Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overlapping Communities for Identifying Misbehavior in Network Communications 1 Overlapping Communities for Identifying Misbehavior in Network Communications.

Published byDaisy Carson Modified over 9 years ago

Similar presentations

Presentation on theme: "Overlapping Communities for Identifying Misbehavior in Network Communications 1 Overlapping Communities for Identifying Misbehavior in Network Communications."— Presentation transcript:

1 Overlapping Communities for Identifying Misbehavior in Network Communications 1 Overlapping Communities for Identifying Misbehavior in Network Communications Farnaz Moradi, Tomas Olovsson, Philippas Tsigas

2 Overlapping Communities for Identifying Misbehavior in Network Communications 2 Identifying anomalies/intrusions in a graph generated from Internet traffic Intrusion can be defined as entering communities to which one does not belong [Ding et al. 2012] –A modularity-based community detection algorithm is not useful Our alternative definition is being member of multiple communities –Algorithms which find overlapping communities can be used for intrusion detection –Non-overlapping communities can be enhanced with auxiliary communities for intrusion detection Network Misbehavior

3 Overlapping Communities for Identifying Misbehavior in Network Communications 3 Community detection algorithms –Overlapping –Non-overlapping Framework for network misbehavior detection Experimental results –Scanning –Spamming Conclusions Outline

4 Overlapping Communities for Identifying Misbehavior in Network Communications 4 Community Detection Non-overlapping Community: a group of densly connected nodes with sparse connections with the rest of the network Overlapping

5 Overlapping Communities for Identifying Misbehavior in Network Communications 5 Enhancing non-overlapping communities NA: Neighboring Auxiliary communities EA: Egonet Auxiliary communities of sink nodes Auxiliary Communities... NA communities EA communities

6 Overlapping Communities for Identifying Misbehavior in Network Communications 6 Non-overlapping algorithms –Blondel (Louvain method), [Blondel et al. 2008] Fast Modularity Optimization Blondel L1 : the first level of clustering hierarchy –Infomap, [Rosvall & Bergstrom 2008] Overlapping algorithms –LC, [Ahn et al. 2010] –LG, [Evans & Lambiotte 2009] –SLPA, [Xie & Szymanski 2012] –OSLOM, [Lancichinetti et al. 2011] –DEMON, [Coscia et al. 2012] Community Detection Algorithms

7 Overlapping Communities for Identifying Misbehavior in Network Communications 7 The network misbehavior detection framework uses: –A community detection algorithm overlapping algorithm non-overlapping algorithm enhanced with auxiliary communities –Filters Community-based properties Application specific properties An anomaly score is assigned to each node Framework Anomaly Score Community properties Neighbor properties Overlapping communities

8 Overlapping Communities for Identifying Misbehavior in Network Communications 8 Experimental Results Scan Incoming traffic flows to SUNET Malicious sources –DShield/SRI reports Blondel L1 enhanced with EA communities Community properties

9 Overlapping Communities for Identifying Misbehavior in Network Communications 9 Incoming and outgoing SMTP traffic on SUNET Spam senders –Content-based filter Community properties Experimental Results Spam

10 Overlapping Communities for Identifying Misbehavior in Network Communications 10 Experimental Results Spam OverlappingNon-overlapping

11 Overlapping Communities for Identifying Misbehavior in Network Communications 11 Community detection algorithms can be deployed as the basis for network misbehavior detection –auxiliary communities –overlapping algorithms Algorithms which identify coarse-grained communities are not suitable for anomaly detection EA auxiliary communities are more useful than NA communities Conclusions

Download ppt "Overlapping Communities for Identifying Misbehavior in Network Communications 1 Overlapping Communities for Identifying Misbehavior in Network Communications."

Similar presentations

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.
Inferring Peer Centrality in Socially-Informed P2P Systems Nicolas Kourtellis, Adriana Iamnitchi Department of Computer Science & Engineering University.

Inferring Peer Centrality in Socially-Informed P2P Systems Nicolas Kourtellis, Adriana Iamnitchi Department of Computer Science & Engineering University.
Benchmarking traversal operations over graph databases Marek Ciglan 1, Alex Averbuch 2 and Ladialav Hluchý 1 1 Institute of Informatics, Slovak Academy.

Benchmarking traversal operations over graph databases Marek Ciglan 1, Alex Averbuch 2 and Ladialav Hluchý 1 1 Institute of Informatics, Slovak Academy.
ICDE 2014 LinkSCAN*: Overlapping Community Detection Using the Link-Space Transformation Sungsu Lim †, Seungwoo Ryu ‡, Sejeong Kwon§, Kyomin Jung ¶, and.

ICDE 2014 LinkSCAN*: Overlapping Community Detection Using the Link-Space Transformation Sungsu Lim †, Seungwoo Ryu ‡, Sejeong Kwon§, Kyomin Jung ¶, and.
An Evaluation of Community Detection Algorithms on Large-Scale Email Traffic 1 An Evaluation of Community Detection Algorithms on Large-Scale Email Traffic.

An Evaluation of Community Detection Algorithms on Large-Scale Traffic 1 An Evaluation of Community Detection Algorithms on Large-Scale Traffic.
Community Detection Algorithm and Community Quality Metric Mingming Chen & Boleslaw K. Szymanski Department of Computer Science Rensselaer Polytechnic.

Community Detection Algorithm and Community Quality Metric Mingming Chen & Boleslaw K. Szymanski Department of Computer Science Rensselaer Polytechnic.
Marios Iliofotou (UC Riverside) Brian Gallagher (LLNL)Tina Eliassi-Rad (Rutgers University) Guowu Xi (UC Riverside)Michalis Faloutsos (UC Riverside) ACM.

Marios Iliofotou (UC Riverside) Brian Gallagher (LLNL)Tina Eliassi-Rad (Rutgers University) Guowu Xi (UC Riverside)Michalis Faloutsos (UC Riverside) ACM.
CSE 522 – Algorithmic and Economic Aspects of the Internet Instructors: Nicole Immorlica Mohammad Mahdian.

CSE 522 – Algorithmic and Economic Aspects of the Internet Instructors: Nicole Immorlica Mohammad Mahdian.
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
Zhang Fu, Marina Papatriantafilou, Philippas Tsigas Chalmers University of Technology, Sweden 1 ACM SAC 2010 ACM SAC 2011.

Zhang Fu, Marina Papatriantafilou, Philippas Tsigas Chalmers University of Technology, Sweden 1 ACM SAC 2010 ACM SAC 2011.
Wireless Mesh Networks 1. Architecture 2 Wireless Mesh Network A wireless mesh network (WMN) is a multi-hop wireless network that consists of mesh clients.

Wireless Mesh Networks 1. Architecture 2 Wireless Mesh Network A wireless mesh network (WMN) is a multi-hop wireless network that consists of mesh clients.
What is SpamSniper? SpamSniper is the leading email security solution which locates in front of mail server to perform mail proxy, virus firewall and filter.

What is SpamSniper? SpamSniper is the leading security solution which locates in front of mail server to perform mail proxy, virus firewall and filter.
BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.
Detecting Network Intrusions via Sampling : A Game Theoretic Approach Presented By: Matt Vidal Murali Kodialam T.V. Lakshman July 22, 2003 Bell Labs, Lucent.

Detecting Network Intrusions via Sampling : A Game Theoretic Approach Presented By: Matt Vidal Murali Kodialam T.V. Lakshman July 22, 2003 Bell Labs, Lucent.
Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.

Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.
Topologically biased random walks with application for community finding Vinko Zlatić Dep. Of Physics, “Sapienza”, Roma, Italia Theoretical Physics Division,

Topologically biased random walks with application for community finding Vinko Zlatić Dep. Of Physics, “Sapienza”, Roma, Italia Theoretical Physics Division,
Wolfgang EffelsbergUniversity of Mannheim1 Multicast IP Wolfgang Effelsberg University of Mannheim September 2001.

Wolfgang EffelsbergUniversity of Mannheim1 Multicast IP Wolfgang Effelsberg University of Mannheim September 2001.
Spam Detection Jingrui He 10/08/2007. Spam Types  Email Spam Unsolicited commercial email  Blog Spam Unwanted comments in blogs  Splogs Fake blogs.

Spam Detection Jingrui He 10/08/2007. Spam Types  Spam Unsolicited commercial  Blog Spam Unwanted comments in blogs  Splogs Fake blogs.
Defeating Large Scale Attacks: Technology and Strategies for Global Network Monitoring The NetViewer Experiment PAVG in collaboration with Networking Systems.

Defeating Large Scale Attacks: Technology and Strategies for Global Network Monitoring The NetViewer Experiment PAVG in collaboration with Networking Systems.
Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology USENIX Security '08 Presented by Lei Wu.

Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology USENIX Security '08 Presented by Lei Wu.

Similar presentations

Ads by Google