Invention Grant
US09560065B2 Path scanning for the detection of anomalous subgraphs and use of DNS requests and host agents for anomaly/change detection and network situational awareness
有权
路径扫描检测异常子图,并使用DNS请求和主机代理进行异常/变化检测和网络状况感知
- Patent Title: Path scanning for the detection of anomalous subgraphs and use of DNS requests and host agents for anomaly/change detection and network situational awareness
- Patent Title (中): 路径扫描检测异常子图,并使用DNS请求和主机代理进行异常/变化检测和网络状况感知
-
Application No.: US14382992Application Date: 2013-03-14
-
Publication No.: US09560065B2Publication Date: 2017-01-31
- Inventor: Joshua Charles Neil , Michael Edward Fisk , Alexander William Brugh , Curtis Lee Hash, Jr. , Curtis Byron Storlie , Benjamin Uphoff , Alexander Kent
- Applicant: Los Alamos National Security, LLC
- Applicant Address: US NM Los Alamos
- Assignee: Los Alamos National Security, LLC
- Current Assignee: Los Alamos National Security, LLC
- Current Assignee Address: US NM Los Alamos
- Agency: LeonardPatel PC
- International Application: PCT/US2013/031402 WO 20130314
- International Announcement: WO2013/184206 WO 20131212
- Main IPC: H04L29/00
- IPC: H04L29/00 ; H04L29/06 ; H04L1/00 ; G06N5/02 ; G06F21/57
Abstract:
A system, apparatus, computer-readable medium, and computer-implemented method are provided for detecting anomalous behavior in a network. Historical parameters of the network are determined in order to determine normal activity levels. A plurality of paths in the network are enumerated as part of a graph representing the network, where each computing system in the network may be a node in the graph and the sequence of connections between two computing systems may be a directed edge in the graph. A statistical model is applied to the plurality of paths in the graph on a sliding window basis to detect anomalous behavior. Data collected by a Unified Host Collection Agent (“UHCA”) may also be used to detect anomalous behavior.
Public/Granted literature
Information query
