SlideShare ist ein Scribd-Unternehmen logo

Event Detection and Characterization in Dynamic Graphs

Als PPTX, PDF herunterladen
Shebuti Rayana
Shebuti Rayana

Presented at ODD^2 @ KDD 2014 on August 24, 2014

Ingenieurwesen
1 von 26
Stony Brook University Shebuti & Leman Shebuti Rayana Leman Akoglu
Tax evasion Credit card fraud & Many More… Network intrusion Healthcare fraud Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 2
 Problem: Given a sequence of graphs, Q1. Event detection: find time points at which graph changes significantly Q2. Characterization: find (top k) nodes / edges / regions that change the most Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 3
 Main framework  Compute graph similarity/distance scores … … … time  Find unusual occurrences in time series Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 4
 Flow of Ensemble Approach  Event Detection in Dynamic Graphs Ensemble Algorithms Eigen Behavior based Event Detection (EBED) Probabilistic Approach (PTSAD) SPIRIT Consensus Method Rank based Score based Results Dataset 1: Challenge Network flow Data Dataset 2: New York Times News Corpus Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 5
Event Detection Consensus Rank Merging •Rank based •Inverse Rank •Kemeny Young •Score Based •Unification (avg, max) •Mixture Model (avg, max) • Final Ensemble (Inverse Rank) Characterization Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 6
 Numerous algorithms for event detection  Hard to decide which one will work well for a specific data set  Our Goal: design an ensemble approach which might not give best result but “better” than most base algorithms  Challenges:  Different scores/scales  Different merging approaches Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 7
 Extract “typical behavior” (eigen-behavior) of nodes/edges  eigen-behavior ≡ principal eigen-vector  Compare eigen-behavior over time  Score the time ticks depending on amount of change in behavior from previous time tick.  Mark the ones with high score as anomalous. T N Feature: Degree Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 8
Nodes T Features (egonet) Time T N Feature: degree WW past pattern right singular vector N    eigen-behavior at t eigen-behaviors change-score metric: Z = 1- uTr Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 9
 Individual nodes/edges time series with distributions  Poisson  Zero-inflated Poisson  Hurdle Process ▪ Hurdle Component: Bernoulli & Markov Chain ▪ Count Component: Zero-truncated Poisson  Model Selection:  AIC, log likelihood, Vuong’s test and log gain  Find single-sided p-value as the probability of observing a count as extreme as v [P(X ≥ v)] Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 10
Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 11
 Streaming Pattern dIscoveRy in multIple Time-series (SPIRIT) [Papadimitriou et al. 2005]  Discovers trends – whenever trend changes it introduce new hidden variable & remove when not needed  Detects anomalous points in trends  Nodes weights change in each step  At a change point the node which has highest weight is most anomalous Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 12
Event Detection Characterization Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 13
RankList2 ScoreList2 Consensus RankList1 ScoreList1 Rank based Score based •Inverse Rank •Kemeny Young [J. Kemeny 1959] RankList3 ScoreList3 •Unification [Zimek et al. 2011] -avg & max •Mixture Model [Jing et al. 2006] -avg & max Final Ensemble: inverse rank FinalRankList Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 14
 We were given a “Cyber Challenge Network” from NGAS R&T Space Park  Simulated cyber network traffic  10 days activities  125 hosts  To-from information with timestamps  Find “suspicious” events and the entities associated with the corresponding events in Challenge Network. Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 15
Eigen-behaviors Probabilistic Approach SPIRIT Z-score 1 – norm. (sum p-value) projection Time tick Shebuti & Leman 16 Event Detection & Characterization in Dynamic Graphs Feature: Degree
Eigen-behaviors at Time tick 376 Probabilistic Approach SPIRIT relative activity change projection weight nodes Shebuti & Leman 17 Event Detection & Characterization in Dynamic Graphs normal. |log(p)|
Average Precision Table (Feature: Degree) Algorithm Sample rate (10 min) Base Algorithms EBED 0.8333 PTSAD 0.5722 SPIRIT 0.7292 Consensus Rank Merging Algorithms Inverse Rank (1/R) 1.0000 Kemeny Young 0.8095 Unification (avg) 0.8056 Unification (max) 0.7255 Mixture model (avg) 0.1684 Mixture model (max) 0.1684 Final Ensemble (1/R) 0.8667 Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 18
Average Precision Table for Node anomalies Feature: Degree [Sample rate 10 min] Algorithm Event at 376 Event at 1126 Base Algorithms EBED 1.0000 1.0000 PTSAD 1.0000 0.2500 SPIRIT 0.3026 0.0213 Consensus Rank Merging Algorithms Inverse Rank (1/R) 1.0000 0.5000 Kemeny Young 1.0000 0.2000 Unification (avg) 1.0000 1.0000 Unification (max) 0.8333 1.0000 Mixture model (avg) 1.0000 1.0000 Mixture model (max) 1.0000 1.0000 Final Ensemble (1/R) 1.0000 1.0000 Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 19
Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 20
 ~8 years (Jan 2000- July 2007) of published articles of New York Times  Graph links: Co-mention of named entities (people, places, organization)  Sample rate: 1 week  No ground truth  Big Events detected:  January, 2001 – George W. Bush elected US president  September 11, 2001 – Terrorist attack in WTC  February 1, 2003 – Space Shuttle Columbia Disaster Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 21
Feature: Weighted Degree Eigen-behaviors Columbia disaster Probabilistic Approach SPIRIT 2001 election Z Score 1 – norm. (sum p-value) projection 9/11 WTC attack Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 22
Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 23
 Heterogeneous detectors  different scores  different effectiveness (depending on dataset)  Ensemble for event detection on dynamic graphs  Multiple consensus (merging) approaches  two-phase consensus finding Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 24
 Near-future: Robust consensus by automatically selecting effective base algorithms  Challenge: no ground truth  Near-future: real-time detection  Event detection under diverse data sources (e.g., news media, social media, the Web, …)  Challenges: different entity types, different time granularity, entity resolution Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 25
srayana@cs.stonybrook.edu http://www.cs.stonybrook.edu/~datalab/ Judge a man by his questions rather than his answers. -Voltaire Event Detection Characterization Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 26

Empfohlen

Event Detection and Characterization in Dynamic Graphs
Event Detection and Characterization in Dynamic GraphsEvent Detection and Characterization in Dynamic Graphs
Event Detection and Characterization in Dynamic Graphs
Shebuti Rayana
 
"Crash Graphs: An Aggregated View of Multiple Crashes to Improve Crash Triage...
"Crash Graphs: An Aggregated View of Multiple Crashes to Improve Crash Triage..."Crash Graphs: An Aggregated View of Multiple Crashes to Improve Crash Triage...
"Crash Graphs: An Aggregated View of Multiple Crashes to Improve Crash Triage...
Sung Kim
 
DeepWalk: Online Learning of Representations
DeepWalk: Online Learning of RepresentationsDeepWalk: Online Learning of Representations
DeepWalk: Online Learning of Representations
Bryan Perozzi
 
Dagstuhl seminar talk on querying big graphs
Dagstuhl seminar talk on querying big graphsDagstuhl seminar talk on querying big graphs
Dagstuhl seminar talk on querying big graphs
Arijit Khan
 
Similarity in Wikipedia Articles (EDBT Summer School)
Similarity in Wikipedia Articles (EDBT Summer School)Similarity in Wikipedia Articles (EDBT Summer School)
Similarity in Wikipedia Articles (EDBT Summer School)
dgarijo
 
Project Risk Analysis in Aerospace Industry
Project Risk Analysis in Aerospace IndustryProject Risk Analysis in Aerospace Industry
Project Risk Analysis in Aerospace Industry
Intaver Insititute
 
Reaction RuleML 1.0
Reaction RuleML 1.0Reaction RuleML 1.0
Reaction RuleML 1.0
Adrian Paschke
 
Scrdet++ analysis
Scrdet++ analysisScrdet++ analysis
Scrdet++ analysis
NEHA Kapoor
 

Empfohlen

Event Detection and Characterization in Dynamic Graphs
Event Detection and Characterization in Dynamic GraphsEvent Detection and Characterization in Dynamic Graphs
Event Detection and Characterization in Dynamic Graphs
Shebuti Rayana
 
"Crash Graphs: An Aggregated View of Multiple Crashes to Improve Crash Triage...
"Crash Graphs: An Aggregated View of Multiple Crashes to Improve Crash Triage..."Crash Graphs: An Aggregated View of Multiple Crashes to Improve Crash Triage...
"Crash Graphs: An Aggregated View of Multiple Crashes to Improve Crash Triage...
Sung Kim
 
DeepWalk: Online Learning of Representations
DeepWalk: Online Learning of RepresentationsDeepWalk: Online Learning of Representations
DeepWalk: Online Learning of Representations
Bryan Perozzi
 
Dagstuhl seminar talk on querying big graphs
Dagstuhl seminar talk on querying big graphsDagstuhl seminar talk on querying big graphs
Dagstuhl seminar talk on querying big graphs
Arijit Khan
 
Similarity in Wikipedia Articles (EDBT Summer School)
Similarity in Wikipedia Articles (EDBT Summer School)Similarity in Wikipedia Articles (EDBT Summer School)
Similarity in Wikipedia Articles (EDBT Summer School)
dgarijo
 
Project Risk Analysis in Aerospace Industry
Project Risk Analysis in Aerospace IndustryProject Risk Analysis in Aerospace Industry
Project Risk Analysis in Aerospace Industry
Intaver Insititute
 
Reaction RuleML 1.0
Reaction RuleML 1.0Reaction RuleML 1.0
Reaction RuleML 1.0
Adrian Paschke
 
Scrdet++ analysis
Scrdet++ analysisScrdet++ analysis
Scrdet++ analysis
NEHA Kapoor
 
Talk 2011-buet-perception-event
Talk 2011-buet-perception-eventTalk 2011-buet-perception-event
Talk 2011-buet-perception-event
Mahfuzul Haque
 
CEP: Event-Decision Architecture for PredictiveBusiness, July 2006
CEP: Event-Decision Architecture for PredictiveBusiness, July 2006CEP: Event-Decision Architecture for PredictiveBusiness, July 2006
CEP: Event-Decision Architecture for PredictiveBusiness, July 2006
Tim Bass
 
How we use functional programming to find the bad guys @ Build Stuff LT and U...
How we use functional programming to find the bad guys @ Build Stuff LT and U...How we use functional programming to find the bad guys @ Build Stuff LT and U...
How we use functional programming to find the bad guys @ Build Stuff LT and U...
Richard Minerich
 
Comparative study of various approaches for transaction Fraud Detection using...
Comparative study of various approaches for transaction Fraud Detection using...Comparative study of various approaches for transaction Fraud Detection using...
Comparative study of various approaches for transaction Fraud Detection using...
Pratibha Singh
 
Multisensor data fusion in object tracking applications
Multisensor data fusion in object tracking applicationsMultisensor data fusion in object tracking applications
Multisensor data fusion in object tracking applications
Sayed Abulhasan Quadri
 
Visual diagnostics for more effective machine learning
Visual diagnostics for more effective machine learningVisual diagnostics for more effective machine learning
Visual diagnostics for more effective machine learning
Benjamin Bengfort
 
Quantiative Risk Analysis for the Aerospace Industry
Quantiative Risk Analysis for the Aerospace IndustryQuantiative Risk Analysis for the Aerospace Industry
Quantiative Risk Analysis for the Aerospace Industry
Intaver Insititute
 
Processing Patterns for Predictive Business
Processing Patterns for Predictive BusinessProcessing Patterns for Predictive Business
Processing Patterns for Predictive Business
Tim Bass
 
Musings of kaggler
Musings of kagglerMusings of kaggler
Musings of kaggler
Kai Xin Thia
 
Less is More: Building Selective Anomaly Ensembles with Application to Event...
Less is More: Building Selective Anomaly Ensembles with Application to Event...Less is More: Building Selective Anomaly Ensembles with Application to Event...
Less is More: Building Selective Anomaly Ensembles with Application to Event...
Shebuti Rayana
 
Processing Patterns for PredictiveBusiness
Processing Patterns for PredictiveBusinessProcessing Patterns for PredictiveBusiness
Processing Patterns for PredictiveBusiness
Tim Bass
 
Machine Learning Summary for Caltech2
Machine Learning Summary for Caltech2Machine Learning Summary for Caltech2
Machine Learning Summary for Caltech2
Lukas Mandrake
 
Machine Learning ICS 273A
Machine Learning ICS 273AMachine Learning ICS 273A
Machine Learning ICS 273A
butest
 
Intro to Deep Reinforcement Learning
Intro to Deep Reinforcement LearningIntro to Deep Reinforcement Learning
Intro to Deep Reinforcement Learning
Khaled Saleh
 
Wang midterm-defence
Wang midterm-defenceWang midterm-defence
Wang midterm-defence
Zhipeng Wang
 
Data Philly Meetup - Big (Geo) Data
Data Philly Meetup - Big (Geo) DataData Philly Meetup - Big (Geo) Data
Data Philly Meetup - Big (Geo) Data
Azavea
 
Graph Signal Processing for Machine Learning A Review and New Perspectives - ...
Graph Signal Processing for Machine Learning A Review and New Perspectives - ...Graph Signal Processing for Machine Learning A Review and New Perspectives - ...
Graph Signal Processing for Machine Learning A Review and New Perspectives - ...
lauratoni4
 
[ICLR2021 (spotlight)] Benefit of deep learning with non-convex noisy gradien...
[ICLR2021 (spotlight)] Benefit of deep learning with non-convex noisy gradien...[ICLR2021 (spotlight)] Benefit of deep learning with non-convex noisy gradien...
[ICLR2021 (spotlight)] Benefit of deep learning with non-convex noisy gradien...
Taiji Suzuki
 
Anomaly Detection for Real-World Systems
Anomaly Detection for Real-World SystemsAnomaly Detection for Real-World Systems
Anomaly Detection for Real-World Systems
Manojit Nandi
 
Hidden Markov Models for Abnormal Event Processing in Transportation Data Str...
Hidden Markov Models for Abnormal Event Processing in Transportation Data Str...Hidden Markov Models for Abnormal Event Processing in Transportation Data Str...
Hidden Markov Models for Abnormal Event Processing in Transportation Data Str...
John Lau
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
BhangaleSonal
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
Kamal Acharya
 

Weitere ähnliche Inhalte

Ähnlich wie Event Detection and Characterization in Dynamic Graphs

Talk 2011-buet-perception-event
Talk 2011-buet-perception-eventTalk 2011-buet-perception-event
Talk 2011-buet-perception-event
Mahfuzul Haque
 
Multisensor data fusion in object tracking applications
Multisensor data fusion in object tracking applicationsMultisensor data fusion in object tracking applications
Multisensor data fusion in object tracking applications
Sayed Abulhasan Quadri
 
Visual diagnostics for more effective machine learning
Visual diagnostics for more effective machine learningVisual diagnostics for more effective machine learning
Visual diagnostics for more effective machine learning
Benjamin Bengfort
 
Machine Learning Summary for Caltech2
Machine Learning Summary for Caltech2Machine Learning Summary for Caltech2
Machine Learning Summary for Caltech2
Lukas Mandrake
 
Machine Learning ICS 273A
Machine Learning ICS 273AMachine Learning ICS 273A
Machine Learning ICS 273A
butest
 
Graph Signal Processing for Machine Learning A Review and New Perspectives - ...
Graph Signal Processing for Machine Learning A Review and New Perspectives - ...Graph Signal Processing for Machine Learning A Review and New Perspectives - ...
Graph Signal Processing for Machine Learning A Review and New Perspectives - ...
lauratoni4
 
[ICLR2021 (spotlight)] Benefit of deep learning with non-convex noisy gradien...
[ICLR2021 (spotlight)] Benefit of deep learning with non-convex noisy gradien...[ICLR2021 (spotlight)] Benefit of deep learning with non-convex noisy gradien...
[ICLR2021 (spotlight)] Benefit of deep learning with non-convex noisy gradien...
Taiji Suzuki
 
Hidden Markov Models for Abnormal Event Processing in Transportation Data Str...
Hidden Markov Models for Abnormal Event Processing in Transportation Data Str...Hidden Markov Models for Abnormal Event Processing in Transportation Data Str...
Hidden Markov Models for Abnormal Event Processing in Transportation Data Str...
John Lau
 

Ähnlich wie Event Detection and Characterization in Dynamic Graphs (20)

Talk 2011-buet-perception-event
Talk 2011-buet-perception-eventTalk 2011-buet-perception-event
Talk 2011-buet-perception-event
 
CEP: Event-Decision Architecture for PredictiveBusiness, July 2006
CEP: Event-Decision Architecture for PredictiveBusiness, July 2006CEP: Event-Decision Architecture for PredictiveBusiness, July 2006
CEP: Event-Decision Architecture for PredictiveBusiness, July 2006
 
How we use functional programming to find the bad guys @ Build Stuff LT and U...
How we use functional programming to find the bad guys @ Build Stuff LT and U...How we use functional programming to find the bad guys @ Build Stuff LT and U...
How we use functional programming to find the bad guys @ Build Stuff LT and U...
 
Comparative study of various approaches for transaction Fraud Detection using...
Comparative study of various approaches for transaction Fraud Detection using...Comparative study of various approaches for transaction Fraud Detection using...
Comparative study of various approaches for transaction Fraud Detection using...
 
Multisensor data fusion in object tracking applications
Multisensor data fusion in object tracking applicationsMultisensor data fusion in object tracking applications
Multisensor data fusion in object tracking applications
 
Visual diagnostics for more effective machine learning
Visual diagnostics for more effective machine learningVisual diagnostics for more effective machine learning
Visual diagnostics for more effective machine learning
 
Quantiative Risk Analysis for the Aerospace Industry
Quantiative Risk Analysis for the Aerospace IndustryQuantiative Risk Analysis for the Aerospace Industry
Quantiative Risk Analysis for the Aerospace Industry
 
Processing Patterns for Predictive Business
Processing Patterns for Predictive BusinessProcessing Patterns for Predictive Business
Processing Patterns for Predictive Business
 
Musings of kaggler
Musings of kagglerMusings of kaggler
Musings of kaggler
 
Less is More: Building Selective Anomaly Ensembles with Application to Event...
Less is More: Building Selective Anomaly Ensembles with Application to Event...Less is More: Building Selective Anomaly Ensembles with Application to Event...
Less is More: Building Selective Anomaly Ensembles with Application to Event...
 
Processing Patterns for PredictiveBusiness
Processing Patterns for PredictiveBusinessProcessing Patterns for PredictiveBusiness
Processing Patterns for PredictiveBusiness
 
Machine Learning Summary for Caltech2
Machine Learning Summary for Caltech2Machine Learning Summary for Caltech2
Machine Learning Summary for Caltech2
 
Machine Learning ICS 273A
Machine Learning ICS 273AMachine Learning ICS 273A
Machine Learning ICS 273A
 
Intro to Deep Reinforcement Learning
Intro to Deep Reinforcement LearningIntro to Deep Reinforcement Learning
Intro to Deep Reinforcement Learning
 
Wang midterm-defence
Wang midterm-defenceWang midterm-defence
Wang midterm-defence
 
Data Philly Meetup - Big (Geo) Data
Data Philly Meetup - Big (Geo) DataData Philly Meetup - Big (Geo) Data
Data Philly Meetup - Big (Geo) Data
 
Graph Signal Processing for Machine Learning A Review and New Perspectives - ...
Graph Signal Processing for Machine Learning A Review and New Perspectives - ...Graph Signal Processing for Machine Learning A Review and New Perspectives - ...
Graph Signal Processing for Machine Learning A Review and New Perspectives - ...
 
[ICLR2021 (spotlight)] Benefit of deep learning with non-convex noisy gradien...
[ICLR2021 (spotlight)] Benefit of deep learning with non-convex noisy gradien...[ICLR2021 (spotlight)] Benefit of deep learning with non-convex noisy gradien...
[ICLR2021 (spotlight)] Benefit of deep learning with non-convex noisy gradien...
 
Anomaly Detection for Real-World Systems
Anomaly Detection for Real-World SystemsAnomaly Detection for Real-World Systems
Anomaly Detection for Real-World Systems
 
Hidden Markov Models for Abnormal Event Processing in Transportation Data Str...
Hidden Markov Models for Abnormal Event Processing in Transportation Data Str...Hidden Markov Models for Abnormal Event Processing in Transportation Data Str...
Hidden Markov Models for Abnormal Event Processing in Transportation Data Str...
 

Kürzlich hochgeladen

(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
Kamal Acharya
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
SUHANI PANDEY
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
ranjana rawat
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
ankushspencer015
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
tanu pandey
 
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
MsecMca
 
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Christo Ananth
 

Kürzlich hochgeladen (20)

Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPT
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineering
 
Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
 
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
 
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...
 

Event Detection and Characterization in Dynamic Graphs

  • 1. Stony Brook University Shebuti & Leman Shebuti Rayana Leman Akoglu
  • 2. Tax evasion Credit card fraud & Many More… Network intrusion Healthcare fraud Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 2
  • 3.  Problem: Given a sequence of graphs, Q1. Event detection: find time points at which graph changes significantly Q2. Characterization: find (top k) nodes / edges / regions that change the most Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 3
  • 4.  Main framework  Compute graph similarity/distance scores … … … time  Find unusual occurrences in time series Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 4
  • 5.  Flow of Ensemble Approach  Event Detection in Dynamic Graphs Ensemble Algorithms Eigen Behavior based Event Detection (EBED) Probabilistic Approach (PTSAD) SPIRIT Consensus Method Rank based Score based Results Dataset 1: Challenge Network flow Data Dataset 2: New York Times News Corpus Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 5
  • 6. Event Detection Consensus Rank Merging •Rank based •Inverse Rank •Kemeny Young •Score Based •Unification (avg, max) •Mixture Model (avg, max) • Final Ensemble (Inverse Rank) Characterization Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 6
  • 7.  Numerous algorithms for event detection  Hard to decide which one will work well for a specific data set  Our Goal: design an ensemble approach which might not give best result but “better” than most base algorithms  Challenges:  Different scores/scales  Different merging approaches Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 7
  • 8.  Extract “typical behavior” (eigen-behavior) of nodes/edges  eigen-behavior ≡ principal eigen-vector  Compare eigen-behavior over time  Score the time ticks depending on amount of change in behavior from previous time tick.  Mark the ones with high score as anomalous. T N Feature: Degree Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 8
  • 9. Nodes T Features (egonet) Time T N Feature: degree WW past pattern right singular vector N    eigen-behavior at t eigen-behaviors change-score metric: Z = 1- uTr Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 9
  • 10.  Individual nodes/edges time series with distributions  Poisson  Zero-inflated Poisson  Hurdle Process ▪ Hurdle Component: Bernoulli & Markov Chain ▪ Count Component: Zero-truncated Poisson  Model Selection:  AIC, log likelihood, Vuong’s test and log gain  Find single-sided p-value as the probability of observing a count as extreme as v [P(X ≥ v)] Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 10
  • 11. Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 11
  • 12.  Streaming Pattern dIscoveRy in multIple Time-series (SPIRIT) [Papadimitriou et al. 2005]  Discovers trends – whenever trend changes it introduce new hidden variable & remove when not needed  Detects anomalous points in trends  Nodes weights change in each step  At a change point the node which has highest weight is most anomalous Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 12
  • 13. Event Detection Characterization Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 13
  • 14. RankList2 ScoreList2 Consensus RankList1 ScoreList1 Rank based Score based •Inverse Rank •Kemeny Young [J. Kemeny 1959] RankList3 ScoreList3 •Unification [Zimek et al. 2011] -avg & max •Mixture Model [Jing et al. 2006] -avg & max Final Ensemble: inverse rank FinalRankList Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 14
  • 15.  We were given a “Cyber Challenge Network” from NGAS R&T Space Park  Simulated cyber network traffic  10 days activities  125 hosts  To-from information with timestamps  Find “suspicious” events and the entities associated with the corresponding events in Challenge Network. Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 15
  • 16. Eigen-behaviors Probabilistic Approach SPIRIT Z-score 1 – norm. (sum p-value) projection Time tick Shebuti & Leman 16 Event Detection & Characterization in Dynamic Graphs Feature: Degree
  • 17. Eigen-behaviors at Time tick 376 Probabilistic Approach SPIRIT relative activity change projection weight nodes Shebuti & Leman 17 Event Detection & Characterization in Dynamic Graphs normal. |log(p)|
  • 18. Average Precision Table (Feature: Degree) Algorithm Sample rate (10 min) Base Algorithms EBED 0.8333 PTSAD 0.5722 SPIRIT 0.7292 Consensus Rank Merging Algorithms Inverse Rank (1/R) 1.0000 Kemeny Young 0.8095 Unification (avg) 0.8056 Unification (max) 0.7255 Mixture model (avg) 0.1684 Mixture model (max) 0.1684 Final Ensemble (1/R) 0.8667 Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 18
  • 19. Average Precision Table for Node anomalies Feature: Degree [Sample rate 10 min] Algorithm Event at 376 Event at 1126 Base Algorithms EBED 1.0000 1.0000 PTSAD 1.0000 0.2500 SPIRIT 0.3026 0.0213 Consensus Rank Merging Algorithms Inverse Rank (1/R) 1.0000 0.5000 Kemeny Young 1.0000 0.2000 Unification (avg) 1.0000 1.0000 Unification (max) 0.8333 1.0000 Mixture model (avg) 1.0000 1.0000 Mixture model (max) 1.0000 1.0000 Final Ensemble (1/R) 1.0000 1.0000 Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 19
  • 20. Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 20
  • 21.  ~8 years (Jan 2000- July 2007) of published articles of New York Times  Graph links: Co-mention of named entities (people, places, organization)  Sample rate: 1 week  No ground truth  Big Events detected:  January, 2001 – George W. Bush elected US president  September 11, 2001 – Terrorist attack in WTC  February 1, 2003 – Space Shuttle Columbia Disaster Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 21
  • 22. Feature: Weighted Degree Eigen-behaviors Columbia disaster Probabilistic Approach SPIRIT 2001 election Z Score 1 – norm. (sum p-value) projection 9/11 WTC attack Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 22
  • 23. Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 23
  • 24.  Heterogeneous detectors  different scores  different effectiveness (depending on dataset)  Ensemble for event detection on dynamic graphs  Multiple consensus (merging) approaches  two-phase consensus finding Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 24
  • 25.  Near-future: Robust consensus by automatically selecting effective base algorithms  Challenge: no ground truth  Near-future: real-time detection  Event detection under diverse data sources (e.g., news media, social media, the Web, …)  Challenges: different entity types, different time granularity, entity resolution Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 25
  • 26. srayana@cs.stonybrook.edu http://www.cs.stonybrook.edu/~datalab/ Judge a man by his questions rather than his answers. -Voltaire Event Detection Characterization Shebuti & Leman Event Detection & Characterization in Dynamic Graphs 26

Hinweis der Redaktion

  1. My work focuses on discovering patterns and detecting anomalies in real-world data, using graph analytics techniques, and developing effective and efficient tools to do so .