Detecting communication anomalies in tactical networks via graph learning

Detecting communication anomalies in tactical networks via graph learning

A widely practiced approach for detecting suspicious communication in a network is to formulate the problem as statistical anomaly detection. However, the communication patterns in mission-oriented tactical networks are highly variable and have a much richer structure than incorporated by existing a...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Vashist, A., Chadha, R., Kaplan, M., Moeltner, K.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Anomaly detection
Correlation
Data models
Empirical distribution estimation
Frequency measurement
Graph based anomaly detection
Image edge detection
Information assurance
MANETs
Mobile ad hoc networks
Receivers
Vectors
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 6
container_issue
container_start_page 1
container_title
container_volume
creator Vashist, A.
Chadha, R.
Kaplan, M.
Moeltner, K.
description A widely practiced approach for detecting suspicious communication in a network is to formulate the problem as statistical anomaly detection. However, the communication patterns in mission-oriented tactical networks are highly variable and have a much richer structure than incorporated by existing anomaly detection methods. For instance, the legitimacy of a communication may depend on who sends the message to who, when and under what circumstances. Existing anomaly detection methods insensitively aggregate data losing critical contextual information about the structure of communication and as a consequence, they either fail to detect suspicious communication or produce excessive amount of false positives. We have developed an extended graph based anomaly detection method that allows us to incorporate the context and rich structure of communication in a mission-oriented tactical network to model and detect suspicious patterns. We use a vector-weighted multidigraph representation to model communication and use a given data to learn the graph, i.e., to determine the nodes, the edges, and their statistical attributes corresponding to normal communication. We then use deviations from the attributes of normal communications to detect the suspicious ones. We have applied the proposed approach to detect suspicious communication in a MANET comprising of USRP2 radios and successfully demonstrated the approach in TRL-6 demonstration of the TITAN project at Fort Dix. While our proposed approach is very general, only a part of it applies to the MANET under consideration and we used it to successfully detect various types of illegal messages, congestion, and the DDoS attack.
doi_str_mv 10.1109/MILCOM.2012.6415763
format Conference Proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_6415763</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>6415763</ieee_id><sourcerecordid>6415763</sourcerecordid><originalsourceid>FETCH-LOGICAL-i175t-5cb70aedb309ef6867d402cab2634cb249370b9ee9d4cadfaa37419f84a5dc713</originalsourceid><addsrcrecordid>eNo9kLtOw0AURJeXRAj5gjT7Aw77vt4SBQKWEqWBOrpeX4cFex3ZBsTfE4mIaoozc4phbC7FQkrh7zbFerndLJSQauGMtOD0GZt5yKVxoCVo4c7ZRElrM7C5u2A3J6C8uvwHkF-z2TC8CyGOVqfBTVjxQCOFMaY9D13bfqYYcIxd4pi6FptIA4-Jj3isBGx4ovG76z8G_hWR73s8vPGGsE_H_S27qrEZaHbKKXtdPb4sn7P19qlY3q-zKMGOmQ0lCKSq1MJT7XIHlREqYKmcNqFUxmsQpSfylQlY1YgajPR1btBWAaSesvmfNxLR7tDHFvuf3ekV_QurBFNo</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Detecting communication anomalies in tactical networks via graph learning</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Vashist, A. ; Chadha, R. ; Kaplan, M. ; Moeltner, K.</creator><creatorcontrib>Vashist, A. ; Chadha, R. ; Kaplan, M. ; Moeltner, K.</creatorcontrib><description>A widely practiced approach for detecting suspicious communication in a network is to formulate the problem as statistical anomaly detection. However, the communication patterns in mission-oriented tactical networks are highly variable and have a much richer structure than incorporated by existing anomaly detection methods. For instance, the legitimacy of a communication may depend on who sends the message to who, when and under what circumstances. Existing anomaly detection methods insensitively aggregate data losing critical contextual information about the structure of communication and as a consequence, they either fail to detect suspicious communication or produce excessive amount of false positives. We have developed an extended graph based anomaly detection method that allows us to incorporate the context and rich structure of communication in a mission-oriented tactical network to model and detect suspicious patterns. We use a vector-weighted multidigraph representation to model communication and use a given data to learn the graph, i.e., to determine the nodes, the edges, and their statistical attributes corresponding to normal communication. We then use deviations from the attributes of normal communications to detect the suspicious ones. We have applied the proposed approach to detect suspicious communication in a MANET comprising of USRP2 radios and successfully demonstrated the approach in TRL-6 demonstration of the TITAN project at Fort Dix. While our proposed approach is very general, only a part of it applies to the MANET under consideration and we used it to successfully detect various types of illegal messages, congestion, and the DDoS attack.</description><identifier>ISSN: 2155-7578</identifier><identifier>ISBN: 1467317292</identifier><identifier>ISBN: 9781467317290</identifier><identifier>EISSN: 2155-7586</identifier><identifier>EISBN: 9781467317306</identifier><identifier>EISBN: 1467317306</identifier><identifier>EISBN: 9781467317313</identifier><identifier>EISBN: 1467317314</identifier><identifier>DOI: 10.1109/MILCOM.2012.6415763</identifier><language>eng</language><publisher>IEEE</publisher><subject>Anomaly detection ; Correlation ; Data models ; Empirical distribution estimation ; Frequency measurement ; Graph based anomaly detection ; Image edge detection ; Information assurance ; MANETs ; Mobile ad hoc networks ; Receivers ; Vectors</subject><ispartof>MILCOM 2012 - 2012 IEEE Military Communications Conference, 2012, p.1-6</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/6415763$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,2058,27925,54920</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/6415763$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Vashist, A.</creatorcontrib><creatorcontrib>Chadha, R.</creatorcontrib><creatorcontrib>Kaplan, M.</creatorcontrib><creatorcontrib>Moeltner, K.</creatorcontrib><title>Detecting communication anomalies in tactical networks via graph learning</title><title>MILCOM 2012 - 2012 IEEE Military Communications Conference</title><addtitle>MILCOM</addtitle><description>A widely practiced approach for detecting suspicious communication in a network is to formulate the problem as statistical anomaly detection. However, the communication patterns in mission-oriented tactical networks are highly variable and have a much richer structure than incorporated by existing anomaly detection methods. For instance, the legitimacy of a communication may depend on who sends the message to who, when and under what circumstances. Existing anomaly detection methods insensitively aggregate data losing critical contextual information about the structure of communication and as a consequence, they either fail to detect suspicious communication or produce excessive amount of false positives. We have developed an extended graph based anomaly detection method that allows us to incorporate the context and rich structure of communication in a mission-oriented tactical network to model and detect suspicious patterns. We use a vector-weighted multidigraph representation to model communication and use a given data to learn the graph, i.e., to determine the nodes, the edges, and their statistical attributes corresponding to normal communication. We then use deviations from the attributes of normal communications to detect the suspicious ones. We have applied the proposed approach to detect suspicious communication in a MANET comprising of USRP2 radios and successfully demonstrated the approach in TRL-6 demonstration of the TITAN project at Fort Dix. While our proposed approach is very general, only a part of it applies to the MANET under consideration and we used it to successfully detect various types of illegal messages, congestion, and the DDoS attack.</description><subject>Anomaly detection</subject><subject>Correlation</subject><subject>Data models</subject><subject>Empirical distribution estimation</subject><subject>Frequency measurement</subject><subject>Graph based anomaly detection</subject><subject>Image edge detection</subject><subject>Information assurance</subject><subject>MANETs</subject><subject>Mobile ad hoc networks</subject><subject>Receivers</subject><subject>Vectors</subject><issn>2155-7578</issn><issn>2155-7586</issn><isbn>1467317292</isbn><isbn>9781467317290</isbn><isbn>9781467317306</isbn><isbn>1467317306</isbn><isbn>9781467317313</isbn><isbn>1467317314</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2012</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNo9kLtOw0AURJeXRAj5gjT7Aw77vt4SBQKWEqWBOrpeX4cFex3ZBsTfE4mIaoozc4phbC7FQkrh7zbFerndLJSQauGMtOD0GZt5yKVxoCVo4c7ZRElrM7C5u2A3J6C8uvwHkF-z2TC8CyGOVqfBTVjxQCOFMaY9D13bfqYYcIxd4pi6FptIA4-Jj3isBGx4ovG76z8G_hWR73s8vPGGsE_H_S27qrEZaHbKKXtdPb4sn7P19qlY3q-zKMGOmQ0lCKSq1MJT7XIHlREqYKmcNqFUxmsQpSfylQlY1YgajPR1btBWAaSesvmfNxLR7tDHFvuf3ekV_QurBFNo</recordid><startdate>201210</startdate><enddate>201210</enddate><creator>Vashist, A.</creator><creator>Chadha, R.</creator><creator>Kaplan, M.</creator><creator>Moeltner, K.</creator><general>IEEE</general><scope>6IE</scope><scope>6IH</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIO</scope></search><sort><creationdate>201210</creationdate><title>Detecting communication anomalies in tactical networks via graph learning</title><author>Vashist, A. ; Chadha, R. ; Kaplan, M. ; Moeltner, K.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i175t-5cb70aedb309ef6867d402cab2634cb249370b9ee9d4cadfaa37419f84a5dc713</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2012</creationdate><topic>Anomaly detection</topic><topic>Correlation</topic><topic>Data models</topic><topic>Empirical distribution estimation</topic><topic>Frequency measurement</topic><topic>Graph based anomaly detection</topic><topic>Image edge detection</topic><topic>Information assurance</topic><topic>MANETs</topic><topic>Mobile ad hoc networks</topic><topic>Receivers</topic><topic>Vectors</topic><toplevel>online_resources</toplevel><creatorcontrib>Vashist, A.</creatorcontrib><creatorcontrib>Chadha, R.</creatorcontrib><creatorcontrib>Kaplan, M.</creatorcontrib><creatorcontrib>Moeltner, K.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan (POP) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP) 1998-present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Vashist, A.</au><au>Chadha, R.</au><au>Kaplan, M.</au><au>Moeltner, K.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Detecting communication anomalies in tactical networks via graph learning</atitle><btitle>MILCOM 2012 - 2012 IEEE Military Communications Conference</btitle><stitle>MILCOM</stitle><date>2012-10</date><risdate>2012</risdate><spage>1</spage><epage>6</epage><pages>1-6</pages><issn>2155-7578</issn><eissn>2155-7586</eissn><isbn>1467317292</isbn><isbn>9781467317290</isbn><eisbn>9781467317306</eisbn><eisbn>1467317306</eisbn><eisbn>9781467317313</eisbn><eisbn>1467317314</eisbn><abstract>A widely practiced approach for detecting suspicious communication in a network is to formulate the problem as statistical anomaly detection. However, the communication patterns in mission-oriented tactical networks are highly variable and have a much richer structure than incorporated by existing anomaly detection methods. For instance, the legitimacy of a communication may depend on who sends the message to who, when and under what circumstances. Existing anomaly detection methods insensitively aggregate data losing critical contextual information about the structure of communication and as a consequence, they either fail to detect suspicious communication or produce excessive amount of false positives. We have developed an extended graph based anomaly detection method that allows us to incorporate the context and rich structure of communication in a mission-oriented tactical network to model and detect suspicious patterns. We use a vector-weighted multidigraph representation to model communication and use a given data to learn the graph, i.e., to determine the nodes, the edges, and their statistical attributes corresponding to normal communication. We then use deviations from the attributes of normal communications to detect the suspicious ones. We have applied the proposed approach to detect suspicious communication in a MANET comprising of USRP2 radios and successfully demonstrated the approach in TRL-6 demonstration of the TITAN project at Fort Dix. While our proposed approach is very general, only a part of it applies to the MANET under consideration and we used it to successfully detect various types of illegal messages, congestion, and the DDoS attack.</abstract><pub>IEEE</pub><doi>10.1109/MILCOM.2012.6415763</doi><tpages>6</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 2155-7578
ispartof MILCOM 2012 - 2012 IEEE Military Communications Conference, 2012, p.1-6
issn 2155-7578
2155-7586
language eng
recordid cdi_ieee_primary_6415763
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Anomaly detection
Correlation
Data models
Empirical distribution estimation
Frequency measurement
Graph based anomaly detection
Image edge detection
Information assurance
MANETs
Mobile ad hoc networks
Receivers
Vectors
title Detecting communication anomalies in tactical networks via graph learning
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-27T14%3A55%3A22IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Detecting%20communication%20anomalies%20in%20tactical%20networks%20via%20graph%20learning&rft.btitle=MILCOM%202012%20-%202012%20IEEE%20Military%20Communications%20Conference&rft.au=Vashist,%20A.&rft.date=2012-10&rft.spage=1&rft.epage=6&rft.pages=1-6&rft.issn=2155-7578&rft.eissn=2155-7586&rft.isbn=1467317292&rft.isbn_list=9781467317290&rft_id=info:doi/10.1109/MILCOM.2012.6415763&rft_dat=%3Cieee_6IE%3E6415763%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&rft.eisbn=9781467317306&rft.eisbn_list=1467317306&rft.eisbn_list=9781467317313&rft.eisbn_list=1467317314&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=6415763&rfr_iscdi=true