Discrete Mathematical Approaches to Traffic Graph Analysis
January 2015 • Presentation
Cliff Joslyn (Pacific Northwest National Laboratory), Wendy Cowley (Pacific Northwest National Laboratory), Emilie Hogan (Pacific Northwest National Laboratory), Bryan Olsen (Pacific Northwest National Laboratory)
In this presentation, the authors discuss NetFlow multigraphs and graph statistics and provide characterizations of IP interaction during simulated attacks.
In this presentation, the authors describe
- A basic characterization of the formal structure of NetFlow multigraphs, both at the detailed IP:Port level and their scalar projections to subgraphs involving only IPs and ports
- A description of the VAST 2013 cyber challenge test data″ Some analytical results using basic NetFlow graph statistics
- A characterization of IP interaction during simulated attacks using a simple, but novel, theoretical measure of the labeled degree distribution of the flow nodes
Another characterization of the temporal characteristics of flows in attacks, using the mathematical order relationships of flow time intervals, and interval arithmetic to measure their separationsThese analytic methods are in the process of being deployed on operational data. But even against test data, in addition to highlighting the potential significance against real data, they reveal aspects and even artifacts of the simulation itself, indicating the promise for this approach.