Skip to main content
SpringerLink
Log in

Overlapping Communities for Identifying Misbehavior in Network Communications

  • Conference paper
Book cover Advances in Knowledge Discovery and Data Mining (PAKDD 2014)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 8443))

Included in the following conference series:

Abstract

In this paper, we study the problem of identifying misbehaving network communications using community detection algorithms. Recently, it was shown that identifying the communications that do not respect community boundaries is a promising approach for network intrusion detection. However, it was also shown that traditional community detection algorithms are not suitable for this purpose.

In this paper, we propose a novel method for enhancing community detection algorithms, and show that contrary to previous work, they provide a good basis for network misbehavior detection. This enhancement extends disjoint communities identified by these algorithms with a layer of auxiliary communities, so that the boundary nodes can belong to several communities. Although non-misbehaving nodes can naturally be in more than one community, we show that the majority of misbehaving nodes belong to multiple overlapping communities, therefore overlapping community detection algorithms can also be deployed for intrusion detection.

Finally, we present a framework for anomaly detection which uses community detection as its basis. The framework allows incorporation of application-specific filters to reduce the false positives induced by community detection algorithms. Our framework is validated using large email networks and flow graphs created from real network traffic.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ahn, Y.-Y., Bagrow, J.P., Lehmann, S.: Link communities reveal multiscale complexity in networks. Nature 466(7307), 761–764 (2010)

    Article  Google Scholar 

  2. Akoglu, L., Faloutsos, C.: Anomaly, event, and fraud detection in large network datasets. In: WSDM, p. 773. ACM Press (2013)

    Google Scholar 

  3. Akoglu, L., McGlohon, M., Faloutsos, C.: oddball: Spotting Anomalies in Weighted Graphs. In: Zaki, M.J., Yu, J.X., Ravindran, B., Pudi, V. (eds.) PAKDD 2010. LNCS, vol. 6119, pp. 410–421. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  4. Almgren, M., John, W.: Tracking Malicious Hosts on a 10Gbps Backbone Link. In: Aura, T., Järvinen, K., Nyberg, K. (eds.) NordSec 2010. LNCS, vol. 7127, pp. 104–120. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  5. Blondel, V.D., Guillaume, J.-L., Lambiotte, R., Lefebvre, E.: Fast Unfolding of Communities in Large Networks. Journal of Statistical Mechanics: Theory and Experiment 2008(10), P10008 (2008)

    Google Scholar 

  6. Chandola, V., Banerjee, A., Kumar, V.: Anomaly Detection: A Survey. ACM Computing Surveys 41, 1–72 (2009)

    Article  Google Scholar 

  7. Clauset, A., Newman, M.E.J., Moore, C.: Finding community structure in very large networks. Physical Review. E 70(6 pt. 2), 066111 (2004)

    Google Scholar 

  8. Coscia, M., Rossetti, G., Giannotti, F., Pedreschi, D.: DEMON: a local-first discovery method for overlapping communities. In: ACM SIGKDD, p. 615 (2012)

    Google Scholar 

  9. Ding, Q., Katenka, N., Barford, P., Kolaczyk, E., Crovella, M.: Intrusion as (anti)social communication. In: ACM SIGKDD, p. 886 (2012)

    Google Scholar 

  10. DShield. Recommended block list (2010), http://www.dshield.org/block.txt

  11. Eberle, W., Holder, L.: Anomaly detection in data represented as graphs. Intelligent Data Analysis 11(6), 663–689 (2007)

    Google Scholar 

  12. Evans, T., Lambiotte, R.: Line graphs, link partitions, and overlapping communities. Physical Review E 80(1), 1–8 (2009)

    Google Scholar 

  13. Fortunato, S.: Community detection in graphs. Physics Reports 486(3-5), 75–174 (2010)

    Article  MathSciNet  Google Scholar 

  14. Gao, J., Liang, F., Fan, W., Wang, C., Sun, Y., Han, J.: On community outliers and their efficient detection in information networks. In: ACM SIGKDD (2010)

    Google Scholar 

  15. Gomes, L., Almeida, R., Bettencourt, L.: Comparative Graph Theoretical Characterization of Networks of Spam and Legitimate Email. In: CEAS (2005)

    Google Scholar 

  16. Kreibich, C., Kanich, C., Levchenko, K., Enright, B., Voelker, G.M., Paxson, V., Savage, S.: On the Spam Campaign Trail. In: LEET, pp. 697–698 (2008)

    Google Scholar 

  17. Lancichinetti, A., Fortunato, S.: Community Detection Algorithms: A Comparative Analysis. Physical Review E 80(5), 1–11 (2009)

    Google Scholar 

  18. Lancichinetti, A., Radicchi, F., Ramasco, J.J., Fortunato, S.: Finding statistically significant communities in networks. PloS One 6(4), e18961 (2011)

    Google Scholar 

  19. Leskovec, J., Lang, K.J., Mahoney, M.: Empirical Comparison of Algorithms for Network Community Detection. In: WWW, p. 631 (2010)

    Google Scholar 

  20. Moradi, F., Olovsson, T., Tsigas, P.: Towards modeling legitimate and unsolicited email traffic using social network properties. In: SNS (2012)

    Google Scholar 

  21. Noble, C.C., Cook, D.J.: Graph-based anomaly detection. In: ACM SIGKDD, pp. 631–636 (2003)

    Google Scholar 

  22. Rosvall, M., Bergstrom, C.T.: Maps of random walks on complex networks reveal community structure. National Academy of Sci. 105(4), 1118–1123 (2008)

    Article  Google Scholar 

  23. Shrivastava, N., Majumder, A., Rastogi, R.: Mining (Social) Network Graphs to Detect Random Link Attacks. In: ICDE, pp. 486–495. IEEE (2008)

    Google Scholar 

  24. SRI. International Malware Threat Center, most aggressive malware attack source and filters (2010), http://mtc.sri.com/live_data/attackers/

  25. Sun, J., Qu, D., Chakrabarti, H., Faloutsos, C.: Neighborhood Formation and Anomaly Detection in Bipartite Graphs. In: ICDM, pp. 418–425 (2005)

    Google Scholar 

  26. Xie, J., Kelley, S., Szymanski, B.: Overlapping community detection in networks: the state of the art and comparative study. ACM Computing Surveys 45(4) (2013)

    Google Scholar 

  27. Xie, J., Szymanski, B.K.: Towards Linear Time Overlapping Community Detection in Social Networks. In: Tan, P.-N., Chawla, S., Ho, C.K., Bailey, J. (eds.) PAKDD 2012, Part II. LNCS, vol. 7302, pp. 25–36. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  28. Yang, J., Leskovec, J.: Defining and evaluating network communities based on ground-truth. In: ICDM, pp. 745–754. IEEE (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Chalmers University of Technology, Göteborg, Sweden

    Farnaz Moradi, Tomas Olovsson & Philippas Tsigas

Authors
  1. Farnaz Moradi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tomas Olovsson
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Philippas Tsigas
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. National Cheng Kung University, Tainan, Taiwan, R.O.C.

    Vincent S. Tseng  & Hung-Yu Kao  & 

  2. Japan Advanced Institute of Science and Technology, Nomi, Ishikawa, Japan

    Tu Bao Ho

  3. Nanjing University, China

    Zhi-Hua Zhou

  4. National Chengchi University, Taipei, Taiwan, R.O.C.

    Arbee L. P. Chen

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Moradi, F., Olovsson, T., Tsigas, P. (2014). Overlapping Communities for Identifying Misbehavior in Network Communications. In: Tseng, V.S., Ho, T.B., Zhou, ZH., Chen, A.L.P., Kao, HY. (eds) Advances in Knowledge Discovery and Data Mining. PAKDD 2014. Lecture Notes in Computer Science(), vol 8443. Springer, Cham. https://doi.org/10.1007/978-3-319-06608-0_33

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-06608-0_33

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-06607-3

  • Online ISBN: 978-3-319-06608-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation