TY - GEN
T1 - Efficient anomaly detection in dynamic, attributed graphs
T2 - 11th IEEE International Conference on Intelligence and Security Informatics, IEEE ISI 2013
AU - Miller, Benjamin A.
AU - Arcolano, Nicholas
AU - Bliss, Nadya
PY - 2013/9/9
Y1 - 2013/9/9
N2 - When working with large-scale network data, the interconnected entities often have additional descriptive information. This additional metadata may provide insight that can be exploited for detection of anomalous events. In this paper, we use a generalized linear model for random attributed graphs to model connection probabilities using vertex metadata. For a class of such models, we show that an approximation to the exact model yields an exploitable structure in the edge probabilities, allowing for efficient scaling of a spectral framework for anomaly detection through analysis of graph residuals, and a fast and simple procedure for estimating the model parameters. In simulation, we demonstrate that taking into account both attributes and dynamics in this analysis has a much more significant impact on the detection of an emerging anomaly than accounting for either dynamics or attributes alone. We also present an analysis of a large, dynamic citation graph, demonstrating that taking additional document metadata into account emphasizes parts of the graph that would not be considered significant otherwise.
AB - When working with large-scale network data, the interconnected entities often have additional descriptive information. This additional metadata may provide insight that can be exploited for detection of anomalous events. In this paper, we use a generalized linear model for random attributed graphs to model connection probabilities using vertex metadata. For a class of such models, we show that an approximation to the exact model yields an exploitable structure in the edge probabilities, allowing for efficient scaling of a spectral framework for anomaly detection through analysis of graph residuals, and a fast and simple procedure for estimating the model parameters. In simulation, we demonstrate that taking into account both attributes and dynamics in this analysis has a much more significant impact on the detection of an emerging anomaly than accounting for either dynamics or attributes alone. We also present an analysis of a large, dynamic citation graph, demonstrating that taking additional document metadata into account emphasizes parts of the graph that would not be considered significant otherwise.
KW - Subgraph detection
KW - attributed graph modeling
KW - generalized linear models
KW - network modularity
KW - signal detection theory
UR - http://www.scopus.com/inward/record.url?scp=84883390816&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84883390816&partnerID=8YFLogxK
U2 - 10.1109/ISI.2013.6578815
DO - 10.1109/ISI.2013.6578815
M3 - Conference contribution
AN - SCOPUS:84883390816
SN - 9781467362115
T3 - IEEE ISI 2013 - 2013 IEEE International Conference on Intelligence and Security Informatics: Big Data, Emergent Threats, and Decision-Making in Security Informatics
SP - 179
EP - 184
BT - IEEE ISI 2013 - 2013 IEEE International Conference on Intelligence and Security Informatics
Y2 - 4 June 2013 through 7 June 2013
ER -