Patent · US Active

Modeling behavior in a network using event logs

US10375095B1 · kind B1 · utility

16Cited by

9References

20Claims

0Family size

Assignees

Triad National Security, LLC · US
IP2IPO Innovations Limited · GB

Inventors

Melissa Turcotte · Los Alamos, US
Nicholas Heard · London, GB
Alexander Kent · Los Alamos, US

Key dates

Filing date	Nov 18, 2016
Grant date	Aug 6, 2019
Priority date	—
Expiry date	Aug 17, 2037

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/083
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A framework is provided for modeling the activity surrounding user credentials and/or machine level activity on a computer network using computer event logs by viewing the logs attributed to each user as a multivariate data stream. The methodology performs well in detecting compromised user credentials at a very low false positive rate. Such a methodology may detect both users of compromised credentials by external actors and otherwise authorized users who have begun engaging in malicious activity.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.