Abstract: Advances in data collection and storage capacity have made it

increasingly possible to collect highly volatile graph data for analysis. Existing graph analysis techniques are not appropriate for

such data, especially in cases where streaming or near-real-time

results are required. An example that has drawn significant research interest is the cyber-security domain, where internet communication traces are collected and real-time discovery of events,

behaviors, patterns, and anomalies is desired. We propose MetricForensics, a scalable framework for analysis of volatile graphs.

MetricForensics combines a multi-level “drill down” approach, a

collection of user-selected graph metrics, and a collection of analysis techniques. At each successive level, more sophisticated metrics are computed and the graph is viewed at finer temporal resolutions. In this way, MetricForensics scales to highly volatile graphs

by only allocating resources for computationally expensive analysis when an interesting event is discovered at a coarser resolution

first. We test MetricForensics on three real-world graphs: an enterprise IP trace, a trace of legitimate and malicious network traffc

from a research institution, and the MIT Reality Mining proximity sensor data. Our largest graph has ~3M vertices and ~32M

edges, spanning 4:5 days. The results demonstrate the scalability and capability of MetricForensics in analyzing volatile graphs;

and highlight four novel phenomena in such graphs: elbows, broken correlations, prolonged spikes, and lightweight stars.

 

 

 

Link: http://www.cs.cmu.edu/afs/cs.cmu.edu/Web/People/bodicher/papers/metricforensics-kdd10.pdf