AAAI Publications, Twenty-Third International FLAIRS Conference

Font Size: 
Using a Graph-Based Approach for Discovering Cybercrime
William Eberle, Lawrence Holder, Jeffrey Graves

Last modified: 2010-05-06


The ability to mine data represented as a graph has become important in several domains for detecting various structural patterns. One important area of data mining is anomaly detection, but little work has been done in terms of detecting anomalies in graph-based data. While there has been some work that has used statistical metrics and conditional entropy measurements, the results have been limited to certain types of anomalies. In this paper we present a graph-based approach to uncovering anomalies in applications containing information representing possible cybercrime activity: network activity and employee movements. We use three algorithms for the purpose of detecting anomalies in all three types of possible graph changes: label modifications, vertex/edge insertions and vertex/edge deletions. Each of our algorithms focuses on one of these anomalous types and uses the minimum description length principle to discover those substructure instances that contain anomalous entities and relationships. We then show the usefulness of applying these graph theoretic approaches to discovering anomalies in a real-world-type domain, the Visual Analytics Science and Technology (VAST) mini-challenge involving badge and network traffic. In addition, we present the results of this approach on synthetic graphs of varying sizes, in order to demonstrate the applicability of this approach as a real-world application.


anomaly detection; cybercrime

Full Text: PDF