95 research outputs found
Botnet Detection using Social Graph Analysis
Signature-based botnet detection methods identify botnets by recognizing
Command and Control (C\&C) traffic and can be ineffective for botnets that use
new and sophisticate mechanisms for such communications. To address these
limitations, we propose a novel botnet detection method that analyzes the
social relationships among nodes. The method consists of two stages: (i)
anomaly detection in an "interaction" graph among nodes using large deviations
results on the degree distribution, and (ii) community detection in a social
"correlation" graph whose edges connect nodes with highly correlated
communications. The latter stage uses a refined modularity measure and
formulates the problem as a non-convex optimization problem for which
appropriate relaxation strategies are developed. We apply our method to
real-world botnet traffic and compare its performance with other community
detection methods. The results show that our approach works effectively and the
refined modularity measure improves the detection accuracy.Comment: 7 pages. Allerton Conferenc
Static and Dynamic Aspects of Scientific Collaboration Networks
Collaboration networks arise when we map the connections between scientists
which are formed through joint publications. These networks thus display the
social structure of academia, and also allow conclusions about the structure of
scientific knowledge. Using the computer science publication database DBLP, we
compile relations between authors and publications as graphs and proceed with
examining and quantifying collaborative relations with graph-based methods. We
review standard properties of the network and rank authors and publications by
centrality. Additionally, we detect communities with modularity-based
clustering and compare the resulting clusters to a ground-truth based on
conferences and thus topical similarity. In a second part, we are the first to
combine DBLP network data with data from the Dagstuhl Seminars: We investigate
whether seminars of this kind, as social and academic events designed to
connect researchers, leave a visible track in the structure of the
collaboration network. Our results suggest that such single events are not
influential enough to change the network structure significantly. However, the
network structure seems to influence a participant's decision to accept or
decline an invitation.Comment: ASONAM 2012: IEEE/ACM International Conference on Advances in Social
Networks Analysis and Minin
Analyzing overlapping communities in networks using link communities
One way to analyze the structure of a network is to identify its communities, groups of related nodes that are more likely to connect to one another than to nodes outside the community. Commonly used algorithms for obtaining a network’s communities rely on clustering of the network’s nodes into a community structure that maximizes an appropriate objective function. However, defining communities as a partition of a network’s nodes, and thus stipulating that each node belongs to exactly one community, precludes the detection of overlapping communities that may exist in the network. Here we show that by defining communities as partition of a network’s links, and thus allowing individual nodes to appear in multiple communities, we can quantify the extent to which each pair of communities in a network overlaps. We define two measures of community overlap and apply them to the community structure of five networks from different disciplines. In every case, we note that there are many pairs of communities that share a significant number of nodes. This highlights a major advantage of using link partitioning, as opposed to node partitioning, when seeking to understand the community structure of a network. We also observe significant differences between overlap statistics in real-world networks as compared with randomly-generated null models. By virtue of their contexts, we expect many naturally-occurring networks to have very densely overlapping communities. Therefore, it is necessary to develop an understanding of how to use community overlap calculations to draw conclusions about the underlying structure of a network
Generalized modularity matrices
Various modularity matrices appeared in the recent literature on network
analysis and algebraic graph theory. Their purpose is to allow writing as
quadratic forms certain combinatorial functions appearing in the framework of
graph clustering problems. In this paper we put in evidence certain common
traits of various modularity matrices and shed light on their spectral
properties that are at the basis of various theoretical results and practical
spectral-type algorithms for community detection
- …