An unsupervised ensemble framework for node anomaly behavior detection in social network

  • Qing Cheng
  • Yun ZhouEmail author
  • Yanghe Feng
  • Zhong Liu


Large-scale and dynamic networks arise in cyberspace and financial security. Given a dynamic network, it is crucial to detect structural anomalies, such as node behaviors deviate from underlying majority of the network. However, anomaly analysis for dynamic networks is difficult to precisely detect the anomalous behaviors of nodes because it usually ignores the evolutionary behaviors of different nodes. Our work taps into this gap and proposes an unsupervised ensemble framework for node temporal behavior modeling and node behavior real-time anomaly detection. Specifically, a latent space model is used to model the node behavior; each node is assigned a probability distribution across a small set of roles based on that node’s features. The evolutionary behavior of node is represented as node roles change over time and the anomalies of node are identified as deviations from expected roles. The entropy-based ensembles method is proposed to combine with multiple unsupervised anomaly detectors to yield robust performances, which achieves the real-time anomaly detection for different types of node behaviors. Finally, we show the effectiveness of the proposed method on Enron network in the experiments.


Network node modeling Anomaly behavior detection Entropy-based ensembles 



This work was supported by National Natural Science Foundation of China (Grant No. 61703416) and Natural Science Foundation of Hunan Province, China (Grant No. 2018JJ3614).

Compliance with ethical standards

Conflict of Interest

Qing Cheng, Yanghe Feng and Zhong Liu declare that they have no conflict of interest. Yun Zhou has received research grants from NSFC and NSF-Hunan.

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.


  1. Akoglu L, Faloutsos C (2010) Event Detection in time series of mobile communication graphs. In: 27th army science conferenceGoogle Scholar
  2. Akoglu L, McGlohon M, Faloutsos C (2010) Oddball: spotting anomalies in weighted graphs. In: PAKDD, vol 2, pp 410–421CrossRefGoogle Scholar
  3. Akoglu L, Tong H, Koutra D (2015) Graph-based anomaly detection and description: a survey. Data Min Knowl Disc 29(3):626–688MathSciNetCrossRefGoogle Scholar
  4. Bereziński P, Jasiul B, Szpyrka M (2015) An entropy-based network anomaly detection method. Entropy 17(4):2367–2408CrossRefGoogle Scholar
  5. Breunig MM, Kriegel H-P, Ng RT et al (2000) LOF: identifying density-based local outliers. In: SIGMOD conference, pp 93–104CrossRefGoogle Scholar
  6. Chandola V, Banerjee A, Kumar V (2009) Anomaly detection: a survey. ACM Comput Surv 41(3):15CrossRefGoogle Scholar
  7. Chen H, Reid E, Sinai J (2008) Terrorism informatics: knowledge management and data mining for homeland security. Springer, BerlinCrossRefGoogle Scholar
  8. Ding Z, Fei M, Dajun D, Yang F (2017) Streaming data anomaly detection method based on hyper-grid structure and online ensemble learning. Soft Comput 21(20):5905–5917CrossRefGoogle Scholar
  9. Drezewski R, Sepielak J, Filipkowski W (2015) The application of social network analysis algorithms in a system supporting money laundering detection. Inf Sci 295:18–32MathSciNetCrossRefGoogle Scholar
  10. Gao J, Liang F, Fan W et al (2010) On community outliers and their efficient detection in information networks. In: KDD, pp 813–822Google Scholar
  11. Gupta M, Gao J, Sun Y et al (2012) Community trend outlier detection using soft temporal pattern mining. ECML/PKDD 2:692–708Google Scholar
  12. Gupta M, Gao J, Sun Y et al (2012) Integrating community matching and outlier detection for mining evolutionary community outliers. In: KDD, pp 859–867Google Scholar
  13. Henderson K, Gallagher B, Li L et al (2011) It’s who you know: graph mining using recursive structural features. In: KDD, pp 663–671Google Scholar
  14. Huang D, Mu D, Yang L, Cai X (2018) CoDetect: financial fraud detection with anomaly feature detection. IEEE Access 6:19161–19174CrossRefGoogle Scholar
  15. Jiao W, Muhua Z, zike Z, Wei W et al (2018) A model of spreading of sudden events on social networks. CHAOS 28(3):033113MathSciNetCrossRefGoogle Scholar
  16. Kannan KS, Manoj K (2015) Outlier detection in multivariate data. Appl Math Sci 9(47):2317–2324Google Scholar
  17. Kriegel H-P, Kroger P, Schubert E et al (2011) Interpreting and unifying outlier scores. In: SDM, pp 13–24Google Scholar
  18. Lanham MJ, Morgan GP, Carley KM (2014) Social network modeling and agent-based simulation in support of crisis de-escalation. IEEE Trans Syst Man Cybern Syst 44(1):103–110CrossRefGoogle Scholar
  19. Lee DD, Seung HS (1999) Learning the parts of objects by non-negative matrix factorization. Nature 401(6755):788–791CrossRefGoogle Scholar
  20. Liben-Nowell D, Kleinberg J (2007) The link-prediction problem for social networks. J Am Soc Inform Sci Technol 58(7):1019–1031CrossRefGoogle Scholar
  21. Palladino A, Thissen CJ (2018) Cyber anomaly detection using graph-node role-dynamics. In: Proceedings of dynamic and novel advances in machine learning and intelligent cyber security workshop (DYNAMICS’18). ACM, New York, NY, USAGoogle Scholar
  22. Rayana S, Akoglu L (2014) An ensemble approach for event detection and characterization in dynamic graphs. In: ACM SIGKDD 2nd workshop on outlier detection and description, New York, NY, USAGoogle Scholar
  23. Rayana S, Akoglu L (2015) Less is more: building selective anomaly ensemble with application to event detection in temporal graphs. In: SIAM SDM, Vancouver, BC, CanadaGoogle Scholar
  24. Rissanen J (1983) A universal prior for integers and estimation by minimum description length. Ann Stat 11(2):416–431MathSciNetCrossRefGoogle Scholar
  25. Rossi R A, Ahmed N K (2013) ia-enron-employees - Dynamic Networks.
  26. Rossi RA, Ahmed NK (2015) The network data repository with interactive graph analytics and visualization. In: Proceedings of the twenty-ninth AAAI conference on artificial intelligence.
  27. Rossi RA, Gallagher B, Neville J, Henderson K (2013) Modeling dynamic behavior in large evolving graphs. In: WSDM’13Google Scholar
  28. Subelj L, Furlan S, Bajec M (2010) An expert system for detecting automobile insurance fraud using social network analysis. Expert Syst Appl 38(1):1039–1052CrossRefGoogle Scholar
  29. Wang H, Wenbin H, Qiu Z, Bo D (2017) Node’s evolution diversity and link prediction in social network. IEEE Trans Knowl Data Eng 29(1):2263–2274CrossRefGoogle Scholar
  30. Wang H, Jia W, Wenbin H, Xindong W (2019) Detecting and assessing anomalous evolutionary behaviors of nodes in evolving social networks. ACM Trans Knowl Discov Data 13(1):12:1–12:24CrossRefGoogle Scholar

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2019

Authors and Affiliations

  1. 1.College of Systems EngineeringNational University of Defense TechnologyChangshaChina
  2. 2.Science and Technology on Information Systems Engineering LaboratoryNational University of Defense TechnologyChangshaChina

Personalised recommendations