Functional networks: from brain dynamics to information systems security. David Papo

Similar documents
A Hierarchial Model for Visual Perception

Algorithms and Applications in Social Networks. 2017/2018, Semester B Slava Novgorodov

Properties of Biological Networks

Effect of age and dementia on topology of brain functional networks. Paul McCarthy, Luba Benuskova, Liz Franz University of Otago, New Zealand

International Journal of Research in Advent Technology, Vol.7, No.3, March 2019 E-ISSN: Available online at

SELF-HEALING NETWORKS: REDUNDANCY AND STRUCTURE

An Exploratory Journey Into Network Analysis A Gentle Introduction to Network Science and Graph Visualization

What is a network? Network Analysis

Networks in economics and finance. Lecture 1 - Measuring networks

A Hybrid Approach for Misbehavior Detection in Wireless Ad-Hoc Networks

CTI Capability Maturity Model Marco Lourenco

Improving the Efficiency of Fast Using Semantic Similarity Algorithm

Different attack manifestations Network packets OS calls Audit records Application logs Different types of intrusion detection Host vs network IT

An Introduction to Complex Systems Science

Real-Time Model-Free Detection of Low-Quality Synchrophasor Data

Basics of Network Analysis

BUBBLE RAP: Social-Based Forwarding in Delay-Tolerant Networks

Performance Analysis of A Feed-Forward Artifical Neural Network With Small-World Topology

User Signature Identification and Image Pixel Pattern Verification

Image Classification Using Wavelet Coefficients in Low-pass Bands

Relative Constraints as Features

R. R. Badre Associate Professor Department of Computer Engineering MIT Academy of Engineering, Pune, Maharashtra, India

Sampling Large Graphs for Anticipatory Analysis

Climate Precipitation Prediction by Neural Network

CS-E5740. Complex Networks. Network analysis: key measures and characteristics

A new predictive image compression scheme using histogram analysis and pattern matching

Locating ego-centers in depth for hippocampal place cells

Anomaly Detection in Communication Networks

Data Sources for Cyber Security Research

Scalable Experimental Network of Excitable Boolean Nodes

Cyber attack detection using decision tree approach

Available Online through

Detect Cyber Threats with Securonix Proxy Traffic Analyzer

ENERGY-EFFICIENT TRUST SYSTEM THROUGH WATCHDOG OPTIMIZATION

Flexibility and Robustness of Hierarchical Fuzzy Signature Structures with Perturbed Input Data

City, University of London Institutional Repository

A Hybrid Communication Architecture for Internet of Things (IOT) Application in Smart Grid

Response Network Emerging from Simple Perturbation

Handling Multi Objectives of with Multi Objective Dynamic Particle Swarm Optimization

A Comparative Study of SVM Kernel Functions Based on Polynomial Coefficients and V-Transform Coefficients

Performance Degradation Assessment and Fault Diagnosis of Bearing Based on EMD and PCA-SOM

Second Session (only if there should still be places available after the first one)

A Network Intrusion Detection System Architecture Based on Snort and. Computational Intelligence

Mass Classification Method in Mammogram Using Fuzzy K-Nearest Neighbour Equality

Fuzzy Intrusion Detection

Community detection. Leonid E. Zhukov

Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis

Anomaly Detection on Data Streams with High Dimensional Data Environment

Multivariate Correlation Analysis based detection of DOS with Tracebacking

A Naïve Soft Computing based Approach for Gene Expression Data Analysis

Salient Region Detection and Segmentation in Images using Dynamic Mode Decomposition

Contextual Co-occurrence Information for Object Representation and Categorization

Behavioral Analysis for Intrusion Resilience. Ahmed Fawaz Dec 6, 2016

Resource Usage Monitoring for Web Systems Using Real-time Statistical Analysis of Log Data

Deep Tensor: Eliciting New Insights from Graph Data that Express Relationships between People and Things

Video Syntax Analysis

European Network on New Sensing Technologies for Air Pollution Control and Environmental Sustainability - EuNetAir COST Action TD1105

The Gene Modular Detection of Random Boolean Networks by Dynamic Characteristics Analysis

Gene Clustering & Classification

DDoS Attack Detection Using Moment in Statistics with Discriminant Analysis

A graph theoretical approach for a multistep mapping software for the FACETS project

Image Segmentation Techniques for Object-Based Coding

Neuromorphic Hardware. Adrita Arefin & Abdulaziz Alorifi

Stability Assessment of Electric Power Systems using Growing Neural Gas and Self-Organizing Maps

Graph Theory. Graph Theory. COURSE: Introduction to Biological Networks. Euler s Solution LECTURE 1: INTRODUCTION TO NETWORKS.

Applying Supervised Learning

Efficient Image Compression of Medical Images Using the Wavelet Transform and Fuzzy c-means Clustering on Regions of Interest.

Introduction to ANSYS DesignXplorer

A Novel Technique for Finding Influential Nodes

CHAPTER 5 ANT-FUZZY META HEURISTIC GENETIC SENSOR NETWORK SYSTEM FOR MULTI - SINK AGGREGATED DATA TRANSMISSION

COMPUTER FORENSICS (CFRS)

NETWORK FAULT DETECTION - A CASE FOR DATA MINING

Machine Learning in Biology

Pattern Mining in Frequent Dynamic Subgraphs

International Journal of Data Mining & Knowledge Management Process (IJDKP) Vol.7, No.3, May Dr.Zakea Il-Agure and Mr.Hicham Noureddine Itani

Level-By-Level Offset Based Wake up Pattern with Hybrid Data Gathering Protocol in a WSN

ANALYSIS AND EVALUATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS IDENTIFICATION METHODS

Comparative analysis of data mining methods for predicting credit default probabilities in a retail bank portfolio

Color-Based Classification of Natural Rock Images Using Classifier Combinations

Online Bad Data Detection for Synchrophasor Systems via Spatio-temporal Correlations

Big Data Challenges in Large IP Networks

ALTERNATIVES TO BETWEENNESS CENTRALITY: A MEASURE OF CORRELATION COEFFICIENT

This shows a typical architecture that enterprises use to secure their networks: The network is divided into a number of segments Firewalls restrict

Introductory Concepts for Voxel-Based Statistical Analysis

AUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID

Extracting Information from Complex Networks

Link-Based Wormhole Detection in Wireless Sensor Networks

An Efficient Scheme for Detecting Malicious Nodes in Mobile ad Hoc Networks

Structural Analysis of Paper Citation and Co-Authorship Networks using Network Analysis Techniques

Failure in Complex Social Networks

C. Poultney S. Cho pra (NYU Courant Institute) Y. LeCun

Nick Hamilton Institute for Molecular Bioscience. Essential Graph Theory for Biologists. Image: Matt Moores, The Visible Cell

Intelligent Network Management Using Graph Differential Anomaly Visualization Qi Liao

Sparse Models in Image Understanding And Computer Vision

UMOBILE ACM ICN 2017 Tutorial Opportunistic wireless aspects in NDN

Image Inpainting Using Sparsity of the Transform Domain

Evolutionary Algorithm Approaches for Detecting Computer Network Intrusion (Extended Abstract)

FCA-based Search for Duplicate objects in Ontologies

Variable Selection 6.783, Biomedical Decision Support

Introduction to Data Mining

Transcription:

Functional networks: from brain dynamics to information systems security David Papo URJC, Móstoles, 31 October 2014

Goal To illustrate the motivation for a functional network representation in information systems security. 2

Outline 1) Networks in neuroscience: potential and methods 2) Mini introduction to networks 3) Network theory and Information systems security issues: some suggestions 3

Networks in the brain 4

Some facts about the brain Circuitry: ~ 10 11 neurons (~ 10 4 synapses/neuron) ~ 150.000 km of cables 10 5 neurons, 10 8 synapses, 4 km of axons (diameter: ~ 0.3 µm) per mm 3 Theoretical band-pass ~ 1 terabit/s (~ total internet capacity 2002) Storage capacity: 10 12 bytes Computation rate: 3.6 X 10 15 synaptic operations Computational efficiency: 10 15 synaptic operations/joule Energy consumption: ~ 2% total body weight ~ 15% cardiac output ~ 20% total oxygen consumption ~ 25% total glucose consumption ~ 50% energy is used to send signals (axons &synapses) How does the brain cope with the energetic problem? 5

Appropriate design Component miniaturisation Elimination of superfluous signals Sparse information codes Distribution in space and time Multiscale-ness 6

The brain in action Brain activity consists of transient spatio-temporal patterns of correlated activity Even at rest, this activity is non random Contains structure both in space and in time: neuronal assemblies form at all spatial scales and with non-trivial temporal patterns Observed function results from the renormalization of activity at all these scales Patterns seen during task-induced activation are already present in spontaneous activity Understanding the effect of perturbations without perturbing the system 7

Statistical Mechanics approach ~ 10 11 neurons (~ 10 4 synapses) ~ 150.000 km of cables 1 mm 3 of rat cortex contains: 10 5 neurons 10 8 synapses 4 km of axons Theoretical band-pass ~ 1 terabit/s (~ total internet capacity 2002) Anatomical network Physical cables Dynamical network Information packets Complex networks representation Statistical mechanics approach Observable macroscopic properties emerge as a result of the interactions of a huge number of microscopic particles (The characteristics of each particle are not important) 8

Describing systems as complex networks Network set of nodes connected by links Graph theory set of mathematical tools allowing a quantitative characterization of a system at many spatial and temporal scales From: R.V. Solé and S. Valverde Lecture Notes in Physics, 60, 189, 2004 Read more at: Boccaletti et al., Phys. Rep., (2006) 9

A fleeting foray into complex network theory 10

What s a network? Network: Set of labeled nodes and links uniting them 2 3 1 Adjacency matrix: The matrix of entries a(i,j)=1 if there is a link between node i and j a(i,j)=0 otherwise 5 0 1 0 0 0 1 0 1 0 1 0 1 0 1 1 0 0 1 0 1 0 1 1 1 0 4 11

Degree distribution Degree if node i: Number of links of node i k i j a ij Network: 1 Degree distribution: P(k): how many nodes have degree k 2 3 3 2 5 4 1 0 1 2 3 12 P(k)

Clustering coefficient Local clustering coefficient C i # of closed triangles k i (k i 1)/2 Network 1 Clustering coefficient of nodes 2,3 2 3 C 2 1 3 5 4 C 3 2 3 13

Shortest distance The shortest distance between two nodes is the minimal number of links than a path must hop to go from the source to the destination 2 1 3 The shortest distance between node 4 and node 1 is 3 between node 3 and node 1 is 2 5 4 14

Communities Dolphins social network High-school dating networks A community is a set of nodes with a similar connectivity pattern. S. Fortunato Phys. Rep. 2010 15

Protein-protein networks Social networks

Extraction of sector information in financial markets Minimal-Spanning-Trees Planar maximally filtered graphs NYSE daily returns USA equity market 1995-98 Bonanno et al. (2003) Tumminello et al. (2007) 17

Community structure Communities More links inside than outside 18

Community structure There is no absolute definition of community, only a relative one. A network has a community structure if it is more ordered than a random version of it (null model). Null model: class of random networks with the same degree sequence of the original one. There are many algorithms for community detection. 19

A new paradigm for brain function A new paradigm for brain function From few degrees of freedom to statistical mechanics Micro, meso and macroscopic scales (N.B. scales are relative) Emergence of function Network topological properties at all scales rather than specific node s ones From important parts to general organizing principles Nodes and node centrality Global properties: SW, scale-free; assortativity (but at what scales?); core-periphery Mesoscale properties: motifs, community structure Relationships across scales: hierarchical structure; self-similarity, self-dissimilarity 21

A new paradigm for brain function From structure to dynamics to function Anatomical vs dynamical networks Anatomy structure; dynamics function The brain as a biophysical object Observed activity as the result of an evolutionary process :Morphospaces Efficiency and costs e.g. SW: high efficiency for low wiring costs Robustness and Adaptativity E.g. modularity Characterizing brain disease and cognitive function Anatomical networks, Resting state, Task-activated dynamical networks Relationships between them? Healthy brains vs. psychiatric/neurological diseases 22

Detecting alerts: the case of epilepsy Seizure etiology and propagation Abnormal pattern of synchronization across brain regions Focal, multifocal, extended support Spatio-temporal nature of seizure propagation Plurality of predictors [behavioural, neurophysiological] Are they related to each other? } Seizure detection (retroactive or in real time) Spiking activity even in normal brains Seizure prediction (proactive) Nonlinear correlations Sensitivity vs. Specificity 23

Building networks from experimental data Define the network nodes. Estimate a metric of association between nodes. Generate an association matrix and apply a threshold to each element adjacency matrix or undirected graph. Calculate network parameters of interest (compare to population of random networks). 24

Building Networks Eguiluz et al. (2005) 25

Functional networks as correlation 17 12 7 1 2 3 4 5 6 7 8 9 22 17 12 7 1 2 3 4 5 6 7 8 9 22 17 12 7 1 2 3 4 5 6 7 8 9

Functional networks as causality 12 10 8 6 4 2 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 12 10 8 6 4 2 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 27

Networks and Security 28

Credit card fraud Detecting clusters of similar users Peer group analysis: system that allows identifying accounts that are behaving differently from others at one moment in time whereas they were behaving the same previously. Normal behavior Suspected fraud Bolton, R. J., & Hand, D. J. (2001). Unsupervised profiling methods for fraud detection. Credit Scoring and Credit Control VII, 235-255. 29

Credit card fraud Detecting clusters of similar users Problem: Complexity of defining similarity Why functional networks? Great flexibility in the type of co-occurrence Relationships can be non-linear 30

Credit card fraud Detecting clusters of similar users Problem: Why functional networks? Difficulty in detecting groups of users Sub-networks are not complete: A may be similar to B, B to C, but A and C may be different Detecting meso-scales and communities in real data sets Serrà, J., Zanin, M., Herrera, P., & Serra, X. (2012). Characterization and exploitation of community structure in cover song networks. Pattern Recognition Letters, 33 (9), 1032-1041. 31

Credit card fraud Detecting clusters of similar users Problem: Why functional networks? Changes in groups. For instance, a student that starts working thus changing his/her habits Meso-scale goes beyond a single group Analysis of time-varying networks 32

Credit card fraud Detecting clusters of similar stores Similarly to peer group analysis, it is possible to detect groups of similar stores. Problems: Store name is not fully identifying, as a single entity may use different names Low volume stores may not have the same risk as their peer group The solution: content analysis using functional networks Stores are connected when realizing similar transactions in similar volumes Use of text mining to complement low-level numerical information Possible use of multi-layer structures Detecting and measuring risk with predictive models using content mining US 7376618 33 B1

Credit card fraud Forecasting legal transactions Why analyzing transactions, when they can be forecasted? Detect patterns in the use of credit card, to forecast a legal transaction before its realization Similar to recommender systems in on-line stores Zanin, M., Cano, P., Buldú, J. M., & Celma, O. (2008, January). Complex networks in recommendation systems. In Proc. 2nd WSEAS Int. Conf. on Computer Engineering and Applications, Acapulco, Mexico. Lü, L., Medo, M., Yeung, C. H., Zhang, Y. C., Zhang, Z. K., & Zhou, T. (2012). Recommender systems. Physics Reports, 519(1), 34 1-49.

Network security Spatio-temporal correlations Attacks to a network are usually distributed among its nodes. Moreover, attacks against a network may also involve multiple steps: evidence is typically distributed over time as well. Computer networks as dynamical systems Events as observables of their dynamics Jiang, G., & Cybenko, G. (2004, June). Temporal and spatial distributed event correlation for network security. In American Control Conference, 2004. Proceedings of the 2004 (Vol. 2, pp. 996-1001). 35 IEEE.

High-level semantic Low-level data Network security Spatio-temporal correlations Types of observables: Firewall warning Intrusion Detection System (IDS) alerts Software log files Internet and Ethernet communications Users and programs activity CPU and memory load 36

Network security Spatio-temporal correlations Major problem: High number of false alarms Reconstruct the topological space of true alarms Pairwise connected when they co-occur in a real attack Nodes represent alarms 37

Network security Advantages: Spatio-temporal correlations 1. Strengthens the diagnosis 2. Reduces the overall number of alarms 3. Improves the content of the alarms Morin, B., & Debar, H. (2003, January). Correlation of intrusion symptoms: an application of chronicles. In Recent Advances in Intrusion Detection (pp. 94-112). Springer Berlin Heidelberg. 38

Network security Spatio-temporal correlations What about causality? Reconstruct functional networks based on causality relations between alerts Cascade effect Cascade effect Root alert 39

Network security Advantages: Spatio-temporal correlations 1. Post-event analysis of attacks 2. Identification of root alarms, i.e. those acting at the beginning of the attack 3. Identification of redundant alarms Lee, W., & Qin, X. (2005). Statistical causality analysis of INFOSEC alert data. In Managing Cyber Threats (pp. 101-127). Springer 40 US.

Network security Spatio-temporal correlations Alternative solution: Monitoring the appearance of some standard attack patterns Pattern 1 Pattern 2 Pattern n 41

Network security Major problem: Spatio-temporal correlations The system is reactive, in that the same (or very similar) patterns should have appeared in the past Pattern matching cannot work under unknown conditions! 42

Network security Spatio-temporal correlations Problem: Reactive vs. proactive system Why functional networks? Detect variations from a normal (base-line) network The red node is not expected to be central Security alert 43

Conclusions Substantial similarities between issues encountered when studying normal and pathological brain activity on the one hand, and information systems security on the other hand. Functional networks (and the tools of graph analysis and complex network theory) can be used to tackle some of these common problems 44

45

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback