, February 2013

Method and system for content distribution network security
patent, March 2013

Using social graphs to combat malicious attacks
patent, April 2013

Adaptive behavioral intrusion detection systems and methods
patent, May 2013

Wireless network edge guardian
patent, November 2013

Peer-to-peer (P2P) botnet tracking at backbone level
patent, January 2014

System and method for exposing malicious sources using mobile IP messages
patent, February 2014

Machine learning based botnet detection using real-time connectivity graph based traffic features
patent, June 2014

Proactive on-line diagnostics in a manageable network
patent-application, February 2002

Method and apparatus for verifying the integrity and security of computer networks and implementing counter measures
patent-application, November 2002

Flow-based detection of network intrusions
patent-application, June 2003

Detect and qualify relationships between people and find the best path through the resulting social network
patent-application, June 2004

Network security monitoring system
patent-application, July 2004

Adaptive behavioral intrusion detection systems and methods
patent-application, February 2005

Database user behavior monitor system and method
patent-application, September 2005

Method and system for analyzing multidimensional data
patent-application, March 2006

Systems and methods for testing and evaluating an intrusion detection system
patent-application, November 2006

Intelligent intrusion detection system utilizing enhanced graph-matching of network activity with context data
patent-application, September 2007

Tactical And Strategic Attack Detection And Prediction
patent-application, September 2007

Method of Detecting Anomalous Behaviour in a Computer Network
patent-application, October 2007

Traffic Control System And Management Server
patent-application, April 2008

Data Partitioning and Critical Section Reduction for Bayesian Network Structure Learning
patent-application, November 2008

Methods and Systems for Determining Entropy Metrics for Networks
patent-application, January 2009

Source Detection Device For Detecting A Source Of Sending A Virus And/Or A Dns Attack Linked To An Application, Method Thereof, And Program Thereof
patent-application, December 2009

Systems And Methods For A Simulated Network Attack Generator
patent-application, December 2009

Method And Apparatus For Network Anomaly Detection
patent-application, November 2010

Apparatuses And Methods For Detecting Anomalous Event In Network
patent-application, June 2011

Device and Method for Detecting and Diagnosing Correlated Network Anomalies
patent-application, June 2011

Generating A Multiple-Prerequisite Attack Graph
September 2011

Applying Antimalware Logic without Revealing the Antimalware Logic to Adversaries
patent-application, December 2012

Systems and Methods for Virtualized Malware Detection
patent-application, May 2013

Method And Apparatus For Machine To Machine Network Security Monitoring In A Communications Network
patent-application, May 2013

Predicting Attacks Based On Probabilistic Game-Theory
patent-application, November 2013

System and Method for Assessing Whether a Communication Contains an Attack
patent-application, February 2014

Method For Detecting Anomaly Action Within A Computer Network
patent-application, June 2014

A survey of coordinated attacks and collaborative intrusion detection
journal, February 2010
  • Zhou, Chenfeng Vincent; Leckie, Christopher; Karunasekera, Shanika
  • Computers & Security, Vol. 29, Issue 1, p. 124-140
  • DOI: 10.1016/j.cose.2009.06.008

Botnets: A survey
journal, February 2013
  • Silva, Sérgio S. C.; Silva, Rodrigo M. P.; Pinto, Raquel C. G.
  • Computer Networks, Vol. 57, Issue 2, p. 378-403
  • DOI: 10.1016/j.comnet.2012.07.021

Identifying botnets by capturing group activities in DNS traffic
journal, January 2012

The link-prediction problem for social networks
journal, January 2007
  • Liben-Nowell, David; Kleinberg, Jon
  • Journal of the American Society for Information Science and Technology, Vol. 58, Issue 7, p. 1019-1031
  • DOI: 10.1002/asi.20591

Adaptive ROC-based ensembles of HMMs applied to anomaly detection
journal, January 2012

Similar records in DOepatents and OSTI.GOV collections: