Examining the Effect of Organizational Roles in Shaping Network Traffic Activity
Xie, Geoffrey G.
MetadataShow full item record
We hypothesize that a computer user’s environment shapes the characteristics of his/her network traffic. In particular, we focus on whether a user’s role at the work place induces discriminating characteristics, due to the task requirements of assuming that role. If true, this shaping can enable development of useful indicators for detecting insider threat activities. We develop a methodology to evaluate this hypothesis, characterized by (i) new traffic similarity metrics for quantifying the variations of flow-level traffic activities between role-based user groups; (ii) use of exclusively Netflow data to build user/group discriminating features; and (iii) a rigorous process for attributing flows to users and mapping users to roles. We evaluate the role-based hypothesis using a four-week long dataset of Netflow records from a university building. We measure inter-system similarities using several flow based methodologies, and show significant levels of value overlap when computing inter and intra role-based group similarities. We did observe indications that similar roles lead to similar allocations of time for related tasks. We also found that most of the user traffic features under consideration persist over time, with a typical similarity value of above 0.8 week to week. These findings lead us to believe that measuring role based group characteristics on the network requires atemporal component for the characterization to be useful.
NPS Report NumberNPS-CS-13-001
Showing items related by title, author, creator and subject.
Wang, Beng Wei (Monterey, California. Naval Postgraduate School, 2007-03);Wireless sensor networks have been widely researched for use in both military and commercial applications. They are especially of interest to the military planners as they can be deployed in hostile environments to collect ...
Turksoyu, Faith (2001-03);Traffic modeling is an important component of the design of any communication network. This is even more crucial emerging networks, which are expected to operate in high speed and high bandwidth environments. As the design ...
Gallup, Shelley P.; Anderson, Tom; Garza, Victor (Bob); Irvine, Nelson; Wood, Brian (Woodie) (2016);There is no process or system capable of detecting obfuscated network traffic on DOD networks, and the quantity of obfuscated traffic on DOD networks is unknown. The presence of obfuscated traffic on a DOD network creates ...