Catch me if you can: detecting compromised users through partial observation on networks

© 2017 IEEE. People are suffering from a range of risks in the ubiquitous networks of current world, such as rumours spreading in social networks, computer viruses propagating throughout the Internet and unexpected failures happened in Smart grids. We usually monitor only a few users of detecting various risks due to the resource constraints and privacy protection. This leads to a critical problem to detect compromised users who are out of surveillance. In this paper, we propose a risk assessment method to address this problem. The aim is to assess the security status of unmonitored users according to the limited information collected from monitored users in networks. There are two innovative techniques developed: First, we identify the source of risk propagation by inversely disseminating risks from the influenced (by rumours) or infected (by viruses) monitored users. We show a new finding that the ones who synchronously receive the risk copies from all monitored users are most likely to be the sources. Second, we propose a microscopic mathematical model to present the risk propagation from the exposed sources. This model forms a discriminant to classify the compromised users from others. For evaluations, we collect three real networks on which we launch simulated risk propagation and then sample the status of monitored users. The experiment results show that our method is effective and the result of risk assessment well matches the real status of the unmonitored users.