Dynamic Link Anomaly Analysis for Network Security Management

Tao Zhang, Qi Liao

Research output: Contribution to journalArticlepeer-review

4 Scopus citations


Network management is challenging due to ever increasing complexity and dynamics of network interactions. While many changes in networks are normal, some changes are not. One of the daily tasks of network administrators is to identify and analyze these abnormal changes that are hard to find by traditional security mechanisms (IDS, firewall, anti-virus, etc.). This research conducts dynamic network analysis (DNA) and presents practical methodologies of data stream mining based dynamic link anomaly analysis (DLAA) using novel sliding time window structures and network analytics metrics. DLAA employs spatiotemporal link analysis to detect anomalies from dynamic network graphs. We formally define the network link anomaly types and use key link-structure similarity metrics and time-weighted functions to model the dynamics of topological changes. The methodology is generic in that it does not require additional information from nodes or links but only the topology itself. The DLAA framework consists of three algorithmic components including sliding time window, link scoring and link anomaly detection algorithms. Through experimental study on publicly available dataset, we demonstrate that the proposed DLAA framework has the capability to construct effective knowledge structures for measuring the security levels of large scale dynamic networks, and to provide insight for generalized DNA in network security domain.

Original languageEnglish
Pages (from-to)600-624
Number of pages25
JournalJournal of Network and Systems Management
Issue number3
StatePublished - Jul 15 2019


  • Dynamic network analysis
  • Graph mining
  • Link anomaly
  • Network security management


Dive into the research topics of 'Dynamic Link Anomaly Analysis for Network Security Management'. Together they form a unique fingerprint.

Cite this