System and method to detect attacks on mobile wireless networks based on motif analysis

What is claimed is: 1. A system for detecting attacks on networks, the system comprising: one or more processors and a non-transitory memory having instructions encoded thereon such that when the instructions are executed, the one or more processors perform operations of: detecting and predicting sources of misinformation in a communication network using a hierarchical representation of activity of the communication network; wherein the hierarchical representation comprises a plurality of nodes and temporal patterns of communication between at least one pair of nodes, each temporal pattern representing a motif, having a size, in the hierarchical representation, and wherein changes in motifs provide a signal for a misinformation attack. 2. The system as set forth in claim 1 , wherein the one or more processors further perform an operation of generating a visual representation on a display relating to motifs of interest to identify a misinformation attack. 3. The system as set forth in claim 2 , wherein a misinformation attack is characterized by an over-representation of motifs having a predetermined size. 4. The system as set forth in claim 3 , wherein a size threshold for detection of a misinformation attack is set by learning a maximum frequency of motifs of each size in a normal baseline operation of the communication network. 5. The system as set forth in claim 4 , wherein if a frequency of any motif size surpasses double the maximum frequency, a misinformation attack signal is detected. 6. The system as set forth in claim 5 , wherein the one more processors further perform operations of: introducing a motif attribution measure at each node i of the communication network; and for each node i, defining m i as a frequency of sub-graphs to which it contributes; wherein a m i greater than double the maximum frequency indicates a likelihood that node i is an attacker. 7. The system as set forth in claim 1 , wherein the hierarchical representation comprises a plurality of data tables that describe applications and services running on the communication network and a set of inter-dependencies between the applications and services. 8. A computer-implemented method for detecting attacks on networks, comprising: an act of causing one or more processors to execute instructions stored on a non-transitory memory such that upon execution, the one or more processors perform operations of: detecting and predicting sources of misinformation in a communication network using a hierarchical representation of activity of the communication network; wherein the hierarchical representation comprises a plurality of nodes and temporal patterns of communication between at least one pair of nodes, each temporal pattern representing a motif, having a size, in the hierarchical representation, and wherein changes in motifs provide a signal for a misinformation attack. 9. The method as set forth in claim 8 , wherein the one or more processors further perform an operation of generating a visual representation on a display relating to motifs of interest to identify a misinformation attack. 10. The method as set forth in claim 9 , wherein a misinformation attack is characterized by an over-representation of motifs having a predetermined size. 11. The method as set forth in claim 10 , wherein a size threshold for detection of a misinformation attack is set by learning a maximum frequency of motifs of each size in a normal baseline operation of the communication network. 12. The method as set forth in claim 11 , wherein if a frequency of any motif size surpasses double the maximum frequency, a misinformation attack signal is detected. 13. The method as set forth in claim 12 , wherein the one or more processors further perform operations of: introducing a motif attribution measure at each node i of the communication network; and for each node i, defining m i as a frequency of sub-graphs to which it contributes; wherein a m i greater than double the maximum frequency indicates a likelihood that node i is an attacker. 14. The method as set forth in claim 8 , wherein the hierarchical representation comprises a plurality of data tables that describe applications and services running on the communication network and a set of inter-dependencies between the applications and services. 15. A computer program product for detecting attacks on networks, the computer program product comprising: computer-readable instructions stored on a non-transitory computer-readable medium that are executable by a computer having one or more processors for causing the processor to perform operations of: detecting and predicting sources of misinformation in a communication network using a hierarchical representation of activity of the communication network; wherein the hierarchical representation comprises a plurality of nodes and temporal patterns of communication between at least one pair of nodes, each temporal pattern representing a motif, having a size, in the hierarchical representation, and wherein changes in motifs provide a signal for a misinformation attack. 16. The computer program product as set forth in claim 15 , further comprising instructions for causing the one or more processors to perform an operation of generating a visual representation on a display relating to motifs of interest to identify a misinformation attack. 17. The computer program product as set forth in claim 16 , wherein a misinformation attack is characterized by an over-representation of motifs having a predetermined size. 18. The computer program product as set forth in claim 17 , wherein a size threshold for detection of a misinformation attack is set by learning a maximum frequency of motifs of each size in a normal baseline operation of the communication network. 19. The computer program product as set forth in claim 18 , wherein if a frequency of any motif size surpasses double the maximum frequency, a misinformation attack signal is detected. 20. The computer program product as set forth in claim 19 , further comprising instructions for causing the one or more processors to perform operations of: introducing a motif attribution measure at each node i of the communication network; and for each node i, defining m i as a frequency of sub-graphs to which it contributes; wherein a m i greater than double the maximum frequency indicates a likelihood that node i is an attacker. 21. The computer program product as set forth in claim 15 , wherein the hierarchical representation comprises a plurality of data tables that describe applications and services running on the communication network and a set of inter-dependencies between the applications and services. 22. The system as set forth in claim 1 , wherein upon detection of an attack of misinformation on the communication network, the one or more processors further perform an operation of performing a mitigation action. 23. The system as set forth in claim 22 , wherein the mitigation action comprises isolating an attacking node from the rest of the communication network.