Anomaly Detection With Subgraph Search and Vertex Classification Preprocessing in Chung-Lu Random Networks

Abstract

We study network anomaly detection problem with subgraph search and vertex classification techniques in Chung-Lu networks, where small anomalous networks are embedded in background networks. The general detectors traditionally utilize the spectral characteristics of whole networks to decide whether the anomalous networks exist or not. Moreover, many algorithms model the background networks with special random graphs, such as Erdős–Renyi random graphs. However, these methods may not achieve good detection performance because the spectral information of anomalous networks extracting from the relational data of the whole networks is subtle. Furthermore, the assumptions of the models limit the applications of the methods. In order to improve the detection capability of algorithms and relax the restriction of the background networks models, we develop two preprocessing approaches, referred to as subgraph search and vertex classification, and propose two detection algorithms, which can be applicable to the generalized network model (Chung-Lu random graph). By leveraging statistic features of priori data, the subgraph search method can obtain local network nodes that are more anomalous than the remainder. Moreover, the vertex classification is used to further distinguish the anomalous nodes from the local ones. And then, by using the relational data corresponding to the local nodes, the detection statistics are constructed to detect the anomalous network. Additionally, based on concentration of measure theory, the probability bounds of performance analysis are derived for the presented algorithms. Simulation examples are provided to illustrate that the proposed detectors can achieve better detection performance than the existing algorithms.