Title :
Incremental Anomaly Detection in Graphs
Author :
Eberle, William ; Holder, Lawrence
Author_Institution :
Dept. of Comput. Sci., Tennessee Technol. Univ., Cookeville, TN, USA
Abstract :
The advantage of graph-based anomaly detection is that the relationships between elements can be analyzed for structural oddities that could represent activities such as fraud, network intrusions, or suspicious associations in a social network. However, current approaches to detecting anomalies in graphs are computationally expensive and do not scale to large graphs. For instance, in the case of computer network traffic, a graph representation of the traffic might consist of nodes representing computers and edges representing communications between the corresponding computers. However, computer network traffic is typically voluminous, or acquired in real-time as a stream of information. In this work, we describe methods for graph-based anomaly detection via graph partitioning and windowing, and demonstrate their ability to efficiently detect anomalies in data represented as a graph.
Keywords :
data mining; graph theory; computer network traffic; edge representing communications; fraud; graph mining; graph partitioning; graph representation; graph-based anomaly detection; incremental anomaly detection; network intrusions; social network; structural oddities; windowing; Buildings; Computers; Image edge detection; Internet; Scalability; Telecommunication traffic; Anomaly detection; dynamic graphs; graph mining;
Conference_Titel :
Data Mining Workshops (ICDMW), 2013 IEEE 13th International Conference on
Conference_Location :
Dallas, TX
Print_ISBN :
978-1-4799-3143-9
DOI :
10.1109/ICDMW.2013.93
