Skip to main content
SpringerLink
Log in

Dynamic Link Anomaly Analysis for Network Security Management

  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

Network management is challenging due to ever increasing complexity and dynamics of network interactions. While many changes in networks are normal, some changes are not. One of the daily tasks of network administrators is to identify and analyze these abnormal changes that are hard to find by traditional security mechanisms (IDS, firewall, anti-virus, etc.). This research conducts dynamic network analysis (DNA) and presents practical methodologies of data stream mining based dynamic link anomaly analysis (DLAA) using novel sliding time window structures and network analytics metrics. DLAA employs spatiotemporal link analysis to detect anomalies from dynamic network graphs. We formally define the network link anomaly types and use key link-structure similarity metrics and time-weighted functions to model the dynamics of topological changes. The methodology is generic in that it does not require additional information from nodes or links but only the topology itself. The DLAA framework consists of three algorithmic components including sliding time window, link scoring and link anomaly detection algorithms. Through experimental study on publicly available dataset, we demonstrate that the proposed DLAA framework has the capability to construct effective knowledge structures for measuring the security levels of large scale dynamic networks, and to provide insight for generalized DNA in network security domain.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

References

  1. Carley, K., Pfeffer, J.: Dynamic network analysis (DNA) and ORA. In: Proceedings of the 2nd International Conference on Cross-Cultural Decision Making: Focus 2012 , San Francisco, CA, July 21–25 (2012)

  2. García-Teodoro, P., Díaz-Verdejo, J., Maciá-Fernández, G., Vázquez, E.: Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28(1–2), 18–28 (2009)

    Article  Google Scholar 

  3. Ahmed, M., Mahmood, A.N., Hu, J.: A survey of network anomaly detection techniques. J. Netw. Comput. Appl. 60, 19–31 (2016)

    Article  Google Scholar 

  4. Lü, L., Zhou, T.: Link prediction in complex networks: a survey. Phys. A Stat. Mech. Appl. 390(6), 1150–1170 (2011)

    Article  Google Scholar 

  5. Liben-Nowell, D., Kleinberg, J.: The link prediction problem for social networks. In: The 12th International Conference on Information and Knowledge Management (CIKM), New Orleans, LA, November 3–8 (2003)

  6. Hasan, M.A., Chaoji, V., Salem, S., Zaki, M.: Link prediction using supervised learning. In: SIAM Workshop on Link Analysis, Counterterrorism and Security with SIAM Data Mining Conference, Bethesda, MD (2006)

  7. Lakhina, A., Crovella, M., Diot, C.: Characterization of network-wide anomalies in traffic flows. In: Proceedings of the 4th ACM SIGCOMM Conference on Internet measurement, Ser. IMC’04, pp. 201–206. ACM, New York (2004)

  8. Szmit, M., Szmit, A., Adamus, S., Bugala, S.: Usage of Holt–Winters model and multilayer perceptron in network traffic modelling and anomaly detection. Informatica 36(4), 359–368 (2012)

    Google Scholar 

  9. Kwon, D., Kim, H., Kim, J., Suh, S.C., Kim, I., Kim, K.J.: A survey of deep learning-based network anomaly detection. Clust. Comput. 4, 1–13 (2017)

    Google Scholar 

  10. Sommer, R., Paxson, V.: Outside the closed world: on using machine learning for network intrusion detection. In: IEEE Symposium on Security and Privacy, Oakland, CA, vol. 16, no. 19, pp. 305–316 (2010)

  11. Sun, J., Qu, H., Chakrabarti, D., Faloutsos, C.: Neighborhood formation and anomaly detection in bipartite graphs. In: IEEE International Conference on Data Mining (ICDM ’05), Houston, TX (2005)

  12. Akoglu, L., McGlohon, M., Faloutsos, C.: OddBall: spotting anomalies in weighted graphs. In: The 14th Pacific-Asia Conference on Knowledge Discovery and Data Mining, Hyderabad, India (2010)

  13. Huang, Z., Zeng, D.: A link prediction approach to anomalous email detection. In: IEEE International Conference on Systems, Man, and Cybernetics, Taipei, Taiwan, October 8–11 (2006)

  14. Liu, L., Zuo, W.L., Peng, T.: Detecting outlier pairs in complex network based on link structure and semantic relationship. Expert Syst. Appl. 69, 40–49 (2017)

    Article  Google Scholar 

  15. Carley, K.M.: ORA: a toolkit for dynamic network analysis and visualization. In: Alhajj, R., Rokne, J. (eds.) Encyclopedia of Social Network Analysis and Mining, pp. 1219–1228. Springer, New York (2014)

    Google Scholar 

  16. Parraguez, P., Eppinger, S.D., Maier, A.M.: Information flow through stages of complex engineering design projects: a dynamic network analysis approach. IEEE Trans. Eng. Manag. 62(4), 604–617 (2015)

    Article  Google Scholar 

  17. Javed, M.A., Younis, M.S., Latif, S., Qadir, J., Baig, A.: Community detection in networks: a multidisciplinary review. J. Netw. Comput. Appl. 108, 87–111 (2018)

    Article  Google Scholar 

  18. Yasami, Y., Safaei, F.: A statistical infinite feature cascade-based approach to anomaly detection for dynamic social networks. Comput. Commun. 100(C), 52–64 (2017)

    Article  Google Scholar 

  19. Beck, F., Burch, M., Diehl, S., Weiskopf, D.: A taxonomy and survey of dynamic graph visualization. Comput. Graph. Forum 36(1), 133–159 (2017)

    Article  Google Scholar 

  20. Katz, L.: A new status index derived from sociometric analysis. Psychometrika 18(1), 39–43 (1953)

    Article  MATH  Google Scholar 

  21. Getoor, L., Diehl, C.P.: Link mining: a survey. ACM SIGKDD Explor. Newsl. 7(2), 3–12 (2005)

    Article  Google Scholar 

  22. Chakrabarti, D., Faloutsos, C.: Graph mining: laws, generators, and algorithms. ACM Comput. Surv. 38(2), 1–69 (2006)

    Google Scholar 

  23. Lichtenwalter, R.N., Lussier, J.T., Chawla, N.V.: New perspectives and methods in link prediction. In: The 16th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, Washington DC, pp. 243–252 (2010)

  24. O’Madadhain, J., Hutchins, J., Smyth, P.: Prediction and ranking algorithms for event-based network data. ACM SIGKDD Explor. Newsl. 7(2), 23–30 (2005)

    Article  Google Scholar 

  25. Almansoori, W., Gao, S., Jarada, T.N., Elsheikh, A.M., Murshed, A.N., Jida, J., Alhajj, R., Rokne, J.: Link prediction and classification in social networks and its application in healthcare and systems biology. Netw. Model. Anal. Health Inform. Bioinform. 1(1–2), 27–36 (2012)

    Article  Google Scholar 

  26. Potgieter, A., April, K., Cooke, R., Osunmakinde, I.: Temporality in link prediction: understanding social complexity. Sprouts: working papers on information systems, vol. 7, no. 9 (2007)

  27. Rattigan, M.J., Jensen, D.: The case for anomalous link discovery. ACM SIGKDD Explor. Newsl. 7(2), 41–47 (2005)

    Article  Google Scholar 

  28. Wan, X., Milios, E., Kalyaniwalla, N., Janssen, J.: Link-based anomaly detection in communication networks. In: IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology (WI-IAT ’08), pp. 402–405 (2008)

  29. Takahashi, T., Tomioka, R., Yamanishi, K.: Discovering emerging topics in social streams via link-anomaly detection. IEEE Trans. Knowl. Data Eng. 26(1), 120–130 (2014)

    Article  Google Scholar 

  30. Camacho, J., Padilla, P., García-Teodoro, P., Díaz-Verdejo, J.: A generalizable dynamic flow pairing method for traffic classification. Comput. Netw. 57(14), 2718–2732 (2013)

    Article  Google Scholar 

  31. Fire, M., Tenenboim, L., Lesser, O., Puzis, R., Rokach, L., Elovici, Y.: Link prediction in social networks using computationally efficient topological features. In: SocialCom/PASSAT, pp. 73–80. IEEE (2011)

  32. Liao, Q., Striegel, A.: Intelligent network management using graph differential anomaly visualization. In: Network Operations and Management Symposium (NOMS), pp. 1008–1014. IEEE (2012)

  33. Foster, K.C., Muth, S.Q., Potterat, J.J., Rothenberg, R.B.: A faster Katz status score algorithm. Comput. Math. Organ. Theory 7(4), 275–285 (2001)

    Article  Google Scholar 

Download references

Acknowledgements

This work was supported in part by CMU Early Career Grant (C61920) and ASEE Fellowship U.S. Air Force SFFP Program. We thank Dr. Keesook J. Han who provided insight and expertise that greatly assisted the research.

Author information

Authors and Affiliations

  1. Department of Computer Science, Central Michigan University, Mount Pleasant, MI, 48859, USA

    Tao Zhang & Qi Liao

Authors
  1. Tao Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Qi Liao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Qi Liao.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhang, T., Liao, Q. Dynamic Link Anomaly Analysis for Network Security Management. J Netw Syst Manage 27, 600–624 (2019). https://doi.org/10.1007/s10922-018-9478-8

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10922-018-9478-8

Keywords

Search

Navigation