Metric forensics: A multi-level approach for mining volatile graphs

Keith Henderson, Tina Eliassi-Rad, Christos Faloutsos, Leman Akoglu, Lei Li, Koji Maruhashi, B. Aditya Prakash, Hanghang Tong

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Advances in data collection and storage capacity have made it increasingly possible to collect highly volatile graph data for analysis. Existing graph analysis techniques are not appropriate for such data, especially in cases where streaming or near-real-time results are required. An example that has drawn significant research interest is the cyber-security domain, where internet communication traces are collected and real-time discovery of events, behaviors, patterns, and anomalies is desired. We propose METRICFORENSICS, a scalable framework for analysis of volatile graphs. METRICFORENSICS combines a multi-level "drill down" approach, a collection of user-selected graph metrics, and a collection of analysis techniques. At each successive level, more sophisticated metrics are computed and the graph is viewed at finer temporal resolutions. In this way, METRICFORENSICS scales to highly volatile graphs by only allocating resources for computationally expensive analysis when an interesting event is discovered at a coarser resolution first. We test METRIC-FORENSICS on three real-world graphs: an enterprise IP trace, a trace of legitimate and malicious network traffic from a research institution, and the MIT Reality Mining proximity sensor data. Our largest graph has ∼3M vertices and ∼32M edges, spanning 4.5 days. The results demonstrate the scalability and capability of METRICFORENSICS in analyzing volatile graphs; and highlight four novel phenomena in such graphs: elbows, broken correlations, prolonged spikes, and lightweight stars.

Original languageEnglish (US)
Title of host publicationKDD'10 - Proceedings of the 16th ACM SIGKDD International Conference on Knowledge Discovery and Data
Pages163-172
Number of pages10
DOIs
StatePublished - 2010
Externally publishedYes
Event16th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD-2010 - Washington, DC, United States
Duration: Jul 25 2010Jul 28 2010

Publication series

NameProceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining

Other

Other16th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD-2010
Country/TerritoryUnited States
CityWashington, DC
Period7/25/107/28/10

Keywords

  • Graph mining
  • Temporal analysis
  • Volatile graphs

ASJC Scopus subject areas

  • Software
  • Information Systems

Fingerprint

Dive into the research topics of 'Metric forensics: A multi-level approach for mining volatile graphs'. Together they form a unique fingerprint.

Cite this