The Effectiveness of Edge Centrality

Document Type

Conference Proceeding

Publication Date



Mathematics and Natural Sciences


Anomalies in network traffic are often detected using machine learning techniques, such a Artificial Neural Networks, Self-Organizing Maps, k-Nearest Neighbors, or Principal Component Analysis. These techniques are built upon certain predetermined features that are believed to be useful in detecting anomalies. Many researchers are using graph-based features, such as betweenness centrality or eigenvector centrality. The choice of these particular features is due to the assumption that they can be used to accurately predict an anomaly in the flow of traffic. However, there appears to be no solid foundation for these assumptions. This work investigates edge centralities and how accurately they predict anomalies using netflow data. We propose to use known traits of different network interactions to identify how information will flow. We will then predict which measures of centrality should be most applicable to these particular flows. Finally, using public cybersecurity data sets, we will investigate which measures of edge centrality accurately identify anomalies as outliers then make comparisons with our predictions. Ideally, this will allow us to choose graph-based features that are highly efficient in anomaly detection.