We formalize the problem of detecting the presence of a botnet in a network as an hypothesis testing problem where we observe a single instance of a graph. The null hypothesis, corresponding to the absence of a botnet, is modeled as a random geometric graph where every vertex is assigned a location on a $d$-dimensional torus and two vertices are connected when their distance is smaller than a certain threshold. The alternative hypothesis is similar, except that there is a small number of vertices, called the botnet, that ignore this geometric structure and simply connect randomly to every other vertex with a prescribed probability. We present two tests that are able to detect the presence of such a botnet. The first test is based on the idea that botnet vertices tend to form large isolated stars that are not present under the null hypothesis. The second test uses the average graph distance, which becomes significantly shorter under the alternative hypothesis. We show that both these tests are asymptotically optimal. However, numerical simulations show that the isolated star test performs significantly better than the average distance test on networks of moderate size. Finally, we construct a robust scheme based on the isolated star test that is also able to identify the vertices in the botnet.
翻译:我们正式确定在网络中检测存在肉毒杆子的问题,将其作为一个假设测试问题,当我们观察一个图形的单一实例时,我们就会看到一个网络中存在肉毒杆子。空假说与没有肉毒杆子相对应,以随机几何图形为模型,其中每个顶点被分配在美元维面图象上的位置,当距离小于某一阈值时,两个顶点相连。替代假说相似,但有少量的螺旋,称为肉毒杆子网,忽略了这个几何结构,而只是随机连接到其他每个有规定概率的顶点。我们提出两个能够检测到这种肉毒网存在的随机几何图案。第一个测试基于一种想法,即肉毒网的脊椎会形成大型孤立的恒星。第二个测试使用平均图形距离,在替代假设下这种距离会大大缩短。我们显示,这两种试验都是微调的最佳方法。但是数字模拟显示,孤立的恒星试验比中度网络的平均距离试验要好得多。最后,我们在恒定的恒定的恒星试验中,我们可以在恒定的轨道上进行一个稳健的试验。
相关内容
微信扫码咨询专知VIP会员