Detecting anomalous behavior via user authentication graphs

Kent, Alexander; Neil, Joshua; Liebrock, Lorie

Advanced Search OptionsAdvanced Search queries use a traditional Term Search. For more info, see our FAQ.

All Fields:

Patent Title:

Abstract:

Assignee:

Inventor(s):

Patent Number:

Patent Classification (CPC):

All Classifications
A - human necessities
A01 - agriculture
A21 - baking
A22 - butchering
A23 - foods or foodstuffs
A24 - tobacco
A41 - wearing apparel
A42 - headwear
A43 - footwear
A44 - haberdashery
A45 - hand or travelling articles
A46 - brushware
A47 - furniture
A61 - medical or veterinary science
A62 - life-saving
A63 - sports
A99 - subject matter not otherwise provided for in this section
B - performing operations
B01 - physical or chemical processes or apparatus in general
B02 - crushing, pulverising, or disintegrating
B03 - separation of solid materials using liquids or using pneumatic tables or jigs
B04 - centrifugal apparatus or machines for carrying-out physical or chemical processes
B05 - spraying or atomising in general
B06 - generating or transmitting mechanical vibrations in general
B07 - separating solids from solids
B08 - cleaning
B09 - disposal of solid waste
B21 - mechanical metal-working without essentially removing material
B22 - casting
B23 - machine tools
B24 - grinding
B25 - hand tools
B26 - hand cutting tools
B27 - working or preserving wood or similar material
B28 - working cement, clay, or stone
B29 - working of plastics
B30 - presses
B31 - making articles of paper, cardboard or material worked in a manner analogous to paper
B32 - layered products
B33 - additive manufacturing technology
B41 - printing
B42 - bookbinding
B43 - writing or drawing implements
B44 - decorative arts
B60 - vehicles in general
B61 - railways
B62 - land vehicles for travelling otherwise than on rails
B63 - ships or other waterborne vessels
B64 - aircraft
B65 - conveying
B66 - hoisting
B67 - opening, closing {or cleaning} bottles, jars or similar containers
B68 - saddlery
B81 - microstructural technology
B82 - nanotechnology
B99 - subject matter not otherwise provided for in this section
C - chemistry
C01 - inorganic chemistry
C02 - treatment of water, waste water, sewage, or sludge
C03 - glass
C04 - cements
C05 - fertilisers
C06 - explosives
C07 - organic chemistry
C08 - organic macromolecular compounds
C09 - dyes
C10 - petroleum, gas or coke industries
C11 - animal or vegetable oils, fats, fatty substances or waxes
C12 - biochemistry
C13 - sugar industry
C14 - skins
C21 - metallurgy of iron
C22 - metallurgy
C23 - coating metallic material
C25 - electrolytic or electrophoretic processes
C30 - crystal growth
C40 - combinatorial technology
C99 - subject matter not otherwise provided for in this section
D - textiles
D01 - natural or man-made threads or fibres
D02 - yarns
D03 - weaving
D04 - braiding
D05 - sewing
D06 - treatment of textiles or the like
D07 - ropes
D10 - indexing scheme associated with sublasses of section d, relating to textiles
D21 - paper-making
D99 - subject matter not otherwise provided for in this section
E - fixed constructions
E01 - construction of roads, railways, or bridges
E02 - hydraulic engineering
E03 - water supply
E04 - building
E05 - locks
E06 - doors, windows, shutters, or roller blinds in general
E21 - earth drilling
E99 - subject matter not otherwise provided for in this section
F - mechanical engineering
F01 - machines or engines in general
F02 - combustion engines
F03 - machines or engines for liquids
F04 - positive - displacement machines for liquids
F05 - indexing schemes relating to engines or pumps in various subclasses of classes f01-f04
F15 - fluid-pressure actuators
F16 - engineering elements and units
F17 - storing or distributing gases or liquids
F21 - lighting
F22 - steam generation
F23 - combustion apparatus
F24 - heating
F25 - refrigeration or cooling
F26 - drying
F27 - furnaces
F28 - heat exchange in general
F41 - weapons
F42 - ammunition
F99 - subject matter not otherwise provided for in this section
G - physics
G01 - measuring
G02 - optics
G03 - photography
G04 - horology
G05 - controlling
G06 - computing
G07 - checking-devices
G08 - signalling
G09 - education
G10 - musical instruments
G11 - information storage
G12 - instrument details
G16 - information and communication technology [ict] specially adapted for specific application fields
G21 - nuclear physics
G99 - subject matter not otherwise provided for in this section
H - electricity
H01 - basic electric elements
H02 - generation
H03 - basic electronic circuitry
H04 - electric communication technique
H05 - electric techniques not otherwise provided for
H99 - subject matter not otherwise provided for in this section
Y - new / cross sectional technologies
Y02 - technologies or applications for mitigation or adaptation against climate change
Y04 - information or communication technologies having an impact on other technology areas
Y10 - technical subjects covered by former uspc

More Options ...

Title: Detecting anomalous behavior via user authentication graphs

Abstract

Significant and aggregate user authentication activity may be analyzed across a population of users and computers in one or more networks to differentiate between authorized users and intruders in a network, and/or to detect inappropriate behavior by otherwise authorized users. Dynamic graphs and graph models over user and computer authentication activity, including time-constrained models, may be used for the purposes of profiling and analyzing user behavior in computer networks. More specifically, an edge-based breadth first search of graphs may be used that enforces time-constraints while maintaining traditional breadth first search computational complexity equivalence.

Inventors:: Kent, Alexander; Neil, Joshua; Liebrock, Lorie

Issue Date:: 2018-07-03

Research Org.:: Los Alamos National Laboratory (LANL), Los Alamos, NM (United States)

Sponsoring Org.:: USDOE

OSTI Identifier:: 1459424

Patent Number(s):: 10015175

Application Number:: 15/099,898

Assignee:: Los Alamos National Security, LLC (Los Alamos, NM); New Mexico Tech Research Foundation (Socorro, NM)

Patent Classifications (CPCs):: G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING

H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION

Show more

G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
G06F21/316 - {by observing the pattern of computer usage, e.g. typical user behaviour}
G06F21/552 - {involving long-term monitoring or reporting}
G06F21/554 - {involving event detection and direct action}

H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
H04L63/08 - {for supporting authentication of entities communicating through a packet data network
H04L63/083 - {using passwords
H04L63/1408 - {by monitoring network traffic

Show less

DOE Contract Number:: AC52-06NA25396

Resource Type:: Patent

Resource Relation:: Patent File Date: 2016 Apr 15

Country of Publication:: United States

Language:: English

Subject:: 97 MATHEMATICS AND COMPUTING

Citation Formats


                    Kent, Alexander, Neil, Joshua, and Liebrock, Lorie. Detecting anomalous behavior via user authentication graphs.  United States: N. p., 2018. 
        Web.

Copy to clipboard


                    Kent, Alexander, Neil, Joshua, & Liebrock, Lorie. Detecting anomalous behavior via user authentication graphs.  United States.

Copy to clipboard


                    Kent, Alexander, Neil, Joshua, and Liebrock, Lorie. Tue .  
        "Detecting anomalous behavior via user authentication graphs".  United States.  https://www.osti.gov/servlets/purl/1459424.

Copy to clipboard


                    
@article{osti_1459424,

  title        = {Detecting anomalous behavior via user authentication graphs},

  author       = {Kent, Alexander and Neil, Joshua and Liebrock, Lorie},

  abstractNote = {Significant and aggregate user authentication activity may be analyzed across a population of users and computers in one or more networks to differentiate between authorized users and intruders in a network, and/or to detect inappropriate behavior by otherwise authorized users. Dynamic graphs and graph models over user and computer authentication activity, including time-constrained models, may be used for the purposes of profiling and analyzing user behavior in computer networks. More specifically, an edge-based breadth first search of graphs may be used that enforces time-constraints while maintaining traditional breadth first search computational complexity equivalence.},

  doi          = {},

  journal      = {},
number       = ,

  volume       = ,

  place        = {United States},

  year         = {2018},

  month        = {7}

}

Copy to clipboard

Patent:

Save / Share:

Export Metadata

Save to My Library

Works referenced in this record:

Use of interactive messaging channels to verify endpoints
patent, July 2013

Hernacki, Brian; Satish, Sourabh
US Patent Document 8,490,190
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/8490190

Specializing network analysis to detect anomalous insider actions
journal, January 2012

Chen, You; Nyemba, Steve; Zhang, Wen
Security Informatics, Vol. 1, Article No. 5
https://doi.org/10.1186/2190-8532-1-5

Graph coarsening for path finding in cybersecurity graphs
conference, January 2013

Hogan, Emilie; Johnson, John R.; Halappanavar, Mahantesh
Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop on - CSIIRW '13
https://doi.org/10.1145/2459976.2459984

Using New Edges for Anomaly Detection in Computer Networks
patent-application, March 2014

Neil, Joshua Charles
US Patent Application 13/826995; 20140068769
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20140068769

Scan Statistics for the Online Detection of Locally Anomalous Subgraphs
journal, August 2013

Neil, Joshua; Hash, Curtis; Brugh, Alexander
Technometrics, Vol. 55, Issue 4, p. 403-414
https://doi.org/10.1080/00401706.2013.822830

Graph Based Bot-User Detection
patent-application, April 2010

Gillum, Eliot C.; Ke, Qifa; Xie, Yinglian
US Patent Application 12/249732; 20100095374
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20100095374

System and method for dynamically limiting robot access to server data
patent, December 2003

Eichstaedt, Matthias; Emens, Michael Lawrence; Kraft, Reiner
US Patent Document 6,662,230
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/6662230

Random Forests
journal, January 2001

Breiman, Leo
Machine Learning, Vol. 45, Issue 1, p. 5-32
https://doi.org/10.1023/A:1010933404324

Differentiating User Authentication Graphs
conference, May 2013

Kent, Alexander D.; Liebrock, Lorie M.
2013 IEEE CS Security and Privacy Workshops (SPW2013), 2013 IEEE Security and Privacy Workshops
https://doi.org/10.1109/SPW.2013.38

Insider Threat Detection Using a Graph-Based Approach
journal, December 2010

Eberle, William; Graves, Jeffrey; Holder, Lawrence
Journal of Applied Security Research, Vol. 6, Issue 1, p. 32-81
https://doi.org/10.1080/19361610.2011.529413

Adaptive Thresholds: Monitoring Streams of Network Counts
journal, March 2006

Lambert, Diane; Liu, Chuanhai
Journal of the American Statistical Association, Vol. 101, Issue 473, p. 78-88
https://doi.org/10.1198/016214505000000943

Control Charts and Stochastic Processes
journal, July 1959

Barnard, G. A.
Journal of the Royal Statistical Society: Series B (Methodological), Vol. 21, Issue 2
https://doi.org/10.1111/j.2517-6161.1959.tb00336.x

Monitoring Operational Activities in Networks and Detecting Potential Network Intrusions and Misuses
patent-application, June 2014

Ge, Zihui; Chu, Jie; Huber, Richard
US Patent Application 13/721698; 20140181968
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20140181968

The use of the area under the ROC curve in the evaluation of machine learning algorithms
journal, July 1997

Bradley, Andrew P.
Pattern Recognition, Vol. 30, Issue 7, p. 1145-1159
https://doi.org/10.1016/S0031-3203(96)00142-2

System for slowing password attacks
patent, November 2012

Kahn, Clifford E.; Venable, Sr., Jeffrey C.; Chickering, Roger A.
US Patent Document 8,312,540
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/8312540

User login monitoring device and method
patent, March 2017

Liu, Fei; He, Wei
US Patent Document 9,602,526
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/9602526

IP Allocation Pools
patent-application, September 2014

Szamonek, Zoltan; Duleba, Krzysztof; Van Dijk, Luuk
US Patent Application 13/950612; 20140280902
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20140280902

Similar Records in DOE Patents and OSTI.GOV collections:

Detecting anomalous behavior via user authentication graphs

Patent Kent, Alexander D.; Neil, Joshua Charles; Liebrock, Lorie

Significant and aggregate user authentication activity may be analyzed across a population of users and computers in one or more networks to differentiate between authorized users and intruders in a network, and/or to detect inappropriate behavior by otherwise authorized users. Dynamic graphs and graph models over user and computer authentication activity, including time-constrained models, may be used for the purposes of profiling and analyzing user behavior in computer networks. More specifically, an edge-based breadth first search of graphs may be used that enforces time-constraints while maintaining traditional breadth first search computational complexity equivalence.
Full Text Available
Gamma radiation stand-off detection, tamper detection, and authentication via resonant meta-material structures

Patent Alvine, Kyle J.; Bernacki, Bruce E.

Resonant meta-material structures are defined by metallic, dielectric or other materials that form nanoshells or nanomeshes that can be situated proximate to ionizing-radiation-sensitive layers so as to provide ionizing-radiation-dose-dependent optical properties. Such meta-material structures can also define aligned or periodic, semi-random, or other arrangements of nanostructures that are coupled to or include stressed layers. Detection of optical radiation from such structures is used to determine gamma radiation dose or to detect a disturbance of the nanostructure indicating tampering.
Full Text Available
Anomalous behavior detection by an artificial intelligence-enabled system with multiple correlated sensors

Patent Serebryakov, Sergey; Cader, Tahir; Nanjundaiah, Deepak

Multi-metric artificial intelligence (AI)/machine learning (ML) models for detection of anomalous behavior of a machine/system are disclosed. The multi-metric AI/ML models are configured to detect anomalous behavior of systems having multiple sensors that measure correlated sensor metrics such as coolant distribution units (CDUs). The multi-metric AI/ML models perform the anomalous system behavior detection in a manner that enables both a reduction in the amount of sensor instrumentation needed to monitor the system's operational behavior as well as a corresponding reduction in the complexity of the firmware that controls the sensor instrumentation. As such, AI-enabled systems and corresponding methods for anomalousmore » « less
Full Text Available
Method and system for normalizing biometric variations to authenticate users from a public database and that ensures individual biometric data privacy

Patent Strait, Robert S [Oakland, CA]; Pearson, Peter K [Livermore, CA]; Sengupta, Sailes K [Livermore, CA]

A password system comprises a set of codewords spaced apart from one another by a Hamming distance (HD) that exceeds twice the variability that can be projected for a series of biometric measurements for a particular individual and that is less than the HD that can be encountered between two individuals. To enroll an individual, a biometric measurement is taken and exclusive-ORed with a random codeword to produce a "reference value." To verify the individual later, a biometric measurement is taken and exclusive-ORed with the reference value to reproduce the original random codeword or its approximation. If the reproduced valuemore » « less
Full Text Available
Behavior specification, finding main, and call graph visualizations

Patent Sayre, Kirk D.; Willems, Richard A.; Lindberg, Stephen Lanse

A process transforms compiled software into a semantic form. The process transforms the code into a semantic form. The process analyzes behavior functionality by processing precise programming behavior abstractions stored in a memory and classifies the code as malware based on the code behavior. Another method identifies the starting point of execution of a compiled program. The method calculates a complexity measure by calculating the number of potential execution paths of local functions; identifies the number of arguments passed to local functions; and identifies the starting point of execution of the compiled program. Another method provides interactive, dynamic visualization ofmore » « less
Full Text Available

Similar Records

Title: Detecting anomalous behavior via user authentication graphs

Abstract

Citation Formats

Use of interactive messaging channels to verify endpoints patent, July 2013

Specializing network analysis to detect anomalous insider actions journal, January 2012

Graph coarsening for path finding in cybersecurity graphs conference, January 2013

Using New Edges for Anomaly Detection in Computer Networks patent-application, March 2014

Scan Statistics for the Online Detection of Locally Anomalous Subgraphs journal, August 2013

Graph Based Bot-User Detection patent-application, April 2010

System and method for dynamically limiting robot access to server data patent, December 2003

Random Forests journal, January 2001

Differentiating User Authentication Graphs conference, May 2013

Insider Threat Detection Using a Graph-Based Approach journal, December 2010

Adaptive Thresholds: Monitoring Streams of Network Counts journal, March 2006

Control Charts and Stochastic Processes journal, July 1959

Monitoring Operational Activities in Networks and Detecting Potential Network Intrusions and Misuses patent-application, June 2014

The use of the area under the ROC curve in the evaluation of machine learning algorithms journal, July 1997

System for slowing password attacks patent, November 2012

User login monitoring device and method patent, March 2017

IP Allocation Pools patent-application, September 2014

Use of interactive messaging channels to verify endpoints
patent, July 2013

Specializing network analysis to detect anomalous insider actions
journal, January 2012

Graph coarsening for path finding in cybersecurity graphs
conference, January 2013

Using New Edges for Anomaly Detection in Computer Networks
patent-application, March 2014

Scan Statistics for the Online Detection of Locally Anomalous Subgraphs
journal, August 2013

Graph Based Bot-User Detection
patent-application, April 2010

System and method for dynamically limiting robot access to server data
patent, December 2003

Random Forests
journal, January 2001

Differentiating User Authentication Graphs
conference, May 2013

Insider Threat Detection Using a Graph-Based Approach
journal, December 2010

Adaptive Thresholds: Monitoring Streams of Network Counts
journal, March 2006

Control Charts and Stochastic Processes
journal, July 1959

Monitoring Operational Activities in Networks and Detecting Potential Network Intrusions and Misuses
patent-application, June 2014

The use of the area under the ROC curve in the evaluation of machine learning algorithms
journal, July 1997

System for slowing password attacks
patent, November 2012

User login monitoring device and method
patent, March 2017

IP Allocation Pools
patent-application, September 2014