Community Detection in Cyber Networks

Harsha Vithalrao Deshmukh, Purdue University


Community detection has been widely studied and implemented across various research domains such as social networks, biological networks, neuroscience, and cybersecurity. In the context of cyber networks, it involves identifying the groups of network nodes such that the network connections are dense within the group and are sparser between the groups. Various community detection algorithms can be utilized to detect the underlying community structure of a given network. However, it is crucial to evaluate the quality of the detected communities as there are a number of ways that a particular network may be partitioned into communities, and thus, a quality evaluation metric needs to be used to determine the best partitioning. Modularity is one such measure, and when evaluating the modularity index, researchers have considered null models for graphs with specific structures or characteristics. However, most real-world complex networks as a whole do not exhibit one specific characteristic but instead consist of various identifiable subgraphs that do respectively exhibit particular characteristcs, and accordingly, formulating a null model for these individual subgraphs may improve the modularity value and thereby improve the quality of the partitioning otherwise known as the detected communities. This research investigates the extent to which the modularity value increases when a bipartite subgraph is taken into consideration while performing community detection. This is accomplished by designing and developing an empirical setting that first identifies the presence of a bipartite subgraph and then utilizes it to perform community detection. Our empirical study and results suggest that the quality of the detected communities is enhanced by leveraging the presence of bipartite subnetwork in the given real world complex network. Furthermore, we present the applicability of this research in cybersecurity domain to alleviate the consequences of any worm attack. We can achieve this by employing our technique to obtain a better underlying community structure for identifying the most vulnerable set of nodes in the compromised network.




Springer, Purdue University.

Subject Area

Information Technology

Off-Campus Purdue Users:
To access this dissertation, please log in to our
proxy server