The current large-scale network abnormal event consists of several complex security events which imply inherent social relations, such as groupment and controllability. Perception and response of malicious network incidents is the important task of network security management. The previous network monitoring and detection mechanisms neglect the potential of social relations in these malicious network behaviors. However, the network behavior is the mapping of the social behavior in essence. This paper proposes a novel network group behavior model based on trust through exploring the behavior similarity. This model establishes the trust relationship between the nodes of the network using the network communication topology. Then we use relevant trust concept which is used to increase the trust value between two weak correlation nodes. Based on the network trust matrix, we modify the spectral clustering algorithm to analyze the evolution of the network group anomalous behaviors. Finally, the experiment results show that, our model could detect anomalous behaviors such as denial of service attacks, worm propagations and botnet. Moreover, the classification accuracy of our model is better than the bipartite graph.

• 出版日期2014-1