Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

Directional Laplacian Centrality for Cyber Situational Awareness

Journal Article · · Digital Threats: Research and Practice
DOI:https://doi.org/10.1145/3450286· OSTI ID:1828738
 [1];  [1];  [1]
  1. Pacific Northwest National Lab. (PNNL), Richland, WA (United States)
+ Show Author Affiliations

Cyber operations is drowning in diverse, high-volume, multi-source data. To get a full picture of current operations and identify malicious events and actors, analysts must see through data generated by a mix of human activity and benign automated processes. Although many monitoring and alert systems exist, they typically use signature-based detection methods. We introduce a general method rooted in spectral graph theory to discover patterns and anomalies without a priori knowledge of signatures. We derive and propose a new graph-theoretic centrality measure based on the derivative of the graph Laplacian matrix in the direction of a vertex. To build intuition about our measure, we show how it identifies the most central vertices in standard network datasets and compare to other graph centrality measures. Finally, we focus our attention on studying its effectiveness in identifying important IP addresses in network flow data. Using both real and synthetic network flow data, we conduct several experiments to test our measure’s sensitivity to two types of injected attack profiles and show that vertices participating in injected attack profiles exhibit noticeable changes in our centrality measures, even when the injected anomalies are relatively small, and in the presence of simulated network dynamics.

Research Organization:
Pacific Northwest National Laboratory (PNNL), Richland, WA (United States)
Sponsoring Organization:
USDOE
Grant/Contract Number:
AC05-76RL01830
OSTI ID:
1828738
Report Number(s):
PNNL-SA--155008
Journal Information:
Digital Threats: Research and Practice, Journal Name: Digital Threats: Research and Practice Journal Issue: 4 Vol. 2; ISSN 2692-1626
Publisher:
Association for Computing Machinery (ACM)Copyright Statement
Country of Publication:
United States
Language:
English

References (35)

Eigenvalues, diameter, and mean distance in graphs journal March 1991
The expected eigenvalue distribution of a large regular graph journal October 1981
The average distances in random graphs with given expected degrees journal December 2002
The Spectra of Random Graphs with Given Expected Degrees journal January 2004
The Eigenvalues of a Graph and Its Chromatic Number journal January 1967
A property of eigenvectors of nonnegative symmetric matrices and its application to graph theory [A property of eigenvectors of nonnegative symmetric matrices and its application to graph theory] journal January 1975
Characteristic Vectors of Bordered Matrices With Infinite Dimensions journal November 1955
Quasi-random graphs with given degree sequences journal January 2007
Sparse random graphs: Eigenvalues and eigenvectors: Sparse Random Graphs journal March 2012
Spanning tree formulas and chebyshev polynomials journal December 1986
Eigenvalues, diameter, and mean distance in graphs journal March 1991
Quasi-random graphs journal December 1989
Eigenvalues of Random Power law Graphs journal June 2003
Sparse Quasi-Random Graphs journal April 2002
Scan Statistics on Enron Graphs journal October 2005
Graph Theoretic and Spectral Analysis of Enron Email Data journal October 2005
Laplacian centrality: A new centrality measure for weighted networks journal July 2012
Eigenvalue bounds for independent sets journal July 2008
A holistic review of Network Anomaly Detection Systems: A comprehensive survey journal February 2019
A sharp upper bound on the largest Laplacian eigenvalue of weighted graphs journal November 2005
On Differentiating Eigenvalues and Eigenvectors journal August 1985
Spectra of random graphs with given expected degrees journal May 2003
Quasi-random graphs journal February 1988
An Information Flow Model for Conflict and Fission in Small Groups journal December 1977
Diameters and eigenvalues journal January 1989
Finding community structure in networks using the eigenvectors of matrices journal September 2006
A parameterizable methodology for Internet traffic flow profiling journal January 1995
Flow Monitoring Explained: From Packet Capture to Data Analysis With NetFlow and IPFIX journal January 2014
Anomaly Detection and Attribution in Networks With Temporally Correlated Traffic journal February 2018
Routing Permutations on Graphs via Matchings journal May 1994
Random Matrices: the Circular law journal April 2008
Discovering important nodes through graph entropy the case of Enron email database conference January 2005
Toward a Theory of Situation Awareness in Dynamic Systems journal March 1995
A property of eigenvectors of nonnegative symmetric matrices and its application to graph theory [A property of eigenvectors of nonnegative symmetric matrices and its application to graph theory] journal January 1975
On the Distribution of the Roots of Certain Symmetric Matrices journal March 1958

Similar Records

Graph anomalies in cyber communications
Conference · Mon Jan 10 23:00:00 EST 2011 · OSTI ID:1046548
A dataset of cyber-induced mechanical faults on buildings with network and buildings data
Dataset · Sat Jan 28 23:00:00 EST 2023 · OSTI ID:1922641
Combining Tensor Decompositions and Graph Analytics to Provide Cyber Situational Awareness at HPC Scale
Conference · Wed Sep 25 00:00:00 EDT 2019 · OSTI ID:1580600

Related Subjects

45 MILITARY TECHNOLOGY, WEAPONRY, AND NATIONAL DEFENSE
Cyber Situational Awareness
graph centrality
laplacian
normalied Laplacian