Entry Name:
"CRRAOAIMSCS-Sirisha-MC3"
VAST
Challenge 2018
Mini-Challenge 3
Team Members:
Sirisha Velampalli,
Assistant Professor, CR Rao AIMSCS, University of Hyderabad Campus, India sirisha.crraoaimscs@gmail.com
PRIMARY
Lenin Mookiah,
Principal Platform Engineer, CA Technologies, New York, USA lenin.world@gmail.com
Bill Eberle, Professor,
Tennessee Tech University, Tennessee, USA weberle@tntech.edu
Lakshminadh Y, Senior Software Analyst, Capgemini
Bangalore, India lakshminadhcse@hotmail.com
Student Team: NO
Tools Used:
·
Graph Based Anomaly Detection (GBAD)
URL: www.gbad.info
·
Neo4j URL: https://neo4j.com/
GBAD Introduction:
The Graph Based Anomaly Detection
(GBAD) system discovers both normative and anomalous patterns. GBAD uses the
minimum description length (MDL) principle to identify the normative pattern
that minimizes the number of bits needed to describe the input graph after
being compressed by the pattern, and then identifies three possible changes to
a graph: modifications, insertions and deletions. Figure 1
demonstrates each of the different types of structural changes.
Figure 1: Example Graph Showing Different Types of Anomalies
For more detailed information about GBAD, the reader can refer to:
[1] Eberle, W. and Holder, L., 2007. Anomaly detection in data represented as graphs. Intelligent Data Analysis, 11(6), pp.663-689.
In our experiments we use GBAD to analyze
patterns.
Neo4j Introduction:
Neo4j is a popular
enterprise graph database that uses cypher query language. Neo4j Browser
provides a way to visualize graph structures. In our experiment, we use the
Neo4j browser to visualize the interesting patterns.
Approximately how many hours were spent working on this submission in total?
100 Hours
May we post your
submission in the Visual Analytics Benchmark Repository after VAST Challenge
2018 is complete? YES
Video
https://youtu.be/1MJVbD8Zg0U
Questions
1.
Using the four large Kasios
International data sets, combine the different sources to create a single
picture of the company. Characterize changes in the company over time.
According to the company’s communications and purchase habits, is the company
growing? Limit your responses to 5 images and 500 words
Answer: After analyzing the habits of employees in the company, we discover a significant increase in the number of purchases, number of meetings conducted, emails sent and the number of phone calls from year 2015 to year 2017. In Figures 2, 3, 4, 5 we show examples of such patterns. Insider has provided information on suspicious employees. Based on that information, we are able to find similar pattern sequence and instances of those employees involved in the group.
In Figure 2, we can
see as an example, employee Sheilah Stachniw involved in suspicious calls
group, and his total number of calls are shown in Table 1.
Figure 2: Calls Over the Years:2015,2016,2017
Table 1: Calls Over the Years: 2015,
2016, 2017
|
S.No |
Year |
No. of Calls |
|
1. |
2015 |
02 |
|
2. |
2016 |
07 |
|
3. |
2017 |
11 |
In Figure 3, we can
see employee Laure Pelkey, and her total number of purchases are shown in Table 2.
Figure 3: Purchases Over the Years:2015,2016,2017
Table 2: Purchases Over the Years:2015,2016,2017
|
S.No |
Year |
No. of Purchases |
|
1. |
2015 |
03 |
|
2. |
2016 |
03 |
|
3. |
2017 |
05 |
In Figure 4,
we can see employee Giovanni Overbaugh, and his total number of meetings is
shown in Table 3.
Figure
4: Meetings Over the Years:2015,2016,2017
Table 3: Meetings Over the Years:2015,2016,2017
|
S.No |
Year |
No. of Meetings |
|
1. |
2015 |
00 |
|
2. |
2016 |
11 |
|
3. |
2017 |
27 |
In Figure 5, we can
see employee Sheilah Stachniw
and his statistics of emails is shown in Table 4.
Figure 5: emails Over
the Years:2015,2016,2017
Table 4: emails Over the
Years:2015,2016,2017
|
S.No |
Year |
No. of emails |
|
1. |
2015 |
04 |
|
2. |
2016 |
11 |
|
3. |
2017 |
11 |
2.
Combine the four data sources for group that the insider has
identified as being suspicious and locate the group in the larger dataset.
Determine if anyone else appears to be closely associated with this group.
Highlight which employees are making suspicious purchases, according to the
insider’s data.
3.
Limit your responses to 8 images and 500 words. Using the
combined group of suspected bad actors you created in question 2, show the
interactions within the group over time.
a. Characterize the group’s organizational structure and show a full picture of communications within the group.
b. Does the group composition change during the course of their activities?
c. How do the group’s interactions change over time?
Limit your responses to 10 images and 1000 words
Answer:
Based on the insiders information, we are able to discover employees that are involved in suspicious meetings. Our Graph Based Anomaly Detection (GBAD) system searches for instances of those patterns and able to report those suspicious employee instances. Examples of such patterns are visually showed using Neo4j.
In Figure 6, we show the group of employees namely Meryl Pastuch, Sherrell Biebel, Rosalia Larroque that are involved in suspicious meetings. In Table 5, we show the dates of meeting held along with the persons involved.
Figure 6: Suspicious Meeting Pattern: Employees Meryl Pastuch, Sherrell Biebel, Rosalia Larroque are
Involved
Table 5: Meetings-People, Dates
|
People Involved |
Date of Meeting |
|
Sherrell Biebel |
2017-08-28 |
|
Rosalia Larroque |
2017-09-02 |
In Figure 7 we show the group of employees namely Richard Fox , Madeline Nindorf, Sherrell Biebel, Julie Tierno, Kerstin Belveal, Sherrell Biebel and Meryl Pastuch that are involved in suspicious meeting. In Table 6, we show the dates of meetings held along with the persons involved.
Figure 7: Suspicious Meeting Pattern: Employees Richard,Fox , Madeline,Nindorf,
Sherrell,Biebel, Julie,Tierno,
Kerstin,Belveal, Sherrell,Biebel,
Meryl,Pastuch are Involved
Table 6: Meetings-People, Dates
|
People Involved |
Date of Meeting |
|
Mandeline Nindorf |
2015-11-06 |
|
Sherrell Biebel |
2015-11-07 |
|
Julie Tierno |
2015-11-07 |
|
Kerstin Belveal |
2015-11-07 |
|
Sherrel Biebel |
2016-04-30 |
|
Meryl Pastuch |
2017-08-28 |
In Figure 8 we show the group of employees namely Lindsy Henion, Ricky Miles, Marian Ahmadi,Loriann Gerard, Kerstin Belveal, Craig Carr and Chang,Tulip that are involved in suspicious meeting. In Table 7, we show the dates of meetings held along with the persons involved.
Figure 8:
Suspicious Meeting Pattern: Employee Lindsy,Henion,
Ricky,Miles, Marian,Ahmadi,Loriann,Gerard,
Kerstin,Belveal Craig,Carr Chang,Tulip are Involved
Table 7: Meetings-People, Dates
|
People Involved |
Date of Meeting |
|
Ricky Miles |
2017-03-09 |
|
Marian Ahmadi |
2017-05-11 |
|
Loriann Gerard |
2017-07-07 |
|
Kerstin Belveal Craig |
2017-08-08 |
|
Craig Carr |
2017-10-11 |
|
Chang,Tulip |
2017-11-12 |
|
People Involved |
Date of Meeting |
In Figure 9 we show the temporal meeting activities conducted by Margherita Stefanick from time to time. In Table 8, we show the dates of meetings held.
Figure 9: Meetings Over the
Years:2015,2016,2017
Table 8: Meetings-Dates
|
Dates of Meetings Conducted |
|
2016-04-30 |
|
2016-05-18 |
|
2016-09-21 |
|
2016-10-31 |
|
2016-12-22 |
|
2017-02-12 |
|
2017-03-08 |
|
2017-04-03 |
|
2017-04-26 |
|
2017-05-31 |
|
2017-07-12 |
|
2017-08-09 |
|
2017-08-26 |
|
2017-09-20 |
|
2017-10-07 |
|
2017-10-17 |
|
2017-10-20 |
“Based on the insiders information, we are able to find employees that are involved in suspicious meetings. GBAD reports those suspicious employee patterns. Examples of such patterns are visually showed using Neo4j in Figures 6, 7, 8 and 9 respectively. “
In Figure 10, we show the group of employees namely Glen
Grant, Julie Tierno that are involved in
suspicious calls. In Table 9, we show the dates of calls held along with the
persons involved.
Figure 10: Suspicious Calls Pattern: Alex Hall, Glen Grant, Julie Teirno are involved
Table 9: Calls-People, Dates
|
People Involved |
Date of Calls |
|
Glen Grant |
2015-10-02 |
|
Julie Tierno |
2016-02-18 |
In Figure 11, we show the group of employees namely Dylan Ballard, Augusta Sharp, Meryl Pastuch, Lindsy Henion, Yer Dolph, Jade Meucci that are involved in suspicious calls. In Table 10, we show the dates of calls held along with the persons involved.
Figure
11: Suspicious Calls Pattern: Dylan Ballard, Augusta Sharp, Meryl Pastuch, Lindsy Henion, Yer Dolph, Jade Meucci are Involved
Table 10: Calls-People, Dates
|
People Involved |
Date of Calls |
|
Augusta Sharp |
2015-10-02 |
|
Meryl Pastuch |
2015-10-02 |
|
Lindsy Henion |
2015-10-02 |
|
Yer Dolph |
2017-08-21 |
|
Jade Meucci |
2017-10-28 |
In Figure 12,
we show the group of employees namely Maria Hupman,
Adele Farmer, Calvin Davidson, Sherlyn Wombacher that
are involved in suspicious calls. In Table 10, we show the dates of calls held
along with the persons involved.
Figure 12: Suspicious Calls Pattern:Maria,Hupman
Adele,Farmer, Calvin,Davidson,
Sherlyn,Wombacher
Table 11: Calls-People, Dates
|
People Involved |
Date of Calls |
|
Adele Farmer |
2017-08-21 |
|
Calvin Davidson |
2017-08-21 |
|
Sherlyn Wombacher |
2017-10-28 |
In Figure 13, we show the group of employees namely Bethanie Folmer, Dortha Bratt, Violet Little, Tajuana Lampronthat are involved in suspicious calls. In Table 12, we show the dates of calls held along with the persons involved.
Figure 13: Suspicious Calls Pattern: Bethanie,Folmer Dortha,Bratt
Violet,Little Tajuana,Lampron
are Involved
Table 12: Calls-People, Dates
|
People Involved |
Date of Calls |
|
Bethanie Folmer |
2017-08-21 |
|
Dortha Bratt |
2017-10-28 |
|
Violet Little |
2017-10-28 |
Based on the insiders
information, we are able to find employees that are involved in suspicious
calls. GBAD reports those suspicious employee patterns. Examples of such patterns
are visually showed using Neo4j in Figures 10,
11 and 12 and respectively.
“Analysing the
patterns detected by GBAD we suspect the following Employees as Suspicious in
Table 14.”
Table 14: Suspicious
Employees
|
Suspicious Employees |
|
|
Meryl Pastuch, Sherrell Biebel, Rosalia Larroque Richard Fox Madeline Nindorf Sherrell,Biebel Julie,Tierno Kerstin Belveal Sherrell,Biebel Meryl Pastuch Lindsy Henion, Ricky Miles, Marian Ahmadi, Loriann Gerard, Kerstin Belveal Craig Carr Chang Tulip |
Alex Hall Glen Grant Julie Tierno Dylan Ballard Augusta Sharp Meryl Pastuch Lindsy Henion Yer Dolph Jade Meucci Maria Hupman Adele Farmer Calvin Davidson Sherlyn Wombacher Bethanie Folmer Dortha Bratt Violet Little Tajuana Lampron |
4.
The insider has provided a list of purchases that might
indicate illicit activity elsewhere in the company. Using the structure of the
first group noted by the insider as a model can you find any other instances of
suspicious activities in the company? Are there other groups that have
structure and activity similar to this one? Who are they? Each of the
suspicious purchases could be a starting point for your search. Provide
examples of up to two other groups you find that appear suspicious and compare
their structure with the structure of the first group. The structures should be
presented as temporal not just structural (i.e., the sequence of events—A is
followed by B one or two days later—will be important).
Limit your responses to 10 images and 1200 words
Answer) Insider has provided some employees as suspicious. In table 15, we show the names of those employees. GBAD is able to detect purchase instances of those employees as shown in Figures 14, 15, 16 and 17 respectively. Temporal purchase activities are shown in Figures 18 and 19 respectively.
Table 15: Suspicious Employees
|
Employee Names Provided by Insider as Suspicious |
Predicted Employees As Suspicious Based on Insiders Data |
|
Trevor Webb Beth Wilensky Tyree Barreneche Gregory Russell Carlos Morris |
Trevor Webb Beth Wilensky Laure Pelkey Alpha Chessor Tyree Barreneche Gregory Russell Carlos Morris Kia Halonen |
Figure 14
:Suspicious Purchase: Rosalia,Larroque ,Jenice,Savaria
Figure 15: Suspicious Purchase: Trevor,Webb,
Tyree,Barreneche Gail,Feindt
Figure 16: Suspicious Purchase- Beth,Wilensky,
Gregory,Russell, Gail,Feindt
Figure 17:
Suspicious Purchase: Jane,Ramsey,
Carlos,Morris
Figure 18: Purchases Over the Years 2015, 2016, 2017
Figure 19: Purchases Over the Years 2015, 2016, 2017
Based on analysing all the found patterns, we hypothesize the following as reasons for the decrease in the number of nesting pairs of Rose-Crested Blue Pipit:
1. Production suddenly increased from 2016 to 2017 infers that company has restarted some production of banned solvent which can harm birds.
2. EuroKasios is a furniture manufacturing factory. There is gradual increase in the production of furniture from year 2015 to 2017. For furniture, lot of wood is needed which involves cutting many trees in forest leading to decreased nesting habitats, which can be the cause of migration of birds elsewhere.
3. Many suspicious meetings are held during evenings i.e beyond the office hours which is something unusual.
4. Due to release
of chemicals like Methylosmolene from factory the
wildlife preserve gets polluted which can make the birds to migrate elsewhere.