Ebsco publishing ebook collection ebscohost printed

Info icon This preview shows pages 95–98. Sign up to view the full content.

View Full Document Right Arrow Icon
EBSCO Publishing : eBook Collection (EBSCOhost) - printed on 2/16/2016 3:37 AM via CGC-GROUP OF COLLEGES (GHARUAN) AN: 779681 ; Heard, Nicholas, Adams, Niall M..; Data Analysis for Network Cyber-security Account: ns224671
Image of page 95

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
96 J. Neil, C. Storlie, C. Hash and A. Brugh (a) Caterpillar A (b) Detection Heat Map Fig. 3.7. Anomaly graph and heat map for Caterpillar A. The true anomaly is given on the left, with anomalous edges colored red and purple. Green nodes and edges are uninvolved in the anomaly, but are provided to give context. The more green edges, the more chance of false discovery. The detected heat map is displayed on the right, with darker red indicating more evidence of an anomaly. missed, and many false edges were detected. Since star scans cannot overlap, there is no concept of heat in this visualization. Red indicates the edge was detected, and the light blue nodes are to provide the graph context. 3.6. Real Network Detections Since our goal with this work is a system that runs in real time, on real networks such as LANL’s internal network, we considered it an important milestone to run, at least in prototype form, a path scan on real data from such a network. Therefore, in this section we describe two path-scan analyses of data contained in LANL’s historic data archives. 3.6.1. Detection of user change The HMM models whose parameters were estimated from real data in 2011, ending 30 days later, were used for this study. We chose to test for an elevation in p 01 . Initially, we attempted a test of both parameters, but we Copyright © 2014. Imperial College Press. All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law. EBSCO Publishing : eBook Collection (EBSCOhost) - printed on 2/16/2016 3:37 AM via CGC-GROUP OF COLLEGES (GHARUAN) AN: 779681 ; Heard, Nicholas, Adams, Niall M..; Data Analysis for Network Cyber-security Account: ns224671
Image of page 96
Statistical Detection of Intruders Within Computer Networks 97 Fig. 3.8. Star scanning results for Caterpillar A. Detected edges are plotted in red. The light blue nodes are to provide context. encountered several numerical problems with testing the high-state mean that could only be resolved with a more custom model for this data. In addition, testing for only a p 01 change had good performance in simulation, especially when the mean was also anomalously high. Since we used simulated data to set p -value thresholds in the simu- lations, we require new thresholds when preparing to scan on real data. Therefore, the next ten days of data, starting March 2 and ending March 12, were used to obtain these thresholds, using a discovery rate of one detection per day. Finally, the next 20 days were scanned using 3-paths. Note that completely unestimated (new) edges did arise in this data set. For this example, we used these new edges in enumeration, allow- ing estimated edges to be “bridged” by the new edges in the paths. But we did not use the data on these new edges to contribute to the path GLRT score.
Image of page 97

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 98
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern