Towards improved detection of attackers in computer networks: New edges, fast updating, and host agents

Joshua Neil, Benjamin Uphoff, Curtis Hash, Curtis Storlie

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Scopus citations

Abstract

This paper focuses on several important topics related to subgraph anomaly detection for computer networks. First, we briefly discuss a graph based view of a computer network consisting of nodes (computers) and edges (time-series of communications between computers), and how stochastic models of groups of edges can be used to identify local anomalous areas of the network indicating the traversal of attackers. Next, the concept of a new edge, an edge between two computers that have never communicated before, is introduced, and a model for establishing the probability of such an event is provided. We follow this with a discussion of exponentially weighted moving averages for updating models of edges. Next, as measuring network data for the purposes of anomaly detection is difficult we discuss a host agent designed specifically to gather this type of data. Finally, the performance of anomaly detection using this host agent to collect data is compared with that of DNS data.

Original languageEnglish (US)
Title of host publicationProceedings - 2013 6th International Symposium on Resilient Control Systems, ISRCS 2013
PublisherIEEE Computer Society
Pages218-224
Number of pages7
ISBN (Print)9781479905034
DOIs
StatePublished - 2013
Event2013 6th International Symposium on Resilient Control Systems, ISRCS 2013 - San Francisco, CA, United States
Duration: Aug 13 2013Aug 15 2013

Publication series

NameProceedings - 2013 6th International Symposium on Resilient Control Systems, ISRCS 2013

Other

Other2013 6th International Symposium on Resilient Control Systems, ISRCS 2013
CountryUnited States
CitySan Francisco, CA
Period8/13/138/15/13

Keywords

  • Dynamic Graph
  • Host Agent
  • Network Attack Detection

ASJC Scopus subject areas

  • Control and Systems Engineering

Fingerprint Dive into the research topics of 'Towards improved detection of attackers in computer networks: New edges, fast updating, and host agents'. Together they form a unique fingerprint.

  • Cite this

    Neil, J., Uphoff, B., Hash, C., & Storlie, C. (2013). Towards improved detection of attackers in computer networks: New edges, fast updating, and host agents. In Proceedings - 2013 6th International Symposium on Resilient Control Systems, ISRCS 2013 (pp. 218-224). [6623779] (Proceedings - 2013 6th International Symposium on Resilient Control Systems, ISRCS 2013). IEEE Computer Society. https://doi.org/10.1109/ISRCS.2013.6623779