An unsupervised ensemble framework for node anomaly behavior detection in social network
- 10 Downloads
Large-scale and dynamic networks arise in cyberspace and financial security. Given a dynamic network, it is crucial to detect structural anomalies, such as node behaviors deviate from underlying majority of the network. However, anomaly analysis for dynamic networks is difficult to precisely detect the anomalous behaviors of nodes because it usually ignores the evolutionary behaviors of different nodes. Our work taps into this gap and proposes an unsupervised ensemble framework for node temporal behavior modeling and node behavior real-time anomaly detection. Specifically, a latent space model is used to model the node behavior; each node is assigned a probability distribution across a small set of roles based on that node’s features. The evolutionary behavior of node is represented as node roles change over time and the anomalies of node are identified as deviations from expected roles. The entropy-based ensembles method is proposed to combine with multiple unsupervised anomaly detectors to yield robust performances, which achieves the real-time anomaly detection for different types of node behaviors. Finally, we show the effectiveness of the proposed method on Enron network in the experiments.
KeywordsNetwork node modeling Anomaly behavior detection Entropy-based ensembles
This work was supported by National Natural Science Foundation of China (Grant No. 61703416) and Natural Science Foundation of Hunan Province, China (Grant No. 2018JJ3614).
Compliance with ethical standards
Conflict of Interest
Qing Cheng, Yanghe Feng and Zhong Liu declare that they have no conflict of interest. Yun Zhou has received research grants from NSFC and NSF-Hunan.
This article does not contain any studies with human participants or animals performed by any of the authors.
- Akoglu L, Faloutsos C (2010) Event Detection in time series of mobile communication graphs. In: 27th army science conferenceGoogle Scholar
- Gao J, Liang F, Fan W et al (2010) On community outliers and their efficient detection in information networks. In: KDD, pp 813–822Google Scholar
- Gupta M, Gao J, Sun Y et al (2012) Community trend outlier detection using soft temporal pattern mining. ECML/PKDD 2:692–708Google Scholar
- Gupta M, Gao J, Sun Y et al (2012) Integrating community matching and outlier detection for mining evolutionary community outliers. In: KDD, pp 859–867Google Scholar
- Henderson K, Gallagher B, Li L et al (2011) It’s who you know: graph mining using recursive structural features. In: KDD, pp 663–671Google Scholar
- Kannan KS, Manoj K (2015) Outlier detection in multivariate data. Appl Math Sci 9(47):2317–2324Google Scholar
- Kriegel H-P, Kroger P, Schubert E et al (2011) Interpreting and unifying outlier scores. In: SDM, pp 13–24Google Scholar
- Palladino A, Thissen CJ (2018) Cyber anomaly detection using graph-node role-dynamics. In: Proceedings of dynamic and novel advances in machine learning and intelligent cyber security workshop (DYNAMICS’18). ACM, New York, NY, USAGoogle Scholar
- Rayana S, Akoglu L (2014) An ensemble approach for event detection and characterization in dynamic graphs. In: ACM SIGKDD 2nd workshop on outlier detection and description, New York, NY, USAGoogle Scholar
- Rayana S, Akoglu L (2015) Less is more: building selective anomaly ensemble with application to event detection in temporal graphs. In: SIAM SDM, Vancouver, BC, CanadaGoogle Scholar
- Rossi R A, Ahmed N K (2013) ia-enron-employees - Dynamic Networks. http://networkrepository.com/ia-enron-employees.php
- Rossi RA, Ahmed NK (2015) The network data repository with interactive graph analytics and visualization. In: Proceedings of the twenty-ninth AAAI conference on artificial intelligence. http://networkrepository.com
- Rossi RA, Gallagher B, Neville J, Henderson K (2013) Modeling dynamic behavior in large evolving graphs. In: WSDM’13Google Scholar