MStream: Fast Anomaly Detection in Multi-Aspect Streams

Bhatia, Siddharth; Jain, Arjit; Li, Pan; Kumar, Ritesh; Hooi, Bryan

doi:10.1145/3442381.3450023

Cited by 30 publications

(10 citation statements)

References 64 publications

(39 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Typical anomaly detection methods [15,25,31,61,81], such as local outlier factor (LOF) [24] and tree-based approaches [34,56], can be used in event tensors by converting multiple attributes to numerical ones. [20,45,62,79,80] use a stream of multi-aspect records as input. MemStream [21] can learn dynamically changing trends to handle time-varying data distribution known as concept drift [27,35,57].…”

Section: Related Workmentioning

confidence: 99%

“…Given a large, online stream of time-stamped events, how can we statistically summarize all the event streams and find important patterns, rules, and anomalies? Time-stamped event data are generated and collected by many real applications [10,17,29,84], including online marketing analytics [52,75], social network/location-based services [28,71], and cybersecurity systems [19,80], with increasingly larger sizes and faster rates of transactions. For example, an online shopping service could generate millions of logging entries every second, with rich information about items and users.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Fast and Multi-aspect Mining of Complex Time-stamped Event Streams

Nakamura

Matsubara

Kawabata

et al. 2023

Proceedings of the ACM Web Conference 2023

View full text Add to dashboard Cite

Given a huge, online stream of time-evolving events with multiple attributes, such as online shopping logs: (item, price, brand, time), how can we summarize large, dynamic high-order tensor streams? How can we see any hidden patterns, rules, and anomalies? Our answer is to focus on two types of patterns, i.e., "regimes" and "components", over high-order tensor streams, for which we present an efficient and effective method, namely CubeScope. Specifically, it identifies any sudden discontinuity and recognizes distinct dynamical patterns, "regimes" (e.g., weekday/weekend/holiday patterns).In each regime, it also performs multi-way summarization for all attributes (e.g., item, price, brand, and time) and discovers hidden "components" representing latent groups (e.g., item/brand groups) and their relationship. Thanks to its concise but effective summarization, CubeScope can also detect the sudden appearance of anomalies and identify the types of anomalies that occur in practice.Our proposed method has the following properties: (a) Effective: it captures dynamical multi-aspect patterns, i.e., regimes and components, and statistically summarizes all the events; (b) General: it is practical for successful application to data compression, pattern discovery, and anomaly detection on various types of tensor streams; (c) Scalable: our algorithm does not depend on the length of the data stream and its dimensionality. Extensive experiments on real datasets demonstrate that CubeScope finds meaningful patterns and anomalies correctly, and consistently outperforms the state-of-the-art methods as regards accuracy and execution speed.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Fast and Multi-aspect Mining of Complex Time-stamped Event Streams

Nakamura

Matsubara

Kawabata

et al. 2023

Proceedings of the ACM Web Conference 2023

View full text Add to dashboard Cite

show abstract

“…For DARPA dataset, we track 151 nodes 7 which have anomalous edges after initial snapshot. Similarly we track 190,170 anomalous nodes over EU-CORE-S and EU-Core-L. We exclude edge-level method SedanSpot for node-level task because it can not calculate node-level anomaly score.We present the precision and running time in Table 4 and Table 5.…”

Section: Exp1: Node-level Anomaly Localizationmentioning

confidence: 99%

“…For example, the raw graph data used in Fig. 1 Despite the extensive literature [2,7,38] on graph anomaly detection, previous work focuses on different problem definitions of anomaly. On the other hand, works [36] on graph-level anomaly detection cannot identify individual node changes but only uncover the global changes in the overall graph structure.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Subset Node Anomaly Tracking over Large Dynamic Graphs

Guo,

Zhou,

Skiena

2022

Preprint

View full text Add to dashboard Cite

Tracking a targeted subset of nodes in an evolving graph is important for many real-world applications. Existing methods typically focus on identifying anomalous edges or finding anomaly graph snapshots in a stream way. However, edge-oriented methods cannot quantify how individual nodes change over time while others need to maintain representations of the whole graph all time, thus computationally inefficient.This paper proposes DynAnom, an efficient framework to quantify the changes and localize per-node anomalies over large dynamic weighted-graphs. Thanks to recent advances in dynamic representation learning based on Personalized PageRank, DynAnom is 1) efficient: the time complexity is linear to the number of edge events and independent on node size of the input graph; 2) effective: Dy-nAnom can successfully track topological changes reflecting realworld anomaly; 3) flexible: different type of anomaly score functions can be defined for various applications. Experiments demonstrate these properties on both benchmark graph datasets and a new large real-world dynamic graph. Specifically, an instantiation method based on DynAnom achieves the accuracy of 0.5425 compared with 0.2790, the best baseline, on the task of node-level anomaly localization while running 2.3 times faster than the baseline. We present a real-world case study and further demonstrate the usability of DynAnom for anomaly discovery over large-scale graphs.

show abstract