Network protection system using linkographs

Title: Network protection system using linkographs

Abstract

A method and apparatus for managing an attack on a computer system. A computer identifies actions taken by an adversary in the computer system and links connecting the actions over time using an ontology defining linking rules for linking the actions over time. The computer creates a graph of the actions with the links connecting the actions over time. The graph shows a number of patterns of behavior for the adversary. The computer then identifies a protective action to take with respect to the computer system using the graph of the actions taken by the adversary.

Inventors:: Zage, David John; Jarocki, John Charles; Fisher, Andrew N.; Kent, Carson

Issue Date:: 2018-07-17

Research Org.:: Sandia National Laboratories (SNL), Albuquerque, NM, and Livermore, CA (United States)

Sponsoring Org.:: USDOE

OSTI Identifier:: 1463863

Patent Number(s):: 10,027,698

Application Number:: 14/975,502

Assignee:: National Technology & Engineering Solutions of Sandia, LLC (Albuquerque, NM)

DOE Contract Number:: AC04-94AL85000

Resource Type:: Patent

Resource Relation:: Patent File Date: 2015 Dec 18

Country of Publication:: United States

Language:: English

Citation Formats


                    Zage, David John, Jarocki, John Charles, Fisher, Andrew N., and Kent, Carson. Network protection system using linkographs.  United States: N. p., 2018. 
        Web.

Copy to clipboard


                    Zage, David John, Jarocki, John Charles, Fisher, Andrew N., & Kent, Carson. Network protection system using linkographs.  United States.

Copy to clipboard


                    Zage, David John, Jarocki, John Charles, Fisher, Andrew N., and Kent, Carson. Tue .  
        "Network protection system using linkographs".  United States.  https://www.osti.gov/servlets/purl/1463863.

Copy to clipboard


                    
@article{osti_1463863,

  title        = {Network protection system using linkographs},

  author       = {Zage, David John and Jarocki, John Charles and Fisher, Andrew N. and Kent, Carson},

  abstractNote = {A method and apparatus for managing an attack on a computer system. A computer identifies actions taken by an adversary in the computer system and links connecting the actions over time using an ontology defining linking rules for linking the actions over time. The computer creates a graph of the actions with the links connecting the actions over time. The graph shows a number of patterns of behavior for the adversary. The computer then identifies a protective action to take with respect to the computer system using the graph of the actions taken by the adversary.},

  doi          = {},

  journal      = {},
number       = ,

  volume       = ,

  place        = {United States},

  year         = {2018},

  month        = {7}

}

Copy to clipboard

Patent:

View Patent

Save / Share:

Export Metadata

Save to My Library

Works referenced in this record:

Network surveillance system
patent, November 1999

Conklin, David; Harrison, John
US Patent Document 5,991,881
URL: http://patft.uspto.gov/netacgi/nph-Parser?Sect2=PTO1&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch-bool.html&r=1&f=G&l=50&d=PALL&RefSrch=yes&Query=PN%2F5991881

Intelligent intrusion detection system utilizing enhanced graph-matching of network activity with context data
patent, November 2009

Coffman, Thayne Richard
US Patent Document 7,624,448
URL: http://patft.uspto.gov/netacgi/nph-Parser?Sect2=PTO1&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch-bool.html&r=1&f=G&l=50&d=PALL&RefSrch=yes&Query=PN%2F7624448

Graph-based approach to deterring persistent security threats
patent, August 2014

Bowers, Kevin; van Dijk, Marten; Juels, Ari
US Patent Document 8,813,234
URL: http://patft.uspto.gov/netacgi/nph-Parser?Sect2=PTO1&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch-bool.html&r=1&f=G&l=50&d=PALL&RefSrch=yes&Query=PN%2F8813234

Detection and tracking of unauthorized computer access attempts
patent, November 2014

Catlett, Sean; He, Xu
US Patent Document 8,880,435
URL: http://patft.uspto.gov/netacgi/nph-Parser?Sect2=PTO1&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch-bool.html&r=1&f=G&l=50&d=PALL&RefSrch=yes&Query=PN%2F8880435

Graphical models for cyber security analysis in enterprise networks
patent, November 2014

Levy, Renato; Li, Hongjun; Liu, Peng
US Patent Document 8,881,288
URL: http://patft.uspto.gov/netacgi/nph-Parser?Sect2=PTO1&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch-bool.html&r=1&f=G&l=50&d=PALL&RefSrch=yes&Query=PN%2F8881288

Vendor usage monitoring and vendor usage risk analysis system
patent, August 2017

Sarukkai, Sekhar; Somasamudram, Prasad Raghavendra; Agrawal, Amit
US Patent Document 9,722,895
URL: http://patft.uspto.gov/netacgi/nph-Parser?Sect2=PTO1&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch-bool.html&r=1&f=G&l=50&d=PALL&RefSrch=yes&Query=PN%2F9722895

Tactical And Strategic Attack Detection And Prediction
patent-application, September 2007

Gilbert, Logan; Morgan, Robert J.; Keen, Arthur A.
US Patent Application 11/688540; 20070226796
URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220070226796%22.PGNR.&OS=DN/20070226796&RS=DN/20070226796

IDS Sensor Placement Using Attack Graphs
patent-application, March 2010

Jajodia, Sushil; Noel, Steven E.
US Patent Application 12/548115; 20100058456
URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220100058456%22.PGNR.&OS=DN/20100058456&RS=DN/20100058456

System, Method And Computer Readable Medium For Evaluating Potential Attacks Of Worms
patent-application, August 2013

Amnon, Lotem; Cohen, Gideon; Meiseles, Moshe
US Patent Application 13/745807; 20130219503
URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220130219503%22.PGNR.&OS=DN/20130219503&RS=DN/20130219503

Predicting Attacks Based On Probabilistic Game-Theory
patent-application, November 2013

Christodorescu, Mihai; Korzhyk, Dmytro; Sailer, Reiner
US Patent Application 13/487774; 20130318616
URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220130318616%22.PGNR.&OS=DN/20130318616&RS=DN/20130318616

Graph-based Instrusion Detection Using Process Traces
patent-application, November 2016

Chen, Zhengzhang; Tang, LuAn; Dong, Boxiang
US Patent Application 15/213896; 20160330226
URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220160330226%22.PGNR.&OS=DN/20160330226&RS=DN/20160330226

Similar records in DOE Patents and OSTI.GOV collections:

Apparatus and method for fusion of compute and switching functions of exascale system into a single component by using configurable network-on-chip fabric with distributed dual mode input-output ports and programmable network interfaces

Patent Khare, Surhud; Somasekhar, Dinesh; More, Ankit; ...

Described is an apparatus which comprises: a Network-On-Chip fabric using crossbar switches, having distributed ingress and egress ports; and a dual-mode network interface coupled to at least one crossbar switch, the dual-mode network interface is to include: a dual-mode circuitry; a controller operable to: configure the dual-mode circuitry to transmit and receive differential signals via the egress and ingress ports, respectively, and configure the dual-mode circuitry to transmit and receive signal-ended signals via the egress and ingress ports, respectively.
Full Text Available
System for routing messages in a vertex symmetric network by using addresses formed from permutations of the transmission line indicees

Patent Faber, Vance [Los Alamos, NM]; Moore, James W [Los Alamos, NM]

A network of interconnected processors is formed from a vertex symmetric graph selected from graphs .GAMMA..sub.d (k) with degree d, diameter k, and (d+1)!/(d-k+1)! processors for each d.gtoreq.k and .GAMMA..sub.d (k,-1) with degree 3-1, diameter k+1, and (d+1)!/(d-k+1)! processors for each d.gtoreq.k.gtoreq.4. Each processor has an address formed by one of the permutations from a predetermined sequence of letters chosen a selected number of letters at a time, and an extended address formed by appending to the address the remaining ones of the predetermined sequence of letters. A plurality of transmission channels is provided from each of the processors, wheremore »« less
Full Text Available
Neural network system and methods for analysis of organic materials and structures using spectral data

Patent Meyer, Bernd J [Athens, GA]; Sellers, Jeffrey P [Suwanee, GA]; Thomsen, Jan U [Fredricksberg, DK]

Apparatus and processes for recognizing and identifying materials. Characteristic spectra are obtained for the materials via spectroscopy techniques including nuclear magnetic resonance spectroscopy, infrared absorption analysis, x-ray analysis, mass spectroscopy and gas chromatography. Desired portions of the spectra may be selected and then placed in proper form and format for presentation to a number of input layer neurons in an offline neural network. The network is first trained according to a predetermined training process; it may then be employed to identify particular materials. Such apparatus and processes are particularly useful for recognizing and identifying organic compounds such as complex carbohydrates,more »« less
Full Text Available
Zener diode protection network in submount for LEDs connected in series

Patent Wei, Yajun; Collins, III, William D.; Steigerwald, Daniel

A transient voltage suppressor circuit is disclosed for a plurality (N) of LEDs connected in series. Only one zener diode is created for connection to each node between LEDs, and a pair of zener diodes (the “end” zener diodes) are connected to the two pins (anode and cathode pads) of the series string. Therefore, only N+1 zener diodes are used. The end zener diodes (Q1 and Qn+1) effectively create back-to-back zener diodes across the two pins since the zener diodes share a common p+ substrate. The n+ regions of the end zener diodes Q1 and Qn+1 have the highest breakdownmore »« less
Full Text Available
Method for securing a network using cyber economic network transaction security (CENTS)

Patent Teuton, Jeremy R.; Markwort, Jeromy M.

A method and system for administering an interactive computer network and more particularly to performing security in a network of interactive electronic components, such as a computer network using a currency-based transactional economy model where scarcity serves as a limiting factor to accessing and engaging in various activities within the system.
Full Text Available

Similar Records

Title: Network protection system using linkographs

Abstract

Citation Formats

Network surveillance system patent, November 1999

Intelligent intrusion detection system utilizing enhanced graph-matching of network activity with context data patent, November 2009

Graph-based approach to deterring persistent security threats patent, August 2014

Detection and tracking of unauthorized computer access attempts patent, November 2014

Graphical models for cyber security analysis in enterprise networks patent, November 2014

Vendor usage monitoring and vendor usage risk analysis system patent, August 2017

Tactical And Strategic Attack Detection And Prediction patent-application, September 2007

IDS Sensor Placement Using Attack Graphs patent-application, March 2010

System, Method And Computer Readable Medium For Evaluating Potential Attacks Of Worms patent-application, August 2013

Predicting Attacks Based On Probabilistic Game-Theory patent-application, November 2013

Graph-based Instrusion Detection Using Process Traces patent-application, November 2016

Network surveillance system
patent, November 1999

Intelligent intrusion detection system utilizing enhanced graph-matching of network activity with context data
patent, November 2009

Graph-based approach to deterring persistent security threats
patent, August 2014

Detection and tracking of unauthorized computer access attempts
patent, November 2014

Graphical models for cyber security analysis in enterprise networks
patent, November 2014

Vendor usage monitoring and vendor usage risk analysis system
patent, August 2017

Tactical And Strategic Attack Detection And Prediction
patent-application, September 2007

IDS Sensor Placement Using Attack Graphs
patent-application, March 2010

System, Method And Computer Readable Medium For Evaluating Potential Attacks Of Worms
patent-application, August 2013

Predicting Attacks Based On Probabilistic Game-Theory
patent-application, November 2013

Graph-based Instrusion Detection Using Process Traces
patent-application, November 2016