Graph anomalies in cyber communications

Vander Wiel, Scott A; Storlie, Curtis B; Sandine, Gary; Hagberg, Aric A; Fisk, Michael

Graph anomalies in cyber communications

Conference · Tue Jan 11 04:00:00 EST 2011

OSTI ID:1046548

Vander Wiel, Scott A ^[1]; Storlie, Curtis B ^[1]; Sandine, Gary ^[1]; Hagberg, Aric A ^[1]; Fisk, Michael ^[1]

Los Alamos National Laboratory

Enterprises monitor cyber traffic for viruses, intruders and stolen information. Detection methods look for known signatures of malicious traffic or search for anomalies with respect to a nominal reference model. Traditional anomaly detection focuses on aggregate traffic at central nodes or on user-level monitoring. More recently, however, traffic is being viewed more holistically as a dynamic communication graph. Attention to the graph nature of the traffic has expanded the types of anomalies that are being sought. We give an overview of several cyber data streams collected at Los Alamos National Laboratory and discuss current work in modeling the graph dynamics of traffic over the network. We consider global properties and local properties within the communication graph. A method for monitoring relative entropy on multiple correlated properties is discussed in detail.

Research Organization:: Los Alamos National Laboratory (LANL)

Sponsoring Organization:: DOE

DOE Contract Number:: AC52-06NA25396

OSTI ID:: 1046548

Report Number(s):: LA-UR-11-00221; LA-UR-11-221

Country of Publication:: United States

Language:: English

Similar Records

Modeling Data Flows with Network Calculus in Cyber-Physical Systems: Enabling Feature Analysis for Anomaly Detection Applications

Journal Article · Fri Jun 18 20:00:00 EDT 2021 · Information · OSTI ID:1797843

Related Subjects

97 MATHEMATICS AND COMPUTING
COMMUNICATIONS
DETECTION
ENTROPY
LANL
MONITORING
MONITORS
SIMULATION
VIRUSES

Graph anomalies in cyber communications

Citation Formats

Similar Records

Related Subjects