Advertisement

Dynamic Anomaly Detection Using Vector Autoregressive Model

  • Yuemeng Li
  • Aidong Lu
  • Xintao WuEmail author
  • Shuhan Yuan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11439)

Abstract

Identifying vandal users or attackers hidden in dynamic online social network data has been shown a challenging problem. In this work, we develop a dynamic attack/anomaly detection approach using a novel combination of the graph spectral features and the restricted Vector Autoregressive (rVAR) model. Our approach utilizes the time series modeling method on the non-randomness metric derived from the graph spectral features to capture the abnormal activities and interactions of individuals. Furthermore, we demonstrate how to utilize Granger causality test on the fitted rVAR model to identify causal relationships of user activities, which could be further translated to endogenous and/or exogenous influences for each individual’s anomaly measures. We conduct empirical evaluations on the Wikipedia vandal detection dataset to demonstrate efficacy of our proposed approach.

Keywords

Anomaly detection Vector autoregression Granger causality Dynamic graph Matrix perturbation Spectral graph analysis 

Notes

Acknowledgments

This work was supported in part by NSF 1564250 and 1564039.

References

  1. 1.
    Bianco, A.M., Garcia Ben, M., Martinez, E., Yohai, V.J.: Outlier detection in regression models with arima errors using robust estimates. J. Forecast. 20(8), 565–579 (2001)CrossRefGoogle Scholar
  2. 2.
    Geweke, J.F.: Measures of conditional linear dependence and feedback between time series. J. Am. Stat. Assoc. 79(388), 907–915 (1984)MathSciNetCrossRefGoogle Scholar
  3. 3.
    Granger, C.W.: Investigating causal relations by econometric models and cross-spectral methods. Econometrica: J. Econometric Soc. 37(3), 424–438 (1969)Google Scholar
  4. 4.
    Idé, T., Kashima, H.: Eigenspace-based anomaly detection in computer systems. In: Proceedings of the Tenth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 440–449. ACM (2004)Google Scholar
  5. 5.
    Johansen, S.: Estimation and hypothesis testing of cointegration vectors in Gaussian vector autoregressive models. Econometrica: J. Econometric Soc. 59(6), 1551–1580 (1991)Google Scholar
  6. 6.
    Kumar, S., Spezzano, F., Subrahmanian, V.: VEWS: a Wikipedia vandal early warning system. In: Proceedings of the 21th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 607–616. ACM (2015)Google Scholar
  7. 7.
    Li, Y., Wu, X., Lu, A.: Analysis of spectral space properties of directed graphs using matrix perturbation theory with application in graph partition. In: Proceedings of IEEE International Conference on Data Mining, pp. 847–852. IEEE (2015)Google Scholar
  8. 8.
    Liberty, E.: Simple and deterministic matrix sketching. In: Proceedings of the 19th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 581–588. ACM (2013)Google Scholar
  9. 9.
    Ning, H., Xu, W., Chi, Y., Gong, Y., Huang, T.: Incremental spectral clustering with application to monitoring of evolving blog communities. In: Proceedings of the 2007 SIAM International Conference on Data Mining, pp. 261–272. SIAM (2007)Google Scholar
  10. 10.
    Shyu, M.L., Chen, S.C., Sarinnapakorn, K., Chang, L.: A novel anomaly detection scheme based on principal component classifier. In: Proceedings of the IEEE Foundations and New Directions of Data Mining Workshop, pp. 171–179. IEEE (2003)Google Scholar
  11. 11.
    Sun, J., Xie, Y., Zhang, H., Faloutsos, C.: Less is more: compact matrix representation of large sparse graphs. In: Proceedings of 7th SIAM International Conference on Data Mining (2007)Google Scholar
  12. 12.
    Tsay, R.S., Peña, D., Pankratz, A.E.: Outliers in multivariate time series. Biometrika 87(4), 789–804 (2000)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Wu, L., Ying, X., Wu, X., Zhou, Z.H.: Line orthogonality in adjacency eigenspace with application to community partition. In: Proceedings of the 22nd International Joint Conference on Artificial Intelligence, pp. 2349–2354 (2011)Google Scholar
  14. 14.
    Wu, L., Wu, X., Lu, A., Zhou, Z.H.: A spectral approach to detecting subtle anomalies in graphs. J. Intell. Inf. Syst. 41(2), 313–337 (2013)CrossRefGoogle Scholar
  15. 15.
    Ying, X., Wu, X.: On randomness measures for social networks. In: Proceedings of 9th SIAM International Conference on Data Mining (2009)Google Scholar
  16. 16.
    Ying, X., Wu, X., Barbará, D.: Spectrum based fraud detection in social networks. In: 2011 IEEE 27th International Conference on Data Engineering, pp. 912–923. IEEE (2011)Google Scholar
  17. 17.
    Zhang, K., Tsang, I.W., Kwok, J.T.: Improved nyström low-rank approximation and error analysis. In: Proceedings of the 25th International Conference on Machine Learning, pp. 1232–1239. ACM (2008)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.University of North Carolina at CharlotteCharlotteUSA
  2. 2.University of ArkansasFayettevilleUSA

Personalised recommendations