The attached document titled "Assessment of Security Threats via Network Topology Analysis: An Initial

Investigation" by Marcello Trovati, Win Thomas, Quanbin Sun, and Georgios Kontonatsios, presents a
novel approach to cybersecurity threat assessment through the analysis of network topology, with a
focus on botnet behavior. The paper is structured into several sections, including an introduction, related
work, network theory, a description of the proposed method, results, and conclusions with future
research directions.

### Introduction

The introduction highlights the increasing threat of cyber attacks, particularly from botnets, which can
perform a range of malicious activities such as DDoS attacks, spam, and phishing. The authors propose a
method to assess the spread and potential impact of botnets by analyzing the dynamical and statistical
behavior of network topologies. The goal is to improve the understanding and prediction of
cybersecurity issues in computer networks.

### Related Work

In the related work section, the authors review existing technologies and methodologies for detecting
and minimizing security threats. They discuss various approaches, including the use of cloud computing
paradigms like MapReduce for detecting interconnected hosts in botnets, tools like BotGrep for
identifying peer-to-peer communication structures, and Markov chain models for predicting botnet
behavior. However, they note that these approaches have limitations, such as computational expense
and a focus on identification rather than prediction of attacks.

### Network Theory

The network theory section provides a background on the use of networks to model complex systems
across various fields. The authors define networks in terms of nodes and edges and discuss the
properties of scale-free networks, which are characterized by a node degree distribution that follows a
power law. They explain how the topological properties of these networks can influence the spread of
information and potentially lead to predictive capabilities.

### Description of the Method

The authors detail their proposed method for assessing security threats. They focus on the topology and
dynamical properties of networks, defining metrics for the maliciousness of nodes and the probability of
malicious requests between nodes. The method involves analyzing network connection flows,
considering parameters such as time, source, destination, protocol, and length. The authors introduce
equations to calculate the probability of maliciousness and describe algorithms for implementing their
approach.
### Results

In the results section, the authors validate their method using a dataset from the Malware Capture
Facility Project. They preprocess the data with WireShark and define a directed network for analysis. The
degree distribution of the network suggests scale-free properties, and the authors apply their method to
identify malicious requests. They report that their approach successfully identified over 95% of the
malicious requests with a high probability of maliciousness.

### Conclusion and Future Research

The paper concludes by summarizing the findings and noting the potential of the proposed method. The
authors acknowledge the simplicity of their approach and express the intention to extend their research
to analyze the topology of a larger set of communication networks to fully investigate the predictive
properties of their method.

In summary, the document presents an innovative approach to cybersecurity threat assessment by

leveraging network topology analysis. The authors' method shows promise in identifying and predicting
malicious activities within computer networks, particularly those related to botnets. The initial validation
of the method using a real-world dataset indicates its effectiveness, and the authors propose to further
refine and validate their approach in future research.