Monitoring stealthy diffusion

  • Nika Haghtalab
  • Aron Laszka
  • Ariel D. Procaccia
  • Yevgeniy Vorobeychik
  • Xenofon Koutsoukos
Regular Paper

DOI: 10.1007/s10115-017-1023-7

Cite this article as:
Haghtalab, N., Laszka, A., Procaccia, A.D. et al. Knowl Inf Syst (2017). doi:10.1007/s10115-017-1023-7
  • 27 Downloads

Abstract

A broad variety of problems, such as targeted marketing and the spread of viruses and malware, have been modeled as maximizing the reach of diffusion through a network. In cyber-security applications, however, a key consideration largely ignored in this literature is stealth. In particular, an attacker who has a specific target in mind succeeds only if the target is reached before the malicious payload is detected and corresponding countermeasures deployed. The dual side of this problem is deployment of a limited number of monitoring units, such as cyber-forensics specialists, to limit the success of such targeted and stealthy diffusion processes. We investigate the problem of optimal monitoring of targeted stealthy diffusion processes. While natural variants of this problem are NP-hard, we show that if stealthy diffusion starts from randomly selected nodes, the defender’s objective is submodular and can be approximately optimized. In addition, we present approximation algorithms for the setting where the choice of the starting point is adversarial. We further extend our results to settings where the diffusion starts at multiple-seed nodes simultaneously, and where there is an inherent delay in detecting the infection. Our experimental results show that the proposed algorithms are highly effective and scalable.

Keywords

Diffusion in networks Security Stealthy diffusion Monitoring diffusions Malware detection 

Copyright information

© Springer-Verlag London 2017

Authors and Affiliations

  1. 1.Department of Computer ScienceCarnegie Mellon UniversityPittsburghUSA
  2. 2.Vanderbilt UniversityNashvilleUSA

Personalised recommendations