Monitoring Stealthy Diffusion

Starting with the seminal work by Kempe et al., a broad variety of problems, such as targeted marketing and the spread of viruses and malware, have been modeled as selecting a subset of nodes to maximize diffusion through a network. In cyber-security applications, however, a key consideration largely ignored in this literature is stealth. In particular, an attacker often has a specific target in mind, but succeeds only if the target is reached (e.g., by malware) before the malicious payload is detected and corresponding countermeasures deployed. The dual side of this problem is deployment of a limited number of monitoring units, such as cyber-forensics specialists, so as to limit the likelihood of such targeted and stealthy diffusion processes reaching their intended targets. We investigate the problem of optimal monitoring of targeted stealthy diffusion processes, and show that a number of natural variants of this problem are NP-hard to approximate. On the positive side, we show that if stealthy diffusion starts from randomly selected nodes, the defender's objective is submodular, and a fast greedy algorithm has provable approximation guarantees. In addition, we present approximation algorithms for the setting in which an attacker optimally responds to the placement of monitoring nodes by adaptively selecting the starting nodes for the diffusion process. Our experimental results show that the proposed algorithms are highly effective and scalable.

[1]  Alan M. Frieze,et al.  Random graphs , 2006, SODA '06.

[2]  Shishir Bharathi,et al.  Competitive Influence Maximization in Social Networks , 2007, WINE.

[3]  P. Van Mieghem,et al.  Virus Spread in Networks , 2009, IEEE/ACM Transactions on Networking.

[4]  Andreas Krause,et al.  Selecting Observations against Adversarial Objectives , 2007, NIPS.

[5]  Allan Borodin,et al.  Threshold Models for Competitive Influence in Social Networks , 2010, WINE.

[6]  Sampath Kannan,et al.  Randomized Pursuit-Evasion with Local Visibility , 2006, SIAM J. Discret. Math..

[7]  Paul Erdös,et al.  On random graphs, I , 1959 .

[8]  Elchanan Mossel,et al.  Submodularity of Influence in Social Networks: From Local to Global , 2010, SIAM J. Comput..

[9]  Matthew Richardson,et al.  Mining knowledge-sharing sites for viral marketing , 2002, KDD.

[10]  Milind Tambe,et al.  Security Games for Controlling Contagion , 2012, AAAI.

[11]  M. L. Fisher,et al.  An analysis of approximations for maximizing submodular set functions—I , 1978, Math. Program..

[12]  Milind Tambe,et al.  Bayesian Security Games for Controlling Contagion , 2013, 2013 International Conference on Social Computing.

[13]  Micah Adler,et al.  Randomized Pursuit-Evasion in Graphs , 2002, Combinatorics, Probability and Computing.

[14]  Marc Lelarge,et al.  Economics of malware: Epidemic risks model, network externalities and incentives , 2009, 2009 47th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[15]  Wei Chen,et al.  Scalable influence maximization for prevalent viral marketing in large-scale social networks , 2010, KDD.

[16]  Donald F. Towsley,et al.  Code red worm propagation modeling and analysis , 2002, CCS '02.

[17]  Albert,et al.  Emergence of scaling in random networks , 1999, Science.

[18]  Éva Tardos,et al.  Influential Nodes in a Diffusion Model for Social Networks , 2005, ICALP.

[19]  Wei Chen,et al.  Influence Blocking Maximization in Social Networks under the Competitive Linear Threshold Model , 2011, SDM.

[20]  Matthew Richardson,et al.  Mining the network value of customers , 2001, KDD '01.

[21]  Frank M. Bass,et al.  A New Product Growth for Model Consumer Durables , 2004, Manag. Sci..

[22]  Sampath Kannan,et al.  Randomized Pursuit-Evasion in a , 2005 .

[23]  Éva Tardos,et al.  Maximizing the Spread of Influence through a Social Network , 2015, Theory Comput..

[24]  Milind Tambe,et al.  Optimal Allocation of Police Patrol Resources Using a Continuous-Time Crime Model , 2016, GameSec.

[25]  David Steurer,et al.  Analytical approach to parallel repetition , 2013, STOC.

[26]  Jure Leskovec,et al.  Modeling Information Diffusion in Implicit Networks , 2010, 2010 IEEE International Conference on Data Mining.

[27]  Radha Poovendran,et al.  Maximizing Influence in Competitive Environments: A Game-Theoretic Approach , 2011, GameSec.

[28]  Jon Kleinberg,et al.  Maximizing the spread of influence through a social network , 2003, KDD '03.

[29]  Donald F. Towsley,et al.  The effect of network topology on the spread of epidemics , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[30]  David S. Johnson,et al.  Approximation algorithms for combinatorial problems , 1973, STOC.

[31]  Piet Van Mieghem,et al.  Protecting Against Network Infections: A Game Theoretic Perspective , 2009, IEEE INFOCOM 2009.

[32]  Yevgeniy Vorobeychik,et al.  Securing interdependent assets , 2012, Autonomous Agents and Multi-Agent Systems.