Detecting anomalies in graphs with numeric labels

This paper presents Yagada, an algorithm to search labelled graphs for anomalies using both structural data and numeric attributes. Yagada is explained using several security-related examples and validated with experiments on a physical Access Control database. Quantitative analysis shows that in the upper range of anomaly thresholds, Yagada detects twice as many anomalies as the best-performing numeric discretization algorithm. Qualitative evaluation shows that the detected anomalies are meaningful, representing a combination of structural irregularities and numerical outliers.

[1]  Lawrence B. Holder,et al.  Mining for insider threats in business transactions and processes , 2009, 2009 IEEE Symposium on Computational Intelligence and Data Mining.

[2]  Hans-Peter Kriegel,et al.  LOF: identifying density-based local outliers , 2000, SIGMOD '00.

[3]  Diane J. Cook,et al.  Graph-based anomaly detection , 2003, KDD '03.

[4]  Jiawei Han,et al.  gSpan: graph-based substructure pattern mining , 2002, 2002 IEEE International Conference on Data Mining, 2002. Proceedings..

[5]  Frans Coenen,et al.  Frequent Sub-graph Mining on Edge Weighted Graphs , 2010, DaWak.

[6]  Christos Faloutsos,et al.  oddball: Spotting Anomalies in Weighted Graphs , 2010, PAKDD.

[7]  Jesus A. Gonzalez,et al.  Subgraph Isomorphism Detection with Support for Continuous Labels , 2010, FLAIRS Conference.

[8]  Lawrence B. Holder,et al.  Handling of Numeric Ranges for Graph-Based Knowledge Discovery , 2010, FLAIRS.

[9]  Sridhar Ramaswamy,et al.  Efficient algorithms for mining outliers from large data sets , 2000, SIGMOD '00.

[10]  Lawrence B. Holder,et al.  Discovering Anomalies to Multiple Normative Patterns in Structural and Numeric Data , 2009, FLAIRS.

[11]  Zengyou He,et al.  Discovering cluster-based local outliers , 2003, Pattern Recognit. Lett..

[12]  Lawrence B. Holder,et al.  Graph-Based Data Mining , 2000, IEEE Intell. Syst..

[13]  Simon Fong,et al.  Security in Physical Environments : Algorithms and System for Automated Detection of Suspicious Activity , 2010 .

[14]  Daniel A. Keim,et al.  Visualization of Host Behavior for Network Security , 2007, VizSEC.