skip to main content
DOE Patents title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Detecting anomalous behavior via user authentication graphs

Abstract

Significant and aggregate user authentication activity may be analyzed across a population of users and computers in one or more networks to differentiate between authorized users and intruders in a network, and/or to detect inappropriate behavior by otherwise authorized users. Dynamic graphs and graph models over user and computer authentication activity, including time-constrained models, may be used for the purposes of profiling and analyzing user behavior in computer networks. More specifically, an edge-based breadth first search of graphs may be used that enforces time-constraints while maintaining traditional breadth first search computational complexity equivalence.

Inventors:
; ;
Issue Date:
Research Org.:
Los Alamos National Lab. (LANL), Los Alamos, NM (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1459424
Patent Number(s):
10015175
Application Number:
15/099,898
Assignee:
Los Alamos National Security, LLC (Los Alamos, NM); New Mexico Tech Research Foundation (Socorro, NM)
Patent Classifications (CPCs):
H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
DOE Contract Number:  
AC52-06NA25396
Resource Type:
Patent
Resource Relation:
Patent File Date: 2016 Apr 15
Country of Publication:
United States
Language:
English
Subject:
97 MATHEMATICS AND COMPUTING

Citation Formats

Kent, Alexander, Neil, Joshua, and Liebrock, Lorie. Detecting anomalous behavior via user authentication graphs. United States: N. p., 2018. Web.
Kent, Alexander, Neil, Joshua, & Liebrock, Lorie. Detecting anomalous behavior via user authentication graphs. United States.
Kent, Alexander, Neil, Joshua, and Liebrock, Lorie. Tue . "Detecting anomalous behavior via user authentication graphs". United States. https://www.osti.gov/servlets/purl/1459424.
@article{osti_1459424,
title = {Detecting anomalous behavior via user authentication graphs},
author = {Kent, Alexander and Neil, Joshua and Liebrock, Lorie},
abstractNote = {Significant and aggregate user authentication activity may be analyzed across a population of users and computers in one or more networks to differentiate between authorized users and intruders in a network, and/or to detect inappropriate behavior by otherwise authorized users. Dynamic graphs and graph models over user and computer authentication activity, including time-constrained models, may be used for the purposes of profiling and analyzing user behavior in computer networks. More specifically, an edge-based breadth first search of graphs may be used that enforces time-constraints while maintaining traditional breadth first search computational complexity equivalence.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2018},
month = {7}
}

Patent:

Save / Share:

Works referenced in this record:

Specializing network analysis to detect anomalous insider actions
journal, January 2012


Graph coarsening for path finding in cybersecurity graphs
conference, January 2013

  • Hogan, Emilie; Johnson, John R.; Halappanavar, Mahantesh
  • Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop on - CSIIRW '13
  • https://doi.org/10.1145/2459976.2459984

Scan Statistics for the Online Detection of Locally Anomalous Subgraphs
journal, August 2013


Random Forests
journal, January 2001


Differentiating User Authentication Graphs
conference, May 2013


Insider Threat Detection Using a Graph-Based Approach
journal, December 2010


Adaptive Thresholds: Monitoring Streams of Network Counts
journal, March 2006


Control Charts and Stochastic Processes
journal, July 1959


The use of the area under the ROC curve in the evaluation of machine learning algorithms
journal, July 1997