Multimedia Tools and Applications

, Volume 77, Issue 3, pp 3245–3260 | Cite as

Discovering Graphical Visual Features for Abnormal Semantic Event Detection

  • Fenghua Wang
  • Yuhui Ma
  • Yanjuan Jin
  • Ying Jiang
  • Yunye Wang


Intrusion detection systems play an important role in numerous industrial applications, such as network security and abnormal event detection. They effectively protect our critical computer systems or networks against the network attackers. Anomaly detection is an effective detection method, which can find patterns that do not meet a desired behavior. Mainstream anomaly detection system (ADS) typically depend on data mining techniques. That is, they recognize abnormal patterns and exceptions from a set of network data. Nevertheless, supervised or semi-supervised data mining techniques rely on data label information. This setup may be infeasible in real-world applications, especially when the network data is large-scale. To solve these problems, we propose a novel unsupervised and manifold-based feature selection algorithm, associated with a graph density search mechanism for detecting abnormal network behaviors. First, toward a succinct set of features to describe each network pattern, we realize that these pattern can be optimally described on manifold. Thus, a Laplacian score feature selection is developed to discover a set of descriptive features for each pattern, wherein the patterns’ locality relationships are well preserved. Second, based on the refined features, a graph clustering method for network anomaly detection is proposed, by incorporating the patterns’ distance and density properties simultaneously. Comprehensive experimental results show that our method can achieve higher detection accuracy as well as a significant efficiency improvement.


Feature selection manifold unsupervised graph clustering abnormal detection 


  1. 1.
    Barbara D, Jajodia S (2002) Applications of Data Mining in Computer Security. Springer Science & Business Media, New YorkCrossRefMATHGoogle Scholar
  2. 2.
    Camacho J, Macia-Fernandez G, Diaz-Verdejo J, et al (2014) Tackling the big data 4 vs for anomaly detection. In: 2014 I.E. Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp 500–505. IEEEGoogle Scholar
  3. 3.
    Cao B, Shen D, Sun J-T, Yang Q, Chen Z (2007) Feature selection in a kernel space. International Conference on Machine Learning, pp 745–770Google Scholar
  4. 4.
    Chang X, Yang Y (2016) Semi-supervised Feature Analysis by Mining Correlations among Multiple Tasks. IEEE Trans Neural Netw Learn Syst. doi: 10.1109/TNNLS.2016.2582746
  5. 5.
    Chang X, Shen H, Nie F, Wang S, Yang Y, Zhou X (2016) Compound Rank-k Projections for Bilinear Analysis. IEEE Trans Neural Netw Learn Syst 27(7):1502–1513MathSciNetCrossRefGoogle Scholar
  6. 6.
    Chang X, Yu Y, Yang Y, Xing EP (2017) Semantic Pooling for Complex Event Analysis in Untrimmed Videos. IEEE Trans Pattern Anal Mach Intell 39(8):1617–1632CrossRefGoogle Scholar
  7. 7.
    Chang X, Ma Z, Yang Y, Zeng Z, Hauptmann AG (2017) Bi-Level Semantic Representation Analysis for Multimedia Event Detection. IEEE Trans. Cybernetics 47(5):1180–1197Google Scholar
  8. 8.
    Chang X, Ma Z, Lin M, Yang Y, Hauptmann AG (2017) Feature Interaction Augmented Sparse Learning for Fast Kinect Motion Detection. IEEE Trans Image Process 26(8):3911–3920MathSciNetCrossRefGoogle Scholar
  9. 9.
    Davis JV, Kulis B, Jain P, Sra S, Dhillon IS (2007) Information theoretic metric learning. In: Proceedings of the 24th international conference on Machine learning, vol 227. ACM, pp 209–216Google Scholar
  10. 10.
    Duda RO, Hart PE, Stock DG (1986) Pattern Classification. Addison-Wesley Publishing CompanyGoogle Scholar
  11. 11.
    Egilmez HE, Ortega A (2014) Spectral anomaly detection using graph-based filtering for wireless sensor networks. In: 2014 I.E. International Conference on Acoustics, Speech and Signal Processing (ICASSP). IEEE, pp 1085–1089Google Scholar
  12. 12.
    Eskin E, Arnold A, Prerau M et al (2002) A geometric framework for unsupervised anomaly detection. In: Barbará D, Jajodia S (eds) Applications of Data Mining in Computer Security. Springer, New York, pp 77–101CrossRefGoogle Scholar
  13. 13.
    Fisher R (1936) The use of multiple measurements in taxonomic problems. Annals of Eugnics, pp 179–188Google Scholar
  14. 14.
    Fukunaga K (1990) Introduction to Statistical Pattern Recognition. Elsevier Academic Press, pp 101–109Google Scholar
  15. 15.
    He X, Cai D, Niyogi P (2005) Laplacian Score for Feature Selection. NIPS, pp 507–514Google Scholar
  16. 16.
    Heady R, Luger GF, Maccabe A et al (1990) The architecture of a network level intrusion detection system. Department of Computer Science, College of Engineering, University of New MexicoGoogle Scholar
  17. 17.
    Hu W, Hu W (2005) Network-based intrusion detection using Adaboost algorithm. In: The 2005 IEEE/WIC/ACM International Conference on Web Intelligence, Proceedings, pp 712–717. IEEEGoogle Scholar
  18. 18.
    Huang SY, Huang YN (2013) Network traffic anomaly detection based on growing hierarchical SOM. In: 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, pp 1–2Google Scholar
  19. 19.
    Jiang W, Yao M, Yan J (2008) Intrusion detection based on improved fuzzy c-means algorithm. In: 2008 International Symposium on Information Science and Engineering, ISISE 2008, vol 2. IEEE, pp 326–329Google Scholar
  20. 20.
    Leibe B, Schiele B (2003) Analyzing Appearance and Contour Based Methods for Object Categorizationn. In: Proc. of CPVR, pp 409–415Google Scholar
  21. 21.
    Liu X, Song M, Tao D, Liu Z, Zhang L, Bu J, Chen C (2013) Semi-supervised Node Splitting for Random Forest Construction. IEEE Computer Vision and Pattern Recognition (CVPR), pp 492–499, (CCF A)Google Scholar
  22. 22.
    Liu X, Song M, Tao D, Zhang L, Bu J, Chen C (2014) Learning to Track Multiple Objects. IEEE Trans Neural Netw Learn Syst, (accepted, IF: 3.766, CCF B, JCR 1)Google Scholar
  23. 23.
    Luo YB, Wang BS, Sun YP et al (2013) FL-LPVG: an approach for anomaly detection based on flow-level limited penetrable visibility graphGoogle Scholar
  24. 24.
    Patcha A, Park JM (2007) An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput Netw 51(12):3448–3470CrossRefGoogle Scholar
  25. 25.
    Pedregosa F, Varoquaux G, Gramfort A et al (2011) Scikit-learn: machine learning in Python. J Mach Learn Res 12:2825–2830MathSciNetMATHGoogle Scholar
  26. 26.
    Quinlan J (1993) C4.5 Programs for machine learning. Morgan KaufmannGoogle Scholar
  27. 27.
    Roesch M (1999) Snort: lightweight intrusion detection for networks. LISA 99(1):229–238Google Scholar
  28. 28.
    Tenenbaum JB (1998) Mapping a manifold of perceptual observations. Neural information processing systems, pp 745–770Google Scholar
  29. 29.
    Tong X, Wang Z, Yu H (2009) A research using hybrid RBF/Elman neural networks for intrusion detection system secure model. Comput Phys Commun 180(10):1795–1801CrossRefGoogle Scholar
  30. 30.
    Wang G, Lu Y, Zhang L, Zimmermann R, Kim SH, Alfarrarjeh A, Cyrus S (2014) Active Key Frame Selection for 3D Model Reconstruction from Crowdsourced Geo-tagged Videos. International Conference on Multimedia and Expo (ICME), (CCF B)Google Scholar
  31. 31.
    Xia Y, Xu W, Zhang L, Shi X, Mao K (2015) Integrating 3D Structure into Traffic Scene Understanding with RGB-D Data. Neurocomputing 151:700–709Google Scholar
  32. 32.
    Xu L, Liu H (1993) Feature selection for high-dimensional data. International Conference on Machine Learning, pp 745–770Google Scholar
  33. 33.
    Yin Y, Shen Z, Zhang L, Zimmermann R (2014) Spatial-Temporal Tag Mining for Automatic Geospatial Video Annotations. ACM Transactions on Multimedia Computing, Communications and Applications (TOMCCAP), (accepted, IF: 0.935, CCF B, JCR 3)Google Scholar
  34. 34.
    Zhang J, Zulkernine M (2006) Anomaly based network intrusion detection with unsupervised outlier detection. In: 2006 I.E. International Conference on Communications, ICC 2006, vol 5. IEEE, pp 2388–2393Google Scholar
  35. 35.
    Zhang L, Song M, Sun L, Liu X, Wang Y, Tao D, Bu J, Chen C (2012) Spatial Graphlet Matching Kernel for Recognizing Aerial Image Categories, International Conference on Pattern Recognition (ICPR), pp 2813–2816Google Scholar
  36. 36.
    Zhang L, Han Y, Yang Y, Song M, Yan S, Tian Q (2013) Discovering Discriminative Graphlets for Aerial Image Categories Recognition. IEEE Trans Image Process 22(12):5071–5084 (IF:3.199, CCF A, JCR 2)MathSciNetCrossRefMATHGoogle Scholar
  37. 37.
    Zhang L, Song M, Zhao Q, Liu X, Bu J, Chen C (2013) Probabilistic Graphlet Transfer for Photo Cropping. IEEE Trans Image Process 21(5):803–815 (IF:3.199, CCF A, JCR 2)MathSciNetMATHGoogle Scholar
  38. 38.
    Zhang L, Song M, Liu Z, Liu X, Bu J, Chen C (2013) Probabilistic Graphlet Cut: Exploring Spatial Structure Cue for Weakly Supervised Image Segmentation. IEEE Computer Vision and Pattern Recognition (CVPR), pp 1908–1915, (CCF A)Google Scholar
  39. 39.
    Zhang L, Tao D, Liu X, Song M, Chen C (2014) Grassmann Multimodal Implicit Feature Selection. Multimedia System 12(6):102–134Google Scholar
  40. 40.
    Zhang L, Song M, Liu X, Jiajun B, Chen C (2013) Fast Multi-View Segment Graph Kernel for Object Classification. Signal Process 93(6):1597–1607CrossRefGoogle Scholar
  41. 41.
    Zhang L, Tao D, Liu X, Sun L, Song M, Chen C (2014) Grassmann multimodal implicit feature selection. Multimedia Syst 20(6):659–674CrossRefGoogle Scholar
  42. 42.
    Zhang L, Gao Y, Ji R, Dai Q, Li X (2014) Actively Learning Human Gaze Shifting Paths for Photo Cropping. IEEE Trans Image Process 23(5):2235–2245 (IF:3.199, CCF A, JCR 2)MathSciNetCrossRefMATHGoogle Scholar
  43. 43.
    Zhang L, Gao Y, Zimmermann R, Tian Q, Li X (2014) Fusion of Multi-Channel Local and Global Structural Cues for Photo Aesthetics Evaluation. IEEE Trans Image Process 23(3):1419–1429 (IF:3.199, CCF A, JCR 2)MathSciNetCrossRefMATHGoogle Scholar
  44. 44.
    Zhang L, Yang Y, Gao Y, Wang C, Yu Y, Li X (2014) A Probabilistic Associative Model for Segmenting Weakly-Supervised Images. IEEE Trans Image Process 23(9):4150–4159 (IF:3.199, CCF A, JCR 2)MathSciNetCrossRefMATHGoogle Scholar
  45. 45.
    Zhang L, Gao Y, Hong C, Feng Y, Zhu J, Cai D (2014) Feature Correlation Hypergraph: Exploiting High-order Potentials for Multimodal Recognition. IEEE Trans Cybern 44(8):1408–1419 (IF:3.236, CCF B, JCR 1)CrossRefGoogle Scholar
  46. 46.
    Zhang L, Gao Y, Ji R, Ke L, Shen J (2014) Representative Discovery of Structure Cues for Weakly-Supervised Image Segmentation. IEEE Trans Multimed 16(2):470–479 (IF:1.754, CCF B, JCR 2)CrossRefGoogle Scholar
  47. 47.
    Zhang L, Song M, Yang Y, Zhao Q, Chen Z, Sebe N (2014) Weakly Supervised Photo Cropping. IEEE Trans Multimed 16(1):94–107 (IF:1.754, CCF B, JCR 2)CrossRefGoogle Scholar
  48. 48.
    Zhang L, Ji R, Xia Y, Li X (2014) Learning a Probabilistic Topology Discovering Model for Scene Categorization. IEEE Trans Neural Netw Learn Syst, (accepted, IF: 3.766, CCF B, JCR 1)Google Scholar
  49. 49.
    Zhang Y, Zhang L, Zimmermann R (2014) Aesthetics-Guided Summarization from Multiple User Generated Videos. ACM Transactions on Multimedia Computing, Communications and Applications (TOMCCAP), (accepted, IF: 0.935, CCF B, JCR 3)Google Scholar
  50. 50.
    Zhang L, Gao Y, Zhang C, Tian Q, Zimmermann R (2014) Perception-Guided Multimodal Aesthetics Discovery for Photo Quality Assessment. ACM Multimedia (Full paper). (accepted, CCF A)Google Scholar
  51. 51.
    Zhang L, Yang Y, Zimmermann R (2014) Discriminative Cellets Discovery for Fine-Grained Image Categories Retrieval. ACM ICMR, (CCF B)Google Scholar
  52. 52.
    Zhang L, Song M, Liu X, Jiajun B, Chen C (2014) Recognizing architecture styles by hierarchical sparse coding of blocklets. Inf Sci 254:41–154 (IF: 3.643, CCF B, JCR 1)CrossRefGoogle Scholar
  53. 53.
    Zhang L, Xia Y, Ji R, Li X (2015) Spatial-Aware Object-Level Saliency Prediction by Learning Graphlet Hierarchies. IEEE Trans Ind Electron 62(2):1301–1308 (IF: 5.165, JCR 1)CrossRefGoogle Scholar
  54. 54.
    Zhang L, Gao Y, Xia Y, Dai Q, Li X (2015) A Fine-Grained Image Categorization System by Cellet-Encoded Spatial Pyramid Modeling. IEEE Trans Ind Electro 62(1):564–571 (IF: 5.165, JCR 1)CrossRefGoogle Scholar
  55. 55.
    Zhang L, Xia Y, Mao K, Shan Z (2015) An Effective Video Summarization Framework Toward Handheld Devices. IEEE Trans Ind Electron 62(2):1309–1316 (IF: 5.165, JCR 1)CrossRefGoogle Scholar
  56. 56.
    Zhang L, Gao Y, Hong R, Hu Y, Ji R, Dai Q (2015) Probabilistic Skimlet Fusion for Summarizing Multiple Consumer Landmark Videos. IEEE Trans Multimed 71(1):40–49 (accepted, IF:1.754, CCF B, JCR 2)CrossRefGoogle Scholar
  57. 57.
    Zhou Q, Gu L, Wang C et al (2006) Using an improved C4.5 for imbalanced dataset of intrusion. In: Proceedings of the 2006 International Conference on Privacy, Security, Trust: Bridge the Gap Between PST Technologies and Business Services. ACM, p 67Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2017
Corrected publication September/2017

Authors and Affiliations

  • Fenghua Wang
    • 1
  • Yuhui Ma
    • 1
  • Yanjuan Jin
    • 2
  • Ying Jiang
    • 1
  • Yunye Wang
    • 1
  1. 1.State Grid Zhejiang Electric Power Company Information & Telecommunication BranchHangzhouChina
  2. 2.Hangzhou Dayou Science and Technology Development Co., Ltd.HangzhouChina

Personalised recommendations