This is the program for the 2010 Joint Statistical Meetings in Vancouver, British Columbia.

Abstract Details

Activity Number: 494
Type: Invited
Date/Time: Wednesday, August 4, 2010 : 10:30 AM to 12:20 PM
Sponsor: Section on Statistics in Defense and National Security
Abstract - #306251
Title: Graph Anomalies in Cyber Communication
Author(s): Scott Vander Wiel*+ and Curtis Storlie
Companies: Los Alamos National Laboratory and Los Alamos National Laboratory
Address: MS F600, Los Alamos, NM, 87545,
Keywords: authentication logs ; unauthorized access ; suspicious

Enterprises monitor cyber traffic for viruses, intruders and stolen information. Detection methods look for known signatures of malicious traffic or search for anomalies with respect to a nominal reference model. Traditional anomaly detection focuses on aggregate traffic at central nodes or on user-level monitoring. More recently, however, traffic is being viewed more holistically as a dynamic communication graph. Attention to the graph nature of the traffic has expanded the types of anomalies that are being sought. We give an overview of several cyber data streams collected at Los Alamos National Laboratory and discuss current work in modeling the graph dynamics of traffic over the network. We consider global properties and local properties within the communication graph. A method for monitoring relative entropy on multiple correlated properties is discussed in detail.

The address information is for the authors that have a + after their name.
Authors who are presenting talks have a * after their name.

Back to the full JSM 2010 program

2010 JSM Online Program Home

For information, contact or phone (888) 231-3473.

If you have questions about the Continuing Education program, please contact the Education Department.