Graph analysis of network flow connectivity behaviors

Graph-based approaches have been widely employed to facilitate in analyzing network flow connectivity behaviors, which aim to understand the impacts and patterns of network events. However, existing approaches suffer from lack of connectivity-behavior information and loss of network event identification. In this paper, we propose network flow connectivity graphs (NFCGs) to capture network flow behavior for modeling social behaviors from network entities. Given a set of flows, edges of a NFCG are generated by connecting pairwise hosts who communicate with each other. To preserve more information about network flows, we also embed node-ranking values and edge-weight vectors into the original NFCG. After that, a network flow connectivity behavior analysis framework is present based on NFCGs. The proposed framework consists of three modules: a graph simplification module based on diversified filtering rules, a graph feature analysis module based on quantitative or semiquantitative analysis, and a graph structure analysis module based on several graph mining methods. Furthermore, we evaluate our NFCG-based framework by using real network traffic data. The results show that NFCGs and the proposed framework can not only achieve good performance on network behavior analysis but also exhibit excellent scalability for further algorithmic implementations.

Download Full-text

Review of Network Flow Algorithms David P. Williamson

ACM SIGACT News ◽

10.1145/3457588.3457592 ◽

2021 ◽

Vol 52 (1) ◽

pp. 12-15

Author(s):

S.V. Nagaraj

Keyword(s):

Graduate Students ◽

Real World ◽

Network Flow ◽

Network Flows ◽

Optimization Problems ◽

Capacity Constraints ◽

Incoming Flow ◽

Network Flow Problems ◽

Flow Problems ◽

Real World Problems

This book is on algorithms for network flows. Network flow problems are optimization problems where given a flow network, the aim is to construct a flow that respects the capacity constraints of the edges of the network, so that incoming flow equals the outgoing flow for all vertices of the network except designated vertices known as the source and the sink. Network flow algorithms solve many real-world problems. This book is intended to serve graduate students and as a reference. The book is also available in eBook (ISBN 9781316952894/US$ 32.00), and hardback (ISBN 9781107185890/US$99.99) formats. The book has a companion web site www.networkflowalgs.com where a pre-publication version of the book can be downloaded gratis.

Download Full-text

A multiscale approach to network event identification using geolocated twitter data

Computing ◽

10.1007/s00607-013-0285-5 ◽

2013 ◽

Vol 96 (1) ◽

pp. 3-13 ◽

Cited By ~ 3

Author(s):

Chao Yang ◽

Ian Jensen ◽

Paul Rosen

Keyword(s):

Multiscale Approach ◽

Event Identification ◽

Twitter Data ◽

Network Event

Download Full-text

Minimum cost network flows: Problems, algorithms, and software

Yugoslav journal of operations research ◽

10.2298/yjor121120001s ◽

2013 ◽

Vol 23 (1) ◽

pp. 3-17 ◽

Cited By ~ 24

Author(s):

Angelo Sifaleras

Keyword(s):

Network Flow ◽

Flow Problem ◽

Network Flows ◽

Minimum Cost ◽

Network Flow Problem ◽

Software Packages ◽

Wide Range ◽

Solution Methods ◽

Minimum Cost Network Flow ◽

Algorithmic Approaches

We present a wide range of problems concerning minimum cost network flows, and give an overview of the classic linear single-commodity Minimum Cost Network Flow Problem (MCNFP) and some other closely related problems, either tractable or intractable. We also discuss state-of-the-art algorithmic approaches and recent advances in the solution methods for the MCNFP. Finally, optimization software packages for the MCNFP are presented.

Download Full-text

Enhanced PeerHunter: Detecting Peer-to-Peer Botnets Through Network-Flow Level Community Behavior Analysis

IEEE Transactions on Information Forensics and Security ◽

10.1109/tifs.2018.2881657 ◽

2019 ◽

Vol 14 (6) ◽

pp. 1485-1500 ◽

Cited By ~ 4

Author(s):

Di Zhuang ◽

J. Morris Chang

Keyword(s):

Behavior Analysis ◽

Network Flow ◽

Peer To Peer ◽

Community Behavior

Download Full-text

Flow behavior analysis of Chlorella Vulgaris microalgal biomass

Heliyon ◽

10.1016/j.heliyon.2019.e01845 ◽

2019 ◽

Vol 5 (6) ◽

pp. e01845

Author(s):

Suresh Kumar Yatirajula ◽

Anuj Shrivastava ◽

Vinod Kumar Saxena ◽

Jagadeeshwar Kodavaty

Keyword(s):

Behavior Analysis ◽

Chlorella Vulgaris ◽

Flow Behavior ◽

Microalgal Biomass

Download Full-text

Manufacturing network flows: a generalized network flow model for manufacturing process modelling

Optimization Methods and Software ◽

10.1080/1055678031000152079 ◽

2003 ◽

Vol 18 (2) ◽

pp. 143-165 ◽

Cited By ~ 9

Keyword(s):

Manufacturing Process ◽

Network Flow ◽

Flow Model ◽

Network Flows ◽

Process Modelling ◽

Network Flow Model ◽

Manufacturing Network ◽

Generalized Network Flow

Download Full-text

ARIES: A Novel Multivariate Intrusion Detection System for Smart Grid

Sensors ◽

10.3390/s20185305 ◽

2020 ◽

Vol 20 (18) ◽

pp. 5305

Author(s):

Panagiotis Radoglou Grammatikis ◽

Panagiotis Sarigiannidis ◽

Georgios Efstathopoulos ◽

Emmanouil Panaousis

Keyword(s):

Intrusion Detection ◽

Smart Grid ◽

Intrusion Detection System ◽

Network Flow ◽

Network Flows ◽

Detection System ◽

Random Noise ◽

Denial Of Service ◽

The Third ◽

Operational Data

The advent of the Smart Grid (SG) raises severe cybersecurity risks that can lead to devastating consequences. In this paper, we present a novel anomaly-based Intrusion Detection System (IDS), called ARIES (smArt gRid Intrusion dEtection System), which is capable of protecting efficiently SG communications. ARIES combines three detection layers that are devoted to recognising possible cyberattacks and anomalies against (a) network flows, (b) Modbus/Transmission Control Protocol (TCP) packets and (c) operational data. Each detection layer relies on a Machine Learning (ML) model trained using data originating from a power plant. In particular, the first layer (network flow-based detection) performs a supervised multiclass classification, recognising Denial of Service (DoS), brute force attacks, port scanning attacks and bots. The second layer (packet-based detection) detects possible anomalies related to the Modbus packets, while the third layer (operational data based detection) monitors and identifies anomalies upon operational data (i.e., time series electricity measurements). By emphasising on the third layer, the ARIES Generative Adversarial Network (ARIES GAN) with novel error minimisation functions was developed, considering mainly the reconstruction difference. Moreover, a novel reformed conditional input was suggested, consisting of random noise and the signal features at any given time instance. Based on the evaluation analysis, the proposed GAN network overcomes the efficacy of conventional ML methods in terms of Accuracy and the F1 score.

Download Full-text

Unfolding Spatial-Temporal Patterns of Taxi Trip based on an Improved Network Kernel Density Estimation

ISPRS International Journal of Geo-Information ◽

10.3390/ijgi9110683 ◽

2020 ◽

Vol 9 (11) ◽

pp. 683

Author(s):

Boxi Shen ◽

Xiang Xu ◽

Jun Li ◽

Antonio Plaza ◽

Qunying Huang

Keyword(s):

Land Use ◽

Density Estimation ◽

Kernel Density Estimation ◽

Network Flow ◽

Network Flows ◽

Kernel Density ◽

Temporal Patterns ◽

Flow Patterns ◽

Urban Traffic ◽

Mobility Data

Taxi mobility data plays an important role in understanding urban mobility in the context of urban traffic. Specifically, the taxi is an important part of urban transportation, and taxi trips reflect human behaviors and mobility patterns, allowing us to identify the spatial variety of such patterns. Although taxi trips are generated in the form of network flows, previous works have rarely considered network flow patterns in the analysis of taxi mobility data; Instead, most works focused on point patterns or trip patterns, which may provide an incomplete snapshot. In this work, we propose a novel approach to explore the spatial-temporal patterns of taxi travel by considering point, trip and network flow patterns in a simultaneous fashion. Within this approach, an improved network kernel density estimation (imNKDE) method is first developed to estimate the density of taxi trip pick-up and drop-off points (ODs). Next, the correlation between taxi service activities (i.e., ODs) and land-use is examined. Then, the trip patterns of taxi trips and its corresponding routes are analyzed to reveal the correlation between trips and road structure. Finally, network flow analysis for taxi trip among areas of varying land-use types at different times are performed to discover spatial and temporal taxi trip ODs from a new perspective. A case study in the city of Shenzhen, China, is thoroughly presented and discussed for illustrative purposes.

Download Full-text

Flow Behavior Analysis of Emc in Molded Underfill (Muf) Encapsulation for Multi Flip-Chip Package

Journal of Physics Conference Series ◽

10.1088/1742-6596/1082/1/012015 ◽

2018 ◽

Vol 1082 ◽

pp. 012015

Author(s):

M.A. Azmi ◽

M.K. Abdullah ◽

M.Z. Abdullah ◽

Z.M. Ariff ◽

M.A. Ismail ◽

...

Keyword(s):

Behavior Analysis ◽

Flip Chip ◽

Flow Behavior

Download Full-text

APT attack detection based on flow network analysis techniques using deep learning

Journal of Intelligent & Fuzzy Systems ◽

10.3233/jifs-200694 ◽

2020 ◽

Vol 39 (3) ◽

pp. 4785-4801

Author(s):

Cho Do Xuan ◽

Mai Hoang Dao ◽

Hoa Dinh Nguyen

Keyword(s):

Machine Learning ◽

Deep Learning ◽

Network Analysis ◽

Network Traffic ◽

Network Flow ◽

Network Flows ◽

Attack Detection ◽

Research Network ◽

Learning Models ◽

Flow Network

Advanced Persistent Threat (APT) attacks are a form of malicious, intentionally and clearly targeted attack. This attack technique is growing in both the number of recorded attacks and the extent of its dangers to organizations, businesses and governments. Therefore, the task of detecting and warning APT attacks in the real system is very necessary today. One of the most effective approaches to APT attack detection is to apply machine learning or deep learning to analyze network traffic. There have been a number of studies and recommendations to analyze network traffic into network flows and then combine with some classification or clustering methods to look for signs of APT attacks. In particular, recent studies often apply machine learning algorithms to spot the present of APT attacks based on network flow. In this paper, a new method based on deep learning to detect APT attacks using network flow is proposed. Accordingly, in our research, network traffic is analyzed into IP-based network flows, then the IP information is reconstructed from flow, and finally deep learning models are used to extract features for detecting APT attack IPs from other IPs. Additionally, a combined deep learning model using Bidirectional Long Short-Term Memory (BiLSTM) and Graph Convolutional Networks (GCN) is introduced. The new detection model is evaluated and compared with some traditional machine learning models, i.e. Multi-layer perceptron (MLP) and single GCN models, in the experiments. Experimental results show that BiLSTM-GCN model has the best performance in all evaluation scores. This not only shows that deep learning application on flow network analysis to detect APT attacks is a good decision but also suggests a new direction for network intrusion detection techniques based on deep learning.

Download Full-text