Anomalous Event Sequence Detection

Boxiang Dong; Zhengzhang Chen; Hui Wang; Lu An Tang; Kai Zhang; Ying Lin; Zhichun Li; Haifeng Chen

doi:10.1109/MIS.2020.3041174

Anomalous Event Sequence Detection

Boxiang Dong, Zhengzhang Chen, Hui Wang, Lu An Tang, Kai Zhang, Ying Lin, Zhichun Li, Haifeng Chen

Computer Science

Research output: Contribution to journal › Article › peer-review

4 Scopus citations

Abstract

Anomaly detection has been widely applied in modern data-driven security applications to detect abnormal events/entities that deviate from the majority. However, less work has been done in terms of detecting suspicious event sequences/paths, which are better discriminators than single events/entities for distinguishing normal and abnormal behaviors in complex systems such as cyber-physical systems. A key and challenging step in this endeavor is how to discover those abnormal event sequences from millions of system event records in an efficient and accurate way. To address this issue, we propose NINA, a network diffusion based algorithm for identifying anomalous event sequences. Experimental results on both static and streaming data show that NINA is efficient (processes about 2 million records per minute) and accurate.

Original language	English
Journal	IEEE Intelligent Systems
DOIs	https://doi.org/10.1109/MIS.2020.3041174
State	Accepted/In press - 2020

Keywords

Anomaly detection
Complex systems
Convergence
Intelligent systems
Mathematical model
Receivers
Surveillance

Access to Document

10.1109/MIS.2020.3041174

Cite this

@article{455dda88bcf04615a53eaf0a782c9bc9,

title = "Anomalous Event Sequence Detection",

abstract = "Anomaly detection has been widely applied in modern data-driven security applications to detect abnormal events/entities that deviate from the majority. However, less work has been done in terms of detecting suspicious event sequences/paths, which are better discriminators than single events/entities for distinguishing normal and abnormal behaviors in complex systems such as cyber-physical systems. A key and challenging step in this endeavor is how to discover those abnormal event sequences from millions of system event records in an efficient and accurate way. To address this issue, we propose NINA, a network diffusion based algorithm for identifying anomalous event sequences. Experimental results on both static and streaming data show that NINA is efficient (processes about 2 million records per minute) and accurate.",

keywords = "Anomaly detection, Complex systems, Convergence, Intelligent systems, Mathematical model, Receivers, Surveillance",

author = "Boxiang Dong and Zhengzhang Chen and Hui Wang and Tang, {Lu An} and Kai Zhang and Ying Lin and Zhichun Li and Haifeng Chen",

year = "2020",

doi = "10.1109/MIS.2020.3041174",

language = "English",

journal = "IEEE Intelligent Systems",

issn = "1541-1672",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - JOUR

T1 - Anomalous Event Sequence Detection

AU - Dong, Boxiang

AU - Chen, Zhengzhang

AU - Wang, Hui

AU - Tang, Lu An

AU - Zhang, Kai

AU - Lin, Ying

AU - Li, Zhichun

AU - Chen, Haifeng

PY - 2020

Y1 - 2020

N2 - Anomaly detection has been widely applied in modern data-driven security applications to detect abnormal events/entities that deviate from the majority. However, less work has been done in terms of detecting suspicious event sequences/paths, which are better discriminators than single events/entities for distinguishing normal and abnormal behaviors in complex systems such as cyber-physical systems. A key and challenging step in this endeavor is how to discover those abnormal event sequences from millions of system event records in an efficient and accurate way. To address this issue, we propose NINA, a network diffusion based algorithm for identifying anomalous event sequences. Experimental results on both static and streaming data show that NINA is efficient (processes about 2 million records per minute) and accurate.

AB - Anomaly detection has been widely applied in modern data-driven security applications to detect abnormal events/entities that deviate from the majority. However, less work has been done in terms of detecting suspicious event sequences/paths, which are better discriminators than single events/entities for distinguishing normal and abnormal behaviors in complex systems such as cyber-physical systems. A key and challenging step in this endeavor is how to discover those abnormal event sequences from millions of system event records in an efficient and accurate way. To address this issue, we propose NINA, a network diffusion based algorithm for identifying anomalous event sequences. Experimental results on both static and streaming data show that NINA is efficient (processes about 2 million records per minute) and accurate.

KW - Anomaly detection

KW - Complex systems

KW - Convergence

KW - Intelligent systems

KW - Mathematical model

KW - Receivers

KW - Surveillance

UR - http://www.scopus.com/inward/record.url?scp=85097391093&partnerID=8YFLogxK

U2 - 10.1109/MIS.2020.3041174

DO - 10.1109/MIS.2020.3041174

M3 - Article

AN - SCOPUS:85097391093

SN - 1541-1672

JO - IEEE Intelligent Systems

JF - IEEE Intelligent Systems

ER -

Anomalous Event Sequence Detection

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this