skip to main content
Rapidly discovering novel and sophisticated cyber attacks and providing situation aware-ness to analysts are unsolved problems in cyber security. We have developed a platform that scores events in real-time based on probabilistic models to define how typical an event is. This anomaly detection approach is based on unsupervised, probabilistic modeling of data at multiple scales. Scoring events based on multiple scales allows the system to 1) score anomalousness at different levels to detect important events that would otherwise be hidden, and 2) explain to users why an event is anomalous, not just that it is. The system was designed to address several challenges: 1) scaling to very high volume, heterogeneous, streaming data, and 2) minimizing the time from observation to discovery to understanding. The prototype has the real-time framework for pushing scored events to a web-based visualization.
Publication Date:
OSTI Identifier:
Report Number(s):
SITU; 003750WKSTN00
DOE Contract Number:
Resource Type:
Software Revision:
Software Package Number:
Software Package Contents:
Media Directory; Software Abstract; Media includes Source Code; User Guide; Executable Module(s); / 1 CD-ROM
Software CPU:
Open Source:
Source Code Available:
Research Org:
Oak Ridge National Laboratory
Sponsoring Org:
Contributing Orgs:
John R. Goodall and Joel W. Reed
Country of Publication:
United States

To initiate an order for this software, request consultation services, or receive further information, fill out the request form below. You may also reach us by email at: .

OSTI staff will begin to process an order for scientific and technical software once the payment and signed site license agreement are received. If the forms are not in order, OSTI will contact you. No further action will be taken until all required information and/or payment is received. Orders are usually processed within three to five business days.

Software Request