Information spreading during emergencies and anomalous events

The most critical time for information to spread is in the aftermath of a serious emergency, crisis, or disaster. Individuals affected by such situations can now turn to an array of communication channels, from mobile phone calls and text messages to social media posts, when alerting social ties. These channels drastically improve the speed of information in a time-sensitive event, and provide extant records of human dynamics during and afterward the event. Retrospective analysis of such anomalous events provides researchers with a class of "found experiments" that may be used to better understand social spreading. In this chapter, we study information spreading due to a number of emergency events, including the Boston Marathon Bombing and a plane crash at a western European airport. We also contrast the different information which may be gleaned by social media data compared with mobile phone data and we estimate the rate of anomalous events in a mobile phone dataset using a proposed anomaly detection method.Comment: 19 pages, 11 figure

A dubiety-determining based model for database cumulated anomaly intrusion

The concept of Cumulated Anomaly (CA), which describes a new type of database anomalies, is addressed. A typical CA intrusion is that when a user who is authorized to modify data records under certain constraints deliberately hides his/her intentions to change data beyond constraints in different operations and different transactions. It happens when some appearing to be authorized and normal transactions lead to certain accumulated results out of given thresholds. The existing intrusion techniques are unable to deal with CAs. This paper proposes a detection model, Dubiety-Determining Model (DDM), for Cumulated Anomaly. This model is mainly based on statistical theories and fuzzy set theories. It measures the dubiety degree, which is presented by a real number between 0 and 1, for each database transaction, to show the likelihood of a transaction to be intrusive. The algorithms used in the DDM are introduced. A DDM-based software architecture has been designed and implemented for monitoring database transactions. The experimental results show that the DDM method is feasible and effective

Statistical and fuzzy approach for database security

A new type of database anomaly is described by addressing the concept of Cumulated Anomaly in this paper. Dubiety-Determining Model (DDM), which is a detection model basing on statistical and fuzzy set theories for Cumulated Anomaly, is proposed. DDM can measure the dubiety degree of each database transaction quantitatively. Software system architecture to support the DDM for monitoring database transactions is designed. We also implemented the system and tested it. Our experimental results show that the DDM method is feasible and effective

Bayesian anomaly detection methods for social networks

Learning the network structure of a large graph is computationally demanding, and dynamically monitoring the network over time for any changes in structure threatens to be more challenging still. This paper presents a two-stage method for anomaly detection in dynamic graphs: the first stage uses simple, conjugate Bayesian models for discrete time counting processes to track the pairwise links of all nodes in the graph to assess normality of behavior; the second stage applies standard network inference tools on a greatly reduced subset of potentially anomalous nodes. The utility of the method is demonstrated on simulated and real data sets.Comment: Published in at http://dx.doi.org/10.1214/10-AOAS329 the Annals of Applied Statistics (http://www.imstat.org/aoas/) by the Institute of Mathematical Statistics (http://www.imstat.org