A combined approach for suspicious networks detection in graphs

The recent growth of the social networks of the Internet was followed by the emergence of new forms of threats and vulnerabilities. Users of these social networks sites are not immune to these new challenges. Several studies are devoted to users’ vulnerability in these social networks and their entities. The threat via web 2.0 (soon web 3.0) takes the form of communities of dealers, dormant networks of extremists, organizations and individuals with malicious intent (pedophilia, piracy, hacking, etc.). Social networks have become a large platform for the activities of these groups such as propaganda, recruitment, training, selecting and hitting their targets without crossing any countries borders. All countries are concerned by this potential threat through Web 2.0 and thus the detection of malicious networks on the Internet is a central concern of all state authorities. It is therefore a major objective to detect these malicious networks. In this article we propose to combine anomaly detection with the detection of Familiar Stranger to identify networks that may be vectors of threats (malicious, hidden, dormant networks, etc). In our approach we combine a concept based on the topology and the configuration of the network with a purely sociological concept. Indeed the anomaly detection is devoted to identify individuals whose behaviors (in relation to their interactions with others) are abnormal. Therefore the awareness of these anomalies is crucial because an abnormal behavior is often synonymous with abnormal activity. This is the starting point of our work. Once these anomalies are detected, we propose to explore the network to find the familiar strangers of each of them. At this stage we have a family of nodes, named suspicious nodes, consisting of abnormalities and their respective Familiar Strangers. This family will help us to rebuild a part of the original network including individuals located on the shortest paths connecting suspicious nodes. Our work is a first attempt to build an efficient algorithm to detect suspicious nodes and links in a social network.