JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE) ›› 2018, Vol. 53 ›› Issue (9): 1-11.doi: 10.6040/j.issn.1671-9352.2.2017.169

    Next Articles

Anomaly detection model of host group based on graph-evolution events

YE Xiao-ming1, CHEN Xing-shu2*, YANG Li3, WANG Wen-xian2, ZHU Yi1, SHAO Guo-lin1, LIANG Gang2   

  1. 1. College of Computer Science, Sichuan University, Chengdu 610065, Sichuan, China;
    2. College of Cybersecurity, Sichuan University, Chengdu 610065, Sichuan, China;
    3. School of Economics and Management, Southwest Jiao Tong University, Chengdu 610031, Sichuan, China
  • Received:2017-08-28 Online:2018-09-20 Published:2018-09-10

Abstract: Aiming at the communication behavior based on service aggregation and the new collaborative attack mode that is typical of distributed attack in the network environment, the anomaly detection model of host group based on graph-evolution events is proposed. It analyzes the potential socialization of actors, the clustering of host clusters and the dynamics of their group behavior. The model has the characteristics of no parameters and extensible data magnitude. The dynamic evolution events and detection algorithms are defined and proposed to detect abnormal host groups. The model is implemented and deployed on Spark, and the data from the actual computer and network environment is analyzed and verified. The experimental results show that this model can effectively describe group behavior, expose important graph-evolution events, and locate the host group with abnormal occurrence accurately. The detection rate of group members is 95.09%.

Key words: graph-evolution event, host group, group behavior, anomaly detection

CLC Number: 

  • TN915.08
[1] GU G, PERDISCI R, ZHANG J, et al. BotMiner: clustering analysis of network traffic for protocol-and structure-independent botnet detection[C] // Proceedings of the17th USENIX Security Symposium. California: USENIX Association, 2008: 139-154.
[2] 李乔, 何慧, 方滨兴,等. 基于信任的网络群体异常行为发现[J]. 计算机学报, 2014, 37(1):1-14. LI Qiao, HE Hui, FANG Bingxing, et al. Awareness of the network group anomalous behaviors based on network trust[J]. Chinese Journal of Computers, 2014, 37(1):1-14.
[3] GIRVAN M, NEWMAN M E. Community structure in social and biological networks[J]. Proceedings of the National Academy of Sciences of the United States of America, 2002, 99(12):7821-7826.
[4] BARABASI A, JEONG H, NEDA Z, et al. Evolution of the social network of scientific collaborations[J]. Physica A: Statistical Mechanics and Its Applications, 2002, 311(3):590-614.
[5] CHAKRABARTI D, KUMAR R, TOMKINS A. Evolutionary clustering[C] // Proceedings of the 12th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. Philadelphia: ACM, 2006: 554-560.
[6] ASUR S, PARTHASARATHY S, UCAR D. An event-based framework for characterizing the evolutionary behavior of interaction graphs[J]. ACM Transactions on Knowledge Discovery from Data, 2009, 3(4):16.
[7] PALLA G, BARABASI A, VICSEK T. Quantifying social group evolution[J]. Nature, 2007, 446(7136):664-667.
[8] BRODKA P, KAZIENKO P, KOLOSZCZYK B. Predicting group evolution in the social network[J]. Social Informatics, 2012: 54-67.
[9] CHEN Z, HENDRIX W, SAMATOVA N F. Community-based anomaly detection in evolutionary networks[J]. Journal of Intelligent Information Systems, 2012, 39(1):59-85.
[10] TAJEUNA E G, BOUGUESSA M, WANG S. Tracking the evolution of community structures in time-evolving social networks[C] // International Conference on Data Science and Advanced Analytics. Paris, France: IEEE, 2015: 1-10.
[11] GRANELL C, DARST R K, ARENAS A, et al. Benchmark model to assess community structure in evolving networks[J]. Physical Review E, 2015, 92(1):012805.
[12] 苏璞睿, 李德全, 冯登国. 基于基因规划的主机异常入侵检测模型(英文)[J]. 软件学报, 2003, 14(6):1120-1126. SU Purui, LI Dequan, FENG Dengguo. A host-based anomaly intrusion detection model based on genetic programming[J]. Journal of Software, 2003, 14(6):1120-1126.
[13] 皮建勇, 巩明树, 刘心松,等. 基于访问控制的主机异常入侵检测模型[J]. 计算机应用研究, 2009, 26(2):332-335+338. PI Jianyong, GONG mingshu, LIU Xinsong, et al. Access control-based host anomaly intrusion detection model [J]. Application Research of Computers, 2009, 26(2):332-335+338.
[14] 李川, 冯冰清, 李艳梅,等. 动态信息网络中基于角色的结构演化与预测[J]. 软件学报, 2017, 28(3):663-675. LI Chuan, FENG Bingqing, LI Yanmei, et al. Role-based structural evolution and prediction in dynamic networks[J]. Journal of Software, 2017, 28(3):663-675.
[15] YE Xiaoming,CHEN Xingshu,WANG Haizhou,et al. An anomalous behavior detection model in cloud computing [J]. Tsinghua Science and Technology, 2016, 21(3):322-332.
[16] DAVE S, DIWANJI H. Trend analysis in social networking using opinion mining a survey[J]. International Journal of Scientific Research in Science, Engineering and Technology, 2015, 1(6):302-305.
[17] KARAGIANNIS T, PAPGIANNAKI K, FALOUTSOS M. BLINC: Multilevel traffic classification in the dark[J]. ACM Special Interest Group on Data Communication, 2005, 35(4):229-240.
[18] STEINHAEUSER K, CHAWLA N V, GANGULY A R. An exploration of climate data using complex networks[J]. ACM SIGKDD Explorations, 2010, 12(1):25-32.
[19] TAN Jun, CHEN Xingshu, DU Ming, et al. A novel internet traffic identification approach using wavelet packet decomposition and neural network[J]. Journal of Central South University, 2012, 19:2218-2230.
[20] BLONDEL V D, GUILLAUME J, LAMBIOTTE R, et al. Fast unfolding of communities in large networks[J]. Journal of Statistical Mechanics Theory and Experiment, 2008, 2008(10):155-168.
[21] Spark Programming Guide[EB/OL]. http://spark.apache.org/docs/latest/rdd-programming-guide.html, 2017.
[22] GREENE D, DOYLE D, CUNNINGHAM P. Tracking the evolution of communities in dynamic social networks[C] // International Conference on Advances in Social Networks Analysis and Mining, Odense, Denmark: IEEE Computer Society, 2010: 176-183.
[23] TAKAFFOLI M, FAGNAN J, SANGI F, et al. Tracking changes in dynamic information networks[C] // International Conference on Computational Aspects of Social Networks, Salamanca: IEEE, 2011: 94-101.
[1] ZHUANG Zheng-mao, CHEN Xing-shu, SHAO Guo-lin, YE Xiao-ming. A time-relevant network traffic anomaly detection approach [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2017, 52(3): 68-73.
[2] GUO Chen1, LIANG Jia-rong2, LUO Chao3, PENG Shuo1. Research on the DC algorithm for an anomaly detection system based on TLR [J]. J4, 2012, 47(5): 93-97.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!