***** To join INSNA, visit http://www.sfu.ca/~insna/ *****
Dear list members.
Are there any researches or example about how to apply "social network
analysis" to analyze & predict computer intrusion ([virus] or [traffic
anomaly because of DoS] or [port scanning]) spread pattern?
In fact, situation is like this :
1. In flow networks, node = computer, link = virtual network link
(through what packet travels).
2. There are many measures for each node ,for example, in/out bandwidth,
port usage, intrusion state, etc.
3. There are many measures for each link, for example, RTT (round-trip
time), traffic (per port), intrusion state, frequency that link is used in
routing, etc.
4. 2, 3's data is current, and we can accumulate these measures to some
extent.
And problem is this :
1. How fast do [intrusion] or [network traffic jam] spread over network?
Where is the pattern of spread of intrusion?
2. How can we predict speed & direction (intrusion spread-path) &
pattern of spread of intrusion?
My current possible approaches are [Markov Chain Modeling] and [Friedkin's
Influence Modeling].
We can simulate network's dynamics using two modeling. (But these are not
formal. I have only dim thought. How can I elaborate this dim thought?)
Are there any advices (about my current approach & another approach)?
I'm waiting your good insights. Thank you for any reply.
Best regards. -
Se Kwon, Kim
_________________________________________________________________
º¸´Ù ºü¸£°í º¸±â ÆíÇÑ ´º½º. ¿À´ÃÀÇ ÈÁ¦´Â MSN ´º½º¿¡¼ È®ÀÎÇϼ¼¿ä.
http://www.msn.co.kr/news/
_____________________________________________________________________
SOCNET is a service of INSNA, the professional association for social
network researchers (http://www.sfu.ca/~insna/). To unsubscribe, send
an email message to [log in to unmask] containing the line
UNSUBSCRIBE SOCNET in the body of the message.
|