Characterization of Evolving Networks for Cybersecurity

  • Josephine M. Namayanja
  • Vandana P. Janeja
Part of the Studies in Computational Intelligence book series (SCI, volume 691)


The process of network evolution presents an interesting problem that describes shifts in the behavior of a network structure. Given the widespread use of computer networks creates a need to drill down and analyze the behavior at the various levels to get a tangible perspective on shifts that may take place in a computer network. However, with cyber attacks becoming increasingly sophisticated, one of the key challenges is knowing whether there is even an attack on the network in the first place. This is mainly due to the overwhelming size and dynamism of evolving network structures which poses a big data problem. This chapter discusses graph theory concepts to model network behavior and then utilizing analytics to understand the dynamics of the network. For example techniques such as graph sampling play an important role in identifying potential cyber threats that may not be detected on a larger scale. Additionally, determining micro and macro level characteristics that are associated to key network features such as node centrality, and fundamental network properties such as densification and diameter respectively are critical in characterizing network behavior overtime that may be the result of a cyber threat. Therefore, in order to define and understand the vulnerabilities associated to the network, one must have an understanding of the overall structure and nature of communication patterns within the network as well as the potential points of vulnerability.


Change Detection Central Node Betweenness Centrality Exponentially Weight Move Average Statistical Process Control 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Matarazzo, C.: Defending computer networks against attack. Lawrence Livermore National Laboratory. Research Highlights. (2010)
  2. 2.
    Aleksandrova, D.: Detecting cyber attacks. How long does it take? IT Governance. (2015)
  3. 3.
    Gaston, M., Kraetzl, M., Wallis, W.: Using graph diameter for change detection in dynamic networks. Australas. J. Combin. 35, 299–311 (2006)MathSciNetzbMATHGoogle Scholar
  4. 4.
    Scripps, J., Tan, P.-N., Esfahanian, A.-H.: Node roles and community structure in networks. Proceedings of the 9th WebKDD and 1st SNA-KDD 2007 workshop on Web mining and social network analysis, pp. 26–35. New York, NY, USA, ACM, (2007).Google Scholar
  5. 5.
    Shen Y., Nguyen, N.P., Xuan, Y., Thai, M.T.: On the discovery of critical links and nodes for assessing network vulnerability. IEEE Trans. Network. (2012)Google Scholar
  6. 6.
    Freeman, L.C.: Centrality in social networks: conceptual clarification. Soc. Network. 1(3), 215–239 (1979)CrossRefGoogle Scholar
  7. 7.
    Page, L., Brin, S., Motwani, R., Winograd, T.: The PageRank citation ranking: bringing order to the Web. Technical Report. Stanford InfoLab. (1999)Google Scholar
  8. 8.
    Bonacich, P.: Technique for analyzing overlapping memberships. Sociol. Methodol. 4, 176–185 (1972)CrossRefGoogle Scholar
  9. 9.
    Bonacich, P.: Power and centrality: a family of measures. Am. J. Soc. 92, 1170–1182 (1987)CrossRefGoogle Scholar
  10. 10.
    Lee, C.-Y. Correlations among centrality measures in complex networks. arXiv:physics/0605220 [physics.soc-ph]. (2006)Google Scholar
  11. 11.
    McCulloh, I., Carley, K.M., Horn, D.B.: Change detection in social networks. United States Army Research Institute for the Behavioral and Social Sciences. (2008)Google Scholar
  12. 12.
    McCulloh, I.: Detecting changes in a dynamic social network. Institute for Software Research School of Computer Science Carnegie Mellon University. Thesis (2009)Google Scholar
  13. 13.
    McCulloh, I., Carley, K.M.: Detecting change in longitudinal social networks. J. Soc. Struct. 12(2011) (2011)Google Scholar
  14. 14.
    Leskovec, J., Kleinberg, J., and Faloutsos, C. Graphs over time: densification laws, shrinking diameters and possible explanations. In: ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD) (2005)Google Scholar
  15. 15.
    Leskovec, J., Kleinberg, J., Faloutsos, C.: Graph evolution: densification and shrinking diameters. In: ACM Transactions on Knowledge Discovery from Data (TKDD), vol 1 (2007).Google Scholar
  16. 16.
    Leskovec, J., Faloutsos, C.: Scalable modeling of real graphs using kronecker multiplication. In International Conference on Machine Learning (ICML) (2007)Google Scholar
  17. 17.
    Leskovec, J.: Dynamics of large networks (2008)Google Scholar
  18. 18.
    Kang, U., Tsourakakis, C., Appel, A., Faloutsos, C., Leskovec, J.: Radius plots for mining tera-byte scale graphs: algorithms, patterns, and observations. In: SIAM International Conference on Data Mining (SDM) (2010)Google Scholar
  19. 19.
    Tong, H., Papadimitriou, S., Yu, P.S., Faloutsos, C.: Proximity tracking on time-evolving bipartite graphs. In: SDM (2008)Google Scholar
  20. 20.
    Namayanja, J.M., Janeja, V.P.: Discovery of persistent threat structures through temporal and geo-spatial characterization in evolving networks. ISI 191–196 (2013)Google Scholar
  21. 21.
    Namayanja, J.M., Janeja, V.P.: Change detection in temporally evolving computer networks: a big data framework. First International Workshop on High Performance Big Graph Data Management, Analysis, and Mining, Co-located with the IEEE BigData 2014 21. J. M. (2013)Google Scholar
  22. 22.
    Namayanja, J.M., Janeja, V.P.: Change detection in temporally evolving computer networks: changes in densification and diameter over time. ISI (2015)Google Scholar
  23. 23.
    Akoglu, L., McGlohon, M., Faloutsos, C.: Oddball: Spotting anomalies in weighted graphs. In: PAKDD, pp. 21–24 (2010)Google Scholar
  24. 24.
    Sun, J., Faloutsos, C., Papadimitriou, S., Yu, P.S.: GraphScope: parameter-free mining of large time-evolving graphs. In: Proceedings of the 13th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 687–696 (2007a)Google Scholar
  25. 25.
    Ferlez, J., Faloutsos, C., Leskovec, J. J., Mladenic, D., Grobelnik, M.: Monitoring network evolution using mdl. In IEEE International Conference on Data Engineering (ICDE) (2008)Google Scholar
  26. 26.
    Han, J., Sun, Y., Yan, X., Yu, P.S.: Mining heterogeneous information networks. In: KDD (2010)Google Scholar
  27. 27.
    Fabrikant, A., Koutsoupias, E., Papadimitriou, C.H.: Heuristically optimized trade-offs: a new paradigm for power laws in the Internet, volume 2380 of Automata, Languages and Programming, p. 781. Springer (2002)Google Scholar
  28. 28.
    Opsahl, T., Agneessens, F., Skvoretz, J.: Node centrality in weighted networks: generalizing degree and shortest paths. Soc. Network. 32(3), 245–251 (2010)CrossRefGoogle Scholar
  29. 29.
    Akoglu, L., Faloutsos, C. Anomaly, event, and fraud detection in large network datasets. In: Proceedings of the Sixth ACM International Conference on Web Search and Data Mining, pp. 773–774. ACM. (2013)Google Scholar
  30. 30.
    Tartakovsky, A.G., Polunchenko, A.S., Sokolov, G.: Efficient computer network anomaly detection by changepoint detection methods. IEEE J. Selected Topics Signal Process. 7(1), 7–11 (2013)CrossRefGoogle Scholar
  31. 31.
    Slavin, V.: Improper use of control charts: traps to avoid. (2006)Google Scholar
  32. 32.
    Taylor, W.A.: Change-point analysis: a powerful new tool for detecting changes, WEB: (2000)
  33. 33.
    Abraham, S., Nair, S.: Cyber security analytics: a stochastic model for security quantification using absorbing markov chains. J. Commun. (2014)Google Scholar
  34. 34.
    Lohrmann, D.: Hacking critical infrastructure is accelerating and more destructive. (2015)
  35. 35.
    Akamai Technologies.: 4th Quarter 2008: The State of the Internet. 1(4). (2009)
  36. 36.
    Akamai Technologies.: 1st Quarter 2009: The State of the Internet. 2(1). (2009)
  37. 37.
    The CAIDA UCSD [Anonymized Internet Traces 2008]–[April 2011–December 2013],[/passive-2008/Google Scholar
  38. 38.
    The CAIDA UCSD [Anonymized Internet Traces 2009]–[April 2011–December 2013],[/passive-2009/Google Scholar
  39. 39.
    The CAIDA UCSD [Anonymized Internet Traces 2010]–[April 2011–December 2013],[/passive-2010/Google Scholar

Copyright information

© Springer International Publishing Switzerland 2017

Authors and Affiliations

  1. 1.University of Massachusetts BostonBostonUSA
  2. 2.University of MarylandBaltimoreUSA

Personalised recommendations