This is the program for the 2010 Joint Statistical Meetings in Vancouver, British Columbia.
Abstract Details
Activity Number:
|
494
|
Type:
|
Invited
|
Date/Time:
|
Wednesday, August 4, 2010 : 10:30 AM to 12:20 PM
|
Sponsor:
|
Section on Statistics in Defense and National Security
|
Abstract - #306251 |
Title:
|
Graph Anomalies in Cyber Communication
|
Author(s):
|
Scott Vander Wiel*+ and Curtis Storlie
|
Companies:
|
Los Alamos National Laboratory and Los Alamos National Laboratory
|
Address:
|
MS F600, Los Alamos, NM, 87545,
|
Keywords:
|
authentication logs ;
unauthorized access ;
suspicious
|
Abstract:
|
Enterprises monitor cyber traffic for viruses, intruders and stolen information. Detection methods look for known signatures of malicious traffic or search for anomalies with respect to a nominal reference model. Traditional anomaly detection focuses on aggregate traffic at central nodes or on user-level monitoring. More recently, however, traffic is being viewed more holistically as a dynamic communication graph. Attention to the graph nature of the traffic has expanded the types of anomalies that are being sought. We give an overview of several cyber data streams collected at Los Alamos National Laboratory and discuss current work in modeling the graph dynamics of traffic over the network. We consider global properties and local properties within the communication graph. A method for monitoring relative entropy on multiple correlated properties is discussed in detail.
|
The address information is for the authors that have a + after their name.
Authors who are presenting talks have a * after their name.
Back to the full JSM 2010 program
|
2010 JSM Online Program Home
For information, contact jsm@amstat.org or phone (888) 231-3473.
If you have questions about the Continuing Education program, please contact the Education Department.