DOE PAGES title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Directional Laplacian Centrality for Cyber Situational Awareness

Journal Article · · Digital Threats: Research and Practice
DOI: https://doi.org/10.1145/3450286 · OSTI ID:1828738

Cyber operations is drowning in diverse, high-volume, multi-source data. To get a full picture of current operations and identify malicious events and actors, analysts must see through data generated by a mix of human activity and benign automated processes. Although many monitoring and alert systems exist, they typically use signature-based detection methods. We introduce a general method rooted in spectral graph theory to discover patterns and anomalies without a priori knowledge of signatures. We derive and propose a new graph-theoretic centrality measure based on the derivative of the graph Laplacian matrix in the direction of a vertex. To build intuition about our measure, we show how it identifies the most central vertices in standard network datasets and compare to other graph centrality measures. Finally, we focus our attention on studying its effectiveness in identifying important IP addresses in network flow data. Using both real and synthetic network flow data, we conduct several experiments to test our measure’s sensitivity to two types of injected attack profiles and show that vertices participating in injected attack profiles exhibit noticeable changes in our centrality measures, even when the injected anomalies are relatively small, and in the presence of simulated network dynamics.

Research Organization:
Pacific Northwest National Laboratory (PNNL), Richland, WA (United States)
Sponsoring Organization:
USDOE
Grant/Contract Number:
AC05-76RL01830
OSTI ID:
1828738
Report Number(s):
PNNL-SA--155008
Journal Information:
Digital Threats: Research and Practice, Journal Name: Digital Threats: Research and Practice Journal Issue: 4 Vol. 2; ISSN 2692-1626
Publisher:
Association for Computing Machinery (ACM)Copyright Statement
Country of Publication:
United States
Language:
English

References (40)

The Eigenvalues of a Graph and Its Chromatic Number journal January 1967
Eigenvalues, diameter, and mean distance in graphs journal March 1991
Anomaly Detection and Attribution in Networks With Temporally Correlated Traffic journal February 2018
Quasi-random graphs journal February 1988
Characteristic Vectors of Bordered Matrices With Infinite Dimensions journal November 1955
Routing Permutations on Graphs via Matchings journal May 1994
Scan Statistics on Enron Graphs journal October 2005
Characteristic Vectors of Bordered Matrices With Infinite Dimensions journal November 1955
Eigenvalue bounds for independent sets journal July 2008
The Eigenvalues of a Graph and Its Chromatic Number journal January 1967
Sparse random graphs: Eigenvalues and eigenvectors: Sparse Random Graphs journal March 2012
On the Distribution of the Roots of Certain Symmetric Matrices journal March 1958
A property of eigenvectors of nonnegative symmetric matrices and its application to graph theory [A property of eigenvectors of nonnegative symmetric matrices and its application to graph theory] journal January 1975
The Spectra of Random Graphs with Given Expected Degrees journal January 2004
Quasi-random graphs journal December 1989
The Spectra of Random Graphs with Given Expected Degrees journal January 2004
Toward a Theory of Situation Awareness in Dynamic Systems journal March 1995
Spanning tree formulas and chebyshev polynomials journal December 1986
The expected eigenvalue distribution of a large regular graph journal October 1981
A property of eigenvectors of nonnegative symmetric matrices and its application to graph theory [A property of eigenvectors of nonnegative symmetric matrices and its application to graph theory] journal January 1975
Eigenvalues of Random Power law Graphs journal June 2003
Sparse Quasi-Random Graphs journal April 2002
An Information Flow Model for Conflict and Fission in Small Groups journal December 1977
The average distances in random graphs with given expected degrees journal December 2002
Diameters and eigenvalues journal January 1989
Finding community structure in networks using the eigenvectors of matrices journal September 2006
On Differentiating Eigenvalues and Eigenvectors journal August 1985
Eigenvalues, diameter, and mean distance in graphs journal March 1991
A parameterizable methodology for Internet traffic flow profiling journal January 1995
Laplacian centrality: A new centrality measure for weighted networks journal July 2012
The average distances in random graphs with given expected degrees journal December 2002
Flow Monitoring Explained: From Packet Capture to Data Analysis With NetFlow and IPFIX journal January 2014
Spectra of random graphs with given expected degrees journal May 2003
Random Matrices: the Circular law journal April 2008
Quasi-random graphs with given degree sequences journal January 2007
Discovering important nodes through graph entropy the case of Enron email database conference January 2005
A sharp upper bound on the largest Laplacian eigenvalue of weighted graphs journal November 2005
Graph Theoretic and Spectral Analysis of Enron Email Data journal October 2005
The expected eigenvalue distribution of a large regular graph journal October 1981
A holistic review of Network Anomaly Detection Systems: A comprehensive survey journal February 2019