Siddharth is a Ph.D. student at National University of Singapore. His research is supported by a Presidents Graduate Fellowship and he was recognized as a Young Researcher by the ACM Heidelberg Laureate Forum. His research in Anomaly Detection is used to detect intrusions, DoS, and DDoS attacks in an online manner. It can also be used to detect fake profiles in Social Networks like Twitter, Facebook, Amazon reviews, and Financial Frauds. MIDAS requires constant memory to detect these anomalies in real-time so as to minimize the harm caused by them. He is working with Amazon and applying his research.
November 18, 2020 04:00 PM PT
Given a stream of graph edges from a dynamic graph, how can we assign anomaly scores to edges in an online manner, for the purpose of detecting unusual behavior, using constant time and memory? Existing approaches aim to detect individually surprising edges. In this work, we propose MIDAS, which focuses on detecting microcluster anomalies, or suddenly arriving groups of suspiciously similar edges, such as lockstep behavior, including denial of service attacks in network traffic data. MIDAS has the following properties:
(a) it detects microcluster anomalies while providing theoretical guarantees about its false positive probability;
(b) it is online, thus processing each edge in constant time and constant memory, and also processes the data 162 - 644 times faster than state-of-the-art approaches;
(c) it provides 42%-48% higher accuracy (in terms of AUC) than state-of-the-art approaches.
MIDAS finds anomalies or malicious entities in time-evolving graphs. MIDAS can be used to detect intrusions, Denial of Service (DoS), and Distributed Denial of Service (DDoS) attacks. It can also be used to detect fake profiles in Social Networks like Twitter, Facebook, Amazon reviews, and Financial Frauds. MIDAS requires constant memory to detect these anomalies in real-time so as to minimize the harm caused by them. MIDAS is currently being deployed in real-world systems to improve their performance. Different cybersecurity firms have also asked us to tune MIDAS according to their requirements. Different developers have implemented MIDAS in Python, Ruby, Rust, R, and Golang in addition to the C++ version we originally released.
Speaker: Siddharth Bhatia