Bayesian Discovery of Threat Networks

Smith, Steven T.; Kao, Edward K.; Senne, Kenneth D.; Bernstein, Garrett; Philips, Scott

doi:10.1109/tsp.2014.2336613

Cited by 15 publications

(18 citation statements)

References 71 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The goal is to find a vector that is projected substantially onto itself by the residuals matrix, but with few nonzero components. Put formally, the objective is to solve (17) where denotes the quasi-norm (the number of nonzero components in a vector). This, however, is an integer programming problem and is NP-hard.…”

Section: Sparse Principal Component Analysismentioning

confidence: 99%

A Spectral Framework for Anomalous Subgraph Detection

Miller¹,

Beard²,

Wolfe³

et al. 2015

IEEE Trans. Signal Process.

View full text Add to dashboard Cite

A wide variety of application domains are concerned with data consisting of entities and their relationships or connections, formally represented as graphs. Within these diverse application areas, a common problem of interest is the detection of a subset of entities whose connectivity is anomalous with respect to the rest of the data. While the detection of such anomalous subgraphs has received a substantial amount of attention, no application-agnostic framework exists for analysis of signal detectability in graph-based data. In this paper, we describe a framework that enables such analysis using the principal eigenspace of a graph's residuals matrix, commonly called the modularity matrix in community detection. Leveraging this analytical tool, we show that the framework has a natural power metric in the spectral norm of the anomalous subgraph's adjacency matrix (signal power) and of the background graph's residuals matrix (noise power). We propose several algorithms based on spectral properties of the residuals matrix, with more computationally expensive techniques providing greater detection power. Detection and identification performance are presented for a number of signal and noise models, including clusters and bipartite foregrounds embedded into simple random backgrounds as well as graphs with community structure and realistic degree distributions. The trends observed verify intuition gleaned from other signal processing areas, such as greater detection power when the signal is embedded within a less active portion of the background. We demonstrate the utility of the proposed techniques in detecting small, highly anomalous subgraphs in real graphs derived from Internet traffic and product co-purchases.Comment: In submission to the IEEE, 16 pages, 8 figure

show abstract

Section: Sparse Principal Component Analysismentioning

confidence: 99%

A Spectral Framework for Anomalous Subgraph Detection

Miller¹,

Beard²,

Wolfe³

et al. 2015

IEEE Trans. Signal Process.

View full text Add to dashboard Cite

show abstract

“…Paper [2] has showed the use of entropy to detect the DDOS attack using IP Trace back scheme against DDOS attacks based on entropy variations. This scheme is implemented by storing the information of network flow between systems at the routers.…”

Section: Related Workmentioning

confidence: 99%

“…Method work iterative until a Statistical probability [11] is not compute for each node of a network. In the probabilistic threat propagation [12] (PTP) the probability of a node being malicious is proportional to the level of maliciousness of its neighbor nodes and by applying entropy [2] we can calculate the randomness of a system.…”

Section: Introductionmentioning

confidence: 99%

PTP Method in Network Security for Misbehavior Detection Using Entropy

2016

IJSR

View full text Add to dashboard Cite

A PTP method in network security for misbehavior detection system is a method of detecting malicious misbehavior activity within networks. The System detects the malicious node and blocks them by adding into Blacklist. Malicious nodes are the compromised machine present in the network, which performs the task given by bot server i.e. it does not forward the legitimate message to another node in network or send some other message to neighbor node. This system is based on Probabilistic threat propagation and Entropy. When the monitored network runs in normal way, the entropy values are relatively smooth. Otherwise, the entropy value of one or more features would changes. This proposed scheme is use in graph analysis for community detection. The proposed system enhances the prior community detection work by propagating threat probabilities across graph nodes. To demonstrate Probabilistic Threat Propagation (PTP) we consider the task of detecting malicious node in network.

show abstract

“…Threat propagation algorithm [10] is similar to the class of personalized PageRank algorithms, but has the following distinguishing features. It views the graph partitioning problem as a 2 N multiple hypothesis test problem, where membership (to the cut set) or non-membership needs to be determined for all the vertices.…”

Section: Threat Propagationmentioning

confidence: 99%

“…This modification biases diffusion towards regions of the graph that are tightly connected to the cue vertex, therefore implicitly leading to localized, sparse solutions around that vertex. The algorithm is proved to be optimum in the Neyman-Pearson sense of maximizing the probability of detection at a fixed false alarm probability [10]. This method is distinct from the others in that it does not search for local community structure, but rather prioritizes vertices based on an assumed model for threat movement through the network.…”

Section: Threat Propagationmentioning

confidence: 99%

Residuals-based subgraph detection with cue vertices

Miller

Kelley

Caceres

et al. 2015

2015 49th Asilomar Conference on Signals, Systems and Computers

Self Cite

View full text Add to dashboard Cite

A common problem in modern graph analysis is the detection of communities, an example of which is the detection of a single anomalously dense subgraph. Recent results have demonstrated a fundamental limit for this problem when using spectral analysis of modularity. In this paper, we demonstrate the implication of these results on subgraph detection when a cue vertex is provided, indicating one of the vertices in the community of interest. Several recent algorithms for local community detection are applied in this context, and we compare their empirical performance to that of the simple method used to derive the theoretical detection limits.

show abstract

Bayesian Discovery of Threat Networks

Cited by 15 publications

References 71 publications

A Spectral Framework for Anomalous Subgraph Detection

A Spectral Framework for Anomalous Subgraph Detection

PTP Method in Network Security for Misbehavior Detection Using Entropy

Residuals-based subgraph detection with cue vertices

Contact Info

Product

Resources

About