Skip to Content
Find More Like This
Return to Search

Path scanning for the detection of anomalous subgraphs and use of DNS requests and host agents for anomaly/change detection and network situational awareness

United States Patent

January 31, 2017
View the Complete Patent at the US Patent & Trademark Office
Los Alamos National Laboratory - Visit the Technology Transfer Division Website
A system, apparatus, computer-readable medium, and computer-implemented method are provided for detecting anomalous behavior in a network. Historical parameters of the network are determined in order to determine normal activity levels. A plurality of paths in the network are enumerated as part of a graph representing the network, where each computing system in the network may be a node in the graph and the sequence of connections between two computing systems may be a directed edge in the graph. A statistical model is applied to the plurality of paths in the graph on a sliding window basis to detect anomalous behavior. Data collected by a Unified Host Collection Agent ("UHCA") may also be used to detect anomalous behavior.
Neil; Joshua Charles (Jemez Springs, NM), Fisk; Michael Edward (Los Alamos, NM), Brugh; Alexander William (Santa Fe, NM), Hash, Jr.; Curtis Lee (Santa Fe, NM), Storlie; Curtis Byron (Jemez Springs, NM), Uphoff; Benjamin (Los Alamos, NM), Kent; Alexander (Los Alamos, NM)
Los Alamos National Security, LLC (Los Alamos, NM)
14/ 382,992
March 14, 2013
STATEMENT OF FEDERAL RIGHTS The United States government has rights in this invention pursuant to Contract No. DE-AC52-06NA25396 between the United States Department of Energy and Los Alamos National Security, LLC for the operation of Los Alamos National Laboratory.