Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library


Anomaly Detection in Bipartite Networks

  • Abstract

    Graph analysis can capture relationships between IPs and can be used to identify and rank anomalous IPs from NetFlow data. If NetFlow data is collected at the edge of the network, as often is the case, internal and external roles of IPs and relationships between them are either unknown or incomplete. Inferred relationships between the external IPs can add context that can provide insights of this coordination between the nodes.

    This presentation focuses on scalable and flexible techniques for applying graph analytics on various types of logs that have bipartite structure, as well as methodologies to further narrow returned results to anomalous/outlier cases that may be indicative of a cyber security event.

  • Download

Part of a Collection

FloCon 2018 Presentations