Network protection system using linkographs
Abstract
A method and apparatus for managing an attack on a computer system. A computer identifies actions taken by an adversary in the computer system and links connecting the actions over time using an ontology defining linking rules for linking the actions over time. The computer creates a graph of the actions with the links connecting the actions over time. The graph shows a number of patterns of behavior for the adversary. The computer then identifies a protective action to take with respect to the computer system using the graph of the actions taken by the adversary.
- Inventors:
- Issue Date:
- Research Org.:
- Sandia National Laboratories (SNL), Albuquerque, NM, and Livermore, CA (United States)
- Sponsoring Org.:
- USDOE
- OSTI Identifier:
- 1463863
- Patent Number(s):
- 10027698
- Application Number:
- 14/975,502
- Assignee:
- National Technology & Engineering Solutions of Sandia, LLC (Albuquerque, NM)
- Patent Classifications (CPCs):
-
H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- DOE Contract Number:
- AC04-94AL85000
- Resource Type:
- Patent
- Resource Relation:
- Patent File Date: 2015 Dec 18
- Country of Publication:
- United States
- Language:
- English
Citation Formats
Zage, David John, Jarocki, John Charles, Fisher, Andrew N., and Kent, Carson. Network protection system using linkographs. United States: N. p., 2018.
Web.
Zage, David John, Jarocki, John Charles, Fisher, Andrew N., & Kent, Carson. Network protection system using linkographs. United States.
Zage, David John, Jarocki, John Charles, Fisher, Andrew N., and Kent, Carson. Tue .
"Network protection system using linkographs". United States. https://www.osti.gov/servlets/purl/1463863.
@article{osti_1463863,
title = {Network protection system using linkographs},
author = {Zage, David John and Jarocki, John Charles and Fisher, Andrew N. and Kent, Carson},
abstractNote = {A method and apparatus for managing an attack on a computer system. A computer identifies actions taken by an adversary in the computer system and links connecting the actions over time using an ontology defining linking rules for linking the actions over time. The computer creates a graph of the actions with the links connecting the actions over time. The graph shows a number of patterns of behavior for the adversary. The computer then identifies a protective action to take with respect to the computer system using the graph of the actions taken by the adversary.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2018},
month = {7}
}
Works referenced in this record:
Network surveillance system
patent, November 1999
- Conklin, David A.; Harrison, John R.
- US Patent Document 5,991,881
Intelligent intrusion detection system utilizing enhanced graph-matching of network activity with context data
patent, November 2009
- Coffman, Thayne R.
- US Patent Document 7,624,448
Graph-based approach to deterring persistent security threats
patent, August 2014
- Bowers, Kevin D.; Van Dijk, Marten; Juels, Ari
- US Patent Document 8,813,234
Detection and tracking of unauthorized computer access attempts
patent, November 2014
- Catlett, Sean; He, Xu
- US Patent Document 8,880,435
Graphical models for cyber security analysis in enterprise networks
patent, November 2014
- Levy, Renato; Li, Hongjun; Liu, Peng
- US Patent Document 8,881,288
Vendor usage monitoring and vendor usage risk analysis system
patent, August 2017
- Sarukkai, Sekhar; Somasamudram, Prasad Raghavendra; Agrawal, Amit Kumar
- US Patent Document 9,722,895
Tactical And Strategic Attack Detection And Prediction
patent-application, September 2007
- Gilbert, Logan; Morgan, Robert J.; Keen, Arthur A.
- US Patent Application 11/688540; 20070226796
IDS Sensor Placement Using Attack Graphs
patent-application, March 2010
- Jajodia, Sushil; Noel, Steven E.
- US Patent Application 12/548115; 20100058456
System, Method And Computer Readable Medium For Evaluating Potential Attacks Of Worms
patent-application, August 2013
- Amnon, Lotem; Cohen, Gideon; Meiseles, Moshe
- US Patent Application 13/745807; 20130219503
Predicting Attacks Based On Probabilistic Game-Theory
patent-application, November 2013
- Christodorescu, Mihai; Korzhyk, Dmytro; Sailer, Reiner
- US Patent Application 13/487774; 20130318616
Graph-based Instrusion Detection Using Process Traces
patent-application, November 2016
- Chen, Zhengzhang; Tang, LuAn; Dong, Boxiang
- US Patent Application 15/213896; 20160330226