GraphPrints: Towards a graph analytic method for network anomaly detection

Christopher R. Harshaw, Robert A. Bridges, Michael D. Iannacone, Joel W. Reed, John R. Goodall

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

25 Scopus citations

Abstract

This paper introduces a novel graph-analytic approach for detecting anomalies in network ow data called GraphPrints. Building on foundational network-mining techniques, our method represents time slices of traffic as a graph, then counts graphlets|small induced subgraphs that describe local topology. By performing outlier detection on the sequence of graphlet counts, anomalous intervals of traffic are identified, and furthermore, individual IPs experiencing abnormal behavior are singled-out. Initial testing of Graph-Prints is performed on real network data with an implanted anomaly. Evaluation shows false positive rates bounded by 2.84% at the time-interval level, and 0.05% at the IP-level with 100% true positive rates at both.

Original languageEnglish
Title of host publicationProceedings of the 11th Annual Cyber and Information Security Research Conference, CISRC 2016
PublisherAssociation for Computing Machinery, Inc
ISBN (Electronic)9781450337526
DOIs
StatePublished - Apr 5 2016
Event11th Annual Cyber and Information Security Research Conference, CISRC 2016 - Oak Ridge, United States
Duration: Apr 5 2016Apr 7 2016

Publication series

NameProceedings of the 11th Annual Cyber and Information Security Research Conference, CISRC 2016

Conference

Conference11th Annual Cyber and Information Security Research Conference, CISRC 2016
Country/TerritoryUnited States
CityOak Ridge
Period04/5/1604/7/16

Keywords

  • Anomaly detection
  • Graphlet
  • Intrusion detection
  • Motif

Fingerprint

Dive into the research topics of 'GraphPrints: Towards a graph analytic method for network anomaly detection'. Together they form a unique fingerprint.

Cite this