Show simple item record

dc.contributor.advisorRowe, Neil
dc.contributor.authorDean, Jeffrey S.
dc.dateSep-17
dc.date.accessioned2017-11-07T23:39:12Z
dc.date.available2017-11-07T23:39:12Z
dc.date.issued2017-09
dc.identifier.urihttp://hdl.handle.net/10945/56119
dc.descriptionApproved for public release; distribution is unlimiteden_US
dc.description.abstractDefining normal computer user behavior is critical to detecting potentially malicious activity. To facilitate this, some anomaly-detection systems group the profiles of users expected to behave similarly, setting thresholds of normal behavior for each group. One way to group users is to use organizational role labels, as people with similar roles in an organization often share common tasks and activities. Another way is to group users based on observed behavioral similarities. We tested the premise that users sharing roles behave similarly on networks, applying two machine-learning classifiers (nearest-centroid and a support vector machine) to differentiate between groups based on flow-data feature vectors. We conducted tests using 1.2 billion network-flow records from a large building at Naval Postgraduate School over five weeks. Tests showed similar results when they were conducted with and without removal of automated flows. Tests showed that users in role groups do not exhibit significantly similar network behaviors. We also clustered feature-vector data to group users by patterns of network behavior and showed that defining user groups this way provides a better way to bound normal user behavior.en_US
dc.publisherMonterey, California: Naval Postgraduate Schoolen_US
dc.rightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. As such, it is in the public domain, and under the provisions of Title 17, United States Code, Section 105, it may not be copyrighted.en_US
dc.titleSystematic assessment of the impact of user roles on network flow patternsen_US
dc.typeThesisen_US
dc.contributor.departmentComputer Science (CS)
dc.subject.authornetflowen_US
dc.subject.authoruser behavioren_US
dc.subject.authormachine learningen_US
dc.subject.authororganizational roleen_US
dc.description.serviceCivilian, United States Air Forceen_US
etd.thesisdegree.nameDoctor of Philosophy in Computer Scienceen_US
etd.thesisdegree.levelDoctoralen_US
etd.thesisdegree.disciplineComputer Scienceen_US
etd.thesisdegree.grantorNaval Postgraduate Schoolen_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record