Incremental Anomaly Detection in Graphs

Author

Eberle, William ; Holder, Lawrence

Author_Institution

Dept. of Comput. Sci., Tennessee Technol. Univ., Cookeville, TN, USA

fYear

2013

fDate

7-10 Dec. 2013

Firstpage

521

Lastpage

528

Abstract

The advantage of graph-based anomaly detection is that the relationships between elements can be analyzed for structural oddities that could represent activities such as fraud, network intrusions, or suspicious associations in a social network. However, current approaches to detecting anomalies in graphs are computationally expensive and do not scale to large graphs. For instance, in the case of computer network traffic, a graph representation of the traffic might consist of nodes representing computers and edges representing communications between the corresponding computers. However, computer network traffic is typically voluminous, or acquired in real-time as a stream of information. In this work, we describe methods for graph-based anomaly detection via graph partitioning and windowing, and demonstrate their ability to efficiently detect anomalies in data represented as a graph.

Keywords

data mining; graph theory; computer network traffic; edge representing communications; fraud; graph mining; graph partitioning; graph representation; graph-based anomaly detection; incremental anomaly detection; network intrusions; social network; structural oddities; windowing; Buildings; Computers; Image edge detection; Internet; Scalability; Telecommunication traffic; Anomaly detection; dynamic graphs; graph mining;

fLanguage

English

Publisher

ieee

Conference_Titel

Data Mining Workshops (ICDMW), 2013 IEEE 13th International Conference on

Conference_Location

Dallas, TX

Print_ISBN

978-1-4799-3143-9

Type

conf

DOI

10.1109/ICDMW.2013.93

Filename

6753965