Controlling for confounding network properties in hypothesis testing and anomaly detection

Author

Timothy La Fond, Purdue University

Date of Award

8-2016

Degree Type

Dissertation

Degree Name

Doctor of Philosophy (PhD)

Department

Computer Science

First Advisor

Jennifer Neville

Committee Chair

Jennifer Neville

Committee Member 1

Daniel Aliaga

Committee Member 2

Chris Clifton

Committee Member 3

David Gleich

Abstract

An important task in network analysis is the detection of anomalous events in a network time series. These events could merely be times of interest in the network timeline or they could be examples of malicious activity or network malfunction. Hypothesis testing using network statistics to summarize the behavior of the network provides a robust framework for the anomaly detection decision process. Unfortunately, choosing network statistics that are dependent on confounding factors like the total number of nodes or edges can lead to incorrect conclusions (e.g., false positives and false negatives). In this dissertation we describe the challenges that face anomaly detection in dynamic network streams regarding confounding factors. We also provide two solutions to avoiding error due to confounding factors: the first is a randomization testing method that controls for confounding factors, and the second is a set of size-consistent network statistics which avoid confounding due to the most common factors, edge count and node count.

Recommended Citation

Fond, Timothy La, "Controlling for confounding network properties in hypothesis testing and anomaly detection" (2016). Open Access Dissertations. 791.
https://docs.lib.purdue.edu/open_access_dissertations/791