Anomaly Detection in Bipartite Networks
January 2018 • Presentation
In this presentation, the author discusses automated methods to identify anomalies in cyber networks with data collected at the edge of a network (or other bipartite network).
Graph analysis can capture relationships between IPs and can be used to identify and rank anomalous IPs from NetFlow data. If NetFlow data is collected at the edge of the network, as often is the case, internal and external roles of IPs and relationships between them are either unknown or incomplete. Inferred relationships between the external IPs can add context that can provide insights of this coordination between the nodes.
This presentation focuses on scalable and flexible techniques for applying graph analytics on various types of logs that have bipartite structure, as well as methodologies to further narrow returned results to anomalous/outlier cases that may be indicative of a cyber security event.