By Topic

Detecting communication anomalies in tactical networks via graph learning

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Vashist, A. ; Appl. Commun. Sci., One Telcordia Dr, Piscataway, NJ, USA ; Chadha, R. ; Kaplan, M. ; Moeltner, K.

A widely practiced approach for detecting suspicious communication in a network is to formulate the problem as statistical anomaly detection. However, the communication patterns in mission-oriented tactical networks are highly variable and have a much richer structure than incorporated by existing anomaly detection methods. For instance, the legitimacy of a communication may depend on who sends the message to who, when and under what circumstances. Existing anomaly detection methods insensitively aggregate data losing critical contextual information about the structure of communication and as a consequence, they either fail to detect suspicious communication or produce excessive amount of false positives. We have developed an extended graph based anomaly detection method that allows us to incorporate the context and rich structure of communication in a mission-oriented tactical network to model and detect suspicious patterns. We use a vector-weighted multidigraph representation to model communication and use a given data to learn the graph, i.e., to determine the nodes, the edges, and their statistical attributes corresponding to normal communication. We then use deviations from the attributes of normal communications to detect the suspicious ones. We have applied the proposed approach to detect suspicious communication in a MANET comprising of USRP2 radios and successfully demonstrated the approach in TRL-6 demonstration of the TITAN project at Fort Dix. While our proposed approach is very general, only a part of it applies to the MANET under consideration and we used it to successfully detect various types of illegal messages, congestion, and the DDoS attack.

Published in:


Date of Conference:

Oct. 29 2012-Nov. 1 2012