This is the program for the 2010 Joint Statistical Meetings in Vancouver, British Columbia.

Abstract Details

Activity Number: 494
Type: Invited
Date/Time: Wednesday, August 4, 2010 : 10:30 AM to 12:20 PM
Sponsor: Section on Statistics in Defense and National Security
Abstract - #306138
Title: Graph-Based Network Anomaly Detection
Author(s): Joshua Charles Neil*+ and Mike Fisk and Curtis Storlie and Alexander Brugh
Companies: Los Alamos National Laboratory and Los Alamos National Laboratory and University of New Mexico and Los Alamos National Laboratory
Address: PO Box 1663, Los Alamos, NM, 87545,
Keywords: Anomaly Detection ; Computer Networks ; Cyber Security ; Graph ; Stochastic Models ; Scan Statistics

Network anomaly detection is a vital aspect of modern computer security. To this end, engineers at Los Alamos National Laboratory have installed sensors on the network to collect an enormous amount of data on usage. A key aspect of this type of data is that it can be described using graphs. To accomplish anomaly detection, first we use stochastic processes to model the edges of the graph. Next, we use methods borrowed from scan statistics to combine anomaly scores from edges in a neighborhood. We then use this technique to locate neighborhoods and paths in the network which are least likely to occur under normal conditions. This results in a more robust system than host-based detection, where the connections between hosts are ignored. In addition, it more accurately reflects the behavior of attackers, who tend to explore local areas in the graph, producing anomalous neighborhoods.

The address information is for the authors that have a + after their name.
Authors who are presenting talks have a * after their name.

Back to the full JSM 2010 program

2010 JSM Online Program Home

For information, contact or phone (888) 231-3473.

If you have questions about the Continuing Education program, please contact the Education Department.