Cybersecurity Education, Research & Outreach Center

Graph-Based Anomaly Detection

(Lead: Eberle) The current objective of this work is to develop scalable algorithms for learning normative patterns and anomalies in graph streams, where the patterns are known, unknown but fixed, or changing over time. The research team is pursuing several techniques, including partitioning the graph over time, processing only the changes to the graph over time, and parallel implementations on high-performance computing platforms. They are evaluating the effectiveness and efficiency of these algorithms in terms of expected data sizes, data rates, and recall/precision using several real-world, large, dynamic datasets as well as synthetic data. They are also evaluating the discovered patterns and anomalies for their significance in the target domains. This research is advancing the knowledge and understanding of how to efficiently process large, high-rate data streams represented as a graph in order to learn structural patterns and detect structural anomalies in real time. The algorithms developed under this project represent a new level of scalability that is necessary to address today's massive, dynamic data environments, as well as users' needs to quickly discover actionable intelligence in the form of trends and anomalies. Our ultimate goal is to provide efficient and effective tools for detecting patterns and anomalies in data that can lead to new discoveries in a variety of domains where large amounts of dynamic data are available, including national security, cyber-security, and social media.

For more information about Graph-Based Anomaly Detection, CEROC - please contact: William Eberle either by email: weberle@tntech.edu or by phone: 931-372-3278