2020
DOI: 10.1609/aaai.v34i04.5724
|View full text |Cite
|
Sign up to set email alerts
|

Midas: Microcluster-Based Detector of Anomalies in Edge Streams

Abstract: Given a stream of graph edges from a dynamic graph, how can we assign anomaly scores to edges in an online manner, for the purpose of detecting unusual behavior, using constant time and memory? Existing approaches aim to detect individually surprising edges. In this work, we propose Midas, which focuses on detecting microcluster anomalies, or suddenly arriving groups of suspiciously similar edges, such as lockstep behavior, including denial of service attacks in network traffic data. Midas has the following pr… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
57
0
1

Year Published

2020
2020
2024
2024

Publication Types

Select...
5
3
1

Relationship

0
9

Authors

Journals

citations
Cited by 74 publications
(58 citation statements)
references
References 17 publications
0
57
0
1
Order By: Relevance
“…This automated simultaneous analysis lends itself well to the Bitcoin-blockchain environment as the graphs formed here are constantly being updated with new addresses and transactions. This capability is particularly useful for ransomware attacks whose first indications are often sudden bursts of activity on the blockchain (Bhatia et al, 2019).…”
Section: Discussionmentioning
confidence: 99%
“…This automated simultaneous analysis lends itself well to the Bitcoin-blockchain environment as the graphs formed here are constantly being updated with new addresses and transactions. This capability is particularly useful for ransomware attacks whose first indications are often sudden bursts of activity on the blockchain (Bhatia et al, 2019).…”
Section: Discussionmentioning
confidence: 99%
“…Design Principles. Anomaly scoring in streaming social media needs to overcome the trade-off between the explore and exploit effects [30]. While traditional anomaly scoring relies on the whole or a sample of data to compute statistical signals, doing so in streaming social media induces an overhead of recomputation, which delays the detection of rumours for damage mitigation.…”
Section: Problem Definitionmentioning
confidence: 99%
“…We further validate the influence of our LSH-based indexing component by replacing it with the feasible alternatives. More precisely, two representative baselines are adopted: p-value (i.e., an anomaly detector that exploits entitylevel statistical significance [9]) and Midas (i.e., anomaly detector Midas [30]).…”
Section: Effect Of First-order Scoring Functionmentioning
confidence: 99%
“…This lends itself well to the Bitcoin -blockchain environment as the graphs formed here are constantly being updated with new addresses and transactions. In addition, when it comes to discovering ransomware graphs in such an environment micro cluster detection helps detect sudden bursts of activity on nodes or edges, which are common to the behaviours of both the cash in and cash out graphs in ransomware / Bitcoin activity [29].…”
Section: Future Researchmentioning
confidence: 99%