Network protection system using linkographs
Abstract
A method and apparatus for managing an attack on a computer system. A computer identifies actions taken by an adversary in the computer system and links connecting the actions over time using an ontology defining linking rules for linking the actions over time. The computer creates a graph of the actions with the links connecting the actions over time. The graph shows a number of patterns of behavior for the adversary. The computer then identifies a protective action to take with respect to the computer system using the graph of the actions taken by the adversary.
- Inventors:
- Issue Date:
- Research Org.:
- Sandia National Laboratories (SNL), Albuquerque, NM, and Livermore, CA (United States)
- Sponsoring Org.:
- USDOE
- OSTI Identifier:
- 1463863
- Patent Number(s):
- 10027698
- Application Number:
- 14/975,502
- Assignee:
- National Technology & Engineering Solutions of Sandia, LLC (Albuquerque, NM)
- Patent Classifications (CPCs):
-
H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- DOE Contract Number:
- AC04-94AL85000
- Resource Type:
- Patent
- Resource Relation:
- Patent File Date: 2015 Dec 18
- Country of Publication:
- United States
- Language:
- English
Citation Formats
Zage, David John, Jarocki, John Charles, Fisher, Andrew N., and Kent, Carson. Network protection system using linkographs. United States: N. p., 2018.
Web.
Zage, David John, Jarocki, John Charles, Fisher, Andrew N., & Kent, Carson. Network protection system using linkographs. United States.
Zage, David John, Jarocki, John Charles, Fisher, Andrew N., and Kent, Carson. Tue .
"Network protection system using linkographs". United States. https://www.osti.gov/servlets/purl/1463863.
@article{osti_1463863,
title = {Network protection system using linkographs},
author = {Zage, David John and Jarocki, John Charles and Fisher, Andrew N. and Kent, Carson},
abstractNote = {A method and apparatus for managing an attack on a computer system. A computer identifies actions taken by an adversary in the computer system and links connecting the actions over time using an ontology defining linking rules for linking the actions over time. The computer creates a graph of the actions with the links connecting the actions over time. The graph shows a number of patterns of behavior for the adversary. The computer then identifies a protective action to take with respect to the computer system using the graph of the actions taken by the adversary.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2018},
month = {7}
}