Michael Edward Fisk

US Patent:

7319677, Jan 15, 2008

Filed:

Dec 17, 2004

Appl. No.:

11/016096

Inventors:

Daniel A. Quist - Los Alamos NM, US
Eugene M. Gavrilov - Los Alamos NM, US
Michael E. Fisk - Jemez NM, US

Assignee:

Los Alamos National Security, LLC - Los Alamos NM

International Classification:

H04L 12/28

US Classification:

370254

Abstract:

A method enables the topology of an acyclic fully propagated network to be discovered. A list of switches that comprise the network is formed and the MAC address cache for each one of the switches is determined. For each pair of switches, from the MAC address caches the remaining switches that see the pair of switches are located. For each pair of switches the remaining switches are determined that see one of the pair of switches on a first port and the second one of the pair of switches on a second port. A list of insiders is formed for every pair of switches. It is determined whether the insider for each pair of switches is a graph edge and adjacent ones of the graph edges are determined. A symmetric adjacency matrix is formed from the graph edges to represent the topology of the data link network.

US Patent:

20200028864, Jan 23, 2020

Filed:

Oct 24, 2018

Appl. No.:

16/168956

Inventors:

- Los Alamos NM, US
Alexander Kent - Los Alamos NM, US
Curtis Hash, JR. - Santa Fe NM, US
Michael Fisk - Los Alamos NM, US
Alexander Brugh - Los Alamos NM, US
Curtis Storlie - Jemez Springs NM, US
Benjamin Uphoff - Los Alamos NM, US

International Classification:

H04L 29/06
H04L 1/00
G06N 5/02
G06N 7/00
G06N 5/04

Abstract:

Non-harmful data mimicking computer network attacks may be inserted in a computer network. Anomalous real network connections may be generated between a plurality of computing systems in the network. Data mimicking an attack may also be generated. The generated data may be transmitted between the plurality of computing systems using the real network connections and measured to determine whether an attack is detected.

US Patent:

20190182281, Jun 13, 2019

Filed:

Feb 18, 2019

Appl. No.:

16/278225

Inventors:

- Los Alamos NM, US
Michael Edward Fisk - Los Alamos NM, US
Alexander William Brugh - Los Alamos NM, US
Curtis Byron Storlie - Jemez Springs NM, US
Benjamin Uphoff - Los Alamos NM, US
Alexander Kent - Los Alamos NM, US

Assignee:

Triad National Security, LLC - Los Alamos NM

International Classification:

H04L 29/06
G06N 5/02
G06N 7/00
H04L 1/00

Abstract:

A system, apparatus, computer-readable medium, and computer-implemented method are provided for detecting anomalous behavior in a network. Historical parameters of the network are determined in order to determine normal activity levels. A plurality of paths in the network are enumerated as part of a graph representing the network, where each computing system in the network may be a node in the graph and the sequence of connections between two computing systems may be a directed edge in the graph. A statistical model is applied to the plurality of paths in the graph on a sliding window basis to detect anomalous behavior. Data collected by a Unified Host Collection Agent (“UHCA”) may also be used to detect anomalous behavior.

US Patent:

20180109544, Apr 19, 2018

Filed:

Nov 10, 2017

Appl. No.:

15/809297

Inventors:

- Los Alamos NM, US
Michael Edward Fisk - Los Alamos NM, US
Alexander William Brugh - Los Alamos NM, US
Curtis Byron Storlie - Jemez Springs NM, US
Benjamin Uphoff - Los Alamos NM, US
Alexander Kent - Los Alamos NM, US

Assignee:

Los Alamos National Security, LLC - Los Alamos NM

International Classification:

H04L 29/06
G06N 7/00

Abstract:

A system, apparatus, computer-readable medium, and computer-implemented method are provided for detecting anomalous behavior in a network. Historical parameters of the network are determined in order to determine normal activity levels. A plurality of paths in the network are enumerated as part of a graph representing the network, where each computing system in the network may be a node in the graph and the sequence of connections between two computing systems may be a directed edge in the graph. A statistical model is applied to the plurality of paths in the graph on a sliding window basis to detect anomalous behavior. Data collected by a Unified Host Collection Agent (“UHCA”) may also be used to detect anomalous behavior.

US Patent:

20170163668, Jun 8, 2017

Filed:

Jan 30, 2017

Appl. No.:

15/419673

Inventors:

- Los Alamos NM, US
Michael Edward Fisk - Los Alamos NM, US
Alexander William Brugh - Los Alamos NM, US
Curtis Lee Hash - Santa Fe NM, US
Curtis Byron Storlie - Jemez Springs NM, US
Benjamin Uphoff - Los Alamos NM, US
Alexander Kent - Los Alamos NM, US

Assignee:

Los Alamos National Security, LLC - Los Alamos NM

International Classification:

H04L 29/06
G06N 7/00

Abstract:

A system, apparatus, computer-readable medium, and computer-implemented method are provided for detecting anomalous behavior in a network. Historical parameters of the network are determined in order to determine normal activity levels. A plurality of paths in the network are enumerated as part of a graph representing the network, where each computing system in the network may be a node in the graph and the sequence of connections between two computing systems may be a directed edge in the graph. A statistical model is applied to the plurality of paths in the graph on a sliding window basis to detect anomalous behavior. Data collected by a Unified Host Collection Agent (“UHCA”) may also be used to detect anomalous behavior.

US Patent:

20150020199, Jan 15, 2015

Filed:

Mar 14, 2013

Appl. No.:

14/382992

Inventors:

Joshua Charles Neil - Jemez Springs NM, US
Michael Edward Fisk - Los Alamos NM, US
Alexander William Brugh - Los Alamos NM, US
Curtis Byron Storlie - Jemez Springs NM, US
Benjamin Upoff - Los Alamos NM, US
Alexander Kent - Los Alamos NM, US

Assignee:

Los Alamos National Security, LLC - Los Alamos NM

International Classification:

H04L 29/06
H04L 1/00

US Classification:

726 23

Abstract:

A system, apparatus, computer-readable medium, and computer-implemented method are provided for detecting anomalous behavior in a network. Historical parameters of the network are determined in order to determine normal activity levels. A plurality of paths in the network are enumerated as part of a graph representing the network, where each computing system in the network may be a node in the graph and the sequence of connections between two computing systems may be a directed edge in the graph. A statistical model is applied to the plurality of paths in the graph on a sliding window basis to detect anomalous behavior. Data collected by a Unified Host Collection Agent (“UHCA”) may also be used to detect anomalous behavior.