Detecting anomalous behavior via user authentication graphs

Kent, Alexander D.; Neil, Joshua Charles; Liebrock, Lorie

Title: Detecting anomalous behavior via user authentication graphs

Abstract

Significant and aggregate user authentication activity may be analyzed across a population of users and computers in one or more networks to differentiate between authorized users and intruders in a network, and/or to detect inappropriate behavior by otherwise authorized users. Dynamic graphs and graph models over user and computer authentication activity, including time-constrained models, may be used for the purposes of profiling and analyzing user behavior in computer networks. More specifically, an edge-based breadth first search of graphs may be used that enforces time-constraints while maintaining traditional breadth first search computational complexity equivalence.

Inventors:: Kent, Alexander D.; Neil, Joshua Charles; Liebrock, Lorie

Issue Date:: 2019-07-16

Research Org.:: Los Alamos National Lab. (LANL), Los Alamos, NM (United States)

Sponsoring Org.:: USDOE

OSTI Identifier:: 1568618

Patent Number(s):: 10356107

Application Number:: 16/014,026

Assignee:: Triad National Security, LLC (Los Alamos, NM); New Mexico Tech Research Park Corporation (Socorro, NM)

Patent Classifications (CPCs):: H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION

G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING

Show more

H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
H04L67/22 - {Tracking the activity of the user
H04L63/08 - {for supporting authentication of entities communicating through a packet data network
H04L63/1408 - {by monitoring network traffic
H04L63/083 - {using passwords

G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
G06F21/316 - {by observing the pattern of computer usage, e.g. typical user behaviour}
G06F21/554 - {involving event detection and direct action}

G - PHYSICS G06 - COMPUTING G06K - RECOGNITION OF DATA
G06K9/6277 - {based on a parametric

G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
G06F21/552 - {involving long-term monitoring or reporting}

Show less

DOE Contract Number:: AC52-06NA25396

Resource Type:: Patent

Resource Relation:: Patent File Date: 06/21/2018

Country of Publication:: United States

Language:: English

Subject:: 97 MATHEMATICS AND COMPUTING

Citation Formats


                    Kent, Alexander D., Neil, Joshua Charles, and Liebrock, Lorie. Detecting anomalous behavior via user authentication graphs.  United States: N. p., 2019. 
        Web.

Copy to clipboard


                    Kent, Alexander D., Neil, Joshua Charles, & Liebrock, Lorie. Detecting anomalous behavior via user authentication graphs.  United States.

Copy to clipboard


                    Kent, Alexander D., Neil, Joshua Charles, and Liebrock, Lorie. Tue .  
        "Detecting anomalous behavior via user authentication graphs".  United States.  https://www.osti.gov/servlets/purl/1568618.

Copy to clipboard


                    
@article{osti_1568618,

  title        = {Detecting anomalous behavior via user authentication graphs},

  author       = {Kent, Alexander D. and Neil, Joshua Charles and Liebrock, Lorie},

  abstractNote = {Significant and aggregate user authentication activity may be analyzed across a population of users and computers in one or more networks to differentiate between authorized users and intruders in a network, and/or to detect inappropriate behavior by otherwise authorized users. Dynamic graphs and graph models over user and computer authentication activity, including time-constrained models, may be used for the purposes of profiling and analyzing user behavior in computer networks. More specifically, an edge-based breadth first search of graphs may be used that enforces time-constraints while maintaining traditional breadth first search computational complexity equivalence.},

  doi          = {},

  journal      = {},
number       = ,

  volume       = ,

  place        = {United States},

  year         = {2019},

  month        = {7}

}

Copy to clipboard

Patent:

View Patent

Save / Share:

Export Metadata

Save to My Library

Works referenced in this record:

Use of interactive messaging channels to verify endpoints
patent, July 2013

Hernacki, Brian J.; Satish, Sourabh
US Patent Document 8,490,190
URL: http://patft.uspto.gov/netacgi/nph-Parser?patentnumber=8490190

System and method for dynamically limiting robot access to server data
patent, December 2003

Eichstaedt, Matthias; Emens, Michael; Kraft, Reiner
US Patent Document 6,662,230
URL: http://patft.uspto.gov/netacgi/nph-Parser?patentnumber=6662230

System for slowing password attacks
patent, November 2012

Kahn, Clifford E.; Venable, Sr., Jeffrey C.; Chickering, Roger A.
US Patent Document 8,312,540
URL: http://patft.uspto.gov/netacgi/nph-Parser?patentnumber=8312540

User login monitoring device and method
patent, March 2017

Liu, Fei; He, Wei Hong
US Patent Document 9,602,526
URL: http://patft.uspto.gov/netacgi/nph-Parser?patentnumber=9602526

Similar Records in DOE Patents and OSTI.GOV collections:

Detecting anomalous behavior via user authentication graphs

Patent Kent, Alexander; Neil, Joshua; Liebrock, Lorie

Significant and aggregate user authentication activity may be analyzed across a population of users and computers in one or more networks to differentiate between authorized users and intruders in a network, and/or to detect inappropriate behavior by otherwise authorized users. Dynamic graphs and graph models over user and computer authentication activity, including time-constrained models, may be used for the purposes of profiling and analyzing user behavior in computer networks. More specifically, an edge-based breadth first search of graphs may be used that enforces time-constraints while maintaining traditional breadth first search computational complexity equivalence.
Full Text Available
Gamma radiation stand-off detection, tamper detection, and authentication via resonant meta-material structures

Patent Alvine, Kyle J.; Bernacki, Bruce E.

Resonant meta-material structures are defined by metallic, dielectric or other materials that form nanoshells or nanomeshes that can be situated proximate to ionizing-radiation-sensitive layers so as to provide ionizing-radiation-dose-dependent optical properties. Such meta-material structures can also define aligned or periodic, semi-random, or other arrangements of nanostructures that are coupled to or include stressed layers. Detection of optical radiation from such structures is used to determine gamma radiation dose or to detect a disturbance of the nanostructure indicating tampering.
Full Text Available
Method and system for normalizing biometric variations to authenticate users from a public database and that ensures individual biometric data privacy

Patent Strait, Robert S [Oakland, CA]; Pearson, Peter K [Livermore, CA]; Sengupta, Sailes K [Livermore, CA]

A password system comprises a set of codewords spaced apart from one another by a Hamming distance (HD) that exceeds twice the variability that can be projected for a series of biometric measurements for a particular individual and that is less than the HD that can be encountered between two individuals. To enroll an individual, a biometric measurement is taken and exclusive-ORed with a random codeword to produce a "reference value." To verify the individual later, a biometric measurement is taken and exclusive-ORed with the reference value to reproduce the original random codeword or its approximation. If the reproduced valuemore »« less
Full Text Available
Behavior specification, finding main, and call graph visualizations

Patent Sayre, Kirk D.; Willems, Richard A.; Lindberg, Stephen Lanse

A process transforms compiled software into a semantic form. The process transforms the code into a semantic form. The process analyzes behavior functionality by processing precise programming behavior abstractions stored in a memory and classifies the code as malware based on the code behavior. Another method identifies the starting point of execution of a compiled program. The method calculates a complexity measure by calculating the number of potential execution paths of local functions; identifies the number of arguments passed to local functions; and identifies the starting point of execution of the compiled program. Another method provides interactive, dynamic visualization ofmore »« less
Full Text Available
Graph-theoretic analysis of discrete-phase-space states for condition change detection and quantification of information

Patent Hively, Lee M.

Data collected from devices and human condition may be used to forewarn of critical events such as machine/structural failure or events from brain/heart wave data stroke. By monitoring the data, and determining what values are indicative of a failure forewarning, one can provide adequate notice of the impending failure in order to take preventive measures. This disclosure teaches a computer-based method to convert dynamical numeric data representing physical objects (unstructured data) into discrete-phase-space states, and hence into a graph (structured data) for extraction of condition change.
Full Text Available

Similar Records

Title: Detecting anomalous behavior via user authentication graphs

Abstract

Citation Formats

Use of interactive messaging channels to verify endpoints patent, July 2013

System and method for dynamically limiting robot access to server data patent, December 2003

System for slowing password attacks patent, November 2012

User login monitoring device and method patent, March 2017

Use of interactive messaging channels to verify endpoints
patent, July 2013

System and method for dynamically limiting robot access to server data
patent, December 2003

System for slowing password attacks
patent, November 2012

User login monitoring device and method
patent, March 2017