MultiLevel Anomaly Detection on TimeVarying Graph Data
Abstract
This work presents a novel modeling and analysis framework for graph sequences which addresses the challenge of detecting and contextualizing anomalies in labelled, streaming graph data. We introduce a generalization of the BTER model of Seshadhri et al. by adding flexibility to community structure, and use this model to perform multiscale graph anomaly detection. Specifically, probability models describing coarse subgraphs are built by aggregating probabilities at finer levels, and these closely related hierarchical models simultaneously detect deviations from expectation. This technique provides insight into a graph's structure and internal context that may shed light on a detected event. Additionally, this multiscale analysis facilitates intuitive visualizations by allowing users to narrow focus from an anomalous graph to particular subgraphs or nodes causing the anomaly. For evaluation, two hierarchical anomaly detectors are tested against a baseline Gaussian method on a series of sampled graphs. We demonstrate that our graph statisticsbased approach outperforms both a distributionbased detector and the baseline in a labeled setting with community structure, and it accurately detects anomalies in synthetic and realworld datasets at the node, subgraph, and graph levels. To illustrate the accessibility of information made possible via this technique, the anomaly detector and an associated interactive visualizationmore »
 Authors:

 ORNL
 Publication Date:
 Research Org.:
 Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)
 Sponsoring Org.:
 USDOE Laboratory Directed Research and Development (LDRD) Program
 OSTI Identifier:
 1214009
 DOE Contract Number:
 DEAC0500OR22725
 Resource Type:
 Conference
 Resource Relation:
 Conference: ASONAM 2015  The 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, Paris, France, 20150825, 20150828
 Country of Publication:
 United States
 Language:
 English
 Subject:
 anomaly detection; streaming graph; probabilitic model; random graph
Citation Formats
Bridges, Robert A, Collins, John P, Ferragut, Erik M, Laska, Jason A, and Sullivan, Blair D. MultiLevel Anomaly Detection on TimeVarying Graph Data. United States: N. p., 2015.
Web.
Bridges, Robert A, Collins, John P, Ferragut, Erik M, Laska, Jason A, & Sullivan, Blair D. MultiLevel Anomaly Detection on TimeVarying Graph Data. United States.
Bridges, Robert A, Collins, John P, Ferragut, Erik M, Laska, Jason A, and Sullivan, Blair D. Thu .
"MultiLevel Anomaly Detection on TimeVarying Graph Data". United States. https://www.osti.gov/servlets/purl/1214009.
@article{osti_1214009,
title = {MultiLevel Anomaly Detection on TimeVarying Graph Data},
author = {Bridges, Robert A and Collins, John P and Ferragut, Erik M and Laska, Jason A and Sullivan, Blair D},
abstractNote = {This work presents a novel modeling and analysis framework for graph sequences which addresses the challenge of detecting and contextualizing anomalies in labelled, streaming graph data. We introduce a generalization of the BTER model of Seshadhri et al. by adding flexibility to community structure, and use this model to perform multiscale graph anomaly detection. Specifically, probability models describing coarse subgraphs are built by aggregating probabilities at finer levels, and these closely related hierarchical models simultaneously detect deviations from expectation. This technique provides insight into a graph's structure and internal context that may shed light on a detected event. Additionally, this multiscale analysis facilitates intuitive visualizations by allowing users to narrow focus from an anomalous graph to particular subgraphs or nodes causing the anomaly. For evaluation, two hierarchical anomaly detectors are tested against a baseline Gaussian method on a series of sampled graphs. We demonstrate that our graph statisticsbased approach outperforms both a distributionbased detector and the baseline in a labeled setting with community structure, and it accurately detects anomalies in synthetic and realworld datasets at the node, subgraph, and graph levels. To illustrate the accessibility of information made possible via this technique, the anomaly detector and an associated interactive visualization tool are tested on NCAA football data, where teams and conferences that moved within the league are identified with perfect recall, and precision greater than 0.786.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2015},
month = {1}
}