skip to main content
DOE Patents title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Modeling behavior in a network using event logs

Abstract

A framework is provided for modeling the activity surrounding user credentials and/or machine level activity on a computer network using computer event logs by viewing the logs attributed to each user as a multivariate data stream. The methodology performs well in detecting compromised user credentials at a very low false positive rate. Such a methodology may detect both users of compromised credentials by external actors and otherwise authorized users who have begun engaging in malicious activity.

Inventors:
; ;
Issue Date:
Research Org.:
Los Alamos National Lab. (LANL), Los Alamos, NM (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1568688
Patent Number(s):
10,375,095
Application Number:
15/355,142
Assignee:
Triad National Security, LLC (Los Alamos, NM); IP2IPO Innovations Limited (London, GB)
DOE Contract Number:  
AC52-06NA25396
Resource Type:
Patent
Resource Relation:
Patent File Date: 11/18/2016
Country of Publication:
United States
Language:
English

Citation Formats

Turcotte, Melissa J. M., Heard, Nicholas A., and Kent, Alexander D. Modeling behavior in a network using event logs. United States: N. p., 2019. Web.
Turcotte, Melissa J. M., Heard, Nicholas A., & Kent, Alexander D. Modeling behavior in a network using event logs. United States.
Turcotte, Melissa J. M., Heard, Nicholas A., and Kent, Alexander D. Tue . "Modeling behavior in a network using event logs". United States. https://www.osti.gov/servlets/purl/1568688.
@article{osti_1568688,
title = {Modeling behavior in a network using event logs},
author = {Turcotte, Melissa J. M. and Heard, Nicholas A. and Kent, Alexander D.},
abstractNote = {A framework is provided for modeling the activity surrounding user credentials and/or machine level activity on a computer network using computer event logs by viewing the logs attributed to each user as a multivariate data stream. The methodology performs well in detecting compromised user credentials at a very low false positive rate. Such a methodology may detect both users of compromised credentials by external actors and otherwise authorized users who have begun engaging in malicious activity.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2019},
month = {8}
}

Patent:

Save / Share:

Works referenced in this record:

Network security threat detection by user/user-entity behavioral analysis
patent, December 2016


Modeling a data generating process using dyadic Bayesian models
patent, August 2015


Automated insider threat prevention
patent, May 2017


System for slowing password attacks
patent, November 2012


System and method for insider threat detection
patent, May 2015


Real-time contextual monitoring intrusion detection and prevention
patent, July 2018


Technologies for managing security threats to a computing system utilizing user interactions
patent, June 2016


Systems and methods for protecting computing resources
patent, July 2018