Interactive anomaly detection on attributed networks

Kaize Ding, Jundong Li, Huan Liu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

41 Scopus citations


Performing anomaly detection on attributed networks concerns with finding nodes whose patterns or behaviors deviate significantly from the majority of reference nodes. Its success can be easily found in many real-world applications such as network intrusion detection, opinion spam detection and system fault diagnosis, to name a few. Despite their empirical success, a vast majority of existing efforts are overwhelmingly performed in an unsupervised scenario due to the expensive labeling costs of ground truth anomalies. In fact, in many scenarios, a small amount of prior human knowledge of the data is often effortless to obtain, and getting it involved in the learning process has shown to be effective in advancing many important learning tasks. Additionally, since new types of anomalies may constantly arise over time especially in an adversarial environment, the interests of human expert could also change accordingly regarding to the detected anomaly types. It brings further challenges to conventional anomaly detection algorithms as they are often applied in a batch setting and are incapable to interact with the environment. To tackle the above issues, in this paper, we investigate the problem of anomaly detection on attributed networks in an interactive setting by allowing the system to proactively communicate with the human expert in making a limited number of queries about ground truth anomalies. Our objective is to maximize the true anomalies presented to the human expert after a given budget is used up. Along with this line, we formulate the problem through the principled multi-armed bandit framework and develop a novel collaborative contextual bandit algorithm, named GraphUCB. In particular, our developed algorithm: (1) explicitly models the nodal attributes and node dependencies seamlessly in a joint framework; and (2) handles the exploration-exploitation dilemma when querying anomalies of different types. Extensive experiments on real-world datasets show the improvement of the proposed algorithm over the state-of-the-art algorithms.

Original languageEnglish (US)
Title of host publicationWSDM 2019 - Proceedings of the 12th ACM International Conference on Web Search and Data Mining
PublisherAssociation for Computing Machinery, Inc
Number of pages9
ISBN (Electronic)9781450359405
StatePublished - Jan 30 2019
Event12th ACM International Conference on Web Search and Data Mining, WSDM 2019 - Melbourne, Australia
Duration: Feb 11 2019Feb 15 2019

Publication series

NameWSDM 2019 - Proceedings of the 12th ACM International Conference on Web Search and Data Mining


Conference12th ACM International Conference on Web Search and Data Mining, WSDM 2019

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Software
  • Computer Science Applications


Dive into the research topics of 'Interactive anomaly detection on attributed networks'. Together they form a unique fingerprint.

Cite this