This work presents the use of graph-based approaches to discovering anomalous instances of structural patterns in data that represent entities, relationships and actions. Using the minimum description length (MDL) principle to first identify the normative pattern, the algorithms presented in this paper identify the three possible changes to a graph: modifications, insertions and deletions. Each algorithm discovers those substructures that match the closest to the normative pattern without matching exactly. As a result, this proposed approach searches for those activities that appear to match normal (or legitimate) transactions, but in fact are structurally different. After briefly presenting the three algorithms, we then show the usefulness of applying these graph theoretic approaches to discovering illegal activity for a simulated insider threat within a passport processing scenario.
展开▼
