Determining malware infection risk

What is claimed is: 1. A system comprising: one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform operations comprising: receiving data representing aggregate network traffic data as a bipartite graph between nodes representing first entities and nodes representing second entities, wherein each edge of the bipartite graph connects a node representing a respective first entity with a node representing a respective second entity, each edge of the bipartite graph has an edge weight representing a measure of the aggregate network traffic between the entities represented by nodes of the graph connected by the edge, the aggregate network traffic data represents network traffic between the first entities and the second entities, and each of the entities is an entity communicating with one or more other entities on a data communication network; receiving an initial collection of ground truth label values for some of the first entities, some of the second entities, or both, wherein each ground truth label value for an entity indicates that the entity is known to be safe or unsafe, and wherein each ground truth label value is either −r or +r, wherein r is a positive real number; computing a respective initial score for each of the first entities and each of the second entities, each initial score being a non-zero value for a respective entity that has a known ground truth label value indicating that the entity is known to be safe or unsafe or a zero value for entities that do not have a known ground truth label value, each entity with a ground truth value of −r being assigned an initial score of −r/B, and each entity with a ground truth value of +r being assigned an initial score of +r/A, wherein B is a count of how many values of −r were present in the initial collection, and wherein A is a count of how many values of +r were present in the initial collection; iteratively computing a respective final score for each of the first entities and the second entities from the initial scores and the edge weights, the final score indicating malware infection risk of a corresponding entity; identifying, based on the final scores, one or more first entities, one or more second entities, or both, that are likely infected with malware; and reporting the identified one or more first entities or one or more second entities to a user. 2. The system of claim 1 , wherein iteratively computing a respective final score for each entity comprises: for each entity, computing at each iteration a new score for the entity from previously-determined scores for other entities having a connection to the entity in the bipartite graph. 3. The system of claim 1 , wherein iteratively computing a respective final score for each entity comprises: for each entity, computing at each iteration a new score for the entity as a propagation score for the entity from previously-determined scores for other entities having a connection to the entity in the bipartite graph plus the initial score for the entity. 4. The system of claim 3 , the operations further comprising: for each entity, computing the propagation score as a weighted sum of the previously-determined scores, each weight in the weighted sum being a corresponding edge weight from the bipartite graph. 5. The system of claim 1 , the operations further comprising: obtaining network traffic data from transaction logs; and aggregating the network traffic data to generate the aggregate network traffic data. 6. The system of claim 1 , wherein: the first entities are entities within a perimeter of perimeter entities of the data communication network; and the second entities are entities outside the perimeter of perimeter entities of the data communication network. 7. The system of claim 1 , wherein reporting the identified one or more first entities or one or more second entities comprises: displaying multiple final scores in a sorted order, including displaying each of the multiple final score with an identifier of the first entity or the second entity of the final score. 8. The system of claim 7 , the operations further comprising: displaying each of the multiple final scores with an indication of whether the first entity or the second entity of the final score had a known ground truth label value. 9. The system of claim 1 , wherein iteratively computing a respective final score for each entity comprises: iteratively computing new score values x t+1 and y t+1 according to: x t + 1 ⁡ ( i ) = alpha × ( ∑ j ∈ N ⁡ ( i ) ⁢ ( W ⁡ ( i , j ) ∑ k ∈ N ⁡ ( j ) ⁢ W ⁡ ( k , j ) × y t ⁡ ( j )