Assessment of Security Threats via Network Topology Analysis: An Initial Investigation

  • Marcello TrovatiEmail author
  • Win Thomas
  • Quanbin Sun
  • Georgios Kontonatsios
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10232)


Computer networks have increasingly been the focus of cyber attack, such as botnets, which have a variety of serious cybersecurity implications. As a consequence, understanding their behaviour is an important step towards the mitigation of such threat. In this paper, we propose a novel method based on network topology to assess the spreading and potential security impact of botnets. Our main motivation is to provide a toolbox to classify and analyse the security threats posed by botnets based on their dynamical and statistical behaviour. This would potentially lead to a better understanding and prediction of cybersecurity issues related to computer networks. Our initial validation shows the potential of our method providing relevant and accurate results.


Botnets Cybersecurity Network theory 


  1. 1.
    Wang, W., Daniels, T.E.: A graph based approach toward network forensics analysis. ACM Trans. Inf. Syst. Secur. 12(1), 1–33 (2008)CrossRefGoogle Scholar
  2. 2.
    Liao, N., Tian, S., Wang, T.: Network forensics based on fuzzy logic and expert system. Comput. Commun. 32(17), 1881–1892 (2009)CrossRefGoogle Scholar
  3. 3.
    Francois, J., Wang, S., Bronzi, W., State, R., Engel, T.: BotCloud: detecting botnets using mapreduce. In: IEEE International Workshop on Information Forensics and Security, WIFS, Foz do Iguacu, Brazil, November 2011Google Scholar
  4. 4.
    Abaid, Z., Sarkar, D., Ali Kaafar, M., Jha, S.: The early bird gets the Botnet: a markov chain based early warning system for Botnet attacks. In: 41st Conference on Local Computer Networks (LCN). IEEE (2016)Google Scholar
  5. 5.
    Nagaraja, S., Mittal, P., Hong, C., Caesar, M., Borisov, N.: BotGrep: finding P2P bots with structured graph analysis. In: Proceedings of the 19th USENIX Conference on Security (2010)Google Scholar
  6. 6.
    Stover, S., Dittrich, D., Hernandez, J., Dietrich, S.: Analysis of the storm, nugache trojans: P2P is here. Login 32(6), 1–8 (2007)Google Scholar
  7. 7.
    Loguinov, D., Kumar, A., Rai, V., Ganesh, S.: Graph-theoretic analysis of structured peer-to-peer systems: routing distances and fault resilience. In: Proceedings of ACM SIGCOMM, August 2003Google Scholar
  8. 8.
    Ye, N., et al.: A markov chain model of temporal behaviour for anomaly detection. In: Proceedings of the 2000 IEEE Systems, Man, and Cybernetics Information Assurance and Security Workshop, West Point, NY, vol. 166, p. 169 (2000)Google Scholar
  9. 9.
    Kidmose, E.: Botnet detection using hidden markov models. Master’s thesis. Aalborg University, Denmark (2014)Google Scholar
  10. 10., (Accessed 10 Feb 2017)
  11. 11.
    Malware Capture Facility Project,, (Accessed 10 Feb 2017)
  12. 12.
    Palmieri, F.: Percolation-based routing in the internet. J. Syst. Softw. 85(11), 2559–2573 (2012)CrossRefGoogle Scholar
  13. 13.
    Trovati, M., Bessis, N.: An influence assessment method based on co-occurrence for topologically reduced big data sets. Soft Comput. 20(5), 2021–2030 (2015)CrossRefGoogle Scholar
  14. 14.
    Trovati, M.: Reduced topologically real-world networks: a big-data approach. Int. J. Distrib. Syst. Technol. (IJDST) 6(2), 45–62 (2015)CrossRefGoogle Scholar
  15. 15.
    Ebel, H., Mielsch, L.I., Bornholdt, S.: Scale-free topology of e-mail networks. Phys. Rev. E 66, 035103 (2002)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Marcello Trovati
    • 1
    Email author
  • Win Thomas
    • 2
  • Quanbin Sun
    • 1
  • Georgios Kontonatsios
    • 1
  1. 1.Department of Computer ScienceEdge Hill UniversityOrmskirkUK
  2. 2.Department of Computer ScienceGloucestershire UniversityCheltenhamUK

Personalised recommendations