Detection of malicious user communities in data networks
Date
2011-04-04T20:16:58Z
Authors
Moghaddam, Amir
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Malicious users in data networks may form social interactions to create communities in abnormal fashions that deviate from the communication standards of a network. As a community, these users may perform many illegal tasks such as spamming, denial-of-service attacks, spreading confidential information, or sharing illegal contents. They may use different methods to evade existing security systems such as session splicing, polymorphic shell code, changing port numbers, and basic string manipulation. One way to masquerade the traffic is by changing the data rate patterns or use very low (trickle) data rates for communication purposes, the latter is focus of this research. Network administrators consider these communities of users as a serious threat.
In this research, we propose a framework that not only detects the abnormal data rate patterns in a stream of traffic by
using a type of neural network, Self-organizing Maps (SOM), but also
detect and reveal the community structure of these users for further
decisions. Through a set of comprehensive simulations, it is shown in this research that the suggested framework is able to detect these malicious user communities with a low false negative rate and false positive rate.
We further discuss ways of improving the performance of the neural network by studying the size of SOM's.
Description
Keywords
Malicious users, Self organizing maps, Community detection, Network security, Neural networks, Network data management, Peer-to-peer network communications