Graph based anomaly detection and description: A survey

Leman Akoglu, Hanghang Tong, Danai Koutra

Research output: Contribution to journalArticle

290 Citations (Scopus)

Abstract

Detecting anomalies in data is a vital task, with numerous high-impact applications in areas such as security, finance, health care, and law enforcement. While numerous techniques have been developed in past years for spotting outliers and anomalies in unstructured collections of multi-dimensional points, with graph data becoming ubiquitous, techniques for structured graph data have been of focus recently. As objects in graphs have long-range correlations, a suite of novel technology has been developed for anomaly detection in graph data. This survey aims to provide a general, comprehensive, and structured overview of the state-of-the-art methods for anomaly detection in data represented as graphs. As a key contribution, we give a general framework for the algorithms categorized under various settings: unsupervised versus (semi-)supervised approaches, for static versus dynamic graphs, for attributed versus plain graphs. We highlight the effectiveness, scalability, generality, and robustness aspects of the methods. What is more, we stress the importance of anomaly attribution and highlight the major techniques that facilitate digging out the root cause, or the ‘why’, of the detected anomalies for further analysis and sense-making. Finally, we present several real-world applications of graph-based anomaly detection in diverse domains, including financial, auction, computer traffic, and social networks. We conclude our survey with a discussion on open theoretical and practical challenges in the field.

Original languageEnglish (US)
Pages (from-to)626-688
Number of pages63
JournalData Mining and Knowledge Discovery
Volume29
Issue number3
DOIs
StatePublished - Apr 10 2015
Externally publishedYes

Fingerprint

Law enforcement
Finance
Health care
Scalability

Keywords

  • Anomaly description
  • Anomaly detection
  • Change point detection
  • Event detection
  • Fraud detection
  • Graph mining
  • Network anomaly detection
  • Visual analytics

ASJC Scopus subject areas

  • Information Systems
  • Computer Science Applications
  • Computer Networks and Communications

Cite this

Graph based anomaly detection and description : A survey. / Akoglu, Leman; Tong, Hanghang; Koutra, Danai.

In: Data Mining and Knowledge Discovery, Vol. 29, No. 3, 10.04.2015, p. 626-688.

Research output: Contribution to journalArticle

Akoglu, Leman ; Tong, Hanghang ; Koutra, Danai. / Graph based anomaly detection and description : A survey. In: Data Mining and Knowledge Discovery. 2015 ; Vol. 29, No. 3. pp. 626-688.
@article{a19019efc43b4c0cab1fb8c22b8e040e,
title = "Graph based anomaly detection and description: A survey",
abstract = "Detecting anomalies in data is a vital task, with numerous high-impact applications in areas such as security, finance, health care, and law enforcement. While numerous techniques have been developed in past years for spotting outliers and anomalies in unstructured collections of multi-dimensional points, with graph data becoming ubiquitous, techniques for structured graph data have been of focus recently. As objects in graphs have long-range correlations, a suite of novel technology has been developed for anomaly detection in graph data. This survey aims to provide a general, comprehensive, and structured overview of the state-of-the-art methods for anomaly detection in data represented as graphs. As a key contribution, we give a general framework for the algorithms categorized under various settings: unsupervised versus (semi-)supervised approaches, for static versus dynamic graphs, for attributed versus plain graphs. We highlight the effectiveness, scalability, generality, and robustness aspects of the methods. What is more, we stress the importance of anomaly attribution and highlight the major techniques that facilitate digging out the root cause, or the ‘why’, of the detected anomalies for further analysis and sense-making. Finally, we present several real-world applications of graph-based anomaly detection in diverse domains, including financial, auction, computer traffic, and social networks. We conclude our survey with a discussion on open theoretical and practical challenges in the field.",
keywords = "Anomaly description, Anomaly detection, Change point detection, Event detection, Fraud detection, Graph mining, Network anomaly detection, Visual analytics",
author = "Leman Akoglu and Hanghang Tong and Danai Koutra",
year = "2015",
month = "4",
day = "10",
doi = "10.1007/s10618-014-0365-y",
language = "English (US)",
volume = "29",
pages = "626--688",
journal = "Data Mining and Knowledge Discovery",
issn = "1384-5810",
publisher = "Springer Netherlands",
number = "3",

}

TY - JOUR

T1 - Graph based anomaly detection and description

T2 - A survey

AU - Akoglu, Leman

AU - Tong, Hanghang

AU - Koutra, Danai

PY - 2015/4/10

Y1 - 2015/4/10

N2 - Detecting anomalies in data is a vital task, with numerous high-impact applications in areas such as security, finance, health care, and law enforcement. While numerous techniques have been developed in past years for spotting outliers and anomalies in unstructured collections of multi-dimensional points, with graph data becoming ubiquitous, techniques for structured graph data have been of focus recently. As objects in graphs have long-range correlations, a suite of novel technology has been developed for anomaly detection in graph data. This survey aims to provide a general, comprehensive, and structured overview of the state-of-the-art methods for anomaly detection in data represented as graphs. As a key contribution, we give a general framework for the algorithms categorized under various settings: unsupervised versus (semi-)supervised approaches, for static versus dynamic graphs, for attributed versus plain graphs. We highlight the effectiveness, scalability, generality, and robustness aspects of the methods. What is more, we stress the importance of anomaly attribution and highlight the major techniques that facilitate digging out the root cause, or the ‘why’, of the detected anomalies for further analysis and sense-making. Finally, we present several real-world applications of graph-based anomaly detection in diverse domains, including financial, auction, computer traffic, and social networks. We conclude our survey with a discussion on open theoretical and practical challenges in the field.

AB - Detecting anomalies in data is a vital task, with numerous high-impact applications in areas such as security, finance, health care, and law enforcement. While numerous techniques have been developed in past years for spotting outliers and anomalies in unstructured collections of multi-dimensional points, with graph data becoming ubiquitous, techniques for structured graph data have been of focus recently. As objects in graphs have long-range correlations, a suite of novel technology has been developed for anomaly detection in graph data. This survey aims to provide a general, comprehensive, and structured overview of the state-of-the-art methods for anomaly detection in data represented as graphs. As a key contribution, we give a general framework for the algorithms categorized under various settings: unsupervised versus (semi-)supervised approaches, for static versus dynamic graphs, for attributed versus plain graphs. We highlight the effectiveness, scalability, generality, and robustness aspects of the methods. What is more, we stress the importance of anomaly attribution and highlight the major techniques that facilitate digging out the root cause, or the ‘why’, of the detected anomalies for further analysis and sense-making. Finally, we present several real-world applications of graph-based anomaly detection in diverse domains, including financial, auction, computer traffic, and social networks. We conclude our survey with a discussion on open theoretical and practical challenges in the field.

KW - Anomaly description

KW - Anomaly detection

KW - Change point detection

KW - Event detection

KW - Fraud detection

KW - Graph mining

KW - Network anomaly detection

KW - Visual analytics

UR - http://www.scopus.com/inward/record.url?scp=84940282157&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84940282157&partnerID=8YFLogxK

U2 - 10.1007/s10618-014-0365-y

DO - 10.1007/s10618-014-0365-y

M3 - Article

AN - SCOPUS:84940282157

VL - 29

SP - 626

EP - 688

JO - Data Mining and Knowledge Discovery

JF - Data Mining and Knowledge Discovery

SN - 1384-5810

IS - 3

ER -