Deployment of DNIDS in Social Networks

Internet users form social networks as they communicate with each other. Computer worms and viruses exploit these social networks in order to propagate to other users. In this paper we present a new framework aimed at slowing down or even preventing the propagation of computer worms and viruses in social networks. In the first part of the framework a social network has to be derived for a given community of users. In the second part the group of users that have the highest influence on the communication in the social network has to be located. The group betweenness centrality measure is used to evaluate the influence of each candidate group. In the third part we analyze the threat propagation in the social network assuming that a distributed network intrusion detection system (DNIDS) is monitoring the traffic of the group. The analysis is performed using a network simulator that was developed for this purpose. In the fourth part a DNIDS has to be deployed on a range of ISPs in order to monitor and clean the traffic of the users belonging to the central group. We applied the new framework by deriving the social network of 1000 students, finding the most influential group of users, and analyzing the influence of the deployment of DNIDS using a simulation tool. The simulation results demonstrated the framework´s ability to slow down or even prevent the propagation of threats by cleaning the traffic of central group of users.