MetricForensics: A Multi-Level Approach for Mining Volatile Graphs

Henderson, Keith; Eliassi-Rad, Tina; Faloutsos, Christos; Akoglu, Leman; Li, Lei; Maruhashi, Koji; Prakash, B. Aditya; Tong, H

doi:10.2172/1114747

Title: MetricForensics: A Multi-Level Approach for Mining Volatile Graphs

Technical Report · Mon Feb 08 00:00:00 EST 2010

DOI:https://doi.org/10.2172/1114747· OSTI ID:1114747

Henderson, Keith ^[1]; Eliassi-Rad, Tina ^[1]; Faloutsos, Christos ^[2]; Akoglu, Leman ^[2]; Li, Lei ^[2]; Maruhashi, Koji ^[3]; Prakash, B. Aditya ^[2]; Tong, H ^[2]

Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States)
Carnegie Mellon Univ., Pittsburgh, PA (United States)
Fujitsu Laboratories Ltd., Kanagawa (Japan)

Advances in data collection and storage capacity have made it increasingly possible to collect highly volatile graph data for analysis. Existing graph analysis techniques are not appropriate for such data, especially in cases where streaming or near-real-time results are required. An example that has drawn significant research interest is the cyber-security domain, where internet communication traces are collected and real-time discovery of events, behaviors, patterns and anomalies is desired. We propose MetricForensics, a scalable framework for analysis of volatile graphs. MetricForensics combines a multi-level “drill down" approach, a collection of user-selected graph metrics and a collection of analysis techniques. At each successive level, more sophisticated metrics are computed and the graph is viewed at a finer temporal resolution. In this way, MetricForensics scales to highly volatile graphs by only allocating resources for computationally expensive analysis when an interesting event is discovered at a coarser resolution first. We test MetricForensics on three real-world graphs: an enterprise IP trace, a trace of legitimate and malicious network traffic from a research institution, and the MIT Reality Mining proximity sensor data. Our largest graph has »3M vertices and »32M edges, spanning 4:5 days. The results demonstrate the scalability and capability of MetricForensics in analyzing volatile graphs; and highlight four novel phenomena in such graphs: elbows, broken correlations, prolonged spikes, and strange stars.

View Technical Report

Cite

Export

Save

Research Organization:: Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States)

Sponsoring Organization:: USDOE

DOE Contract Number:: W-7405-ENG-48

OSTI ID:: 1114747

Report Number(s):: LLNL-TR-423761

Country of Publication:: United States

Language:: English

Similar Records

Scalable Fault Detection and Localization of Network Issues

Technical Report · Thu Apr 12 00:00:00 EDT 2018 · OSTI ID:1114747

Zeng, Hui; Cheng, Yi; Chen, Peter; +4 more

A Selectivity based approach to Continuous Pattern Detection in Streaming Graphs

Conference · Mon Feb 02 00:00:00 EST 2015 · OSTI ID:1114747

Choudhury, Sutanay; Holder, Larry; Chin, George; +2 more

A Selectivity based approach to Continuous Pattern Detection in Streaming Graphs

Conference · Wed May 27 00:00:00 EDT 2015 · OSTI ID:1114747

Choudhury, Sutanay; Holder, Larry; Chin, George; +2 more

Related Subjects

97 MATHEMATICS, COMPUTING, AND INFORMATION SCIENCE
96 KNOWLEDGE MANAGEMENT AND PRESERVATION
graph mining
temporal analysis
volatile networks

Title: MetricForensics: A Multi-Level Approach for Mining Volatile Graphs

Citation Formats

Similar Records

Related Subjects