Ying Xuan

Adaptive algorithms for detecting community structure in dynamic social networks

Social networks exhibit a very special property: community structure. Understanding the network community structure is of great advantages. It not only provides helpful information in developing more social-aware strategies for social network problems but also promises a wide range of applications enabled by mobile networking, such as routings in Mobile Ad Hoc Networks (MANETs) and worm containments in cellular networks. Unfortunately, understanding this structure is very challenging, especially in dynamic social networks where social activities and interactions are evolving rapidly. Can we quickly and efficiently identify the network community structure? Can we adaptively update the network structure based on previously known information instead of recomputing from scratch? In this paper, we present Quick Community Adaptation (QCA), an adaptive modularity-based method for identifying and tracing community structure of dynamic online social networks. Our approach has not only the power of quickly and efficiently updating network communities, through a series of changes, by only using the structures identified from previous network snapshots, but also the ability of tracing the evolution of community structure over time. To illustrate the effectiveness of our algorithm, we extensively test QCA on real-world dynamic social networks including ENRON email network, arXiv e-print citation network and Facebook network. Finally, we demonstrate the bright applicability of our algorithm via a realistic application on routing strategies in MANETs. The comparative results reveal that social-aware routing strategies employing QCA as a community detection core outperform current available methods.

On new approaches of assessing network vulnerability: hardness and approximation

Society relies heavily on its networked physical infrastructure and information systems. Accurately assessing the vulnerability of these systems against disruptive events is vital for planning and risk management. Existing approaches to vulnerability assessments of large-scale systems mainly focus on investigating inhomogeneous properties of the underlying graph elements. These measures and the associated heuristic solutions are limited in evaluating the vulnerability of large-scale network topologies. Furthermore, these approaches often fail to provide performance guarantees of the proposed solutions. In this paper, we propose a vulnerability measure, pairwise connectivity, and use it to formulate network vulnerability assessment as a graph-theoretical optimization problem, referred to as -disruptor. The objective is to identify the minimum set of critical network elements, namely nodes and edges, whose removal results in a specific degradation of the network global pairwise connectivity. We prove the NP-completeness and inapproximability of this problem and propose an pseudo-approximation algorithm to computing the set of critical nodes and an pseudo-approximation algorithm for computing the set of critical edges. The results of an extensive simulation-based experiment show the feasibility of our proposed vulnerability assessment framework and the efficiency of the proposed approximation algorithms in comparison to other approaches.

On Approximation of New Optimization Methods for Assessing Network Vulnerability

Assessing network vulnerability before potential disruptive events such as natural disasters or malicious attacks is vital for network planning and risk management. It enables us to seek and safeguard against most destructive scenarios in which the overall network connectivity falls dramatically. Existing vulnerability assessments mainly focus on investigating the inhomogeneous properties of graph elements, node degree for example, however, these measures and the corresponding heuristic solutions can provide neither an accurate evaluation over general network topologies, nor performance guarantees to large scale networks. To this end, in this paper, we investigate a measure called pairwise connectivity and formulate this vulnerability assessment problem as a new graph-theoretical optimization problem called β-disruptor, which aims to discover the set of critical node/edges, whose removal results in the maximum decline of the global pairwise connectivity. Our results consist of the NP-Completeness and inapproximability proof of this problem, an O(log n loglog n) pseudo-approximation algorithm for detecting the set of critical nodes and an O(log^1.5 n) pseudo-approximation algorithm for detecting the set of critical edges. In addition, we devise an efficient heuristic algorithm and validate the performance of the our model and algorithms through extensive simulations.

Towards social-aware routing in dynamic communication networks

Many communication networks such as Mobile Ad Hoc Networks (MANETs) involve in human interactions and exhibit properties of social networks. Hence, it is interesting to see how knowledge from social networks can be used to enhance the communication processes. We focus on the use of identifying modular structure in social networks to improve the efficiency of routing strategies. Since nodes mobility in a network often alters its modular structure and requires recomputing of modules from scratch, updating the modules is the main bottleneck in current social-aware routing strategies where nodes often have limited processing speed. Towards real-time routing strategies, we develop an adaptive method to efficiently update modules in a dynamic network in which a novel compact representation of the network is used to significantly reduces the network size while preserving essential network structure.

Detecting Application Denial-of-Service Attacks: A Group-Testing-Based Approach

Application DoS attack, which aims at disrupting application service rather than depleting the network resource, has emerged as a larger threat to network services, compared to the classic DoS attack. Owing to its high similarity to legitimate traffic and much lower launching overhead than classic DDoS attack, this new assault type cannot be efficiently detected or prevented by existing detection solutions. To identify application DoS attack, we propose a novel group testing (GT)-based approach deployed on back-end servers, which not only offers a theoretical method to obtain short detection delay and low false positive/negative rate, but also provides an underlying framework against general network attacks. More specifically, we first extend classic GT model with size constraints for practice purposes, then redistribute the client service requests to multiple virtual servers embedded within each back-end server machine, according to specific testing matrices. Based on this framework, we propose a two-mode detection mechanism using some dynamic thresholds to efficiently identify the attackers. The focus of this work lies in the detection algorithms proposed and the corresponding theoretical complexity analysis. We also provide preliminary simulation results regarding the efficiency and practicability of this new scheme. Further discussions over implementation issues and performance enhancements are also appended to show its great potentials.

On the discovery of critical links and nodes for assessing network vulnerability

The assessment of network vulnerability is of great importance in the presence of unexpected disruptive events or adversarial attacks targeting on critical network links and nodes. In this paper, we study Critical Link Disruptor (CLD) and Critical Node Disruptor (CND) optimization problems to identify critical links and nodes in a network whose removals maximally destroy the networks functions. We provide a comprehensive complexity analysis of CLD and CND on general graphs and show that they still remain NP-complete even on unit disk graphs and power-law graphs. Furthermore, the CND problem is shown NP-hard to be approximated within Ω([(n-k)/(nε)] ) on general graphs with n vertices and k critical nodes. Despite the intractability of these problems, we propose HILPR, a novel LP-based rounding algorithm, for efficiently solving CLD and CND problems in a timely manner. The effectiveness of our solutions is validated on various synthetic and real-world networks.

A novel method for worm containment on dynamic social networks

With the introduction of the World Wide Web and online social networks, people now have sought ways to socialize and make new friends online over a greater distance. Popular social network sites such as Facebook, Twitter and Bebo have witnessed rapid increases in space and the number of online users over a short period of time. However, alongside with these fast expands comes the threat of malicious softwares such as viruses, worms or false information propagation. In this paper, we propose a novel adaptive method for containing worm propagation on dynamic social networks. Our approach first takes into account the network community structure and adaptively keeps it updated as the social network evolves, and then contains worm propagation by distributing patches to most influential users selected from the network communities. To evaluate the performance of our approach we test it on Facebook network dataset [17] and compare the infection rates on several cases with the recent social-based method introduced in [21]. Experimental results show that our approach not only performs faster but also achieves lower infection rates than the social-based method on dynamic social networks.

Reactive jamming attacks in multi-radio wireless sensor networks: an efficient mitigating measure by identifying trigger nodes

There exist many studies against reactive jamming attacks, however, these methods, i.e. frequency hopping or channel surfing, require excessive computational capabilities on wireless devices which are serious side effects in wireless sensor networks. To avoid the problems in existing methods, we propose a novel approach against reactive jamming attacks by identifying the trigger nodes, whose transmissions activate any reactive jammers. The identification of these trigger nodes can help us (i) carefully design a better routing protocol by switching these nodes into only receivers to avoid activating jammers and (ii) locate the jammers based on the trigger nodes, thus providing an alternative mechanism against reactive jamming attacks. In this paper, we provide an efficient method to identify the trigger nodes by utilizing the group testing techniques and minimum collection of disjoint disk covers to reduce the message and computational overhead. The theoretical analysis and experimental results show that our solution performs extremely well in terms of time and message complexities, which in turn provides a good approach to defend reactive jamming attacks.

A Trigger Identification Service for Defending Reactive Jammers in WSN

During the last decade, Reactive Jamming Attack has emerged as a great security threat to wireless sensor networks, due to its mass destruction to legitimate sensor communications and difficulty to be disclosed and defended. Considering the specific characteristics of reactive jammer nodes, a new scheme to deactivate them by efficiently identifying all trigger nodes, whose transmissions invoke the jammer nodes, has been proposed and developed. Such a trigger-identification procedure can work as an application-layer service and benefit many existing reactive-jamming defending schemes. In this paper, on the one hand, we leverage several optimization problems to provide a complete trigger-identification service framework for unreliable wireless sensor networks. On the other hand, we provide an improved algorithm with regard to two sophisticated jamming models, in order to enhance its robustness for various network scenarios. Theoretical analysis and simulation results are included to validate the performance of this framework.

On Detection of Malicious Users Using Group Testing Techniques

Despite decades of research, there have not been developed concrete defense solutions for most of current attacks to Internet services, let alone new attack types. An essential problem to overcome is that malicious traffic can be similar to legitimate ones. Thus a more fundamental model which should be based on the overall performance of servers/subnets without inspecting each traffic must be remedied. Based on this observation, we propose a novel system framework, called detection of malicious users (DMU) which attempts to solve various attack types. Motivated by DMU, we introduce a new theoretical model, called size constraint group testing (SCGT). Several algorithms based on SCGT for various networking scenarios are proposed. We also provide several fundamental results on SCGT, revealing some necessary conditions to obtain an O(1) detection time algorithm.