Systematic assessment of the impact of user roles on network flow patterns
Dean, Jeffrey S.
MetadataShow full item record
Defining normal computer user behavior is critical to detecting potentially malicious activity. To facilitate this, some anomaly-detection systems group the profiles of users expected to behave similarly, setting thresholds of normal behavior for each group. One way to group users is to use organizational role labels, as people with similar roles in an organization often share common tasks and activities. Another way is to group users based on observed behavioral similarities. We tested the premise that users sharing roles behave similarly on networks, applying two machine-learning classifiers (nearest-centroid and a support vector machine) to differentiate between groups based on flow-data feature vectors. We conducted tests using 1.2 billion network-flow records from a large building at Naval Postgraduate School over five weeks. Tests showed similar results when they were conducted with and without removal of automated flows. Tests showed that users in role groups do not exhibit significantly similar network behaviors. We also clustered feature-vector data to group users by patterns of network behavior and showed that defining user groups this way provides a better way to bound normal user behavior.
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Schaub, Erika Ann; Darken, Christian J. (2007);Sociological models (e.g., social network analysis, small-group dynamics and gang models) have historically been used to predict the behavior of terrorist groups. However, they may not be the most appropriate method for ...
Bordetsky, Alex; Hutchins, Susan G.; Kemple, William G.; Bourakov, Eugene (Monterey, California. Naval Postgraduate School, 2004-09);The implications of using mobile wireless communications are significant for emerging peer-to-peer (P2P) collaborative environments. From a networking perspective, the use of wireless technologies to support collaboration ...
Raabe, Leopele S.; Blount, Gary S. (Monterey, California: Naval Postgraduate School, 2016-03);This thesis poses the question, What is the nature of the relationships between social embeddedness, structural efficiency, and organizational behavior within dark networks? The objectives of this thesis are twofold. The ...