NetProtect: Network Perturbations to Protect Nodes against Entry-Point Attack

Ricky Laishram, Pegah Hozhabrierdi, Jeremy Wendt, Sucheta Soundarajan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In many network applications, it may be desirable to conceal certain target nodes from detection by a data collector, who is using a crawling algorithm to explore a network. For example, in a computer network, the network administrator may wish to protect those computers (target nodes) with sensitive information from discovery by a hacker who has exploited vulnerable machines and entered the network. These networks are often protected by hiding the machines (nodes) from external access, and allow only fixed entry points into the system (protection against external attacks). However, in this protection scheme, once one of the entry points is breached, the safety of all internal machines is jeopardized (i.e., the external attack turns into an internal attack). In this paper, we view this problem from the perspective of the data protector. We propose the Node Protection Problem: given a network with known entry points, which edges should be removed/added so as to protect as many target nodes from the data collector as possible? A trivial way to solve this problem would be to simply disconnect either the entry points or the target nodes - but that would make the network non-functional. Accordingly, we impose certain constraints: for each node, only (1 - r) fraction of its edges can be removed, and the resulting network must not be disconnected. We propose two novel scoring mechanisms - the Frequent Path Score and the Shortest Path Score. Using these scores, we propose NetProtect, an algorithm that selects edges to be removed or added so as to best impede the progress of the data collector. We show experimentally that NetProtect outperforms baseline node protection algorithms across several real-world networks. In some datasets, With 1% of the edges removed by NetProtect, we found that the data collector requires up to 6 (4) times the budget compared to the next best baseline in order to discover 5 (50) nodes.

Original languageEnglish (US)
Title of host publicationWebSci 2021 - Proceedings of the 13th ACM Web Science Conference
PublisherAssociation for Computing Machinery
Pages93-101
Number of pages9
ISBN (Electronic)9781450383301
DOIs
StatePublished - Jun 21 2021
Event13th ACM Web Science Conference, WebSci 2021 - Virtual, Online, United Kingdom
Duration: Jun 21 2021Jun 25 2021

Publication series

NameACM International Conference Proceeding Series

Conference

Conference13th ACM Web Science Conference, WebSci 2021
Country/TerritoryUnited Kingdom
CityVirtual, Online
Period6/21/216/25/21

Keywords

  • adversary
  • graph
  • network
  • perturbation

ASJC Scopus subject areas

  • Human-Computer Interaction
  • Computer Networks and Communications
  • Computer Vision and Pattern Recognition
  • Software

Fingerprint

Dive into the research topics of 'NetProtect: Network Perturbations to Protect Nodes against Entry-Point Attack'. Together they form a unique fingerprint.

Cite this