Graph based anomaly detection and description: A survey

Leman Akoglu, Hanghang Tong, Danai Koutra

Research output: Contribution to journalArticle

388 Scopus citations

Abstract

Detecting anomalies in data is a vital task, with numerous high-impact applications in areas such as security, finance, health care, and law enforcement. While numerous techniques have been developed in past years for spotting outliers and anomalies in unstructured collections of multi-dimensional points, with graph data becoming ubiquitous, techniques for structured graph data have been of focus recently. As objects in graphs have long-range correlations, a suite of novel technology has been developed for anomaly detection in graph data. This survey aims to provide a general, comprehensive, and structured overview of the state-of-the-art methods for anomaly detection in data represented as graphs. As a key contribution, we give a general framework for the algorithms categorized under various settings: unsupervised versus (semi-)supervised approaches, for static versus dynamic graphs, for attributed versus plain graphs. We highlight the effectiveness, scalability, generality, and robustness aspects of the methods. What is more, we stress the importance of anomaly attribution and highlight the major techniques that facilitate digging out the root cause, or the ‘why’, of the detected anomalies for further analysis and sense-making. Finally, we present several real-world applications of graph-based anomaly detection in diverse domains, including financial, auction, computer traffic, and social networks. We conclude our survey with a discussion on open theoretical and practical challenges in the field.

Original languageEnglish (US)
Pages (from-to)626-688
Number of pages63
JournalData Mining and Knowledge Discovery
Volume29
Issue number3
DOIs
StatePublished - Apr 10 2015
Externally publishedYes

Keywords

  • Anomaly description
  • Anomaly detection
  • Change point detection
  • Event detection
  • Fraud detection
  • Graph mining
  • Network anomaly detection
  • Visual analytics

ASJC Scopus subject areas

  • Information Systems
  • Computer Science Applications
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Graph based anomaly detection and description: A survey'. Together they form a unique fingerprint.

  • Cite this