Few-shot Network Anomaly Detection via Cross-network Meta-learning

• URL: http://arxiv.org/abs/2102.11165v1
• Date: Mon, 22 Feb 2021 16:42:37 GMT
• Title: Few-shot Network Anomaly Detection via Cross-network Meta-learning
• Authors: Kaize Ding, Qinghai Zhou, Hanghang Tong, Huan Liu
• Abstract summary: We propose a new family of graph neural networks -- Graph Deviation Networks (GDN) GDN can leverage a small number of labeled anomalies for enforcing statistically significant deviations between abnormal and normal nodes on a network. We equip the proposed GDN with a new cross-network meta-learning algorithm to realize few-shot network anomaly detection.
• Score: 45.8111239825361
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Network anomaly detection aims to find network elements (e.g., nodes, edges, subgraphs) with significantly different behaviors from the vast majority. It has a profound impact in a variety of applications ranging from finance, healthcare to social network analysis. Due to the unbearable labeling cost, existing methods are predominately developed in an unsupervised manner. Nonetheless, the anomalies they identify may turn out to be data noises or uninteresting data instances due to the lack of prior knowledge on the anomalies of interest. Hence, it is critical to investigate and develop few-shot learning for network anomaly detection. In real-world scenarios, few labeled anomalies are also easy to be accessed on similar networks from the same domain as of the target network, while most of the existing works omit to leverage them and merely focus on a single network. Taking advantage of this potential, in this work, we tackle the problem of few-shot network anomaly detection by (1) proposing a new family of graph neural networks -- Graph Deviation Networks (GDN) that can leverage a small number of labeled anomalies for enforcing statistically significant deviations between abnormal and normal nodes on a network; and (2) equipping the proposed GDN with a new cross-network meta-learning algorithm to realize few-shot network anomaly detection by transferring meta-knowledge from multiple auxiliary networks. Extensive evaluations demonstrate the efficacy of the proposed approach on few-shot or even one-shot network anomaly detection.

Related papers

• SCALA: Sparsification-based Contrastive Learning for Anomaly Detection on Attributed Networks [19.09775548036214]
  Anomaly detection on attributed networks aims to find the nodes whose behaviors are significantly different from other majority nodes. We present a novel contrastive learning framework for anomaly detection on attributed networks, textbfSCALA, aiming to improve the embedding quality of the network. Extensive experiments are conducted on five benchmark real-world datasets and the results show that SCALA consistently outperforms all baseline methods significantly.
  arXiv  Detail & Related papers  (2024-01-03T08:51:18Z)
• Detecting Contextual Network Anomalies with Graph Neural Networks [4.671648049111933]
  We formulate the problem as contextual anomaly detection on network traffic measurements. We propose a custom GNN-based solution that detects traffic anomalies on origin-destination flows. The results show that the anomalies detected by our solution are quite complementary to those captured by the baselines.
  arXiv  Detail & Related papers  (2023-12-11T12:45:43Z)
• Leveraging a Probabilistic PCA Model to Understand the Multivariate Statistical Network Monitoring Framework for Network Security Anomaly Detection [64.1680666036655]
  We revisit anomaly detection techniques based on PCA from a probabilistic generative model point of view. We have evaluated the mathematical model using two different datasets.
  arXiv  Detail & Related papers  (2023-02-02T13:41:18Z)
• ARISE: Graph Anomaly Detection on Attributed Networks via Substructure Awareness [70.60721571429784]
  We propose a new graph anomaly detection framework on attributed networks via substructure awareness (ARISE) ARISE focuses on the substructures in the graph to discern abnormalities. Experiments show that ARISE greatly improves detection performance compared to state-of-the-art attributed networks anomaly detection (ANAD) algorithms.
  arXiv  Detail & Related papers  (2022-11-28T12:17:40Z)
• Anomaly Detection in Multiplex Dynamic Networks: from Blockchain Security to Brain Disease Prediction [0.0]
  ANOMULY is an unsupervised edge anomaly detection framework for multiplex dynamic networks. We show how ANOMULY could be employed as a new tool to understand abnormal brain activity that might reveal a brain disease or disorder.
  arXiv  Detail & Related papers  (2022-11-15T18:25:40Z)
• FadMan: Federated Anomaly Detection across Multiple Attributed Networks [21.995091542421285]
  Anomaly subgraph detection has been widely used in various applications, ranging from cyber attack in computer networks to malicious activities in social networks. Despite an increasing need for federated anomaly detection across multiple attributed networks, only a limited number of approaches are available for this problem. Faddman is a vertical federated learning framework for public node aligned with many private nodes of different features, and is validated on two tasks correlated anomaly detection on multiple attributed networks and anomaly detection on an attributeless network using five real-world datasets.
  arXiv  Detail & Related papers  (2022-05-27T18:54:53Z)
• Self-Supervised and Interpretable Anomaly Detection using Network Transformers [1.0705399532413615]
  This paper introduces the Network Transformer (NeT) model for anomaly detection. NeT incorporates the graph structure of the communication network in order to improve interpretability. The presented approach was tested by evaluating the successful detection of anomalies in an Industrial Control System.
  arXiv  Detail & Related papers  (2022-02-25T22:05:59Z)
• Unveiling Anomalous Edges and Nominal Connectivity of Attributed Networks [53.56901624204265]
  The present work deals with uncovering anomalous edges in attributed graphs using two distinct formulations with complementary strengths. The first relies on decomposing the graph data matrix into low rank plus sparse components to improve markedly performance. The second broadens the scope of the first by performing robust recovery of the unperturbed graph, which enhances the anomaly identification performance.
  arXiv  Detail & Related papers  (2021-04-17T20:00:40Z)
• Anomaly Detection on Attributed Networks via Contrastive Self-Supervised Learning [50.24174211654775]
  We present a novel contrastive self-supervised learning framework for anomaly detection on attributed networks. Our framework fully exploits the local information from network data by sampling a novel type of contrastive instance pair. A graph neural network-based contrastive learning model is proposed to learn informative embedding from high-dimensional attributes and local structure.
  arXiv  Detail & Related papers  (2021-02-27T03:17:20Z)
• Graph Prototypical Networks for Few-shot Learning on Attributed Networks [72.31180045017835]
  We propose a graph meta-learning framework -- Graph Prototypical Networks (GPN) GPN is able to perform textitmeta-learning on an attributed network and derive a highly generalizable model for handling the target classification task.
  arXiv  Detail & Related papers  (2020-06-23T04:13:23Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.