DOE Patents title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Detecting anomalous behavior via user authentication graphs

Abstract

Significant and aggregate user authentication activity may be analyzed across a population of users and computers in one or more networks to differentiate between authorized users and intruders in a network, and/or to detect inappropriate behavior by otherwise authorized users. Dynamic graphs and graph models over user and computer authentication activity, including time-constrained models, may be used for the purposes of profiling and analyzing user behavior in computer networks. More specifically, an edge-based breadth first search of graphs may be used that enforces time-constraints while maintaining traditional breadth first search computational complexity equivalence.

Inventors:
; ;
Issue Date:
Research Org.:
Los Alamos National Laboratory (LANL), Los Alamos, NM (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1459424
Patent Number(s):
10015175
Application Number:
15/099,898
Assignee:
Los Alamos National Security, LLC (Los Alamos, NM); New Mexico Tech Research Foundation (Socorro, NM)
Patent Classifications (CPCs):
G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
DOE Contract Number:  
AC52-06NA25396
Resource Type:
Patent
Resource Relation:
Patent File Date: 2016 Apr 15
Country of Publication:
United States
Language:
English
Subject:
97 MATHEMATICS AND COMPUTING

Citation Formats

Kent, Alexander, Neil, Joshua, and Liebrock, Lorie. Detecting anomalous behavior via user authentication graphs. United States: N. p., 2018. Web.
Kent, Alexander, Neil, Joshua, & Liebrock, Lorie. Detecting anomalous behavior via user authentication graphs. United States.
Kent, Alexander, Neil, Joshua, and Liebrock, Lorie. Tue . "Detecting anomalous behavior via user authentication graphs". United States. https://www.osti.gov/servlets/purl/1459424.
@article{osti_1459424,
title = {Detecting anomalous behavior via user authentication graphs},
author = {Kent, Alexander and Neil, Joshua and Liebrock, Lorie},
abstractNote = {Significant and aggregate user authentication activity may be analyzed across a population of users and computers in one or more networks to differentiate between authorized users and intruders in a network, and/or to detect inappropriate behavior by otherwise authorized users. Dynamic graphs and graph models over user and computer authentication activity, including time-constrained models, may be used for the purposes of profiling and analyzing user behavior in computer networks. More specifically, an edge-based breadth first search of graphs may be used that enforces time-constraints while maintaining traditional breadth first search computational complexity equivalence.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2018},
month = {7}
}

Works referenced in this record:

Use of interactive messaging channels to verify endpoints
patent, July 2013


Specializing network analysis to detect anomalous insider actions
journal, January 2012


Graph coarsening for path finding in cybersecurity graphs
conference, January 2013

  • Hogan, Emilie; Johnson, John R.; Halappanavar, Mahantesh
  • Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop on - CSIIRW '13
  • https://doi.org/10.1145/2459976.2459984

Using New Edges for Anomaly Detection in Computer Networks
patent-application, March 2014


Scan Statistics for the Online Detection of Locally Anomalous Subgraphs
journal, August 2013


Graph Based Bot-User Detection
patent-application, April 2010


System and method for dynamically limiting robot access to server data
patent, December 2003


Random Forests
journal, January 2001


Differentiating User Authentication Graphs
conference, May 2013


Insider Threat Detection Using a Graph-Based Approach
journal, December 2010


Adaptive Thresholds: Monitoring Streams of Network Counts
journal, March 2006


Control Charts and Stochastic Processes
journal, July 1959


Monitoring Operational Activities in Networks and Detecting Potential Network Intrusions and Misuses
patent-application, June 2014


The use of the area under the ROC curve in the evaluation of machine learning algorithms
journal, July 1997


System for slowing password attacks
patent, November 2012


User login monitoring device and method
patent, March 2017


IP Allocation Pools
patent-application, September 2014