Towards a network-of-networks framework for cyber security

Halappanavar, Mahantesh; Choudhury, Sutanay; Hogan, Emilie; Hui, Peter; Johnson, John R.; Ray, Indrajit; Holder, Lawrence B.

doi:10.1109/isi.2013.6578796

Cited by 9 publications

(6 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Including different critical infrastructure networks, cyberspace is a multi-layer network of network [8] . Through decomposition, cyberspace model can uniformly describe homogeneous and heterogeneous entities interacting with their complex relationships in multi-layer cyberspace.…”

Section: Sub-hypergraphs Represent Multi-layersmentioning

confidence: 99%

See 1 more Smart Citation

Research and Construction Model of Cyberspace Based on Hypergraph

Cheng¹

2016

Proceedings of the 2016 5th International Conference on Advanced Materials and Computer Science

View full text Add to dashboard Cite

Abstract. With the increasing number of cyber incidents currently, cyberspace has become a more and more important domain. Lack of suitable models to characterize cyberspace makes it hard to carry on researches in this area. This paper presents a novel cyberspace model based on hypergraph to describe homogeneous and heterogeneous entities interacting through complex relationships in multi-layer cyberspace. By decomposition of proposed hypergraph model into sub-hypergraphs, we described multi-layers and relationships in cyberspace.

show abstract

Section: Sub-hypergraphs Represent Multi-layersmentioning

confidence: 99%

“…However, a graph can only capture binary relations between homogeneous entities [8] , it is not able to distinguish between heterogeneous entities and different types of entity relationships in cyberspace. Cyberspace covers from network equipment, physical environment, to people and organization.…”

Section: Introductionmentioning

confidence: 99%

Research and Construction Model of Cyberspace Based on Hypergraph

Cheng¹

2016

Proceedings of the 2016 5th International Conference on Advanced Materials and Computer Science

View full text Add to dashboard Cite

show abstract

“…Furthermore, we color an edge blue if at least one of the ports is well known (i.e., less than 1024) and red if both ports are not well known (1024 or greater). 2 Since multiple flows can occur between the same pair of IPs in the time interval, H is a multi-digraph, meaning it admits multiple edges between any pair of vertices, and we aggregate the multi-edges to create the desired graph, G. Specifically, for each source vertex i and destination vertex j of H, let Bi,j (Ri,j) be the sum of edge weights, total bytes, over the blue (red) edges from i to j. If Bi,j > Ri,j (Ri,j ≥ Bi,j), create a blue (red) edge from i to j in G. Thus our final graph, G, has colored,…”

Section: Representation Of Flow Data As Graphsmentioning

confidence: 99%

“…We note that the idea for multi-level anomaly detection on time-varying graph data follows contributions of Bridges et al [1], which create a generative model for detection on synthetic graph data at node, community, and whole graph levels. Additionally, a position paper of Halappanavar et al [2] outlines a network-of-network design for cyber security applications and calls for graphlet analysis of flow data, but to our knowledge no implementation of these ideas has yet been pursued.…”

Section: Introductionmentioning

confidence: 99%

GraphPrints: Towards a Graph Analytic Method for Network Anomaly Detection

Harshaw,

Bridges,

Iannacone

et al. 2016

Preprint

View full text Add to dashboard Cite

This paper introduces a novel graph-analytic approach for detecting anomalies in network flow data called GraphPrints. Building on foundational network-mining techniques, our method represents time slices of traffic as a graph, then counts graphlets-small induced subgraphs that describe local topology. By performing outlier detection on the sequence of graphlet counts, anomalous intervals of traffic are identified, and furthermore, individual IPs experiencing abnormal behavior are singled-out. Initial testing of Graph-Prints is performed on real network data with an implanted anomaly. Evaluation shows false positive rates bounded by 2.84% at the time-interval level, and 0.05% at the IP-level with 100% true positive rates at both.

show abstract

“…We adopt the later solution as the former solution is perfect but no feasible. In real cyber environment, cyberspace is a network of network [7] . Form the horizontal view, cyberspace consists many network such as telecommunications networks, computer systems, and embedded processors and controllers [1] .…”

Section: Introductionmentioning

confidence: 99%

An Event-Based Method of Construction of Cyberspace Models

Wang¹,

Zhang²,

Che³

et al. 2015

Proceedings of the 4th International Conference on Mechatronics, Materials, Chemistry and Computer Engineering 2015

View full text Add to dashboard Cite

Abstract. Cyberspace has become an important domain the same as the land, sea, air and space. Many cyberspace models were proposed to explain such a high coupled complex domain, but lack of practical method of construction these models make them hard to function. This paper proposes an event based method of construction of cyberspace models. We formalize a cyber event as an attribute group by abstracting key elements of the event. Through entity-mapping and relation-mapping, we construct cyberspace models base on graph theory by representing cyber entities as vertexes and relations between entities as edges.

show abstract

Towards a network-of-networks framework for cyber security

Cited by 9 publications

References 21 publications

Research and Construction Model of Cyberspace Based on Hypergraph

Research and Construction Model of Cyberspace Based on Hypergraph

GraphPrints: Towards a Graph Analytic Method for Network Anomaly Detection

An Event-Based Method of Construction of Cyberspace Models

Contact Info

Product

Resources

About