DOE Patents title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Network protection system using linkographs

Abstract

A method and apparatus for managing an attack on a computer system. A computer identifies actions taken by an adversary in the computer system and links connecting the actions over time using an ontology defining linking rules for linking the actions over time. The computer creates a graph of the actions with the links connecting the actions over time. The graph shows a number of patterns of behavior for the adversary. The computer then identifies a protective action to take with respect to the computer system using the graph of the actions taken by the adversary.

Inventors:
; ; ;
Issue Date:
Research Org.:
Sandia National Laboratories (SNL), Albuquerque, NM, and Livermore, CA (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1463863
Patent Number(s):
10027698
Application Number:
14/975,502
Assignee:
National Technology & Engineering Solutions of Sandia, LLC (Albuquerque, NM)
Patent Classifications (CPCs):
H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
DOE Contract Number:  
AC04-94AL85000
Resource Type:
Patent
Resource Relation:
Patent File Date: 2015 Dec 18
Country of Publication:
United States
Language:
English

Citation Formats

Zage, David John, Jarocki, John Charles, Fisher, Andrew N., and Kent, Carson. Network protection system using linkographs. United States: N. p., 2018. Web.
Zage, David John, Jarocki, John Charles, Fisher, Andrew N., & Kent, Carson. Network protection system using linkographs. United States.
Zage, David John, Jarocki, John Charles, Fisher, Andrew N., and Kent, Carson. Tue . "Network protection system using linkographs". United States. https://www.osti.gov/servlets/purl/1463863.
@article{osti_1463863,
title = {Network protection system using linkographs},
author = {Zage, David John and Jarocki, John Charles and Fisher, Andrew N. and Kent, Carson},
abstractNote = {A method and apparatus for managing an attack on a computer system. A computer identifies actions taken by an adversary in the computer system and links connecting the actions over time using an ontology defining linking rules for linking the actions over time. The computer creates a graph of the actions with the links connecting the actions over time. The graph shows a number of patterns of behavior for the adversary. The computer then identifies a protective action to take with respect to the computer system using the graph of the actions taken by the adversary.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2018},
month = {7}
}

Works referenced in this record:

Network surveillance system
patent, November 1999


Graph-based approach to deterring persistent security threats
patent, August 2014


Graphical models for cyber security analysis in enterprise networks
patent, November 2014


Vendor usage monitoring and vendor usage risk analysis system
patent, August 2017


Tactical And Strategic Attack Detection And Prediction
patent-application, September 2007


IDS Sensor Placement Using Attack Graphs
patent-application, March 2010


System, Method And Computer Readable Medium For Evaluating Potential Attacks Of Worms
patent-application, August 2013


Predicting Attacks Based On Probabilistic Game-Theory
patent-application, November 2013


Graph-based Instrusion Detection Using Process Traces
patent-application, November 2016