Anomaly Detection using Graph Streams to Protect Cyber Networks

Project (5): Anomaly Detection using Graph Streams to Protect Cyber Networks

The continual increase in communication speeds, electronic data storage volumes, and sensors collecting diverse information about an environment, has resulted in a deluge of heterogeneous data being stored, processed, and analyzed. The number of applications of this information also continues to increase, e.g., thwart terrorist activities being planned online, detect cyber-bullying through social media, and improve patient care through sensors and data, just to name a few. One potential way to address these challenges, and discover interesting patterns and anomalies, is to represent the data as graph streams. However, there are many challenges associated with graph mining methods in regards to designing scalable algorithms that can operate in real-time on multiple graph streams. This project will focus on the detection of graph-based patterns and anomalies, in particular to (1) handle multiple, heterogeneous data streams, (2) integrate temporal attributes associated with changes in a network, and (3) improve upon the scalability and accuracy of graph-based anomaly detection on big data. The objective is not only to show that known patterns and anomalies in individual streams can still be discovered efficiently, but also that new patterns and anomalies consisting of information from multiple streams can be identified.

Temporal Anomaly Detection. Building upon what we learn from Year 1, we will expand our efforts by investigating advanced graph mining algorithms on data streams with a temporal component. We will go beyond existing methods to discover new types of patterns and anomalies based on the evolutionary changes in the graph streams. Using datasets that represent various temporal networks, the students will be able to experiment with different approaches when applied to various types of cyber-networks, and evaluate the effectiveness of detecting potential security risks within networks that include temporal attributes.

Qualifications: Solid programming experience, particularly in C/C++ in a Unix/Linux environment.

Mentor: Dr. Eberle (weberle@tntech.edu)