公开(公告)号：WO2013184206A3

公开(公告)日：2014-02-20

申请号：PCT/US2013031402

申请日：2013-03-14

Applicant: LOS ALAMOS NAT SECURITY LLC

Inventor： NEIL JOSHUA CHARLES ,  FISK MICHAEL EDWARD ,  BRUGH ALEXANDER WILLIAM ,  HASH CURTIS LEE JR ,  STORLIE CURTIS BYRON ,  UPOFF BENJAMIN ,  KENT ALEXANDER

IPC: G06F11/00

CPC classification number: H04L63/1416 ,  G06F21/577 ,  G06N5/02 ,  G06N7/005 ,  H04L1/002 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1433 ,  H04L2463/144

Abstract: A system, apparatus, computer-readable medium, and computer-implemented method are provided for detecting anomalous behavior in a network. Historical parameters of the network are determined in order to determine normal activity levels. A plurality of paths in the network are enumerated as part of a graph representing the network, where each computing system in the network may be a node in the graph and the sequence of connections between two computing systems may be a directed edge in the graph. A statistical model is applied to the plurality of paths in the graph on a sliding window basis to detect anomalous behavior. Data collected by a Unified Host Collection Agent ("UHCA") may also be used to detect anomalous behavior.

Abstract translation: 提供了一种用于检测网络中的异常行为的系统，装置，计算机可读介质和计算机实现的方法。 确定网络的历史参数以确定正常的活动水平。 网络中的多个路径被列举为表示网络的图的一部分，其中网络中的每个计算系统可以是图中的节点，并且两个计算系统之间的连接序列可以是图中的有向边。 统计模型在滑动窗口基础上应用于图中的多个路径，以检测异常行为。 统一主机收集代理（“UHCA”）收集的数据也可用于检测异常行为。

公开(公告)号：EP2828752A4

公开(公告)日：2016-02-17

申请号：EP13800081

申请日：2013-03-14

Applicant: LOS ALAMOS NAT SECURITY LLC

Inventor： NEIL JOSHUA CHARLES ,  FISK MICHAEL EDWARD ,  BRUGH ALEXANDER WILLIAM ,  HASH CURTIS LEE JR ,  STORLIE CURTIS BYRON ,  UPHOFF BENJAMIN ,  KENT ALEXANDER

IPC: H04L29/06 ,  G06F21/57

CPC classification number: H04L63/1416 ,  G06F21/577 ,  G06N5/02 ,  G06N7/005 ,  H04L1/002 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1433 ,  H04L2463/144

Abstract: Non-harmful data mimicking computer network attacks may be inserted in a computer network. Anomalous real network connections may be generated between a plurality of computing systems in the network. Data mimicking an attack may also be generated. The generated data may be transmitted between the plurality of computing systems using the real network connections and measured to determine whether an attack is detected.

公开(公告)号：AU2013272211A1

公开(公告)日：2014-10-02

申请号：AU2013272211

申请日：2013-03-14

Applicant: LOS ALAMOS NAT SECURITY LLC

Inventor： NEIL JOSHUA CHARLES ,  FISK MICHAEL EDWARD ,  BRUGH ALEXANDER WILLIAM ,  HASH JR CURTIS LEE ,  STORLIE CURTIS BYRON ,  UPOFF BENJAMIN ,  KENT ALEXANDER

IPC: H04L45/02

Abstract: A system, apparatus, computer-readable medium, and computer-implemented method are provided for detecting anomalous behavior in a network. Historical parameters of the network are determined in order to determine normal activity levels. A plurality of paths in the network are enumerated as part of a graph representing the network, where each computing system in the network may be a node in the graph and the sequence of connections between two computing systems may be a directed edge in the graph. A statistical model is applied to the plurality of paths in the graph on a sliding window basis to detect anomalous behavior. Data collected by a Unified Host Collection Agent ("UHCA") may also be used to detect anomalous behavior.

公开(公告)号：CA2868054C

公开(公告)日：2018-06-26

申请号：CA2868054

申请日：2013-03-14

Applicant: LOS ALAMOS NAT SECURITY LLC

Inventor： NEIL JOSHUA CHARLES ,  FISK MICHAEL EDWARD ,  BRUGH ALEXANDER WILLIAM ,  HASH CURTIS LEE ,  STORLIE CURTIS BYRON ,  UPHOFF BENJAMIN ,  KENT ALEXANDER

IPC: G06F21/55 ,  H04L45/02

Abstract: A system, apparatus, computer-readable medium, and computer-implemented method are provided for detecting anomalous behavior in a network. Historical parameters of the network are determined in order to determine normal activity levels. A plurality of paths in the network are enumerated as part of a graph representing the network, where each computing system in the network may be a node in the graph and the sequence of connections between two computing systems may be a directed edge in the graph. A statistical model is applied to the plurality of paths in the graph on a sliding window basis to detect anomalous behavior. Data collected by a Unified Host Collection Agent ("UHCA") may also be used to detect anomalous behavior.

公开(公告)号：CA2868054A1

公开(公告)日：2013-12-12

申请号：CA2868054

申请日：2013-03-14

Applicant: LOS ALAMOS NAT SECURITY LLC

Inventor： NEIL JOSHUA CHARLES ,  FISK MICHAEL EDWARD ,  BRUGH ALEXANDER WILLIAM ,  HASH CURTIS LEE JR ,  STORLIE CURTIS BYRON ,  UPOFF BENJAMIN ,  KENT ALEXANDER

IPC: G06F21/55 ,  H04L45/02

Abstract: A system, apparatus, computer-readable medium, and computer-implemented method are provided for detecting anomalous behavior in a network. Historical parameters of the network are determined in order to determine normal activity levels. A plurality of paths in the network are enumerated as part of a graph representing the network, where each computing system in the network may be a node in the graph and the sequence of connections between two computing systems may be a directed edge in the graph. A statistical model is applied to the plurality of paths in the graph on a sliding window basis to detect anomalous behavior. Data collected by a Unified Host Collection Agent ("UHCA") may also be used to detect anomalous behavior.