Fast and Accurate Anomaly Detection in Dynamic Graphs with a Two-Pronged Approach

TL;DR

AnomRank is a fast, scalable, and theoretically grounded online algorithm that detects various anomalies in dynamic graphs by monitoring changes in node importance metrics.

Contribution

The paper introduces a novel two-pronged approach with new metrics for anomaly detection, offering theoretical guarantees and improved speed and accuracy over existing methods.

Findings

Up to 49.5x faster than state-of-the-art methods

35% more accurate in anomaly detection

Capable of processing millions of edges within 2 seconds

Abstract

Given a dynamic graph stream, how can we detect the sudden appearance of anomalous patterns, such as link spam, follower boosting, or denial of service attacks? Additionally, can we categorize the types of anomalies that occur in practice, and theoretically analyze the anomalous signs arising from each type? In this work, we propose AnomRank, an online algorithm for anomaly detection in dynamic graphs. AnomRank uses a two-pronged approach defining two novel metrics for anomalousness. Each metric tracks the derivatives of its own version of a 'node score' (or node importance) function. This allows us to detect sudden changes in the importance of any node. We show theoretically and experimentally that the two-pronged approach successfully detects two common types of anomalies: sudden weight changes along an edge, and sudden structural changes to the graph. AnomRank is (a) Fast and Accurate: up to 49.5x faster or 35% more accurate than state-of-the-art methods, (b) Scalable: linear in the number of edges in the input graph, processing millions of edges within 2 seconds on a stock laptop/desktop, and (c) Theoretically Sound: providing theoretical guarantees of the two-pronged approach.