Detecting Node Behaviour Changes in Subgraphs

Gibson, Michael S.

doi:10.1007/978-3-030-63799-6_12

Michael S. Gibson ORCID: orcid.org/0000-0003-0759-9653¹⁰

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 12498))

Included in the following conference series:

International Conference on Innovative Techniques and Applications of Artificial Intelligence

710 Accesses

Abstract

Most interactions or relationships among objects or entities can be modelled as graphs. Some classes of entity relationships have their own name due to their popularity; social graphs look at people’s relationships, computer networks show how computers (devices) communicate with each other and molecules represent the chemical bonds between atoms. Some graphs can also be dynamic in the sense that, over time, relationships change. Since the entities can, to a certain extent, manage their relationships, we say any changes in relationships reflect a change in entity behaviour. By comparing the relationships of an entity at different points in time, we can say there has been a change in behaviour. In this paper, we attempt to detect malicious devices in a network by showing a significant change in behaviour through analysing traffic data.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Das, R., Morris, T.H.: Machine learning and cyber security. In: 2017 ICCECE, pp. 1–7. IEEE (2017)
Google Scholar
Dawood, H.A.: Graph theory and cyber security. In: 3rd International Conference on ACSAT, pp. 90–96. IEEE (2014)
Google Scholar
Ford, V., Siraj, A.: Applications of machine learning in cyber security. In: Proceedings of the 27th International Conference on CAINE-2014 (2014)
Google Scholar
Garcia, S., Grill, M., Stiborek, J., Zunino, A.: An empirical comparison of botnet detection methods. Comput. Secur. 45, 100–123 (2014)
Article Google Scholar
Garcia-Teodoro, P., Diaz-Verdejo, J., Maciá-Fernández, G., Vázquez, E.: Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28(1–2), 18–28 (2009)
Article Google Scholar
Gibson, M.S., Vasconcelos, W.W.: A knowledge-based approach to multiplayer games in peer-to-peer networks. Knowl. Inf. Syst. 61(2), 1091–1121 (2018). https://doi.org/10.1007/s10115-018-1295-6
Article Google Scholar
Grover, A., Leskovec, J.: node2vec: scalable feature learning for networks. In: Proceedings of the 22nd ACM SIGKDD International Conference on KDD, pp. 855–864 (2016)
Google Scholar
Heimann, M., Koutra, D.: On generalizing neural node embedding methods to multi-network problems. In: KDD MLG Workshop (2017)
Google Scholar
Hofstede, R., et al.: Flow monitoring explained: from packet capture to data analysis with NetFlow and IPFIX. IEEE Commun. Surv. Tutor. 16(4), 2037–2064 (2014)
Article Google Scholar
Holme, P., Kim, B.J., Yoon, C.N., Han, S.K.: Attack vulnerability of complex networks. Phys. Rev. E 65(5), 056109 (2002)
Article Google Scholar
Kent, A.D.: Cyber security data sources for dynamic network research. In: Dynamic Networks and Cyber-Security, pp. 37–65. World Scientific (2016)
Google Scholar
Mahdavi, S., Khoshraftar, S., An, A.: dynnode2vec: scalable dynamic network embedding. In: IEEE International Conference on Big Data, pp. 3762–3765. IEEE (2018)
Google Scholar
Mehrotra, K.G., Mohan, C.K., Huang, H.M.: Anomaly Detection Principles and Algorithms. TSC. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-67526-8
Book Google Scholar
Mehta, V., Bartzis, C., Zhu, H., Clarke, E., Wing, J.: Ranking attack graphs. In: Zamboni, D., Kruegel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 127–144. Springer, Heidelberg (2006). https://doi.org/10.1007/11856214_7
Chapter Google Scholar
Mikolov, T., Chen, K., Corrado, G., Dean, J.: Efficient estimation of word representations in vector space. In: Proceedings of Workshop at ICLR (2013)
Google Scholar
Muromägi, A., Sirts, K., Laur, S.: Linear ensembles of word embedding models. In: Proceedings of the 21st Nordic Conference on Computational Linguistics, pp. 96–104. Association for Computational Linguistics (2017)
Google Scholar
Ring, M., et al.: IP2Vec: learning similarities between IP addresses. In: 2017 IEEE ICDMW, pp. 657–666. IEEE (2017)
Google Scholar
Singh, P., Student, M.T., Jain, A.: Survey paper on cloud computing. IJIET 3, 84–89 (2014)
Google Scholar

Download references

Author information

Authors and Affiliations

BT Applied Research, Adastral Park, Martlesham Heath, Ipswich, IP5 3RE, UK
Michael S. Gibson

Authors

Michael S. Gibson
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Michael S. Gibson .

Editor information

Editors and Affiliations

School of Computing, University of Portsmouth, Portsmouth, UK
Max Bramer
RKE Consulting, Micheldever, UK
Richard Ellis

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Gibson, M.S. (2020). Detecting Node Behaviour Changes in Subgraphs. In: Bramer, M., Ellis, R. (eds) Artificial Intelligence XXXVII. SGAI 2020. Lecture Notes in Computer Science(), vol 12498. Springer, Cham. https://doi.org/10.1007/978-3-030-63799-6_12

Download citation

DOI: https://doi.org/10.1007/978-3-030-63799-6_12
Published: 08 December 2020
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-63798-9
Online ISBN: 978-3-030-63799-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics