Linked-Behaviors Profiling in IoT Networks Using Network Connection Graphs (NCGs)

  • Hangyu Hu
  • Xuemeng Zhai
  • Mingda Wang
  • Guangmin HuEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11067)


The internet of things (IoT) network aims to connect everything from the physical world to cyber world, and has been a significant focus of research nowadays. Precisely monitoring network traffic and efficiently detecting unwanted applications is a challenging problem in IoT networks, which forces the need for a more fundamental behavioral analysis approach. Based on this observation, this paper proposes the Network Connection Graphs (NCGs) to model the social behaviors of connected devices in IoT networks, where edges defined to represent different interactions among them. Specially, focusing on exploring connected patterns and unveiling the underlying associated relationships, we employ a set of graph mining and analysis methods to select different subgraph structures, analyze correlated relationships between edges and uncover the role feature of interaction flows within IoT networks. The experiment results have demonstrated the benefits of our proposed approach for profiling linked-behaviors and to detect distinctive attacks in IoT networks.


Internet of Things Network connection graphs Graph mining and analysis Anomaly detection 


  1. 1.
    Whitmore, A., Agarwal, A., Xu, L.D.: The Internet of Things—a survey of topics and trends. Inf. Syst. Front. 17(2), 261–274 (2015)CrossRefGoogle Scholar
  2. 2.
    Evans, D.: The Internet of Things: how the next evolution of the internet is changing everything. CISCO white paper, vol. 1, no. 2011, pp. 1–11 (2011)Google Scholar
  3. 3.
    Hodo, E., et al.: Threat analysis of IoT networks using artificial neural network intrusion detection system. In: 2016 International Symposium on Networks, Computers and Communications (ISNCC), pp. 1–6. IEEE (2016)Google Scholar
  4. 4.
    Team Cymru: Growing Exploitation of Small Office Routers Creating Serious Risks.
  5. 5.
    Vespa, L.J., Weng, N.: GPEP: graphics processing enhanced pattern-matching for high-performance deep packet inspection.” In: Internet of Things (iThings/CPSCom), 2011 International Conference on and 4th International Conference on Cyber, Physical and Social Computing, pp. 74–81. IEEE (2011)Google Scholar
  6. 6.
    Ke, X., Yong, C.: An improved Wu-Manber multiple patterns matching algorithm. In: 25th IEEE International Performance, Computing, and Communications Conference, IPCCC 2006, 6 pp. IEEE (2006)Google Scholar
  7. 7.
    Hua, N., Song, H., Lakshman, T.V.: Variable-stride multi-pattern matching for scalable deep packet inspection. In: INFOCOM 2009, pp. 415–423. IEEE (2009)Google Scholar
  8. 8.
    Cheung, S., et al.: The Design of GrIDS: A Graph-Based Intrusion Detection System. UCD TR-CSE-99-2 (1999)Google Scholar
  9. 9.
    Ellis, D., Aiken, J., McLeod, A., Keppler, D.: Graph-based worm detection on operational enterprise networks. Technical report MITRE Corporation (2006)Google Scholar
  10. 10.
    Karagiannis, T., Papagiannaki, K., Faloutsos, M.: BLINC: multilevel traffic classification in the dark. In: ACM SIGCOMM Computer Communication Review, vol. 35, no. 4, pp. 229–240. ACM (2005)Google Scholar
  11. 11.
    Asai, H., et al.: Network application profiling with traffic causality graphs. Int. J. Netw. Manage. 24(4), 289–303 (2014)CrossRefGoogle Scholar
  12. 12.
    Iliofotou, M., Pappu, P., Faloutsos, M., Mitzenmacher, M., Singh, S., Varghese, G.: Network monitoring using traffic dispersion graphs (TDGs). In: Proceedings of the 7th ACM SIGCOMM Conference on Internet Measurement, pp. 315–320. ACM (2007)Google Scholar
  13. 13.
    Jin, Y., Sharafuddin, E., Zhang, Z.-L.: Unveiling core network-wide communication patterns through application traffic activity graph decomposition. ACM SIGMETRICS Perform. Eval. Rev. 37(1), 49–60 (2009)Google Scholar
  14. 14.
    GraphViz (2011).
  15. 15.
    Thota, H.S., Vedula, V.S., Venkatesh, T.: Network traffic analysis using principal component graphs (2013)Google Scholar
  16. 16.
    Zhou, C.V., Leckie, C., Karunasekera, S.: A survey of coordinated attacks and collaborative intrusion detection. Comput. Secur. 29(1), 124–140 (2010)CrossRefGoogle Scholar
  17. 17.
    Zhou, Y., Hu, G., Wu, D.: A data mining system for distributed abnormal event detection in backbone networks. Secur. Commun. Netw. 7(5), 904–913 (2014)CrossRefGoogle Scholar
  18. 18.
    WIDE-TRANSIT (2013).
  19. 19.

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Hangyu Hu
    • 1
  • Xuemeng Zhai
    • 1
  • Mingda Wang
    • 1
  • Guangmin Hu
    • 1
    Email author
  1. 1.School of Information and Communication EngineeringUniversity of Electronic Science and Technology of ChinaChengduChina

Personalised recommendations