Relational network-service clustering analysis with set evidences

Network administrators are faced with a large amount of network data that they need to sift through to analyze user behaviors and detect anomalies. Through a network monitoring tool, we obtained TCP and UDP connection records together with additional information of the associated users and software in an enterprise network. Instead of using traditional payload inspection techniques, we propose a method that clusters such network traffic data by using relations between entities so that it can be analyzed for frequent behaviors and anomalies. Relational methods like Markov Logic Networks is able to avoid the feature extraction stage and directly handle multi-relation situations. We extend the common pairwise representation in relational models by adopting set evidence to build a better objective for the network service clustering problem. The automatic clustering process helps the administrator filter out normal traffic in shorter time and get an abstract overview of opening transport layer ports in the whole network, which is beneficial for assessing network security risks. Experimental results on synthetic and real datasets suggest that our method is able to discover underlying services and anomalies (malware or abused ports) with good interpretations. © 2010 ACM

Why some clusters succeed whereas others decline ? Modelling the ambivalent stability properties of clusters

The aim of this paper is to study the ambivalent properties of stabilities of clusters. We propose to enter the black box of the local knowledge externalities by focusing on the location decision externalities. In particular, we show that the nature of mimetic strategies in the convergence process of locational choices influence the dynamic stability of clusters. Thus, when uncertainty and search for legitimacy prevail on the need for coordination and the associated necessities of compatibility and technological convergence, the clusters are unstable, due to an excess of cognitive proximity and a risk of unintended spillovers. Nevertheless, this search for legitimacy, through the strategy which consists in following the locational choice of companies leader of a sector, can lead to the fast emergence of a cluster. But without relational proximity, its stability is not insured. These results are obtained following the formulation of some theoretical proposals on the links between location decision externalities and the resulting forms of socioeconomic proximities. This set of proposals is validated firstly by a model of simulation which makes it possible to test the properties of stability of aggregate outcomes of locational choices. Secondly, they are illustrated by a comparative empirical analysis of two main French clusters (Silicon Sentier and Sophia-Antipolis)..clusters, proximities, stability, location under decision externalities, Silicon Sentier, Sophia-Antipolis

Link Prediction in Complex Networks: A Survey

Link prediction in complex networks has attracted increasing attention from both physical and computer science communities. The algorithms can be used to extract missing information, identify spurious interactions, evaluate network evolving mechanisms, and so on. This article summaries recent progress about link prediction algorithms, emphasizing on the contributions from physical perspectives and approaches, such as the random-walk-based methods and the maximum likelihood methods. We also introduce three typical applications: reconstruction of networks, evaluation of network evolving mechanism and classification of partially labelled networks. Finally, we introduce some applications and outline future challenges of link prediction algorithms.Comment: 44 pages, 5 figure

Automated construction and analysis of political networks via open government and media sources

We present a tool to generate real world political networks from user provided lists of politicians and news sites. Additional output includes visualizations, interactive tools and maps that allow a user to better understand the politicians and their surrounding environments as portrayed by the media. As a case study, we construct a comprehensive list of current Texas politicians, select news sites that convey a spectrum of political viewpoints covering Texas politics, and examine the results. We propose a ”Combined” co-occurrence distance metric to better reflect the relationship between two entities. A topic modeling technique is also proposed as a novel, automated way of labeling communities that exist within a politician’s ”extended” network.Peer ReviewedPostprint (author's final draft

Mining Techniques For Invariants In Cloud Computing

The increasing popularity of Software as a Service (SaaS) stresses the need of solutions to predict failures and avoid service interruptions, which invariably result in SLA violations and severe loss of revenue. A promising approach to continuously monitor the correct functioning of the system is to check the execution conformance to a set of invariants, i.e., properties that must hold when the system is deemed to run correctly. This paper proposes a technique to spot a true anomalies by the use of various data mining techniques like clustering, association rule and decision tree algorithms help in finding the hidden and previously unknown information from the database. We assess the techniques in two invariants’ applications, namely executions characterization and anomaly detection, using the metrics of coverage, recall and precision. In this work two real-world datasets have been used - the publicly available Google datacenter dataset and a dataset of a commercial SaaS utility computing platform - for detecting the anomalies

ANTIDS: Self-Organized Ant-based Clustering Model for Intrusion Detection System

Security of computers and the networks that connect them is increasingly becoming of great significance. Computer security is defined as the protection of computing systems against threats to confidentiality, integrity, and availability. There are two types of intruders: the external intruders who are unauthorized users of the machines they attack, and internal intruders, who have permission to access the system with some restrictions. Due to the fact that it is more and more improbable to a system administrator to recognize and manually intervene to stop an attack, there is an increasing recognition that ID systems should have a lot to earn on following its basic principles on the behavior of complex natural systems, namely in what refers to self-organization, allowing for a real distributed and collective perception of this phenomena. With that aim in mind, the present work presents a self-organized ant colony based intrusion detection system (ANTIDS) to detect intrusions in a network infrastructure. The performance is compared among conventional soft computing paradigms like Decision Trees, Support Vector Machines and Linear Genetic Programming to model fast, online and efficient intrusion detection systems.Comment: 13 pages, 3 figures, Swarm Intelligence and Patterns (SIP)- special track at WSTST 2005, Muroran, JAPA

Learning, technological competition and network structure in the aero-engine industry

This paper provides a novel contribution for specifying the role of demand for technological competition. The focus is on the analysis of the mechanisms of technological learning and spillovers occurring in different structures of networks of vertically-related industries. The paper offers a detailed and original empirical analysis of technological competition among suppliers and structure of the network of two vertically related-industries, namely the commercial jet and turboprop aero-engine and aircraft industries. Technological performances of actors are measured through measures of output of the technological activity.-

Getting Into Networks and Clusters: Evidence on the GNSS composite knowledge process in (and from) Midi-Pyrénées

This paper aims to contribute to the empirical identification of clusters by proposing methodological issues based on network analysis. We start with the detection of a composite knowledge process rather than a territorial one stricto sensu. Such a consideration allows us to avoid the overestimation of the role played by geographical proximity between agents, and grasp its ambivalence in knowledge relations. Networks and clusters correspond to the complex aggregation process of bi or n-lateral relations in which agents can play heterogeneous structural roles. Their empirical reconstitution requires thus to gather located relational data, whereas their structural properties analysis requires to compute a set of indexes developed in the field of the social network analysis. Our theoretical considerations are tested in the technological field of GNSS (Global Satellite Navigation Systems). We propose a sample of knowledge relations based on collaborative R&D projects and discuss how this sample is shaped and why we can assume its representativeness. The network we obtain allows us to show how the composite knowledge process gives rise to a structure with a peculiar combination of local and distant relations. Descriptive statistics and structural properties show the influence or the centrality of certain agents in the aggregate structure, and permit to discuss the complementarities between their heterogeneous knowledge profiles. Quantitative results are completed and confirmed by an interpretative discussion based on a run of semi-structured interviews. Concluding remarks provide theoretical feedbacks.Knowledge, Networks, Economic Geography, Cluster, GNSS