Skip to Content
Find More Like This
Return to Search

PATH SCANNING FOR THE DETECTION OF ANOMALOUS SUBGRAPHS AND USE OF DNS REQUESTS AND HOST AGENTS FOR ANOMALY/CHANGE DETECTION AND NETWORK SITUATIONAL AWARENESS

United States Patent Application

20150020199
A1
View the Complete Application at the US Patent & Trademark Office
Los Alamos National Laboratory - Visit the Technology Transfer Division Website
A system, apparatus, computer-readable medium, and computer-implemented method are provided for detecting anomalous behavior in a network. Historical parameters of the network are determined in order to determine normal activity levels. A plurality of paths in the network are enumerated as part of a graph representing the network, where each computing system in the network may be a node in the graph and the sequence of connections between two computing systems may be a directed edge in the graph. A statistical model is applied to the plurality of paths in the graph on a sliding window basis to detect anomalous behavior. Data collected by a Unified Host Collection Agent ("UHCA") may also be used to detect anomalous behavior.
Neil, Joshua Charles (Jemez Springs, NM), Fisk, Michael Edward (Los Alamos, NM), Brugh, Alexander William (Los Alamos, NM), Hash, JR., Curtis Lee (Santa Fe, NM), Storlie, Curtis Byron (Jemez Springs, NM), Upoff, Benjamin (Los Alamos, NM), Kent, Alexander (Los Alamos, NM)
Los Alamos National Security, LLC (Los Alamos NM)
14/ 382,992
March 14, 2013
STATEMENT OF FEDERAL RIGHTS [0002] The United States government has rights in this invention pursuant to Contract No. DE-AC52-06NA25396 between the United States Department of Energy and Los Alamos National Security, LLC for the operation of Los Alamos National Laboratory.