group5: jiayongli,yao lin,hetongli - university of...
TRANSCRIPT
Outline
• Motivation• Data Description• Network Representation• Community Detection• DetectingMalicious Source• Experiment
-Result: Analysis of 1 Day-Result: Analysis of 14 Days
• Conclusion
Motivation
• Hypothesis: Defines intrusion in terms of locationsin social space(wherenormality often has well-understoodproperties).• Bipartite graph: a standard representation ofcommunication patterns in network traffic.• Cut-vertex: Cut a node froma graph.
• Method• Simplerecursivesearch-and-prunestrategy• Greedy!"#$%&'(
!)*$+,-algorithm
• Result• “Dshield sourcearehighlyenrichedamongcut-vertices”• However,morerobustconceptofcut-verticesinsocialnetworkliteratureisneededfordetection
Cut-Vertices
ROC graph(Receiver operatingcharacteristic)
• Illustrate performanceof a binary classifier system• Systemshave various discrimination threshold
ROC graph
• Each curve are the a set of results.
• Curve lays in the upper-left is better than curve laysin lower-right.
• AUC – area under the curve