skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Discrete Mathematical Approaches to Graph-Based Traffic Analysis

Abstract

Modern cyber defense and anlaytics requires general, formal models of cyber systems. Multi-scale network models are prime candidates for such formalisms, using discrete mathematical methods based in hierarchically-structured directed multigraphs which also include rich sets of labels. An exemplar of an application of such an approach is traffic analysis, that is, observing and analyzing connections between clients, servers, hosts, and actors within IP networks, over time, to identify characteristic or suspicious patterns. Towards that end, NetFlow (or more generically, IPFLOW) data are available from routers and servers which summarize coherent groups of IP packets flowing through the network. In this paper, we consider traffic analysis of Netflow using both basic graph statistics and two new mathematical measures involving labeled degree distributions and time interval overlap measures. We do all of this over the VAST test data set of 96M synthetic Netflow graph edges, against which we can identify characteristic patterns of simulated ground-truth network attacks.

Authors:
; ; ;
Publication Date:
Research Org.:
Pacific Northwest National Lab. (PNNL), Richland, WA (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1222143
Report Number(s):
PNNL-SA-101858
DOE Contract Number:  
AC05-76RL01830
Resource Type:
Conference
Resource Relation:
Conference: The 2nd ASE International Conference on Big Data Science & Computing, the 6th ASE International Conference on Social Computing and the 3rd ASE International Conference on Cyber Security, May 27-31, 2014, Stanford, California
Country of Publication:
United States
Language:
English

Citation Formats

Joslyn, Cliff A., Cowley, Wendy E., Hogan, Emilie A., and Olsen, Bryan K. Discrete Mathematical Approaches to Graph-Based Traffic Analysis. United States: N. p., 2014. Web.
Joslyn, Cliff A., Cowley, Wendy E., Hogan, Emilie A., & Olsen, Bryan K. Discrete Mathematical Approaches to Graph-Based Traffic Analysis. United States.
Joslyn, Cliff A., Cowley, Wendy E., Hogan, Emilie A., and Olsen, Bryan K. Tue . "Discrete Mathematical Approaches to Graph-Based Traffic Analysis". United States.
@article{osti_1222143,
title = {Discrete Mathematical Approaches to Graph-Based Traffic Analysis},
author = {Joslyn, Cliff A. and Cowley, Wendy E. and Hogan, Emilie A. and Olsen, Bryan K.},
abstractNote = {Modern cyber defense and anlaytics requires general, formal models of cyber systems. Multi-scale network models are prime candidates for such formalisms, using discrete mathematical methods based in hierarchically-structured directed multigraphs which also include rich sets of labels. An exemplar of an application of such an approach is traffic analysis, that is, observing and analyzing connections between clients, servers, hosts, and actors within IP networks, over time, to identify characteristic or suspicious patterns. Towards that end, NetFlow (or more generically, IPFLOW) data are available from routers and servers which summarize coherent groups of IP packets flowing through the network. In this paper, we consider traffic analysis of Netflow using both basic graph statistics and two new mathematical measures involving labeled degree distributions and time interval overlap measures. We do all of this over the VAST test data set of 96M synthetic Netflow graph edges, against which we can identify characteristic patterns of simulated ground-truth network attacks.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2014},
month = {4}
}

Conference:
Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share: