Utilizing Weak Indicators to Detect Anomalous Behaviors in Networks
- Los Alamos National Lab. (LANL), Los Alamos, NM (United States)
We consider the use of a novel weak in- dicator alongside more commonly used weak indicators to help detect anomalous behavior in a large computer network. The data of the network which we are studying in this research paper concerns remote log-in information (Virtual Private Network, or VPN sessions) from the internal network of Los Alamos National Laboratory (LANL). The novel indicator we are utilizing is some- thing which, while novel in its application to data science/cyber security research, is a concept borrowed from the business world. The Her ndahl-Hirschman Index (HHI) is a computationally trivial index which provides a useful heuristic for regulatory agencies to ascertain the relative competitiveness of a particular industry. Using this index as a lagging indicator in the monthly format we have studied could help to detect anomalous behavior by a particular or small set of users on the network. Additionally, we study indicators related to the speed of movement of a user based on the physical location of their current and previous logins. This data can be ascertained from the IP addresses of the users, and is likely very similar to the fraud detection schemes regularly utilized by credit card networks to detect anomalous activity. In future work we would look to nd a way to combine these indicators for use as an internal fraud detection system.
- Research Organization:
- Los Alamos National Laboratory (LANL), Los Alamos, NM (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC52-06NA25396
- OSTI ID:
- 1422893
- Report Number(s):
- LA-UR-18-20901
- Country of Publication:
- United States
- Language:
- English
Similar Records
D2U: Data Driven User Emulation for the Enhancement of Cyber Testing, Training, and Data Set Generation
INFORMATION: Special Report on "Selected Department of Energy Program Efforts to Implement the American Recovery and Reinvestment Act"