Abstract
A broad variety of problems, such as targeted marketing and the spread of viruses and malware, have been modeled as maximizing the reach of diffusion through a network. In cyber-security applications, however, a key consideration largely ignored in this literature is stealth. In particular, an attacker who has a specific target in mind succeeds only if the target is reached before the malicious payload is detected and corresponding countermeasures deployed. The dual side of this problem is deployment of a limited number of monitoring units, such as cyber-forensics specialists, to limit the success of such targeted and stealthy diffusion processes. We investigate the problem of optimal monitoring of targeted stealthy diffusion processes. While natural variants of this problem are NP-hard, we show that if stealthy diffusion starts from randomly selected nodes, the defender’s objective is submodular and can be approximately optimized. In addition, we present approximation algorithms for the setting where the choice of the starting point is adversarial. We further extend our results to settings where the diffusion starts at multiple-seed nodes simultaneously, and where there is an inherent delay in detecting the infection. Our experimental results show that the proposed algorithms are highly effective and scalable.
Similar content being viewed by others
Notes
This goal is actually meaningless in the RIC model if a graph is connected, since all nodes will eventually be infected.
Proof of Theorem 7 formalizes this argument for a more general optimization problem discussed in the future section.
The software and dataset used for these experiments are available at http://aronlaszka.com/data/haghtalab2015monitoring.zip.
References
Adler M, Räcke H, Sivadasan N, Sohler C, Vöcking B (2003) Randomized pursuit-evasion in graphs. Comb Probab Comput 12(03):225–244
Barabási A-L, Albert R (1999) Emergence of scaling in random networks. Science 286(5439):509–512
Bass FM (1969) A new product growth for model consumer durables. Manag Sci 15(5):215–227
Bharathi S, Kempe D, Salek M (2007) Competitive influence maximization in social networks. In: Proceedings of the 3rd conference on web and internet economics (WINE), pp 306–311
Borodin A, Filmus Y, Oren J (2010) Threshold models for competitive influence in social networks. In: Proceedings of the 6th conference on web and internet economics (WINE), pp 539–550
Chen W, Wang C, Wang Y (2010) Scalable influence maximization for prevalent viral marketing in large-scale social networks. In: Proceedings of the 16th international conference on knowledge discovery and data mining (KDD). ACM, pp 1029–1038
Clark A, Poovendran R (2011) Maximizing influence in competitive environments: A game-theoretic approach. In: Proceedings of the 2nd conference on decision and game theory for security (GameSec), pp 151–162
Dinur I, Steurer D (2014) Analytical approach to parallel repetition. In: Proceedings of the 46th annual ACM symposium on theory of computing (STOC). ACM, pp 624–633
Domingos P, Richardson M (2001) Mining the network value of customers. In: Proceedings of the 7th international conference on knowledge discovery and data mining (KDD). ACM, pp 57–66
Erdős P, Rényi A (1959) On random graphs I. Publ Math 6:290–297
Ganesh A, Massoulié L, Towsley D (2005) The effect of network topology on the spread of epidemics. In: Proceedings of the 24th annual IEEE joint conference of the IEEE computer and communications societies, vol 2. IEEE, pp 1455–1466
Haghtalab N, Laszka A, Procaccia AD, Vorobeychik Y, Koutsoukos X (2015) Monitoring stealthy diffusion. In: Proceedings of the 15th IEEE international conference on data mining (ICDM), pp 151–160
He X, Song G, Chen W, Jiang Q (2012) Influence blocking maximization in social networks under the competitive linear threshold model. In: Proceedings of the 12th IEEE international conference on data mining (ICDM), pp 463–474
Isler V, Kannan S, Khanna S (2006) Randomized pursuit-evasion with local visibility. SIAM J Discrete Math 20(1):26–41
Johnson DS (1973) Approximation algorithms for combinatorial problems. In: Proceedings of the 5th annual ACM symposium on theory of computing (STOC). ACM, pp 38–49
Kaspersky Labs’ Global Research & Analysis Team (2012) Gauss: abnormal distribution. https://securelist.com/analysis/36620/gauss-abnormal-distribution/. Accessed 30 May 2015
Kelley MB (2013) The Stuxnet attack on Iran’s nuclear plant was ‘far more dangerous’ than previously thought’, Business Insider. http://www.businessinsider.com/stuxnet-was-far-more-dangerous-than-previous-thought-2013-11. Accessed 30 May 2015
Kempe D, Kleinberg J, Tardos E (2003) Maximizing the spread of influence through a social network. In: Proceedings of the 9th international conference on knowledge discovery and data mining (KDD). ACM, pp 137–146
Kempe D, Kleinberg J, Tardos E (2005) Influential nodes in a diffusion model for social networks, In: Proceedings of the international colloquium on automata, languages and programming (ICALP). Springer, pp 1127–1138
Krause A, McMahan B, Guestrin C, Gupta A (2007) Selecting observations against adversarial objectives. In: Proceedings of the 21st annual conference on neural information processing systems (NIPS), pp 777–784
Lelarge M (2009) Economics of malware: epidemic risks model, network externalities and incentives. In: Proceedings of the 47th annual Allerton conference on communication, control, and computing (Allerton), pp 1353–1360
Mossel E, Roch S (2007) On the submodularity of influence in social networks. In: Proceedings of the 39th annual ACM symposium on theory of computing (STOC). ACM, pp 128–134
Mukhopadhyay A, Zhang C, Vorobeychik Y, Tambe M, Pence K, Speer P (2016) Optimal allocation of police patrol resources using a continuous-time crime model, In: Proceedings of the 7th conference on decision and game theory for security (GameSec). Springer, pp 139–158
Nemhauser GL, Wolsey LA, Fisher ML (1978) An analysis of approximations for maximizing submodular set functions. Math Program 14(1):265–294
Omic J, Orda A, Van Mieghem P (2009) Protecting against network infections: A game theoretic perspective. In: Proceedings of the 28th IEEE conference on computer communications (INFOCOM), pp 1485–1493
Parsons TD (1978) Pursuit-evasion in a graph. In: Theory and applications of graphs. Springer, pp 426–441
Richardson M, Domingos P (2002) Mining knowledge-sharing sites for viral marketing. In: Proceedings of the 8th international conference on knowledge discovery and data mining (KDD). ACM, pp 61–70
Tsai J, Nguyen TH, Tambe M (2012) Security games for controlling contagion. In: Proceedings of the 26th AAAI conference on artificial intelligence (AAAI), pp 1464–1470
Tsai J, Qian Y, Vorobeychik Y, Kiekintveld C, Tambe M (2013) Bayesian security games for controlling contagion. In: Proceedings of the 2013 ASE/IEEE international conference on social computing (SocialCom), pp 33–38
Van Mieghem P, Omic J, Kooij R (2009) Virus spread in networks. IEEE/ACM Trans Netw 17(1):1–14
Vorobeychik Y, Letchford J (2015) Securing interdependent assets. J Auton Agents Multiagent Syst 29(2):305–333
Yang J, Leskovec J (2010) Modeling information diffusion in implicit networks. In: Proceedings of the 10th IEEE international conference on data mining (ICDM). IEEE, pp 599–608
Zou CC, Gong W, Towsley D (2002) Code Red worm propagation modeling and analysis. In: Proceedings of the 9th ACM conference on computer and communications security (CCS), pp 138–147
Acknowledgements
We thank the anonymous reviewers for their helpful comments on the conference version of this paper. This work was supported in part by the National Science Foundation (CNS-1238959, CCF-1215883, IIS-1350598, IIS-1526860, and CCF-1525932), National Institute of Standards and Technology (70NANB13H169), Air Force Research Laboratory (FA8750-14-2-0180), Office of Naval Research (N00014-15-1-2621), Army Research Office (W911NF-16-1-0069), a Sloan Research Fellowship, an IBM Ph.D. Fellowship, and a Microsoft Research Ph.D. Fellowship.
Author information
Authors and Affiliations
Corresponding author
Additional information
The preliminary version of this work appeared in the Proceedings of the 15th IEEE International Conference on Data Mining [12].
Rights and permissions
About this article
Cite this article
Haghtalab, N., Laszka, A., Procaccia, A.D. et al. Monitoring stealthy diffusion. Knowl Inf Syst 52, 657–685 (2017). https://doi.org/10.1007/s10115-017-1023-7
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10115-017-1023-7