@inproceedings{541f72d13bce471aa598558259bf86e7,
title = "GraphPrints: Towards a graph analytic method for network anomaly detection",
abstract = "This paper introduces a novel graph-analytic approach for detecting anomalies in network ow data called GraphPrints. Building on foundational network-mining techniques, our method represents time slices of traffic as a graph, then counts graphlets|small induced subgraphs that describe local topology. By performing outlier detection on the sequence of graphlet counts, anomalous intervals of traffic are identified, and furthermore, individual IPs experiencing abnormal behavior are singled-out. Initial testing of Graph-Prints is performed on real network data with an implanted anomaly. Evaluation shows false positive rates bounded by 2.84% at the time-interval level, and 0.05% at the IP-level with 100% true positive rates at both.",
keywords = "Anomaly detection, Graphlet, Intrusion detection, Motif",
author = "Harshaw, {Christopher R.} and Bridges, {Robert A.} and Iannacone, {Michael D.} and Reed, {Joel W.} and Goodall, {John R.}",
note = "Publisher Copyright: {\textcopyright} 2016 ACM.; 11th Annual Cyber and Information Security Research Conference, CISRC 2016 ; Conference date: 05-04-2016 Through 07-04-2016",
year = "2016",
month = apr,
day = "5",
doi = "10.1145/2897795.2897806",
language = "English",
series = "Proceedings of the 11th Annual Cyber and Information Security Research Conference, CISRC 2016",
publisher = "Association for Computing Machinery, Inc",
booktitle = "Proceedings of the 11th Annual Cyber and Information Security Research Conference, CISRC 2016",
}