NETWORK PROTECTION SYSTEM USING LINKOGRAPHS

Publication Number:	20170180407
Kind Code:	A1
Official Filing:	View the Complete Application at the US Patent & Trademark Office
Lab:	Sandia National Laboratories - Visit the Intellectual Property Management and Licensing Website
Abstract:	A method and apparatus for managing an attack on a computer system. A computer identifies actions taken by an adversary in the computer system and links connecting the actions over time using an ontology defining linking rules for linking the actions over time. The computer creates a graph of the actions with the links connecting the actions over time. The graph shows a number of patterns of behavior for the adversary. The computer then identifies a protective action to take with respect to the computer system using the graph of the actions taken by the adversary.
Inventors:	Zage, David John (Fremont, CA), Jarocki, John Charles (Albuquerque, NM), Fisher, Andrew N. (Albuquerque, NM), Kent, Carson (Stanford, CA)
Application Number:	14/ 975,502
Filed:	December 18, 2015
Government Interests:	GOVERNMENT LICENSE RIGHTS [0001] This invention was made with United States Government support under Contract No. DE-AC04-94AL85000 between Sandia Corporation and the United States Department of Energy. The United States Government has certain rights in this invention.