The goal of this note is to assess whether simple machine-learning algorithms can be used to determine whether and how a given network has been attacked. The procedure is based on the k-Nearest Neighbour and the Random Forest classification schemes, using both intact and attacked Erdos-Renyi, Barabasi-Albert and Watts-Strogatz networks to train the algorithm. The types of attacks we consider here are random failures and maximum-degree or maximum-betweenness node deletion. Each network is characterized by a list of four metrics, namely the normalized reciprocal maximum degree, the global clustering coefficient, the normalized average path length and the degree assortativity: a statistical analysis shows that this list of graph metrics is indeed significantly different in intact or damaged networks. We test the procedure by choosing both artificial and real networks, performing the attacks and applying the classification algorithms to the resulting graphs: the procedure discussed here turns out to be able to distinguish between intact networks and those attacked by the maximum-degree of maximum-betweenness deletions, but cannot detect random failures. Our results suggest that this approach may provide a basis for the analysis and detection of network attacks.
A machine-learning procedure to detect network attacks
Davide Coppes
First
;Paolo CermelliLast
2023-01-01
Abstract
The goal of this note is to assess whether simple machine-learning algorithms can be used to determine whether and how a given network has been attacked. The procedure is based on the k-Nearest Neighbour and the Random Forest classification schemes, using both intact and attacked Erdos-Renyi, Barabasi-Albert and Watts-Strogatz networks to train the algorithm. The types of attacks we consider here are random failures and maximum-degree or maximum-betweenness node deletion. Each network is characterized by a list of four metrics, namely the normalized reciprocal maximum degree, the global clustering coefficient, the normalized average path length and the degree assortativity: a statistical analysis shows that this list of graph metrics is indeed significantly different in intact or damaged networks. We test the procedure by choosing both artificial and real networks, performing the attacks and applying the classification algorithms to the resulting graphs: the procedure discussed here turns out to be able to distinguish between intact networks and those attacked by the maximum-degree of maximum-betweenness deletions, but cannot detect random failures. Our results suggest that this approach may provide a basis for the analysis and detection of network attacks.
| File | Dimensione | Formato | |
|---|---|---|---|
|
2301.06029.pdf
Accesso aperto
Descrizione: preprint
Tipo di file:
PREPRINT (PRIMA BOZZA)
Dimensione
450.07 kB
Formato
Adobe PDF
|
450.07 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
