Detecting anomalous behavior via user authentication graphs

Title: Detecting anomalous behavior via user authentication graphs

Full Record
Other Related Research

Abstract

Significant and aggregate user authentication activity may be analyzed across a population of users and computers in one or more networks to differentiate between authorized users and intruders in a network, and/or to detect inappropriate behavior by otherwise authorized users. Dynamic graphs and graph models over user and computer authentication activity, including time-constrained models, may be used for the purposes of profiling and analyzing user behavior in computer networks. More specifically, an edge-based breadth first search of graphs may be used that enforces time-constraints while maintaining traditional breadth first search computational complexity equivalence.

Inventors:: Kent, Alexander; Neil, Joshua; Liebrock, Lorie

Issue Date:: 2018-07-03

Research Org.:: Los Alamos National Lab. (LANL), Los Alamos, NM (United States)

Sponsoring Org.:: USDOE

OSTI Identifier:: 1459424

Patent Number(s):: 10,015,175

Application Number:: 15/099,898

Assignee:: Los Alamos National Security, LLC (Los Alamos, NM); New Mexico Tech Research Foundation (Socorro, NM) LANL

DOE Contract Number:: AC52-06NA25396

Resource Type:: Patent

Resource Relation:: Patent File Date: 2016 Apr 15

Country of Publication:: United States

Language:: English

Subject:: 97 MATHEMATICS AND COMPUTING

Citation Formats


                    Kent, Alexander, Neil, Joshua, and Liebrock, Lorie. Detecting anomalous behavior via user authentication graphs.  United States: N. p., 2018. 
        Web.

Copy to clipboard


                    Kent, Alexander, Neil, Joshua, & Liebrock, Lorie. Detecting anomalous behavior via user authentication graphs.  United States.

Copy to clipboard


                    Kent, Alexander, Neil, Joshua, and Liebrock, Lorie. Tue .  
        "Detecting anomalous behavior via user authentication graphs".  United States.  https://www.osti.gov/servlets/purl/1459424.

Copy to clipboard


                    
@article{osti_1459424,

  title        = {Detecting anomalous behavior via user authentication graphs},

  author       = {Kent, Alexander and Neil, Joshua and Liebrock, Lorie},

  abstractNote = {Significant and aggregate user authentication activity may be analyzed across a population of users and computers in one or more networks to differentiate between authorized users and intruders in a network, and/or to detect inappropriate behavior by otherwise authorized users. Dynamic graphs and graph models over user and computer authentication activity, including time-constrained models, may be used for the purposes of profiling and analyzing user behavior in computer networks. More specifically, an edge-based breadth first search of graphs may be used that enforces time-constraints while maintaining traditional breadth first search computational complexity equivalence.},

  doi          = {},

  journal      = {},
number       = ,

  volume       = ,

  place        = {United States},

  year         = {2018},

  month        = {7}

}

Copy to clipboard

Patent:

View Patent

Save / Share:

Export Metadata

Save to My Library

Similar records in DOE Patents and OSTI.GOV collections:

System and method for ultrafast optical signal detecting via a synchronously coupled anamorphic light pulse encoded laterally

Patent Heebner, John E [Livermore, CA]

In one general embodiment, a method for ultrafast optical signal detecting is provided. In operation, a first optical input signal is propagated through a first wave guiding layer of a waveguide. Additionally, a second optical input signal is propagated through a second wave guiding layer of the waveguide. Furthermore, an optical control signal is applied to a top of the waveguide, the optical control signal being oriented diagonally relative to the top of the waveguide such that the application is used to influence at least a portion of the first optical input signal propagating through the first wave guiding layermore »« less
Full Text Available
Method and apparatus for detecting a desired behavior in digital image data

Patent Kegelmeyer, Jr., W. Philip (11755 Shadow Dr., Dublin, CA 94568)

A method for detecting stellate lesions in digitized mammographic image data includes the steps of prestoring a plurality of reference images, calculating a plurality of features for each of the pixels of the reference images, and creating a binary decision tree from features of randomly sampled pixels from each of the reference images. Once the binary decision tree has been created, a plurality of features, preferably including an ALOE feature (analysis of local oriented edges), are calculated for each of the pixels of the digitized mammographic data. Each of these plurality of features of each pixel are input into themore »« less
Full Text Available
Method and apparatus for detecting a desired behavior in digital image data

Patent Kegelmeyer, Jr., W. Philip (11755 Shadow Dr., Dublin, CA 94568)

A method for detecting stellate lesions in digitized mammographic image data includes the steps of prestoring a plurality of reference images, calculating a plurality of features for each of the pixels of the reference images, and creating a binary decision tree from features of randomly sampled pixels from each of the reference images. Once the binary decision tree has been created, a plurality of features, preferably including an ALOE feature (analysis of local oriented edges), are calculated for each of the pixels of the digitized mammographic data. Each of these plurality of features of each pixel are input into themore »« less
Full Text Available
Interception and modification of network authentication packets with the purpose of allowing alternative authentication modes

Patent Kent, Alexander Dale [Los Alamos, NM]

Methods and systems in a data/computer network for authenticating identifying data transmitted from a client to a server through use of a gateway interface system which are communicately coupled to each other are disclosed. An authentication packet transmitted from a client to a server of the data network is intercepted by the interface, wherein the authentication packet is encrypted with a one-time password for transmission from the client to the server. The one-time password associated with the authentication packet can be verified utilizing a one-time password token system. The authentication packet can then be modified for acceptance by the server,more »« less
Full Text Available
Authentication graphs: Analyzing user behavior within an enterprise network

Journal Article Kent, Alexander D. (ORCID:0000000187792722); Liebrock, Lorie M.; Neil, Joshua C. - Computers & Security
Cited by 7
DOI: 10.1016/j.cose.2014.09.001

Similar Records