skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Graph anomalies in cyber communications

Abstract

Enterprises monitor cyber traffic for viruses, intruders and stolen information. Detection methods look for known signatures of malicious traffic or search for anomalies with respect to a nominal reference model. Traditional anomaly detection focuses on aggregate traffic at central nodes or on user-level monitoring. More recently, however, traffic is being viewed more holistically as a dynamic communication graph. Attention to the graph nature of the traffic has expanded the types of anomalies that are being sought. We give an overview of several cyber data streams collected at Los Alamos National Laboratory and discuss current work in modeling the graph dynamics of traffic over the network. We consider global properties and local properties within the communication graph. A method for monitoring relative entropy on multiple correlated properties is discussed in detail.

Authors:
 [1];  [1];  [1];  [1];  [1]
  1. Los Alamos National Laboratory
Publication Date:
Research Org.:
Los Alamos National Laboratory (LANL), Los Alamos, NM (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1046548
Report Number(s):
LA-UR-11-00221; LA-UR-11-221
TRN: US201215%%509
DOE Contract Number:  
AC52-06NA25396
Resource Type:
Conference
Resource Relation:
Conference: INFORMS Computing Society Conference ; January 9, 2011 ; Monterery, CA
Country of Publication:
United States
Language:
English
Subject:
97 MATHEMATICAL METHODS AND COMPUTING; COMMUNICATIONS; DETECTION; ENTROPY; LANL; MONITORING; MONITORS; SIMULATION; VIRUSES

Citation Formats

Vander Wiel, Scott A, Storlie, Curtis B, Sandine, Gary, Hagberg, Aric A, and Fisk, Michael. Graph anomalies in cyber communications. United States: N. p., 2011. Web.
Vander Wiel, Scott A, Storlie, Curtis B, Sandine, Gary, Hagberg, Aric A, & Fisk, Michael. Graph anomalies in cyber communications. United States.
Vander Wiel, Scott A, Storlie, Curtis B, Sandine, Gary, Hagberg, Aric A, and Fisk, Michael. 2011. "Graph anomalies in cyber communications". United States. https://www.osti.gov/servlets/purl/1046548.
@article{osti_1046548,
title = {Graph anomalies in cyber communications},
author = {Vander Wiel, Scott A and Storlie, Curtis B and Sandine, Gary and Hagberg, Aric A and Fisk, Michael},
abstractNote = {Enterprises monitor cyber traffic for viruses, intruders and stolen information. Detection methods look for known signatures of malicious traffic or search for anomalies with respect to a nominal reference model. Traditional anomaly detection focuses on aggregate traffic at central nodes or on user-level monitoring. More recently, however, traffic is being viewed more holistically as a dynamic communication graph. Attention to the graph nature of the traffic has expanded the types of anomalies that are being sought. We give an overview of several cyber data streams collected at Los Alamos National Laboratory and discuss current work in modeling the graph dynamics of traffic over the network. We consider global properties and local properties within the communication graph. A method for monitoring relative entropy on multiple correlated properties is discussed in detail.},
doi = {},
url = {https://www.osti.gov/biblio/1046548}, journal = {},
number = ,
volume = ,
place = {United States},
year = {Tue Jan 11 00:00:00 EST 2011},
month = {Tue Jan 11 00:00:00 EST 2011}
}

Conference:
Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share: