Malicious attack propagation and source identification

This book covers and makes four major contributions: 1) analyzing and surveying the pros and cons of current approaches for identifying rumor sources on complex networks; 2) proposing a novel approach to identify rumor sources in time-varying networks; 3) developing a fast approach to identify multiple rumor sources; 4) proposing a community-based method to overcome the scalability issue in this research area. These contributions enable rumor source identification to be applied effectively in real-world networks, and eventually diminish rumor damages, which the authors rigorously illustrate in this book. In the modern world, the ubiquity of networks has made us vulnerable to various risks. For instance, viruses propagate throughout the Internet and infect millions of computers. Misinformation spreads incredibly fast in online social networks, such as Facebook and Twitter. Infectious diseases, such as SARS, H1N1 or Ebola, have spread geographically and killed hundreds of thousands people. In essence, all of these situations can be modeled as a rumor spreading through a network, where the goal is to find the source of the rumor so as to control and prevent network risks. So far, extensive work has been done to develop new approaches to effectively identify rumor sources. However, current approaches still suffer from critical weaknesses. The most serious one is the complex spatiotemporal diffusion process of rumors in time-varying networks, which is the bottleneck of current approaches. The second problem lies in the expensively computational complexity of identifying multiple rumor sources. The third important issue is the huge scale of the underlying networks, which makes it difficult to develop efficient strategies to quickly and accurately identify rumor sources. These weaknesses prevent rumor source identification from being applied in a broader range of real-world applications. This book aims to analyze and address these issues to make rumor source identification more effective and applicable in the real world. The authors propose a novel reverse dissemination strategy to narrow down the scale of suspicious sources, which dramatically promotes the efficiency of their method. The authors then develop a Maximum-likelihood estimator, which can pin point the true source from the suspects with high accuracy. For the scalability issue in rumor source identification, the authors explore sensor techniques and develop a community structure based method. Then the authors take the advantage of the linear correlation between rumor spreading time and infection distance, and develop a fast method to locate the rumor diffusion source. Theoretical analysis proves the efficiency of the proposed method, and the experiment results verify the significant advantages of the proposed method in large-scale networks. This book targets graduate and post-graduate students studying computer science and networking. Researchers and professionals working in network security, propagation models and other related topics, will also be interested in this book.

1. Introduction 1.1. Malicious Attacks and Examples 1.2. Propagation of Malicious Attacks 1.3. Source Identification of Malicious Attacks 1.4. Outline and Book Overview 2. Preliminary of Modeling Malicious Attacks and Source Identification 2.1. Complex Network Representation 2.1.1. Network Generating Models 2.1.2. Evaluating the Importance of Nodes 2.1.3. Structural Features of Complex Networks 2.2. Epidemic Diffusion Models 2.2.1. Differential Equation Based Models 2.2.2. Difference Equation Based Models 2.3. Epidemic Tracing Back Techniques 2.3.1. Minimum Spanning Tree Based Approaches 2.3.2. Sample Path Based Approaches 2.3.3. Bayesian Belief Based Approaches 3. Observation Categories of Malicious Attacks in Cyber Networks 3.1. Complete Observation 3.2. Snapshot Observation 3.2.1. Infection Status Partially Revealed 3.2.2. Undistinguishable Statuses Involved 3.2.3. Partial Nodes' Status Available 3.3. Sensor Observation 4. Source Identification Based on Complete Observations 4.1. "Rumor Center" Based Approaches 4.1.1. Single Rumor Center 4.1.2. Multiple Rumor Centers 4.1.3. Local Rumor Centers 4.2. Eigen Vector Based Approaches 4.2.1. Dynamic Age 4.2.2. Minimum Description Length 4.3. Summary on Complete Observation Based Approaches 5. Source Identification Based on Snapshots 5.1. Jorden Center Based Approaches 5.1.1. Jorden Center With SIR Model 5.1.2. Jorden Center With SI Model 5.1.3. Jorden Center With SIS Model 5.2. Message Passing Based Approach 5.2.1. Dynamic Message Passing 5.3. Concentricity Based Approach 5.3.1. Effective Distance 5.4. Summary on Snapshot Based Approaches 6. Source Identification Based on Sensor Observation 6.1. Statistical Based Approaches 6.1.1. Bayesian Belief Propagation 6.1.2. Gaussian Estimator 6.1.3. Moon Walk 6.2. Greedy Rule Based Approaches 6.2.1. Monte Carlo Method 6.2.2. Four-Metric Method 6.3. Summary on Sensor Observation Based Approaches 7. Malicious Attack Source Identification in Time-varying Networks 7.1. Introduction 7.2. Time-Varying Networks 7.2.1. Time-varying Topology 7.2.2. Security States of Individual Nodes 7.2.3. Observations on Time-varying Social Networks 7.3. Narrowing Down the Suspects 7.3.1. Reverse Dissemination Method 7.3.2. Performance Evaluation 7.4. Determining the Real Source 7.4.1. Maximum-likelihood (ML) Based Method Monte Carlo Method 7.4.2. Propagation Model 7.5. Evaluation 7.5.1. Accuracy of Malicious Attack Source Identification 7.5.2. Effectiveness Justification 7.6. Summary 8. Identifying Multiple Malicious Attack Sources 8.1. Introduction 8.2. Preliminaries 8.2.1. Epidemic Model 8.2.2. Effective Distance 8.3. Problem Formulation 8.4. K-center Method 8.4.1. Network Partition with Multiple Sources 8.4.2. Identifying Diffusion Sources and Regions 8.4.3. Predicting Spreading Time 8.4.4. Unknown Number of Diffusion Sources 8.5. Evaluation 8.5.1. Accuracy of Identifying Malicious Attack Sources 8.5.2. Estimation of Source Number and Spreading Time 8.5.3. Effectiveness Justification 8.6. Summary 9. Identifying Malicious Attack Sources in Large-scale Networks 9.1. Introduction 9.2. Community Structure 9.3. Proposed Method 9.3.1. Assigning Sensors 9.3.2. Community Structure Based Approach 9.3.3. Computational Complexity 9.4. Evaluation 9.4.1. Identifying Malicious Attack Sources in Large Networks 9.4.2. Influence of the Average Community Size 9.4.3. Effectiveness Justification 9.5. Comparison with Current Methods 9.5.1. Results on Four Relatively Small Networks 9.5.2. Current Methods of Sensor Selection 9.5.3. Experiment Results 9.6. Summary 10. Future Directions and Conclusion 10.1. Source Identification in Continuous Time-varying Networks 10.2. Identifying Multiple Attacks of the Same Type 10.3. Source Identification in Interconnected Networks 10.4. Conclusion References