Search Menu
DOE PAGES title logo U.S. Department of Energy
Office of Scientific and Technical Information
Search Scholarly Publications

Title: Directional Laplacian Centrality for Cyber Situational Awareness

Abstract

Cyber operations is drowning in diverse, high-volume, multi-source data. To get a full picture of current operations and identify malicious events and actors, analysts must see through data generated by a mix of human activity and benign automated processes. Although many monitoring and alert systems exist, they typically use signature-based detection methods. We introduce a general method rooted in spectral graph theory to discover patterns and anomalies without a priori knowledge of signatures. We derive and propose a new graph-theoretic centrality measure based on the derivative of the graph Laplacian matrix in the direction of a vertex. To build intuition about our measure, we show how it identifies the most central vertices in standard network datasets and compare to other graph centrality measures. Finally, we focus our attention on studying its effectiveness in identifying important IP addresses in network flow data. Using both real and synthetic network flow data, we conduct several experiments to test our measure’s sensitivity to two types of injected attack profiles and show that vertices participating in injected attack profiles exhibit noticeable changes in our centrality measures, even when the injected anomalies are relatively small, and in the presence of simulated network dynamics.

Authors:
ORCiD logo [1]; ORCiD logo [1]; ORCiD logo [1]
+ Show Author Affiliations
  1. Pacific Northwest National Lab. (PNNL), Richland, WA (United States)
Publication Date:
Research Org.:
Pacific Northwest National Lab. (PNNL), Richland, WA (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1828738
Report Number(s):
PNNL-SA-155008
Journal ID: ISSN 2692-1626
Grant/Contract Number:  
AC05-76RL01830
Resource Type:
Accepted Manuscript
Journal Name:
Digital Threats: Research and Practice
Additional Journal Information:
Journal Volume: 2; Journal Issue: 4; Journal ID: ISSN 2692-1626
Publisher:
Association for Computing Machinery (ACM)
Country of Publication:
United States
Language:
English
Subject:
45 MILITARY TECHNOLOGY, WEAPONRY, AND NATIONAL DEFENSE; Cyber Situational Awareness; laplacian; graph centrality; normalied Laplacian

Citation Formats

Aksoy, Sinan G., Purvine, Emilie AH, and Young, Stephen J. Directional Laplacian Centrality for Cyber Situational Awareness. United States: N. p., 2021. Web. doi:10.1145/3450286.
Copy to clipboard
Aksoy, Sinan G., Purvine, Emilie AH, & Young, Stephen J. Directional Laplacian Centrality for Cyber Situational Awareness. United States. https://doi.org/10.1145/3450286
Copy to clipboard
Aksoy, Sinan G., Purvine, Emilie AH, and Young, Stephen J. Fri . "Directional Laplacian Centrality for Cyber Situational Awareness". United States. https://doi.org/10.1145/3450286. https://www.osti.gov/servlets/purl/1828738.
Copy to clipboard
@article{osti_1828738,
title = {Directional Laplacian Centrality for Cyber Situational Awareness},
author = {Aksoy, Sinan G. and Purvine, Emilie AH and Young, Stephen J.},
abstractNote = {Cyber operations is drowning in diverse, high-volume, multi-source data. To get a full picture of current operations and identify malicious events and actors, analysts must see through data generated by a mix of human activity and benign automated processes. Although many monitoring and alert systems exist, they typically use signature-based detection methods. We introduce a general method rooted in spectral graph theory to discover patterns and anomalies without a priori knowledge of signatures. We derive and propose a new graph-theoretic centrality measure based on the derivative of the graph Laplacian matrix in the direction of a vertex. To build intuition about our measure, we show how it identifies the most central vertices in standard network datasets and compare to other graph centrality measures. Finally, we focus our attention on studying its effectiveness in identifying important IP addresses in network flow data. Using both real and synthetic network flow data, we conduct several experiments to test our measure’s sensitivity to two types of injected attack profiles and show that vertices participating in injected attack profiles exhibit noticeable changes in our centrality measures, even when the injected anomalies are relatively small, and in the presence of simulated network dynamics.},
doi = {10.1145/3450286},
journal = {Digital Threats: Research and Practice},
number = 4,
volume = 2,
place = {United States},
year = {2021},
month = {10}
}
Copy to clipboard
Journal Article:
Free Publicly Available Full Text
Publisher's Version of Record
https://doi.org/10.1145/3450286
Copyright Statement
Other availability
Search WorldCat Search WorldCat to find libraries that may hold this journal
Save / Share:
Export Metadata
Save to My Library
You must Sign In or Create an Account in order to save documents to your library.

Works referenced in this record:

Toward a Theory of Situation Awareness in Dynamic Systems
journal, March 1995

  • Endsley, Mica R.
  • Human Factors: The Journal of the Human Factors and Ergonomics Society, Vol. 37, Issue 1
  • DOI: 10.1518/001872095779049543

Graph Theoretic and Spectral Analysis of Enron Email Data
journal, October 2005

  • Chapanond, Anurat; Krishnamoorthy, Mukkai S.; Yener, Bülent
  • Computational and Mathematical Organization Theory, Vol. 11, Issue 3
  • DOI: 10.1007/s10588-005-5381-4

Flow Monitoring Explained: From Packet Capture to Data Analysis With NetFlow and IPFIX
journal, January 2014

  • Hofstede, Rick; Celeda, Pavel; Trammell, Brian
  • IEEE Communications Surveys & Tutorials, Vol. 16, Issue 4
  • DOI: 10.1109/COMST.2014.2321898

Anomaly Detection and Attribution in Networks With Temporally Correlated Traffic
journal, February 2018

  • Nevat, Ido; Divakaran, Dinil Mon; Nagarajan, Sai Ganesh
  • IEEE/ACM Transactions on Networking, Vol. 26, Issue 1
  • DOI: 10.1109/TNET.2017.2765719

On Differentiating Eigenvalues and Eigenvectors
journal, August 1985

A parameterizable methodology for Internet traffic flow profiling
journal, January 1995

  • Claffy, K. C.; Braun, H. -W.; Polyzos, G. C.
  • IEEE Journal on Selected Areas in Communications, Vol. 13, Issue 8
  • DOI: 10.1109/49.464717

Quasi-random graphs with given degree sequences
journal, January 2007

  • Chung, Fan; Graham, Ron
  • Random Structures and Algorithms, Vol. 32, Issue 1
  • DOI: 10.1002/rsa.20188

Discovering important nodes through graph entropy the case of Enron email database
conference, January 2005

  • Shetty, Jitesh; Adibi, Jafar
  • Proceedings of the 3rd international workshop on Link discovery - LinkKDD '05
  • DOI: 10.1145/1134271.1134282

Finding community structure in networks using the eigenvectors of matrices
journal, September 2006

On the Distribution of the Roots of Certain Symmetric Matrices
journal, March 1958

  • Wigner, Eugene P.
  • The Annals of Mathematics, Vol. 67, Issue 2
  • DOI: 10.2307/1970008

Sparse Quasi-Random Graphs
journal, April 2002

Eigenvalues of Random Power law Graphs
journal, June 2003

Scan Statistics on Enron Graphs
journal, October 2005

  • Priebe, Carey E.; Conroy, John M.; Marchette, David J.
  • Computational and Mathematical Organization Theory, Vol. 11, Issue 3, p. 229-247
  • DOI: 10.1007/s10588-005-5378-z

Random Matrices: the Circular law
journal, April 2008

An Information Flow Model for Conflict and Fission in Small Groups
journal, December 1977

Routing Permutations on Graphs via Matchings
journal, May 1994

  • Alon, Noga; Chung, F. R. K.; Graham, R. L.
  • SIAM Journal on Discrete Mathematics, Vol. 7, Issue 3
  • DOI: 10.1137/S0895480192236628

A sharp upper bound on the largest Laplacian eigenvalue of weighted graphs
journal, November 2005

Quasi-random graphs
journal, February 1988

  • Chung, F. R. K.; Graham, R. L.; Wilson, R. M.
  • Proceedings of the National Academy of Sciences, Vol. 85, Issue 4
  • DOI: 10.1073/pnas.85.4.969

Spanning tree formulas and chebyshev polynomials
journal, December 1986

  • Boesch, F. T.; Prodinger, H.
  • Graphs and Combinatorics, Vol. 2, Issue 1
  • DOI: 10.1007/BF01788093

Quasi-random graphs
journal, December 1989

  • Chung, F. R. K.; Graham, R. L.; Wilson, R. M.
  • Combinatorica, Vol. 9, Issue 4
  • DOI: 10.1007/BF02125347

The expected eigenvalue distribution of a large regular graph
journal, October 1981

A holistic review of Network Anomaly Detection Systems: A comprehensive survey
journal, February 2019

The Eigenvalues of a Graph and Its Chromatic Number
journal, January 1967

Eigenvalues, diameter, and mean distance in graphs
journal, March 1991

Diameters and eigenvalues
journal, January 1989

Characteristic Vectors of Bordered Matrices With Infinite Dimensions
journal, November 1955

  • Wigner, Eugene P.
  • The Annals of Mathematics, Vol. 62, Issue 3
  • DOI: 10.2307/1970079

Spectra of random graphs with given expected degrees
journal, May 2003

  • Chung, F.; Lu, L.; Vu, V.
  • Proceedings of the National Academy of Sciences, Vol. 100, Issue 11
  • DOI: 10.1073/pnas.0937490100

Eigenvalue bounds for independent sets
journal, July 2008

Laplacian centrality: A new centrality measure for weighted networks
journal, July 2012

The average distances in random graphs with given expected degrees
journal, December 2002

  • Chung, F.; Lu, L.
  • Proceedings of the National Academy of Sciences, Vol. 99, Issue 25
  • DOI: 10.1073/pnas.252631999

Sparse random graphs: Eigenvalues and eigenvectors: Sparse Random Graphs
journal, March 2012

  • Tran, Linh V.; Vu, Van H.; Wang, Ke
  • Random Structures & Algorithms, Vol. 42, Issue 1
  • DOI: 10.1002/rsa.20406

The Spectra of Random Graphs with Given Expected Degrees
journal, January 2004

    Sort by:
    [ × clear filter / sort ]

    Similar Records in DOE PAGES and OSTI.GOV collections: