Utilizing Weak Indicators to Detect Anomalous Behaviors in Networks
- Los Alamos National Lab. (LANL), Los Alamos, NM (United States)
We consider the use of a novel weak in- dicator alongside more commonly used weak indicators to help detect anomalous behavior in a large computer network. The data of the network which we are studying in this research paper concerns remote log-in information (Virtual Private Network, or VPN sessions) from the internal network of Los Alamos National Laboratory (LANL). The novel indicator we are utilizing is some- thing which, while novel in its application to data science/cyber security research, is a concept borrowed from the business world. The Her ndahl-Hirschman Index (HHI) is a computationally trivial index which provides a useful heuristic for regulatory agencies to ascertain the relative competitiveness of a particular industry. Using this index as a lagging indicator in the monthly format we have studied could help to detect anomalous behavior by a particular or small set of users on the network.
- Research Organization:
- Los Alamos National Laboratory (LANL), Los Alamos, NM (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC52-06NA25396
- OSTI ID:
- 1407851
- Report Number(s):
- LA-UR-17-30009
- Country of Publication:
- United States
- Language:
- English
Similar Records
Profile-based adaptive anomaly detection for network security.
Federal Market Information Technology in the Post Flash Crash Era: Roles for Supercomputing