DOE Patents title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Modeling behavior in a network using event logs

Abstract

A framework is provided for modeling the activity surrounding user credentials and/or machine level activity on a computer network using computer event logs by viewing the logs attributed to each user as a multivariate data stream. The methodology performs well in detecting compromised user credentials at a very low false positive rate. Such a methodology may detect both users of compromised credentials by external actors and otherwise authorized users who have begun engaging in malicious activity.

Inventors:
; ;
Issue Date:
Research Org.:
Los Alamos National Laboratory (LANL), Los Alamos, NM (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1568688
Patent Number(s):
10375095
Application Number:
15/355,142
Assignee:
Triad National Security, LLC (Los Alamos, NM); IP2IPO Innovations Limited (London, GB)
Patent Classifications (CPCs):
H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
DOE Contract Number:  
AC52-06NA25396
Resource Type:
Patent
Resource Relation:
Patent File Date: 11/18/2016
Country of Publication:
United States
Language:
English

Citation Formats

Turcotte, Melissa J. M., Heard, Nicholas A., and Kent, Alexander D. Modeling behavior in a network using event logs. United States: N. p., 2019. Web.
Turcotte, Melissa J. M., Heard, Nicholas A., & Kent, Alexander D. Modeling behavior in a network using event logs. United States.
Turcotte, Melissa J. M., Heard, Nicholas A., and Kent, Alexander D. Tue . "Modeling behavior in a network using event logs". United States. https://www.osti.gov/servlets/purl/1568688.
@article{osti_1568688,
title = {Modeling behavior in a network using event logs},
author = {Turcotte, Melissa J. M. and Heard, Nicholas A. and Kent, Alexander D.},
abstractNote = {A framework is provided for modeling the activity surrounding user credentials and/or machine level activity on a computer network using computer event logs by viewing the logs attributed to each user as a multivariate data stream. The methodology performs well in detecting compromised user credentials at a very low false positive rate. Such a methodology may detect both users of compromised credentials by external actors and otherwise authorized users who have begun engaging in malicious activity.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2019},
month = {8}
}

Works referenced in this record:

Information Processing Apparatus, Information Processing System, Information Processing Method, and Program
patent-application, December 2011


Investigative and Dynamic Detection of Potential Security-Threat Indicators from Events in Big Data
patent-application, December 2013


Statistical Method and System for Network Anomaly Detection
patent-application, October 2008


Modular Model Workflow in a Distributed Computation System
patent-application, March 2017


Modeling a data generating process using dyadic Bayesian models
patent, August 2015


Method and System to Predict a Data Value
patent-application, May 2011


Using New Edges for Anomaly Detection in Computer Networks
patent-application, March 2014


System for Identity Verification
patent-application, May 2017


Automated insider threat prevention
patent, May 2017


Apparatus and Method for Detecting Anomaly of Network
patent-application, October 2015


Analyzing Data Sources for Inactive Data
patent-application, May 2016


Systems, Methods and Circuits for Learning of Relation-Based Networks
patent-application, August 2010


Security System and Method for Detecting Intrusion in a Computerized System
patent-application, June 2010


Methods and Systems for Processing a Log File
patent-application, May 2015


System for slowing password attacks
patent, November 2012


System and method for insider threat detection
patent, May 2015


Rating Network Security Posture and Comparing Network Maliciousness
patent-application, January 2016


Real-time contextual monitoring intrusion detection and prevention
patent, July 2018


Technologies for managing security threats to a computing system utilizing user interactions
patent, June 2016


Model Training and Deployment in Complex Event Processing of Computer Network Data
patent-application, August 2017


Clustering and Outlier Detection in Anomaly and Causation Detection for Computing Environments
patent-application, November 2018


Computer User Authentication Using Machine Learning
patent-application, March 2018


Modeling Users for Fraud Detection and Analysis
patent-application, April 2010


Detecting Anomalous Behavior via User Authentication Graphs
patent-application, October 2016


System and Method for Securing an Enterprise Computing Environment
patent-application, January 2018


Systems and methods for protecting computing resources
patent, July 2018