Efficient anomaly detection in dynamic, attributed graphs

Emerging phenomena and big data

Benjamin A. Miller, Nicholas Arcolano, Nadya Bliss

Research output: Chapter in Book/Report/Conference proceedingConference contribution

27 Citations (Scopus)

Abstract

When working with large-scale network data, the interconnected entities often have additional descriptive information. This additional metadata may provide insight that can be exploited for detection of anomalous events. In this paper, we use a generalized linear model for random attributed graphs to model connection probabilities using vertex metadata. For a class of such models, we show that an approximation to the exact model yields an exploitable structure in the edge probabilities, allowing for efficient scaling of a spectral framework for anomaly detection through analysis of graph residuals, and a fast and simple procedure for estimating the model parameters. In simulation, we demonstrate that taking into account both attributes and dynamics in this analysis has a much more significant impact on the detection of an emerging anomaly than accounting for either dynamics or attributes alone. We also present an analysis of a large, dynamic citation graph, demonstrating that taking additional document metadata into account emphasizes parts of the graph that would not be considered significant otherwise.

Original languageEnglish (US)
Title of host publicationIEEE ISI 2013 - 2013 IEEE International Conference on Intelligence and Security Informatics: Big Data, Emergent Threats, and Decision-Making in Security Informatics
Pages179-184
Number of pages6
DOIs
StatePublished - 2013
Event11th IEEE International Conference on Intelligence and Security Informatics, IEEE ISI 2013 - Seattle, WA, United States
Duration: Jun 4 2013Jun 7 2013

Other

Other11th IEEE International Conference on Intelligence and Security Informatics, IEEE ISI 2013
CountryUnited States
CitySeattle, WA
Period6/4/136/7/13

Fingerprint

Metadata
Big data

Keywords

  • attributed graph modeling
  • generalized linear models
  • network modularity
  • signal detection theory
  • Subgraph detection

ASJC Scopus subject areas

  • Artificial Intelligence
  • Information Systems

Cite this

Miller, B. A., Arcolano, N., & Bliss, N. (2013). Efficient anomaly detection in dynamic, attributed graphs: Emerging phenomena and big data. In IEEE ISI 2013 - 2013 IEEE International Conference on Intelligence and Security Informatics: Big Data, Emergent Threats, and Decision-Making in Security Informatics (pp. 179-184). [6578815] https://doi.org/10.1109/ISI.2013.6578815

Efficient anomaly detection in dynamic, attributed graphs : Emerging phenomena and big data. / Miller, Benjamin A.; Arcolano, Nicholas; Bliss, Nadya.

IEEE ISI 2013 - 2013 IEEE International Conference on Intelligence and Security Informatics: Big Data, Emergent Threats, and Decision-Making in Security Informatics. 2013. p. 179-184 6578815.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Miller, BA, Arcolano, N & Bliss, N 2013, Efficient anomaly detection in dynamic, attributed graphs: Emerging phenomena and big data. in IEEE ISI 2013 - 2013 IEEE International Conference on Intelligence and Security Informatics: Big Data, Emergent Threats, and Decision-Making in Security Informatics., 6578815, pp. 179-184, 11th IEEE International Conference on Intelligence and Security Informatics, IEEE ISI 2013, Seattle, WA, United States, 6/4/13. https://doi.org/10.1109/ISI.2013.6578815
Miller BA, Arcolano N, Bliss N. Efficient anomaly detection in dynamic, attributed graphs: Emerging phenomena and big data. In IEEE ISI 2013 - 2013 IEEE International Conference on Intelligence and Security Informatics: Big Data, Emergent Threats, and Decision-Making in Security Informatics. 2013. p. 179-184. 6578815 https://doi.org/10.1109/ISI.2013.6578815
Miller, Benjamin A. ; Arcolano, Nicholas ; Bliss, Nadya. / Efficient anomaly detection in dynamic, attributed graphs : Emerging phenomena and big data. IEEE ISI 2013 - 2013 IEEE International Conference on Intelligence and Security Informatics: Big Data, Emergent Threats, and Decision-Making in Security Informatics. 2013. pp. 179-184
@inproceedings{95642b2d1f1947bdbebfc5d5e668f6c4,
title = "Efficient anomaly detection in dynamic, attributed graphs: Emerging phenomena and big data",
abstract = "When working with large-scale network data, the interconnected entities often have additional descriptive information. This additional metadata may provide insight that can be exploited for detection of anomalous events. In this paper, we use a generalized linear model for random attributed graphs to model connection probabilities using vertex metadata. For a class of such models, we show that an approximation to the exact model yields an exploitable structure in the edge probabilities, allowing for efficient scaling of a spectral framework for anomaly detection through analysis of graph residuals, and a fast and simple procedure for estimating the model parameters. In simulation, we demonstrate that taking into account both attributes and dynamics in this analysis has a much more significant impact on the detection of an emerging anomaly than accounting for either dynamics or attributes alone. We also present an analysis of a large, dynamic citation graph, demonstrating that taking additional document metadata into account emphasizes parts of the graph that would not be considered significant otherwise.",
keywords = "attributed graph modeling, generalized linear models, network modularity, signal detection theory, Subgraph detection",
author = "Miller, {Benjamin A.} and Nicholas Arcolano and Nadya Bliss",
year = "2013",
doi = "10.1109/ISI.2013.6578815",
language = "English (US)",
isbn = "9781467362115",
pages = "179--184",
booktitle = "IEEE ISI 2013 - 2013 IEEE International Conference on Intelligence and Security Informatics: Big Data, Emergent Threats, and Decision-Making in Security Informatics",

}

TY - GEN

T1 - Efficient anomaly detection in dynamic, attributed graphs

T2 - Emerging phenomena and big data

AU - Miller, Benjamin A.

AU - Arcolano, Nicholas

AU - Bliss, Nadya

PY - 2013

Y1 - 2013

N2 - When working with large-scale network data, the interconnected entities often have additional descriptive information. This additional metadata may provide insight that can be exploited for detection of anomalous events. In this paper, we use a generalized linear model for random attributed graphs to model connection probabilities using vertex metadata. For a class of such models, we show that an approximation to the exact model yields an exploitable structure in the edge probabilities, allowing for efficient scaling of a spectral framework for anomaly detection through analysis of graph residuals, and a fast and simple procedure for estimating the model parameters. In simulation, we demonstrate that taking into account both attributes and dynamics in this analysis has a much more significant impact on the detection of an emerging anomaly than accounting for either dynamics or attributes alone. We also present an analysis of a large, dynamic citation graph, demonstrating that taking additional document metadata into account emphasizes parts of the graph that would not be considered significant otherwise.

AB - When working with large-scale network data, the interconnected entities often have additional descriptive information. This additional metadata may provide insight that can be exploited for detection of anomalous events. In this paper, we use a generalized linear model for random attributed graphs to model connection probabilities using vertex metadata. For a class of such models, we show that an approximation to the exact model yields an exploitable structure in the edge probabilities, allowing for efficient scaling of a spectral framework for anomaly detection through analysis of graph residuals, and a fast and simple procedure for estimating the model parameters. In simulation, we demonstrate that taking into account both attributes and dynamics in this analysis has a much more significant impact on the detection of an emerging anomaly than accounting for either dynamics or attributes alone. We also present an analysis of a large, dynamic citation graph, demonstrating that taking additional document metadata into account emphasizes parts of the graph that would not be considered significant otherwise.

KW - attributed graph modeling

KW - generalized linear models

KW - network modularity

KW - signal detection theory

KW - Subgraph detection

UR - http://www.scopus.com/inward/record.url?scp=84883390816&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84883390816&partnerID=8YFLogxK

U2 - 10.1109/ISI.2013.6578815

DO - 10.1109/ISI.2013.6578815

M3 - Conference contribution

SN - 9781467362115

SP - 179

EP - 184

BT - IEEE ISI 2013 - 2013 IEEE International Conference on Intelligence and Security Informatics: Big Data, Emergent Threats, and Decision-Making in Security Informatics

ER -