Network modelling and anomaly detection at scale for cyber-security applications

Data arising in cyber-security applications often have a network, or graph-like, structure, and accurate statistical modelling of connectivity behaviour has important implications, for instance, for network intrusion detection. We present a linear algebraic approach to network modelling, which is massively scalable and also very general. In this approach, nodes are embedded in a finite dimensional latent space, where common statistical, signal-processing and machine-learning methodologies are then available, albeit with some new geometrical considerations. Mass testing for anomalous edges, correlations, and changepoints is then discussed. Results are illustrated on network data collected at Los Alamos National Laboratory.