Global to push GA events into
skip to main content

Title: Path scanning for the detection of anomalous subgraphs and use of DNS requests and host agents for anomaly/change detection and network situational awareness

A system, apparatus, computer-readable medium, and computer-implemented method are provided for detecting anomalous behavior in a network. Historical parameters of the network are determined in order to determine normal activity levels. A plurality of paths in the network are enumerated as part of a graph representing the network, where each computing system in the network may be a node in the graph and the sequence of connections between two computing systems may be a directed edge in the graph. A statistical model is applied to the plurality of paths in the graph on a sliding window basis to detect anomalous behavior. Data collected by a Unified Host Collection Agent ("UHCA") may also be used to detect anomalous behavior.
; ; ; ; ; ;
Issue Date:
OSTI Identifier:
Los Alamos National Security, LLC (Los Alamos, NM) LANL
Patent Number(s):
Application Number:
Contract Number:
Resource Relation:
Patent File Date: 2017 Jan 30
Research Org:
Los Alamos National Lab. (LANL), Los Alamos, NM (United States)
Sponsoring Org:
Country of Publication:
United States

Works referenced in this record:

Systems And Methods For A Simulated Network Attack Generator
patent-application, December 2009

A survey of coordinated attacks and collaborative intrusion detection
journal, February 2010
  • Zhou, Chenfeng Vincent; Leckie, Christopher; Karunasekera, Shanika
  • Computers & Security, Vol. 29, Issue 1, p. 124-140
  • DOI: 10.1016/j.cose.2009.06.008

Botnets: A survey
journal, February 2013
  • Silva, Sérgio S. C.; Silva, Rodrigo M. P.; Pinto, Raquel C. G.
  • Computer Networks, Vol. 57, Issue 2, p. 378-403
  • DOI: 10.1016/j.comnet.2012.07.021

Identifying botnets by capturing group activities in DNS traffic
journal, January 2012

The link-prediction problem for social networks
journal, January 2007
  • Liben-Nowell, David; Kleinberg, Jon
  • Journal of the American Society for Information Science and Technology, Vol. 58, Issue 7, p. 1019-1031
  • DOI: 10.1002/asi.20591

Adaptive ROC-based ensembles of HMMs applied to anomaly detection
journal, January 2012