Advertisement

Who Is the Abnormal User: Anomaly Detection Framework based on the Graph Convolutional Networks

  • Zetao Zheng
  • Jia ZhuEmail author
  • Yong Tang
  • Jiabing Du
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11642)

Abstract

Anomaly detection is the identification of items, events or observations which do not conform to an expected pattern in a dataset. It is applicable in a variety of domains, such as intrusion detection, fault detection, medical and public health anomaly monitoring. Existing model usually detects the anomaly according to the data’s feature. However, two drawbacks exist if the model only detects anomaly by using the feature. On the one hand, model could not make use of the relationship between users, which contains a large amount of potential information that can strengthen the prediction ability of the model. On the other hand, existing model could not adjust their learning ability automatically with the increasing of the data. To address the issues referred above, we focus on proposing an anomaly detection system based on the Graph Convolutional Networks (GCN). The framework consists of four mechanisms. It can detect the anomalies by using the user features as well as the relationship between users. Experiment result shows that our framework has outstanding performance compared with other state-of-the-art detection models.

Keywords

Graph Convolutional Networks Anomaly detection Graph theory 

Notes

Acknowledgements

This work was supported by the National Science Foundation of China (No. 61877020, U1811263, 61772211).

References

  1. 1.
    Kumar, V.: Parallel and distributed computing for cybersecurity. IEEE Distrib. Syst. Online 6, 10 (2005) CrossRefGoogle Scholar
  2. 2.
    Spence, C., Parra, L., Sajda, P.: Detection, synthesis and compression in mammographic image analysis with a hierarchical image probability model. In: Proceedings of the IEEE Workshop on Mathematical Methods in Biomedical Image Analysis, p. 3. IEEE Computer Society (2001)Google Scholar
  3. 3.
    Aleskerov, E., Freisleben, B., Rao, B.: CardWatch: a neural network based database mining system for credit card fraud detection. In: Proceedings of the IEEE Conference on Computational Intelligence for Financial Engineering, pp. 220–226 (1997)Google Scholar
  4. 4.
    Edgeworth, F.Y.: On discordant observations. Philos. Mag. 23(5), 364–375 (1887)CrossRefGoogle Scholar
  5. 5.
    Hodge, V., Austin, J.: A survey of outlier detection methodologies. Artif. Intell. Rev. 22(2), 85–126 (2004) CrossRefGoogle Scholar
  6. 6.
    Kipf, T.N., Welling, M.: Semi-supervised classification with graph convolutional networks (2016)Google Scholar
  7. 7.
    Tan, P.-N., Steinbach, M., Kumar, V.: Introduction to Data Mining. Addison-Wesley, Boston (2005)Google Scholar
  8. 8.
    Jain, A.K., Dubes, R.C.: Algorithms for Clustering Data. Prentice-Hall Inc., Upper Saddle River (1998)zbMATHGoogle Scholar
  9. 9.
    Basu, S., Bilenko, M., Mooney, R.J.: A probabilistic framework for semi-supervised clustering. In: Proceedings of the 10th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 59–68. ACM Press (2004)Google Scholar
  10. 10.
    Ester, M., Kriegel, H.-P., Sander, J., Xu, X.: A density-based algorithm for discovering clusters in large spatial databases with noise. In: Simoudis, E., Han, J., Fayyad, U. (eds.) Proceedings of the 2nd International Conference on Knowledge Discovery and Data Mining, pp. 226–231. AAAI Press (1996)Google Scholar
  11. 11.
    Guha, S., Rastogi, R., Shim, K.: ROCK: a robust clustering algorithm for categorical attributes. Inform. Syst. 25(5), 345366 (2000)CrossRefGoogle Scholar
  12. 12.
    Ertöz, L., Steinbach, M., Kumar, V.: Finding topics in collections of documents: a shared nearest neighbor approach. In: Wu, W., Xiong, H., Shekhar, S. (eds.) Clustering and Information Retrieval. NETA, vol. 11, pp. 83–104. Springer, Boston (2003).  https://doi.org/10.1007/978-1-4613-0227-8_3CrossRefGoogle Scholar
  13. 13.
    Anscombe, F.J., Guttman, I.: Rejection of outliers. Technometrics 2(2), 123–147 (1960)MathSciNetCrossRefGoogle Scholar
  14. 14.
    Eskin, E., Arnold, A., Prerau, M., Portnoy, L., Stolfo, S.: Ageometric framework for unsupervised anomaly detection. In: Proceedings of the Conference on Applications of Data Mining in Computer Security, pp. 78–100. Kluwer Academics (2002)Google Scholar
  15. 15.
    Desforges, M., Jacob, P., Cooper, J.: Applications of probability density estimation to the detection of abnormal conditions in engineering. In: Proceedings of the Institute of the Mechanical Engineers, vol. 212, pp. 687–703 (1998)Google Scholar
  16. 16.
    Duda, R.O., Hart, P.E., Stork, D.G.: Pattern Classification, 2nd edn. Wiley, Hoboken (2000)zbMATHGoogle Scholar
  17. 17.
    Stefano, C., Sansone, C., Vento, M.: To reject or not to reject: that is the question: an answer in the case of neural classifiers. IEEE Trans. Syst. Manag. Cybern. 30(1), 8494 (2000)Google Scholar
  18. 18.
    Barbara, D., Couto, J., Jajodia, S., Wu, N.: Detecting novel network intrusions using Bayes estimators. In: Proceedings of the 1st SIAM International Conference on Data Mining (2001)Google Scholar
  19. 19.
    Scholkopf, B., Platt, J.C., Shawe-Taylor, J.C., Smola, A.J., Williamson, R.C.: Estimating the support of a high-dimensional distribution. Neural Comput. 13(7), 14431471 (2001)CrossRefGoogle Scholar
  20. 20.
    Roth, V.: Outlier detection with one-class kernel Fisher discriminants. In: Proceedings of the Conference on Advances in Neural Information Processing Systems (NIPS) (2004)Google Scholar
  21. 21.
    Roth, V.: Kernel fisher discriminants for outlier detection. Neural Comput. 18(4), 942960 (2006)MathSciNetCrossRefGoogle Scholar
  22. 22.
    Vapnik, V.N.: The Nature of Statistical Learning Theory. Springer, New York (1995).  https://doi.org/10.1007/978-1-4757-2440-0CrossRefzbMATHGoogle Scholar
  23. 23.
    Jaccard, P.: Étude comparative de la distribution florale dans une portion des Alpes et des Jura. Bulletin de la Socit Vaudoise des Sciences Naturelles 37, 547–579 (1901)Google Scholar
  24. 24.
    Jaccard, P.: The distribution of the flora in the alpine zone. New Phytol. 11, 37–50 (1912)CrossRefGoogle Scholar
  25. 25.
    Kingma, D.P., Ba J.: Adam: a method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014)
  26. 26.
    Glorot, X., Bengio, Y.: Understanding the difficulty of training deep feedforward neural networks. In: Proceedings of the Thirteenth International Conference on Artificial Intelligence and Statistics, pp. 249–256 (2010)Google Scholar
  27. 27.
    Zhang, T.: Statistical behavior and consistency of classification methods based on convex risk minimization. Ann. Stat. 32, 56–85 (2004)MathSciNetCrossRefGoogle Scholar
  28. 28.
    Smola, A.J., Schlkopf, B.: A tutorial on support vector regression. Stat. Comput. 14(3), 199–222 (2004)MathSciNetCrossRefGoogle Scholar
  29. 29.
    Schlkopf, B., Burges, C.J.C., Smola, A.J. (eds.): Advances in Kernel Methods: Support Vector Learning. MIT Press, Cambridge (1999)Google Scholar
  30. 30.
    Hsu, C.-W., Lin, C.-J.: A comparison of methods for multiclass support vector machines. IEEE Trans. Neural Netw. 13(2), 415–425 (2002)CrossRefGoogle Scholar
  31. 31.
    Rokach, L.: Ensemble-based classifiers. Artif. Intell. Rev. 33(1–2), 1–39 (2010)CrossRefGoogle Scholar
  32. 32.
    Pal, M.: Random forest classifier for remote sensing classification. Int. J. Remote Sens. 26(1), 217–222 (2005)CrossRefGoogle Scholar
  33. 33.
    Myles, A.J., Feudale, R.N., Liu, Y., et al.: An introduction to decision tree modeling. J. Chemom. 18(6), 275–285 (2004)CrossRefGoogle Scholar
  34. 34.
    Murthy, S.K.: Automatic construction of decision trees from data: a multi-disciplinary survey. Data Min. Knowl. Disc. 2(4), 345–389 (1998)CrossRefGoogle Scholar
  35. 35.
    Friedman, N., Geiger, D., Goldszmidt, M.: Bayesian network classifiers. Mach. Learn. 29(2–3), 131–163 (1997)CrossRefGoogle Scholar
  36. 36.
    Grossman, D., Domingos, P.: Learning Bayesian network classifiers by maximizing conditional likelihood. In: Proceedings of the Twenty-first International Conference on Machine Learning, p. 46. ACM (2004)Google Scholar
  37. 37.
    Heckerman, D.: A tutorial on learning with Bayesian networks. In: Jordan, M.J. (ed.) Learning in Graphical Models. ASID, vol. 89, pp. 301–354. Springer, Dordrecht (1998).  https://doi.org/10.1007/978-94-011-5014-9_11CrossRefzbMATHGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Data Intelligence Laboratory, School of Computer ScienceSouth China Normal UniversityGuangzhouPeople’s Republic of China
  2. 2.FoShan Power Supply Bureau of Guangdong Grid Co.FoShanPeople’s Republic of China

Personalised recommendations