Group5: JiayongLi, Yao Lin, Hetong Li

Outline

• Motivation• Data Description• Network Representation• Community Detection• DetectingMalicious Source• Experiment

-Result: Analysis of 1 Day-Result: Analysis of 14 Days

• Conclusion

Motivation

• Hypothesis: Defines intrusion in terms of locationsin social space(wherenormality often has well-understoodproperties).• Bipartite graph: a standard representation ofcommunication patterns in network traffic.• Cut-vertex: Cut a node froma graph.

Motivation

• Method• Simplerecursivesearch-and-prunestrategy• Greedy!"#$%&'(

!)*$+,-algorithm

• Result• “Dshield sourcearehighlyenrichedamongcut-vertices”• However,morerobustconceptofcut-verticesinsocialnetworkliteratureisneededfordetection

Cut-Vertices

ROC graph(Receiver operatingcharacteristic)

• Illustrate performanceof a binary classifier system• Systemshave various discrimination threshold

ROC graph

• Each curve are the a set of results.

• Curve lays in the upper-left is better than curve laysin lower-right.

• AUC – area under the curve