Anomaly detection in data represented as graphs

  • Authors:
  • William Eberle;Lawrence Holder

  • Affiliations:
  • (Correspd.) Department of Computer Science, Tennessee Technological University, P.O. Box 5101, Cookeville, TN 38505, USA. E-mail: weberle@tntech.edu;School of Electrical Engineering & Computer Science, Washington State University, Box 642752, Pullman, WA 99164-2752, USA. E-mail: holder@wsu.edu

  • Venue:
  • Intelligent Data Analysis
  • Year:
  • 2007

Quantified Score

Hi-index 0.00

Visualization

Abstract

An important area of data mining is anomaly detection, particularly for fraud. However, little work has been done in terms of detecting anomalies in data that is represented as a graph. In this paper we present graph-based approaches to uncovering anomalies in domains where the anomalies consist of unexpected entity/relationship alterations that closely resemble non-anomalous behavior. We have developed three algorithms for the purpose of detecting anomalies in all three types of possible graph changes: label modifications, vertex/edge insertions and vertex/edge deletions. Each of our algorithms focuses on one of these anomalous types, using the minimum description length principle to first discover the normative pattern. Once the common pattern is known, each algorithm then uses a different approach to discover particular anomalous types. In this paper, we validate all three approaches using synthetic data, verifying that each of the algorithms on graphs and anomalies of varying sizes, are able to detect the anomalies with very high detection rates and minimal false positives. We then further validate the algorithms using real-world cargo data and actual fraud scenarios injected into the data set with 100% accuracy and no false positives. Each of these algorithms demonstrates the usefulness of examining a graph-based representation of data for the purposes of detecting fraud.