skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Utilizing Weak Indicators to Detect Anomalous Behaviors in Networks

Abstract

We consider the use of a novel weak in- dicator alongside more commonly used weak indicators to help detect anomalous behavior in a large computer network. The data of the network which we are studying in this research paper concerns remote log-in information (Virtual Private Network, or VPN sessions) from the internal network of Los Alamos National Laboratory (LANL). The novel indicator we are utilizing is some- thing which, while novel in its application to data science/cyber security research, is a concept borrowed from the business world. The Her ndahl-Hirschman Index (HHI) is a computationally trivial index which provides a useful heuristic for regulatory agencies to ascertain the relative competitiveness of a particular industry. Using this index as a lagging indicator in the monthly format we have studied could help to detect anomalous behavior by a particular or small set of users on the network.

Authors:
 [1]
  1. Los Alamos National Lab. (LANL), Los Alamos, NM (United States)
Publication Date:
Research Org.:
Los Alamos National Lab. (LANL), Los Alamos, NM (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1407851
Report Number(s):
LA-UR-17-30009
DOE Contract Number:  
AC52-06NA25396
Resource Type:
Technical Report
Country of Publication:
United States
Language:
English
Subject:
97 MATHEMATICS AND COMPUTING

Citation Formats

Egid, Adin. Utilizing Weak Indicators to Detect Anomalous Behaviors in Networks. United States: N. p., 2017. Web. doi:10.2172/1407851.
Egid, Adin. Utilizing Weak Indicators to Detect Anomalous Behaviors in Networks. United States. doi:10.2172/1407851.
Egid, Adin. Wed . "Utilizing Weak Indicators to Detect Anomalous Behaviors in Networks". United States. doi:10.2172/1407851. https://www.osti.gov/servlets/purl/1407851.
@article{osti_1407851,
title = {Utilizing Weak Indicators to Detect Anomalous Behaviors in Networks},
author = {Egid, Adin},
abstractNote = {We consider the use of a novel weak in- dicator alongside more commonly used weak indicators to help detect anomalous behavior in a large computer network. The data of the network which we are studying in this research paper concerns remote log-in information (Virtual Private Network, or VPN sessions) from the internal network of Los Alamos National Laboratory (LANL). The novel indicator we are utilizing is some- thing which, while novel in its application to data science/cyber security research, is a concept borrowed from the business world. The Her ndahl-Hirschman Index (HHI) is a computationally trivial index which provides a useful heuristic for regulatory agencies to ascertain the relative competitiveness of a particular industry. Using this index as a lagging indicator in the monthly format we have studied could help to detect anomalous behavior by a particular or small set of users on the network.},
doi = {10.2172/1407851},
journal = {},
number = ,
volume = ,
place = {United States},
year = {Wed Nov 01 00:00:00 EDT 2017},
month = {Wed Nov 01 00:00:00 EDT 2017}
}

Technical Report:

Save / Share: