Abstract
Large-scale and dynamic networks arise in cyberspace and financial security. Given a dynamic network, it is crucial to detect structural anomalies, such as node behaviors deviate from underlying majority of the network. However, anomaly analysis for dynamic networks is difficult to precisely detect the anomalous behaviors of nodes because it usually ignores the evolutionary behaviors of different nodes. Our work taps into this gap and proposes an unsupervised ensemble framework for node temporal behavior modeling and node behavior real-time anomaly detection. Specifically, a latent space model is used to model the node behavior; each node is assigned a probability distribution across a small set of roles based on that node’s features. The evolutionary behavior of node is represented as node roles change over time and the anomalies of node are identified as deviations from expected roles. The entropy-based ensembles method is proposed to combine with multiple unsupervised anomaly detectors to yield robust performances, which achieves the real-time anomaly detection for different types of node behaviors. Finally, we show the effectiveness of the proposed method on Enron network in the experiments.
Similar content being viewed by others
References
Akoglu L, Faloutsos C (2010) Event Detection in time series of mobile communication graphs. In: 27th army science conference
Akoglu L, McGlohon M, Faloutsos C (2010) Oddball: spotting anomalies in weighted graphs. In: PAKDD, vol 2, pp 410–421
Akoglu L, Tong H, Koutra D (2015) Graph-based anomaly detection and description: a survey. Data Min Knowl Disc 29(3):626–688
Bereziński P, Jasiul B, Szpyrka M (2015) An entropy-based network anomaly detection method. Entropy 17(4):2367–2408
Breunig MM, Kriegel H-P, Ng RT et al (2000) LOF: identifying density-based local outliers. In: SIGMOD conference, pp 93–104
Chandola V, Banerjee A, Kumar V (2009) Anomaly detection: a survey. ACM Comput Surv 41(3):15
Chen H, Reid E, Sinai J (2008) Terrorism informatics: knowledge management and data mining for homeland security. Springer, Berlin
Ding Z, Fei M, Dajun D, Yang F (2017) Streaming data anomaly detection method based on hyper-grid structure and online ensemble learning. Soft Comput 21(20):5905–5917
Drezewski R, Sepielak J, Filipkowski W (2015) The application of social network analysis algorithms in a system supporting money laundering detection. Inf Sci 295:18–32
Gao J, Liang F, Fan W et al (2010) On community outliers and their efficient detection in information networks. In: KDD, pp 813–822
Gupta M, Gao J, Sun Y et al (2012) Community trend outlier detection using soft temporal pattern mining. ECML/PKDD 2:692–708
Gupta M, Gao J, Sun Y et al (2012) Integrating community matching and outlier detection for mining evolutionary community outliers. In: KDD, pp 859–867
Henderson K, Gallagher B, Li L et al (2011) It’s who you know: graph mining using recursive structural features. In: KDD, pp 663–671
Huang D, Mu D, Yang L, Cai X (2018) CoDetect: financial fraud detection with anomaly feature detection. IEEE Access 6:19161–19174
Jiao W, Muhua Z, zike Z, Wei W et al (2018) A model of spreading of sudden events on social networks. CHAOS 28(3):033113
Kannan KS, Manoj K (2015) Outlier detection in multivariate data. Appl Math Sci 9(47):2317–2324
Kriegel H-P, Kroger P, Schubert E et al (2011) Interpreting and unifying outlier scores. In: SDM, pp 13–24
Lanham MJ, Morgan GP, Carley KM (2014) Social network modeling and agent-based simulation in support of crisis de-escalation. IEEE Trans Syst Man Cybern Syst 44(1):103–110
Lee DD, Seung HS (1999) Learning the parts of objects by non-negative matrix factorization. Nature 401(6755):788–791
Liben-Nowell D, Kleinberg J (2007) The link-prediction problem for social networks. J Am Soc Inform Sci Technol 58(7):1019–1031
Palladino A, Thissen CJ (2018) Cyber anomaly detection using graph-node role-dynamics. In: Proceedings of dynamic and novel advances in machine learning and intelligent cyber security workshop (DYNAMICS’18). ACM, New York, NY, USA
Rayana S, Akoglu L (2014) An ensemble approach for event detection and characterization in dynamic graphs. In: ACM SIGKDD 2nd workshop on outlier detection and description, New York, NY, USA
Rayana S, Akoglu L (2015) Less is more: building selective anomaly ensemble with application to event detection in temporal graphs. In: SIAM SDM, Vancouver, BC, Canada
Rissanen J (1983) A universal prior for integers and estimation by minimum description length. Ann Stat 11(2):416–431
Rossi R A, Ahmed N K (2013) ia-enron-employees - Dynamic Networks. http://networkrepository.com/ia-enron-employees.php
Rossi RA, Ahmed NK (2015) The network data repository with interactive graph analytics and visualization. In: Proceedings of the twenty-ninth AAAI conference on artificial intelligence. http://networkrepository.com
Rossi RA, Gallagher B, Neville J, Henderson K (2013) Modeling dynamic behavior in large evolving graphs. In: WSDM’13
Subelj L, Furlan S, Bajec M (2010) An expert system for detecting automobile insurance fraud using social network analysis. Expert Syst Appl 38(1):1039–1052
Wang H, Wenbin H, Qiu Z, Bo D (2017) Node’s evolution diversity and link prediction in social network. IEEE Trans Knowl Data Eng 29(1):2263–2274
Wang H, Jia W, Wenbin H, Xindong W (2019) Detecting and assessing anomalous evolutionary behaviors of nodes in evolving social networks. ACM Trans Knowl Discov Data 13(1):12:1–12:24
Acknowledgements
This work was supported by National Natural Science Foundation of China (Grant No. 61703416) and Natural Science Foundation of Hunan Province, China (Grant No. 2018JJ3614).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of Interest
Qing Cheng, Yanghe Feng and Zhong Liu declare that they have no conflict of interest. Yun Zhou has received research grants from NSFC and NSF-Hunan.
Ethical approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Communicated by X. Li.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendix
Appendix
See Table 3.
Rights and permissions
About this article
Cite this article
Cheng, Q., Zhou, Y., Feng, Y. et al. An unsupervised ensemble framework for node anomaly behavior detection in social network. Soft Comput 24, 6421–6431 (2020). https://doi.org/10.1007/s00500-019-04547-6
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00500-019-04547-6