46,830 research outputs found
Graph Neural Networks based Log Anomaly Detection and Explanation
Event logs are widely used to record the status of high-tech systems, making
log anomaly detection important for monitoring those systems. Most existing log
anomaly detection methods take a log event count matrix or log event sequences
as input, exploiting quantitative and/or sequential relationships between log
events to detect anomalies. Unfortunately, only considering quantitative or
sequential relationships may result in low detection accuracy. To alleviate
this problem, we propose a graph-based method for unsupervised log anomaly
detection, dubbed Logs2Graphs, which first converts event logs into attributed,
directed, and weighted graphs, and then leverages graph neural networks to
perform graph-level anomaly detection. Specifically, we introduce One-Class
Digraph Inception Convolutional Networks, abbreviated as OCDiGCN, a novel graph
neural network model for detecting graph-level anomalies in a collection of
attributed, directed, and weighted graphs. By coupling the graph representation
and anomaly detection steps, OCDiGCN can learn a representation that is
especially suited for anomaly detection, resulting in a high detection
accuracy. Importantly, for each identified anomaly, we additionally provide a
small subset of nodes that play a crucial role in OCDiGCN's prediction as
explanations, which can offer valuable cues for subsequent root cause
diagnosis. Experiments on five benchmark datasets show that Logs2Graphs
performs at least on par with state-of-the-art log anomaly detection methods on
simple datasets while largely outperforming state-of-the-art log anomaly
detection methods on complicated datasets.Comment: Preprint submitted to Engineering Applications of Artificial
Intelligenc
Mul-GAD: a semi-supervised graph anomaly detection framework via aggregating multi-view information
Anomaly detection is defined as discovering patterns that do not conform to
the expected behavior. Previously, anomaly detection was mostly conducted using
traditional shallow learning techniques, but with little improvement. As the
emergence of graph neural networks (GNN), graph anomaly detection has been
greatly developed. However, recent studies have shown that GNN-based methods
encounter challenge, in that no graph anomaly detection algorithm can perform
generalization on most datasets. To bridge the tap, we propose a multi-view
fusion approach for graph anomaly detection (Mul-GAD). The view-level fusion
captures the extent of significance between different views, while the
feature-level fusion makes full use of complementary information. We
theoretically and experimentally elaborate the effectiveness of the fusion
strategies. For a more comprehensive conclusion, we further investigate the
effect of the objective function and the number of fused views on detection
performance. Exploiting these findings, our Mul-GAD is proposed equipped with
fusion strategies and the well-performed objective function. Compared with
other state-of-the-art detection methods, we achieve a better detection
performance and generalization in most scenarios via a series of experiments
conducted on Pubmed, Amazon Computer, Amazon Photo, Weibo and Books. Our code
is available at https://github.com/liuyishoua/Mul-Graph-Fusion.Comment: Graph anomaly detection on attribute networ
Graph Anomaly Detection at Group Level: A Topology Pattern Enhanced Unsupervised Approach
Graph anomaly detection (GAD) has achieved success and has been widely
applied in various domains, such as fraud detection, cybersecurity, finance
security, and biochemistry. However, existing graph anomaly detection
algorithms focus on distinguishing individual entities (nodes or graphs) and
overlook the possibility of anomalous groups within the graph. To address this
limitation, this paper introduces a novel unsupervised framework for a new task
called Group-level Graph Anomaly Detection (Gr-GAD). The proposed framework
first employs a variant of Graph AutoEncoder (GAE) to locate anchor nodes that
belong to potential anomaly groups by capturing long-range inconsistencies.
Subsequently, group sampling is employed to sample candidate groups, which are
then fed into the proposed Topology Pattern-based Graph Contrastive Learning
(TPGCL) method. TPGCL utilizes the topology patterns of groups as clues to
generate embeddings for each candidate group and thus distinct anomaly groups.
The experimental results on both real-world and synthetic datasets demonstrate
that the proposed framework shows superior performance in identifying and
localizing anomaly groups, highlighting it as a promising solution for Gr-GAD.
Datasets and codes of the proposed framework are at the github repository
https://anonymous.4open.science/r/Topology-Pattern-Enhanced-Unsupervised-Group-level-Graph-Anomaly-Detection
Graph Laplacian for Image Anomaly Detection
Reed-Xiaoli detector (RXD) is recognized as the benchmark algorithm for image
anomaly detection; however, it presents known limitations, namely the
dependence over the image following a multivariate Gaussian model, the
estimation and inversion of a high-dimensional covariance matrix, and the
inability to effectively include spatial awareness in its evaluation. In this
work, a novel graph-based solution to the image anomaly detection problem is
proposed; leveraging the graph Fourier transform, we are able to overcome some
of RXD's limitations while reducing computational cost at the same time. Tests
over both hyperspectral and medical images, using both synthetic and real
anomalies, prove the proposed technique is able to obtain significant gains
over performance by other algorithms in the state of the art.Comment: Published in Machine Vision and Applications (Springer
HYPA: Efficient Detection of Path Anomalies in Time Series Data on Networks
The unsupervised detection of anomalies in time series data has important
applications in user behavioral modeling, fraud detection, and cybersecurity.
Anomaly detection has, in fact, been extensively studied in categorical
sequences. However, we often have access to time series data that represent
paths through networks. Examples include transaction sequences in financial
networks, click streams of users in networks of cross-referenced documents, or
travel itineraries in transportation networks. To reliably detect anomalies, we
must account for the fact that such data contain a large number of independent
observations of paths constrained by a graph topology. Moreover, the
heterogeneity of real systems rules out frequency-based anomaly detection
techniques, which do not account for highly skewed edge and degree statistics.
To address this problem, we introduce HYPA, a novel framework for the
unsupervised detection of anomalies in large corpora of variable-length
temporal paths in a graph. HYPA provides an efficient analytical method to
detect paths with anomalous frequencies that result from nodes being traversed
in unexpected chronological order.Comment: 11 pages with 8 figures and supplementary material. To appear at SIAM
Data Mining (SDM 2020
Graph Anomaly Detection with Graph Neural Networks: Current Status and Challenges
Graphs are used widely to model complex systems, and detecting anomalies in a
graph is an important task in the analysis of complex systems. Graph anomalies
are patterns in a graph that do not conform to normal patterns expected of the
attributes and/or structures of the graph. In recent years, graph neural
networks (GNNs) have been studied extensively and have successfully performed
difficult machine learning tasks in node classification, link prediction, and
graph classification thanks to the highly expressive capability via message
passing in effectively learning graph representations. To solve the graph
anomaly detection problem, GNN-based methods leverage information about the
graph attributes (or features) and/or structures to learn to score anomalies
appropriately. In this survey, we review the recent advances made in detecting
graph anomalies using GNN models. Specifically, we summarize GNN-based methods
according to the graph type (i.e., static and dynamic), the anomaly type (i.e.,
node, edge, subgraph, and whole graph), and the network architecture (e.g.,
graph autoencoder, graph convolutional network). To the best of our knowledge,
this survey is the first comprehensive review of graph anomaly detection
methods based on GNNs.Comment: 9 pages, 2 figures, 1 tables; to appear in the IEEE Access (Please
cite our journal version.
Dynamic Graph Attention for Anomaly Detection in Heterogeneous Sensor Networks
In the era of digital transformation, systems monitored by the Industrial
Internet of Things (IIoTs) generate large amounts of Multivariate Time Series
(MTS) data through heterogeneous sensor networks. While this data facilitates
condition monitoring and anomaly detection, the increasing complexity and
interdependencies within the sensor network pose significant challenges for
anomaly detection. Despite progress in this field, much of the focus has been
on point anomalies and contextual anomalies, with lesser attention paid to
collective anomalies. A less addressed but common variant of collective
anomalies is when the abnormal collective behavior is caused by shifts in
interrelationships within the system. This can be due to abnormal environmental
conditions like overheating, improper operational settings resulting from
cyber-physical attacks, or system-level faults. To address these challenges,
this paper proposes DyGATAD (Dynamic Graph Attention for Anomaly Detection), a
graph-based anomaly detection framework that leverages the attention mechanism
to construct a continuous graph representation of multivariate time series by
inferring dynamic edges between time series. DyGATAD incorporates an operating
condition-aware reconstruction combined with a topology-based anomaly score,
thereby enhancing the detection ability of relationship shifts. We evaluate the
performance of DyGATAD using both a synthetic dataset with controlled varying
fault severity levels and an industrial-scale multiphase flow facility
benchmark featuring various fault types with different detection difficulties.
Our proposed approach demonstrated superior performance in collective anomaly
detection for sensor networks, showing particular strength in early-stage fault
detection, even in the case of faults with minimal severity.Comment: 15 pages, 7 figure
Anomal-E: A Self-Supervised Network Intrusion Detection System based on Graph Neural Networks
This paper investigates Graph Neural Networks (GNNs) application for
self-supervised network intrusion and anomaly detection. GNNs are a deep
learning approach for graph-based data that incorporate graph structures into
learning to generalise graph representations and output embeddings. As network
flows are naturally graph-based, GNNs are a suitable fit for analysing and
learning network behaviour. The majority of current implementations of
GNN-based Network Intrusion Detection Systems (NIDSs) rely heavily on labelled
network traffic which can not only restrict the amount and structure of input
traffic, but also the NIDSs potential to adapt to unseen attacks. To overcome
these restrictions, we present Anomal-E, a GNN approach to intrusion and
anomaly detection that leverages edge features and graph topological structure
in a self-supervised process. This approach is, to the best our knowledge, the
first successful and practical approach to network intrusion detection that
utilises network flows in a self-supervised, edge leveraging GNN. Experimental
results on two modern benchmark NIDS datasets not only clearly display the
improvement of using Anomal-E embeddings rather than raw features, but also the
potential Anomal-E has for detection on wild network traffic
- …