Modeling behavior in a network using event logs
Abstract
A framework is provided for modeling the activity surrounding user credentials and/or machine level activity on a computer network using computer event logs by viewing the logs attributed to each user as a multivariate data stream. The methodology performs well in detecting compromised user credentials at a very low false positive rate. Such a methodology may detect both users of compromised credentials by external actors and otherwise authorized users who have begun engaging in malicious activity.
- Inventors:
- Issue Date:
- Research Org.:
- Los Alamos National Laboratory (LANL), Los Alamos, NM (United States)
- Sponsoring Org.:
- USDOE
- OSTI Identifier:
- 1568688
- Patent Number(s):
- 10375095
- Application Number:
- 15/355,142
- Assignee:
- Triad National Security, LLC (Los Alamos, NM); IP2IPO Innovations Limited (London, GB)
- Patent Classifications (CPCs):
-
H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- DOE Contract Number:
- AC52-06NA25396
- Resource Type:
- Patent
- Resource Relation:
- Patent File Date: 11/18/2016
- Country of Publication:
- United States
- Language:
- English
Citation Formats
Turcotte, Melissa J. M., Heard, Nicholas A., and Kent, Alexander D. Modeling behavior in a network using event logs. United States: N. p., 2019.
Web.
Turcotte, Melissa J. M., Heard, Nicholas A., & Kent, Alexander D. Modeling behavior in a network using event logs. United States.
Turcotte, Melissa J. M., Heard, Nicholas A., and Kent, Alexander D. Tue .
"Modeling behavior in a network using event logs". United States. https://www.osti.gov/servlets/purl/1568688.
@article{osti_1568688,
title = {Modeling behavior in a network using event logs},
author = {Turcotte, Melissa J. M. and Heard, Nicholas A. and Kent, Alexander D.},
abstractNote = {A framework is provided for modeling the activity surrounding user credentials and/or machine level activity on a computer network using computer event logs by viewing the logs attributed to each user as a multivariate data stream. The methodology performs well in detecting compromised user credentials at a very low false positive rate. Such a methodology may detect both users of compromised credentials by external actors and otherwise authorized users who have begun engaging in malicious activity.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {Tue Aug 06 00:00:00 EDT 2019},
month = {Tue Aug 06 00:00:00 EDT 2019}
}
Works referenced in this record:
Information Processing Apparatus, Information Processing System, Information Processing Method, and Program
patent-application, December 2011
- Usui, Takashi; Abe, Shinichiro; Takada, Masayuki
- US Patent Application 13/161856; 20110319094
Investigative and Dynamic Detection of Potential Security-Threat Indicators from Events in Big Data
patent-application, December 2013
- Merza, Munawar Monzy; Coates, John; Hansen, James
- US Patent Application 13/956252; 20130326620
Statistical Method and System for Network Anomaly Detection
patent-application, October 2008
- Mullarkey, Peter; Johns, Michael C.
- US Patent Application 12/059076; 20080250497
Method and apparatus for training a neural network model for use in computer network intrusion detection
patent, July 2004
- Botros, Sherif; Diep, Thanh A.; Izenson, Martin D.
- US Patent Document 6,769,066
Network security threat detection by user/user-entity behavioral analysis
patent, December 2016
- Muddu, Sudhakar; Tryfonas, Christos
- US Patent Document 9,516,053
Modular Model Workflow in a Distributed Computation System
patent-application, March 2017
- Muddu, Sudhakar; Tryfonas, Christos; Kavacheri, Sathyanarayanan
- US Patent Application 14/929035; 20170063886
Modeling a data generating process using dyadic Bayesian models
patent, August 2015
- Gordon, Andrew D.; Graepel, Thore; Nori, Aditya V.
- US Patent Document 9,104,961
Method and System to Predict a Data Value
patent-application, May 2011
- Duchon, Andrew P.
- US Patent Application 12/987147; 20110106743
Using New Edges for Anomaly Detection in Computer Networks
patent-application, March 2014
- Neil, Joshua Charles
- US Patent Application 13/826995; 20140068769
System for Identity Verification
patent-application, May 2017
- Yan, Samuel; Muma, S. Keith; Huang, Richard
- US Patent Application 15/353584; 20170140141
Automated insider threat prevention
patent, May 2017
- Treat, Tim; Ziaeian, Cyrus; Grzegorzyk, Gregory
- US Patent Document 9,641,544
Apparatus and Method for Detecting Anomaly of Network
patent-application, October 2015
- Kim, Huy Kang
- US Patent Application 14/239733; 20150304346
Analyzing Data Sources for Inactive Data
patent-application, May 2016
- DeLuca, Lisa Seacat; Fishman, Neal
- US Patent Application 14/541964; 20160142270
Systems, Methods and Circuits for Learning of Relation-Based Networks
patent-application, August 2010
- Meng, Teresa H.; Wong, Wing H.; Asadi, Narges Bani
- US Patent Application 12/696317; 20100198761
Security System and Method for Detecting Intrusion in a Computerized System
patent-application, June 2010
- Nordstrom, Peder; Johansson, Jonas
- US Patent Application 12/444265; 20100146622
Methods and Systems for Processing a Log File
patent-application, May 2015
- Torman, Adam; Warshavsky, Alex; Dabkoski, Derrill
- US Patent Application 14/529674; 20150127670
System for slowing password attacks
patent, November 2012
- Kahn, Clifford E.; Venable, Sr., Jeffrey C.; Chickering, Roger A.
- US Patent Document 8,312,540
System and method for insider threat detection
patent, May 2015
- Allen, David L.; Lu, Tsai-Ching; Tressler, Eric P.
- US Patent Document 9,043,905
Rating Network Security Posture and Comparing Network Maliciousness
patent-application, January 2016
- Liu, Mingyan; Bailey, Michael; Karir, Manish
- US Patent Application 14/801016; 20160021141
Real-time contextual monitoring intrusion detection and prevention
patent, July 2018
- Schulman, Elad; Tabak, Amidan; Rivlin, Ofer
- US Patent Document 10,015,178
Technologies for managing security threats to a computing system utilizing user interactions
patent, June 2016
- Weast, John C.; Johnson, Brian; Kohlenberg, Tobias M.
- US Patent Document 9,378,364
Model Training and Deployment in Complex Event Processing of Computer Network Data
patent-application, August 2017
- Muddu, Sudhakar; Tryfonas, Christos
- US Patent Application 15/490849; 20170223036
Clustering and Outlier Detection in Anomaly and Causation Detection for Computing Environments
patent-application, November 2018
- Dodson, Stephen; Veasey, Thomas
- US Patent Application 15/857186; 20180316707
Security Threat Detection Based on Indications in Big Data of Access to Newly Registered Domains
patent-application, November 2013
- Merza, Munawar Monzy
- US Patent Application 13/956262; 20130318603
Computer User Authentication Using Machine Learning
patent-application, March 2018
- Grajek, Garret Florian; Lo, Jeffrey
- US Patent Application 15/696057; 20180069867
Modeling Users for Fraud Detection and Analysis
patent-application, April 2010
- Miltonberger, Tom
- US Patent Application 12/483887; 20100094767
Detecting Anomalous Behavior via User Authentication Graphs
patent-application, October 2016
- Kent, Alexander; Neil, Joshua; Liebrock, Lorie
- US Patent Application 15/099898; 20160308884
System and Method for Securing an Enterprise Computing Environment
patent-application, January 2018
- Zimmermann, Gil; Zalkind, Ron; Shapsa, Tsahy
- US Patent Application 15/547351; 20180027006
Systems and methods for protecting computing resources
patent, July 2018
- Shintre, Saurabh; Parker-Wood, Aleatha
- US Patent Document 10,015,182