Network protection system using linkographs

Zage, David John; Jarocki, John Charles; Fisher, Andrew N.; Kent, Carson

Title: Network protection system using linkographs

Full Record
Other Related Research

Abstract

A method and apparatus for managing an attack on a computer system. A computer identifies actions taken by an adversary in the computer system and links connecting the actions over time using an ontology defining linking rules for linking the actions over time. The computer creates a graph of the actions with the links connecting the actions over time. The graph shows a number of patterns of behavior for the adversary. The computer then identifies a protective action to take with respect to the computer system using the graph of the actions taken by the adversary.

Inventors:: Zage, David John; Jarocki, John Charles; Fisher, Andrew N.; Kent, Carson

Issue Date:: 2018-07-17

Research Org.:: Sandia National Laboratories (SNL), Albuquerque, NM, and Livermore, CA (United States)

Sponsoring Org.:: USDOE

OSTI Identifier:: 1463863

Patent Number(s):: 10027698

Application Number:: 14/975,502

Assignee:: National Technology & Engineering Solutions of Sandia, LLC (Albuquerque, NM)

Patent Classifications (CPCs):: H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION

Show more

H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
H04L63/1491 - {using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment}
H04L63/1441 - {Countermeasures against malicious traffic
H04L63/1416 - {Event detection, e.g. attack signature detection}
H04L63/0421 - {Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer}
H04L63/1433 - {Vulnerability analysis}
H04L63/20 - {for managing network security

Show less

DOE Contract Number:: AC04-94AL85000

Resource Type:: Patent

Resource Relation:: Patent File Date: 2015 Dec 18

Country of Publication:: United States

Language:: English

Citation Formats


                    Zage, David John, Jarocki, John Charles, Fisher, Andrew N., and Kent, Carson. Network protection system using linkographs.  United States: N. p., 2018. 
        Web.

Copy to clipboard


                    Zage, David John, Jarocki, John Charles, Fisher, Andrew N., & Kent, Carson. Network protection system using linkographs.  United States.

Copy to clipboard


                    Zage, David John, Jarocki, John Charles, Fisher, Andrew N., and Kent, Carson. Tue .  
        "Network protection system using linkographs".  United States.  https://www.osti.gov/servlets/purl/1463863.

Copy to clipboard


                    
@article{osti_1463863,

  title        = {Network protection system using linkographs},

  author       = {Zage, David John and Jarocki, John Charles and Fisher, Andrew N. and Kent, Carson},

  abstractNote = {A method and apparatus for managing an attack on a computer system. A computer identifies actions taken by an adversary in the computer system and links connecting the actions over time using an ontology defining linking rules for linking the actions over time. The computer creates a graph of the actions with the links connecting the actions over time. The graph shows a number of patterns of behavior for the adversary. The computer then identifies a protective action to take with respect to the computer system using the graph of the actions taken by the adversary.},

  doi          = {},

  journal      = {},
number       = ,

  volume       = ,

  place        = {United States},

  year         = {2018},

  month        = {7}

}

Copy to clipboard

Patent:

Save / Share:

Export Metadata

Save to My Library

Similar Records in DOE Patents and OSTI.GOV collections:

Method and apparatus for distributed intrusion protection system for ultra high bandwidth networks

Patent Goranson, Craig A.; Burnette, John R.; Greitzer, Frank L.; ...

A method for providing security to a network having a data stream with a plurality of portions of data, each having differing levels of sensitivity. The data stream is interrogated to determine the presence of predetermined characteristics associated with at least one of the portions of data within the data stream. At least one of the portions of data is then characterized, based upon the portion of data exhibiting a predetermined combination of characteristics, wherein the predetermined combination of characteristics is related to the sensitivity of the portion of data. The portions of the data stream are then distributed intomore » « less
Full Text Available
Apparatus and method for fusion of compute and switching functions of exascale system into a single component by using configurable network-on-chip fabric with distributed dual mode input-output ports and programmable network interfaces

Patent Khare, Surhud; Somasekhar, Dinesh; More, Ankit; ...

Described is an apparatus which comprises: a Network-On-Chip fabric using crossbar switches, having distributed ingress and egress ports; and a dual-mode network interface coupled to at least one crossbar switch, the dual-mode network interface is to include: a dual-mode circuitry; a controller operable to: configure the dual-mode circuitry to transmit and receive differential signals via the egress and ingress ports, respectively, and configure the dual-mode circuitry to transmit and receive signal-ended signals via the egress and ingress ports, respectively.
Full Text Available
Deployable sensor system using mesh networking and satellite communication

Patent Frigo, Janette; Judd, Stephen; Proicou, Michael; ...

A sensor system may be configured for continuous operation in a low resource environment and/or in extreme environmental conditions. The sensor system may have sufficient processing capabilities to provide scientific computing for pre-processing, quality control, statistical analysis, event classification, data compression and corrections (e.g., spikes in the data), autonomous decisions and actions, triggering other nodes, and information assurance functions that provide data confidentiality, data integrity, authentication, and non-repudiation. The hardware may have both mesh networking and satellite and cellular communication capability, and may be available for relatively low cost. Such a network provides the flexibility to have potentially any numbermore » « less
Full Text Available
Deployable sensor system using mesh networking and satellite communication

Patent Frigo, Janette; Judd, Stephen; Proicou, Michael; ...

A sensor system may be configured for continuous operation in a low resource environment and/or in extreme environmental conditions. The sensor system may have sufficient processing capabilities to provide scientific computing for pre-processing, quality control, statistical analysis, event classification, data compression and corrections (e.g., spikes in the data), autonomous decisions and actions, triggering other nodes, and information assurance functions that provide data confidentiality, data integrity, authentication, and non-repudiation. The hardware may have both mesh networking and satellite and cellular communication capability, and may be available for relatively low cost. Such a network provides the flexibility to have potentially any numbermore » « less
Full Text Available
Neural network system and methods for analysis of organic materials and structures using spectral data

Patent Meyer, Bernd J [Athens, GA]; Sellers, Jeffrey P [Suwanee, GA]; Thomsen, Jan U [Fredricksberg, DK]

Apparatus and processes for recognizing and identifying materials. Characteristic spectra are obtained for the materials via spectroscopy techniques including nuclear magnetic resonance spectroscopy, infrared absorption analysis, x-ray analysis, mass spectroscopy and gas chromatography. Desired portions of the spectra may be selected and then placed in proper form and format for presentation to a number of input layer neurons in an offline neural network. The network is first trained according to a predetermined training process; it may then be employed to identify particular materials. Such apparatus and processes are particularly useful for recognizing and identifying organic compounds such as complex carbohydrates,more » « less
Full Text Available

Similar Records