Anomalous Event Sequence Detection

Boxiang Dong; Zhengzhang Chen; Lu An Tang; Haifeng Chen; Hui Wang; Kai Zhang; Ying Lin; Zhichun Li

doi:10.1109/MIS.2020.3041174

Anomalous Event Sequence Detection

Boxiang Dong, Zhengzhang Chen, Lu An Tang, Haifeng Chen, Hui Wang, Kai Zhang, Ying Lin, Zhichun Li

Computer Science

Research output: Contribution to journal › Article › peer-review

9 Scopus citations

Abstract

Anomaly detection has been widely applied in modern data-driven security applications to detect abnormal events/entities that deviate from the majority. However, less work has been done in terms of detecting suspicious event sequences/paths, which are better discriminators than single events/entities for distinguishing normal and abnormal behaviors in complex systems such as cyber-physical systems. A key and challenging step in this endeavor is how to discover those abnormal event sequences from millions of system event records in an efficient and accurate way. To address this issue, we propose NINA, a network diffusion based algorithm for identifying anomalous event sequences. Experimental results on both static and streaming data show that NINA is efficient (processes about 2 million records per minute) and accurate.

Original language	English
Article number	9272840
Pages (from-to)	5-13
Number of pages	9
Journal	IEEE Intelligent Systems
Volume	36
Issue number	3
DOIs	https://doi.org/10.1109/MIS.2020.3041174
State	Published - 1 May 2021

Keywords

anomaly detection
graph mining
intrusion detection
sequence discovery

Access to Document

10.1109/MIS.2020.3041174

Cite this

@article{455dda88bcf04615a53eaf0a782c9bc9,

title = "Anomalous Event Sequence Detection",

abstract = "Anomaly detection has been widely applied in modern data-driven security applications to detect abnormal events/entities that deviate from the majority. However, less work has been done in terms of detecting suspicious event sequences/paths, which are better discriminators than single events/entities for distinguishing normal and abnormal behaviors in complex systems such as cyber-physical systems. A key and challenging step in this endeavor is how to discover those abnormal event sequences from millions of system event records in an efficient and accurate way. To address this issue, we propose NINA, a network diffusion based algorithm for identifying anomalous event sequences. Experimental results on both static and streaming data show that NINA is efficient (processes about 2 million records per minute) and accurate.",

keywords = "anomaly detection, graph mining, intrusion detection, sequence discovery",

author = "Boxiang Dong and Zhengzhang Chen and Tang, {Lu An} and Haifeng Chen and Hui Wang and Kai Zhang and Ying Lin and Zhichun Li",

year = "2021",

month = may,

day = "1",

doi = "10.1109/MIS.2020.3041174",

language = "English",

volume = "36",

pages = "5--13",

journal = "IEEE Intelligent Systems",

issn = "1541-1672",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "3",

}

TY - JOUR

T1 - Anomalous Event Sequence Detection

AU - Dong, Boxiang

AU - Chen, Zhengzhang

AU - Tang, Lu An

AU - Chen, Haifeng

AU - Wang, Hui

AU - Zhang, Kai

AU - Lin, Ying

AU - Li, Zhichun

PY - 2021/5/1

Y1 - 2021/5/1

N2 - Anomaly detection has been widely applied in modern data-driven security applications to detect abnormal events/entities that deviate from the majority. However, less work has been done in terms of detecting suspicious event sequences/paths, which are better discriminators than single events/entities for distinguishing normal and abnormal behaviors in complex systems such as cyber-physical systems. A key and challenging step in this endeavor is how to discover those abnormal event sequences from millions of system event records in an efficient and accurate way. To address this issue, we propose NINA, a network diffusion based algorithm for identifying anomalous event sequences. Experimental results on both static and streaming data show that NINA is efficient (processes about 2 million records per minute) and accurate.

AB - Anomaly detection has been widely applied in modern data-driven security applications to detect abnormal events/entities that deviate from the majority. However, less work has been done in terms of detecting suspicious event sequences/paths, which are better discriminators than single events/entities for distinguishing normal and abnormal behaviors in complex systems such as cyber-physical systems. A key and challenging step in this endeavor is how to discover those abnormal event sequences from millions of system event records in an efficient and accurate way. To address this issue, we propose NINA, a network diffusion based algorithm for identifying anomalous event sequences. Experimental results on both static and streaming data show that NINA is efficient (processes about 2 million records per minute) and accurate.

KW - anomaly detection

KW - graph mining

KW - intrusion detection

KW - sequence discovery

UR - http://www.scopus.com/inward/record.url?scp=85097391093&partnerID=8YFLogxK

U2 - 10.1109/MIS.2020.3041174

DO - 10.1109/MIS.2020.3041174

M3 - Article

AN - SCOPUS:85097391093

SN - 1541-1672

VL - 36

SP - 5

EP - 13

JO - IEEE Intelligent Systems

JF - IEEE Intelligent Systems

IS - 3

M1 - 9272840

ER -

Anomalous Event Sequence Detection

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this