Abstract
Network management is challenging due to ever increasing complexity and dynamics of network interactions. While many changes in networks are normal, some changes are not. One of the daily tasks of network administrators is to identify and analyze these abnormal changes that are hard to find by traditional security mechanisms (IDS, firewall, anti-virus, etc.). This research conducts dynamic network analysis (DNA) and presents practical methodologies of data stream mining based dynamic link anomaly analysis (DLAA) using novel sliding time window structures and network analytics metrics. DLAA employs spatiotemporal link analysis to detect anomalies from dynamic network graphs. We formally define the network link anomaly types and use key link-structure similarity metrics and time-weighted functions to model the dynamics of topological changes. The methodology is generic in that it does not require additional information from nodes or links but only the topology itself. The DLAA framework consists of three algorithmic components including sliding time window, link scoring and link anomaly detection algorithms. Through experimental study on publicly available dataset, we demonstrate that the proposed DLAA framework has the capability to construct effective knowledge structures for measuring the security levels of large scale dynamic networks, and to provide insight for generalized DNA in network security domain.
Similar content being viewed by others
References
Carley, K., Pfeffer, J.: Dynamic network analysis (DNA) and ORA. In: Proceedings of the 2nd International Conference on Cross-Cultural Decision Making: Focus 2012 , San Francisco, CA, July 21–25 (2012)
García-Teodoro, P., Díaz-Verdejo, J., Maciá-Fernández, G., Vázquez, E.: Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28(1–2), 18–28 (2009)
Ahmed, M., Mahmood, A.N., Hu, J.: A survey of network anomaly detection techniques. J. Netw. Comput. Appl. 60, 19–31 (2016)
Lü, L., Zhou, T.: Link prediction in complex networks: a survey. Phys. A Stat. Mech. Appl. 390(6), 1150–1170 (2011)
Liben-Nowell, D., Kleinberg, J.: The link prediction problem for social networks. In: The 12th International Conference on Information and Knowledge Management (CIKM), New Orleans, LA, November 3–8 (2003)
Hasan, M.A., Chaoji, V., Salem, S., Zaki, M.: Link prediction using supervised learning. In: SIAM Workshop on Link Analysis, Counterterrorism and Security with SIAM Data Mining Conference, Bethesda, MD (2006)
Lakhina, A., Crovella, M., Diot, C.: Characterization of network-wide anomalies in traffic flows. In: Proceedings of the 4th ACM SIGCOMM Conference on Internet measurement, Ser. IMC’04, pp. 201–206. ACM, New York (2004)
Szmit, M., Szmit, A., Adamus, S., Bugala, S.: Usage of Holt–Winters model and multilayer perceptron in network traffic modelling and anomaly detection. Informatica 36(4), 359–368 (2012)
Kwon, D., Kim, H., Kim, J., Suh, S.C., Kim, I., Kim, K.J.: A survey of deep learning-based network anomaly detection. Clust. Comput. 4, 1–13 (2017)
Sommer, R., Paxson, V.: Outside the closed world: on using machine learning for network intrusion detection. In: IEEE Symposium on Security and Privacy, Oakland, CA, vol. 16, no. 19, pp. 305–316 (2010)
Sun, J., Qu, H., Chakrabarti, D., Faloutsos, C.: Neighborhood formation and anomaly detection in bipartite graphs. In: IEEE International Conference on Data Mining (ICDM ’05), Houston, TX (2005)
Akoglu, L., McGlohon, M., Faloutsos, C.: OddBall: spotting anomalies in weighted graphs. In: The 14th Pacific-Asia Conference on Knowledge Discovery and Data Mining, Hyderabad, India (2010)
Huang, Z., Zeng, D.: A link prediction approach to anomalous email detection. In: IEEE International Conference on Systems, Man, and Cybernetics, Taipei, Taiwan, October 8–11 (2006)
Liu, L., Zuo, W.L., Peng, T.: Detecting outlier pairs in complex network based on link structure and semantic relationship. Expert Syst. Appl. 69, 40–49 (2017)
Carley, K.M.: ORA: a toolkit for dynamic network analysis and visualization. In: Alhajj, R., Rokne, J. (eds.) Encyclopedia of Social Network Analysis and Mining, pp. 1219–1228. Springer, New York (2014)
Parraguez, P., Eppinger, S.D., Maier, A.M.: Information flow through stages of complex engineering design projects: a dynamic network analysis approach. IEEE Trans. Eng. Manag. 62(4), 604–617 (2015)
Javed, M.A., Younis, M.S., Latif, S., Qadir, J., Baig, A.: Community detection in networks: a multidisciplinary review. J. Netw. Comput. Appl. 108, 87–111 (2018)
Yasami, Y., Safaei, F.: A statistical infinite feature cascade-based approach to anomaly detection for dynamic social networks. Comput. Commun. 100(C), 52–64 (2017)
Beck, F., Burch, M., Diehl, S., Weiskopf, D.: A taxonomy and survey of dynamic graph visualization. Comput. Graph. Forum 36(1), 133–159 (2017)
Katz, L.: A new status index derived from sociometric analysis. Psychometrika 18(1), 39–43 (1953)
Getoor, L., Diehl, C.P.: Link mining: a survey. ACM SIGKDD Explor. Newsl. 7(2), 3–12 (2005)
Chakrabarti, D., Faloutsos, C.: Graph mining: laws, generators, and algorithms. ACM Comput. Surv. 38(2), 1–69 (2006)
Lichtenwalter, R.N., Lussier, J.T., Chawla, N.V.: New perspectives and methods in link prediction. In: The 16th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, Washington DC, pp. 243–252 (2010)
O’Madadhain, J., Hutchins, J., Smyth, P.: Prediction and ranking algorithms for event-based network data. ACM SIGKDD Explor. Newsl. 7(2), 23–30 (2005)
Almansoori, W., Gao, S., Jarada, T.N., Elsheikh, A.M., Murshed, A.N., Jida, J., Alhajj, R., Rokne, J.: Link prediction and classification in social networks and its application in healthcare and systems biology. Netw. Model. Anal. Health Inform. Bioinform. 1(1–2), 27–36 (2012)
Potgieter, A., April, K., Cooke, R., Osunmakinde, I.: Temporality in link prediction: understanding social complexity. Sprouts: working papers on information systems, vol. 7, no. 9 (2007)
Rattigan, M.J., Jensen, D.: The case for anomalous link discovery. ACM SIGKDD Explor. Newsl. 7(2), 41–47 (2005)
Wan, X., Milios, E., Kalyaniwalla, N., Janssen, J.: Link-based anomaly detection in communication networks. In: IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology (WI-IAT ’08), pp. 402–405 (2008)
Takahashi, T., Tomioka, R., Yamanishi, K.: Discovering emerging topics in social streams via link-anomaly detection. IEEE Trans. Knowl. Data Eng. 26(1), 120–130 (2014)
Camacho, J., Padilla, P., García-Teodoro, P., Díaz-Verdejo, J.: A generalizable dynamic flow pairing method for traffic classification. Comput. Netw. 57(14), 2718–2732 (2013)
Fire, M., Tenenboim, L., Lesser, O., Puzis, R., Rokach, L., Elovici, Y.: Link prediction in social networks using computationally efficient topological features. In: SocialCom/PASSAT, pp. 73–80. IEEE (2011)
Liao, Q., Striegel, A.: Intelligent network management using graph differential anomaly visualization. In: Network Operations and Management Symposium (NOMS), pp. 1008–1014. IEEE (2012)
Foster, K.C., Muth, S.Q., Potterat, J.J., Rothenberg, R.B.: A faster Katz status score algorithm. Comput. Math. Organ. Theory 7(4), 275–285 (2001)
Acknowledgements
This work was supported in part by CMU Early Career Grant (C61920) and ASEE Fellowship U.S. Air Force SFFP Program. We thank Dr. Keesook J. Han who provided insight and expertise that greatly assisted the research.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Zhang, T., Liao, Q. Dynamic Link Anomaly Analysis for Network Security Management. J Netw Syst Manage 27, 600–624 (2019). https://doi.org/10.1007/s10922-018-9478-8
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10922-018-9478-8