Detecting anomalous behavior via user authentication graphs
Abstract
Significant and aggregate user authentication activity may be analyzed across a population of users and computers in one or more networks to differentiate between authorized users and intruders in a network, and/or to detect inappropriate behavior by otherwise authorized users. Dynamic graphs and graph models over user and computer authentication activity, including time-constrained models, may be used for the purposes of profiling and analyzing user behavior in computer networks. More specifically, an edge-based breadth first search of graphs may be used that enforces time-constraints while maintaining traditional breadth first search computational complexity equivalence.
- Inventors:
- Issue Date:
- Research Org.:
- Los Alamos National Laboratory (LANL), Los Alamos, NM (United States)
- Sponsoring Org.:
- USDOE
- OSTI Identifier:
- 1459424
- Patent Number(s):
- 10015175
- Application Number:
- 15/099,898
- Assignee:
- Los Alamos National Security, LLC (Los Alamos, NM); New Mexico Tech Research Foundation (Socorro, NM)
- Patent Classifications (CPCs):
-
G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- DOE Contract Number:
- AC52-06NA25396
- Resource Type:
- Patent
- Resource Relation:
- Patent File Date: 2016 Apr 15
- Country of Publication:
- United States
- Language:
- English
- Subject:
- 97 MATHEMATICS AND COMPUTING
Citation Formats
Kent, Alexander, Neil, Joshua, and Liebrock, Lorie. Detecting anomalous behavior via user authentication graphs. United States: N. p., 2018.
Web.
Kent, Alexander, Neil, Joshua, & Liebrock, Lorie. Detecting anomalous behavior via user authentication graphs. United States.
Kent, Alexander, Neil, Joshua, and Liebrock, Lorie. Tue .
"Detecting anomalous behavior via user authentication graphs". United States. https://www.osti.gov/servlets/purl/1459424.
@article{osti_1459424,
title = {Detecting anomalous behavior via user authentication graphs},
author = {Kent, Alexander and Neil, Joshua and Liebrock, Lorie},
abstractNote = {Significant and aggregate user authentication activity may be analyzed across a population of users and computers in one or more networks to differentiate between authorized users and intruders in a network, and/or to detect inappropriate behavior by otherwise authorized users. Dynamic graphs and graph models over user and computer authentication activity, including time-constrained models, may be used for the purposes of profiling and analyzing user behavior in computer networks. More specifically, an edge-based breadth first search of graphs may be used that enforces time-constraints while maintaining traditional breadth first search computational complexity equivalence.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2018},
month = {7}
}
Works referenced in this record:
Use of interactive messaging channels to verify endpoints
patent, July 2013
- Hernacki, Brian; Satish, Sourabh
- US Patent Document 8,490,190
Specializing network analysis to detect anomalous insider actions
journal, January 2012
- Chen, You; Nyemba, Steve; Zhang, Wen
- Security Informatics, Vol. 1, Article No. 5
Graph coarsening for path finding in cybersecurity graphs
conference, January 2013
- Hogan, Emilie; Johnson, John R.; Halappanavar, Mahantesh
- Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop on - CSIIRW '13
Using New Edges for Anomaly Detection in Computer Networks
patent-application, March 2014
- Neil, Joshua Charles
- US Patent Application 13/826995; 20140068769
Scan Statistics for the Online Detection of Locally Anomalous Subgraphs
journal, August 2013
- Neil, Joshua; Hash, Curtis; Brugh, Alexander
- Technometrics, Vol. 55, Issue 4, p. 403-414
Graph Based Bot-User Detection
patent-application, April 2010
- Gillum, Eliot C.; Ke, Qifa; Xie, Yinglian
- US Patent Application 12/249732; 20100095374
System and method for dynamically limiting robot access to server data
patent, December 2003
- Eichstaedt, Matthias; Emens, Michael Lawrence; Kraft, Reiner
- US Patent Document 6,662,230
Differentiating User Authentication Graphs
conference, May 2013
- Kent, Alexander D.; Liebrock, Lorie M.
- 2013 IEEE CS Security and Privacy Workshops (SPW2013), 2013 IEEE Security and Privacy Workshops
Insider Threat Detection Using a Graph-Based Approach
journal, December 2010
- Eberle, William; Graves, Jeffrey; Holder, Lawrence
- Journal of Applied Security Research, Vol. 6, Issue 1, p. 32-81
Adaptive Thresholds: Monitoring Streams of Network Counts
journal, March 2006
- Lambert, Diane; Liu, Chuanhai
- Journal of the American Statistical Association, Vol. 101, Issue 473, p. 78-88
Control Charts and Stochastic Processes
journal, July 1959
- Barnard, G. A.
- Journal of the Royal Statistical Society: Series B (Methodological), Vol. 21, Issue 2
Monitoring Operational Activities in Networks and Detecting Potential Network Intrusions and Misuses
patent-application, June 2014
- Ge, Zihui; Chu, Jie; Huber, Richard
- US Patent Application 13/721698; 20140181968
The use of the area under the ROC curve in the evaluation of machine learning algorithms
journal, July 1997
- Bradley, Andrew P.
- Pattern Recognition, Vol. 30, Issue 7, p. 1145-1159
System for slowing password attacks
patent, November 2012
- Kahn, Clifford E.; Venable, Sr., Jeffrey C.; Chickering, Roger A.
- US Patent Document 8,312,540
User login monitoring device and method
patent, March 2017
- Liu, Fei; He, Wei
- US Patent Document 9,602,526
IP Allocation Pools
patent-application, September 2014
- Szamonek, Zoltan; Duleba, Krzysztof; Van Dijk, Luuk
- US Patent Application 13/950612; 20140280902