Threat Identification and Examination using Graph Based Anomaly Detection
Soumok Dutta1, Parvathi.R2, Ganesan.R3
1Soumok Dutta, School of Computing Science and Engineering, Vellore Institute of Technology, Chennai, Tamil Nadu, India.
2Parvathi.R, School of Computing Science and Engineering, Vellore Institute of Technology, Chennai, Tamil Nadu, India.
3Ganesan.R, School of Computing Science and Engineering, Vellore Institute of Technology, Chennai, Tamil Nadu, India.
Manuscript received on September 23, 2019. | Revised Manuscript received on October 15, 2019. | Manuscript published on October 30, 2019. | PP: 7510-7513 | Volume-9 Issue-1, October 2019 | Retrieval Number: A3129109119/2019©BEIESP | DOI: 10.35940/ijeat.A3129.109119
Open Access | Ethics and Policies | Cite | Mendeley
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: The aim of this paper is to investigate the Graph Based Anomaly Detection (GBAD) systems to find anomalies or features in a graph that are inconsistent with the general or maximal substructures of the graph. A substructure miner approach was implemented. The Frequent Substructure Miner (FSM) was adopted to find the optimal substructure, which was then used to compare the normal GBAD and Minimum Description Length (MDL) approach that has been in use. The FSM approach uses graphs of size 10, 100 and 1000 nodes to determine the resulting efficiency and hence the runtime as well. The runtime determines how long the two systems require to find anomalies in each type of graph.
Keywords: GBAD-FSM, GBAD-MDL, SUBDUE, GBAD, Minimum Descriptive Length, Probabilistic, MPS, Runtime Efficiency, Anomaly detection, Graph based, Insider threat , Cyber Crime.