Catch Me If You Can: Detecting Compromised Users Through Partial Observation on Networks

People are suffering from a range of risks in the ubiquitous networks of current world, such as rumours spreading in social networks, computer viruses propagating throughout the Internet and unexpected failures happened in Smart grids. We usually monitor only a few users of detecting various risks due to the resource constraints and privacy protection. This leads to a critical problem to detect compromised users who are out of surveillance. In this paper, we propose a risk assessment method to address this problem. The aim is to assess the security status of unmonitored users according to the limited information collected from monitored users in networks. There are two innovative techniques developed: First, we identify the source of risk propagation by inversely disseminating risks from the influenced (by rumours) or infected (by viruses) monitored users. We show a new finding that the ones who synchronously receive the risk copies from all monitored users are most likely to be the sources. Second, we propose a microscopic mathematical model to present the risk propagation from the exposed sources. This model forms a discriminant to classify the compromised users from others. For evaluations, we collect three real networks on which we launch simulated risk propagation and then sample the status of monitored users. The experiment results show that our method is effective and the result of risk assessment well matches the real status of the unmonitored users.

[1]  Devavrat Shah,et al.  Rumors in a Network: Who's the Culprit? , 2009, IEEE Transactions on Information Theory.

[2]  Guanhua Yan,et al.  Malware propagation in online social networks: nature, dynamics, and defense implications , 2011, ASIACCS '11.

[3]  Weibo Gong,et al.  Modeling and Simulation Study of the Propagation and Defense of Internet Email Worm , 2006 .

[4]  Chee Wei Tan,et al.  Rumor source detection with multiple observations: fundamental limits and algorithms , 2014, SIGMETRICS '14.

[5]  Jun Zhang,et al.  Modeling Propagation Dynamics of Social Network Worms , 2013, IEEE Transactions on Parallel and Distributed Systems.

[6]  Sujay Sanghavi,et al.  Learning the graph of epidemic cascades , 2012, SIGMETRICS '12.

[7]  Walter Willinger,et al.  The (In)Completeness of the Observed Internet AS-level Structure , 2010, IEEE/ACM Transactions on Networking.

[8]  Duncan J. Watts,et al.  Collective dynamics of ‘small-world’ networks , 1998, Nature.

[9]  Hamid Sharif,et al.  A Survey on Smart Grid Communication Infrastructures: Motivations, Requirements and Challenges , 2013, IEEE Communications Surveys & Tutorials.

[10]  Jon M. Kleinberg,et al.  The structure of information pathways in a social communication network , 2008, KDD.

[11]  Chuanyi Ji,et al.  Spatial-temporal modeling of malware propagation in networks , 2005, IEEE Transactions on Neural Networks.

[12]  Wuqiong Luo,et al.  Identifying Infection Sources and Regions in Large Networks , 2012, IEEE Transactions on Signal Processing.

[13]  Duncan J. Watts,et al.  Everyone's an influencer: quantifying influence on twitter , 2011, WSDM '11.

[14]  Mark Newman,et al.  Networks: An Introduction , 2010 .

[15]  Yang Xiang,et al.  Modeling the Propagation of Worms in Networks: A Survey , 2014, IEEE Communications Surveys & Tutorials.

[16]  Mahmoud Fouz,et al.  Why rumors spread so quickly in social networks , 2012, Commun. ACM.

[17]  Krishna P. Gummadi,et al.  On the evolution of user interaction in Facebook , 2009, WOSN '09.

[18]  Donald F. Towsley,et al.  Modeling and Simulation Study of the Propagation and Defense of Internet E-mail Worms , 2007, IEEE Transactions on Dependable and Secure Computing.

[19]  Kenneth H. Rosen Discrete mathematics and its applications , 1984 .