Important Member Discovery of Attribution Trace Based on Relevant Circle (Short Paper)

  • Jian Xu
  • Xiaochun YunEmail author
  • Yongzheng Zhang
  • Zhenyu Cheng
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 268)


Cyberspace attack is a persistent problem since the existing of internet. Among many attack defense measures, collecting information about the network attacker and his organization is a promising means to keep the cyberspace security. The exposing of attackers halts their further operation. To profile them, we combine these retrieved attack related information pieces to form a trace network. In this attributional trace network, distinguishing the importance of different trace information pieces will help in mining more unknown information pieces about the organizational community we care about. In this paper, we propose to adopt relevant circle to locate these more important vertices in the trace network. The algorithm first uses Depth-first search to traverse all vertices in the trace network. Then it discovers and refines relevant circles derived from this network tree, the rank score is calculated based on these relevant circles. Finally, we use the classical 911 covert network dataset to validate our approach.


Importance rank Network attribution Relevance 



This work was supported by the National Natural Science Foundation of China (No. U1736218).


  1. 1.
    Butt, W.H., Akram, M.U., Khan, S.A., Javed, M.Y.: Covert network analysis for key player detection and event prediction using a hybrid classifier. Sci. World J. 2014, 13 (2014). 615431CrossRefGoogle Scholar
  2. 2.
    Chitrapura, K.P., Kashyap, S.R.: Node ranking in labeled directed graphs. In: Thirteenth ACM International Conference on Information and Knowledge Management, pp. 597–606 (2004)Google Scholar
  3. 3.
    Dasgupta, S., Prakash, C.: Intelligent detection of influential nodes in networks. In: International Conference on Electrical, Electronics, and Optimization Techniques (2016)Google Scholar
  4. 4.
    Farley, J.D.: Breaking Al Qaeda cells: a mathematical analysis of counterterrorism operations (a guide for risk assessment and decision making). Stud. Conflict Terrorism 26(6), 399–411 (2003)CrossRefGoogle Scholar
  5. 5.
    Ferrara, E., Meo, P.D., Catanese, S., Fiumara, G.: Detecting criminal organizations in mobile phone networks. Expert Syst. Appl. 41(13), 5733–5750 (2014)CrossRefGoogle Scholar
  6. 6.
    Halappanavar, M., Sathanur, A.V., Nandi, A.K.: Accelerating the mining of influential nodes in complex networks through community detection, pp. 64–71 (2016)Google Scholar
  7. 7.
    Krebs, V.E.: Mapping networks of terrorist cells, pp. 43–52 (2002)Google Scholar
  8. 8.
    Langohr, L., Toivonen, H.: Finding representative nodes in probabilistic graphs. In: Berthold, M.R. (ed.) Bisociative Knowledge Discovery. LNCS (LNAI), vol. 7250, pp. 218–229. Springer, Heidelberg (2012). Scholar
  9. 9.
    Memon, B.R.: Identifying important nodes in weighted covert networks using generalized centrality measures. In: Intelligence and Security Informatics Conference, pp. 131–140 (2012)Google Scholar
  10. 10.
    Sheikhahmadi, A., Nematbakhsh, M.A., Shokrollahi, A.: Improving detection of influential nodes in complex networks. Physica A Stat. Mech. Appl. 436, 833–845 (2015)CrossRefGoogle Scholar
  11. 11.
    Singer, P.W.: Cybersecurity and Cyberwar: What Everyone Needs to Know. Oxford University Press, Oxford (2014)Google Scholar
  12. 12.
    Taha, K., Yoo, P.D.: SIIMCO: a forensic investigation tool for identifying the influential members of a criminal organization. IEEE Trans. Inf. Forensics Secur. 11(4), 811–822 (2016)Google Scholar
  13. 13.
    Taha, K., Yoo, P.D.: Using the spanning tree of a criminal network for identifying its leaders. IEEE Trans. Inf. Forensics Secur. PP(99), 1 (2017)Google Scholar
  14. 14.
    Wiil, U.K., Gniadek, J., Memon, N.: Measuring link importance in terrorist networks. In: International Conference on Advances in Social Networks Analysis and Mining, pp. 225–232 (2010)Google Scholar
  15. 15.
    Xu, J., Yun, X., Zhang, Y., Sang, Y., Cheng, Z.: NetworkTrace: probabilistic relevant pattern recognition approach to attribution trace analysis. In: 2017 IEEE Trustcom/BigDataSE/ICESS, pp. 691–698, August 2017.
  16. 16.
    Xu, J.J., Chen, H.: Crimenet explorer: a framework for criminal network knowledge discovery. ACM Trans. Inf. Syst. 23(2), 201–226 (2005)MathSciNetCrossRefGoogle Scholar
  17. 17.
    Wei, Z., Yang, S., Wenwu, C.: A game model of APT attack for distributed network. In: Xhafa, F., Caballé, S., Barolli, L. (eds.) 3PGCIC 2017. LNDECT, vol. 13, pp. 224–234. Springer, Cham (2018). Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2019

Authors and Affiliations

  • Jian Xu
    • 1
    • 2
  • Xiaochun Yun
    • 1
    • 2
    • 3
    Email author
  • Yongzheng Zhang
    • 1
    • 2
  • Zhenyu Cheng
    • 1
    • 2
  1. 1.Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  2. 2.School of Cyber SecurityUniversity of Chinese Academy of SciencesBeijingChina
  3. 3.National Computer Network Emergency Response Technical Team/Coordination Center of ChinaBeijingChina

Personalised recommendations