Patent · US Active

Path scanning for the detection of anomalous subgraphs and use of DNS requests and host agents for anomaly/change detection and network situational awareness

US10243984B2 · kind B2 · utility

0Cited by

14References

24Claims

0Family size

Assignee

Triad National Security, LLC · US

Inventors

Joshua Charles Neil · Jemez Springs, US
Michael Edward Fisk · Los Alamos, US
Alexander William Brugh · Los Alamos, US
Curtis Lee Hash, Jr. · Santa Fe, US
Curtis Byron Storlie · Jemez Springs, US
Benjamin Uphoff · Los Alamos, US
Alexander Kent · Los Alamos, US

Key dates

Filing date	Nov 10, 2017
Grant date	Mar 26, 2019
Priority date	—
Expiry date	Nov 10, 2037

Classification

Technology area (CPC H)Electricity
CPC primaryH04L2463/144
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A system, apparatus, computer-readable medium, and computer-implemented method are provided for detecting anomalous behavior in a network. Historical parameters of the network are determined in order to determine normal activity levels. A plurality of paths in the network are enumerated as part of a graph representing the network, where each computing system in the network may be a node in the graph and the sequence of connections between two computing systems may be a directed edge in the graph. A statistical model is applied to the plurality of paths in the graph on a sliding window basis to detect anomalous behavior. Data collected by a Unified Host Collection Agent (“UHCA”) may also be used to detect anomalous behavior.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.