Computer and social networks can be effectively represented as complex temporal graphs where entities (nodes) keep interconnecting through various relationships (edges), forming evolving structures. Anomaly Detection (AD) in such networks consists of identifying patterns diverging from what is expected (or normal). In fact, computer and social networks lack common definitions of what is anomalous. The identification of anomalies is therefore fundamental for monitoring, management, and detection of potential threats -- e.g. suspicious connections between nodes (edge AD) or compromised entities (node AD). However, the literature is scarce about solutions to detect node anomalies. This work addresses three challenges by employing temporal Graph Neural Networks (tGNNs): fast-evolving graphs from communications networks, absence of ground truth, and simultaneous node and edge AD. For this, we propose the usage of a tGNN coupled with custom AD blocks that we train in a completely self-supervised way. We also embed an attention mechanism providing interpretability to the decision process. We extensively validate and test the tGNNs on synthetic and real-world datasets showing that the proposed architectures successfully detect both node and edge anomalies (0.9 of average AUC).
Detecting Edge and Node Anomalies with Temporal GNNs / Cavallo, Andrea; Gioacchini, Luca; Mellia, Marco; Vassio, Luca. - ELETTRONICO. - (2024), pp. 7-13. (Intervento presentato al convegno 3rd GNNet Workshop - Graph Neural Networking Workshop tenutosi a Los Angeles, California (USA) nel December 9, 2024) [10.1145/3694811.3697818].
Detecting Edge and Node Anomalies with Temporal GNNs
Gioacchini, Luca;Mellia, Marco;Vassio, Luca
2024
Abstract
Computer and social networks can be effectively represented as complex temporal graphs where entities (nodes) keep interconnecting through various relationships (edges), forming evolving structures. Anomaly Detection (AD) in such networks consists of identifying patterns diverging from what is expected (or normal). In fact, computer and social networks lack common definitions of what is anomalous. The identification of anomalies is therefore fundamental for monitoring, management, and detection of potential threats -- e.g. suspicious connections between nodes (edge AD) or compromised entities (node AD). However, the literature is scarce about solutions to detect node anomalies. This work addresses three challenges by employing temporal Graph Neural Networks (tGNNs): fast-evolving graphs from communications networks, absence of ground truth, and simultaneous node and edge AD. For this, we propose the usage of a tGNN coupled with custom AD blocks that we train in a completely self-supervised way. We also embed an attention mechanism providing interpretability to the decision process. We extensively validate and test the tGNNs on synthetic and real-world datasets showing that the proposed architectures successfully detect both node and edge anomalies (0.9 of average AUC).File | Dimensione | Formato | |
---|---|---|---|
3694811.3697818.pdf
accesso aperto
Descrizione: Versione finale
Tipologia:
2a Post-print versione editoriale / Version of Record
Licenza:
Creative commons
Dimensione
1.09 MB
Formato
Adobe PDF
|
1.09 MB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2994162