Yue Zhao, assistant professor at USC Thomas Lord Department of Computer Science, receives an Amazon Research Award. Photo/USC.
Imagine reviewing your bank statement and spotting charges for a luxury vacation you never booked. Fraudulent transactions like these don’t just threaten financial stability—they highlight a critical challenge for fraud detection teams: identifying unusual activity and understanding why it was flagged as suspicious. Without access to detailed transaction histories and tools to uncover hidden patterns, detecting and addressing these anomalies becomes significantly harder.
Enter computer science assistant professor Yue Zhao, who specializes in a machine learning technique called graph anomaly detection. By analyzing the connections between seemingly unrelated data points, this technique can detect suspicious behaviors, such as unusual bank transactions, and explain their causes–even with limited data–helping banks stay one step ahead of fraudsters. And that’s just one example.
Detecting suspicious behavior
Imagine a big web of connections—whether it’s people, machines, or data points. Most of them fit a certain pattern, but every now and then, something stands out or doesn’t follow the usual rules. That’s the anomaly, and detecting it is about finding that one unusual connection or behavior in a sea of normal ones. These anomalies can provide valuable insights about the graph as a whole.
The impact of graph anomaly detection reaches far beyond preventing information security threats.
“Graph anomaly detection can also identify unusual lab results in patient data.” Yue Zhao
“Graph anomaly detection can also identify unusual lab results in patient data, bringing potentially serious conditions to attention much faster than diagnoses by humans,” Zhao said. “It has even been used to detect spacecraft quality and life cycles, to ensure they are fit to operate.”
On December 20, 2024, Zhao was one of ten researchers to receive a globally-recognized Amazon Research Award for his work at the intersection of AI and data security, which has the potential to impact decision-making processes across many areas that affect our daily lives.
How graph anomaly detection uncovers security threats
To emphasize the growing relevance of graph theory in understanding complex systems, Zhao offers an analogy that highlights the interconnectedness of our world: “The world is a graph.”
“Think about social networks,” said Zhao. “We can visualize them as a map of connections between friends. Similarly, we can see the world as a graph with links between people and entities.”
To perform graph learning, researchers look at how different “things” are connected and what makes them unique. These “things” can be people using a product or service, or even the machines they use. For example, on a social media platform, researchers might collect basic information about users like age, gender, and location, and then turn that into a visual map to see how everyone is connected.
In the information security space, graph anomaly detection can be used to determine how computers are connected to the Internet and how they transmit data between each other. It can identify fake Amazon reviews written by social bots to prevent consumers from buying low quality products unknowingly. It also allows banks to spot telltale signs of money laundering.
“If people split a large amount of money into smaller amounts and move these chunks among transaction networks, we can use graph anomaly detection to identify these unusual patterns,” says Zhao.
Real-time detection and explainable results
However, noticing these behaviors is not enough. Detection needs to happen quickly, before the data becomes outdated and invalid. Further, since hackers and malicious agents are adversarial and frequently change their behavior to bypass detection, the best machine learning models should be automated to immediately adapt to the newest strategies.
“The results from graph anomaly detection should also be explainable. For example, in the case of bank transactions, why were certain ones identified as fraudulent? What are the explanations for that decision?” Zhao said.
Zhao believes that a rapid, automated graph anomaly detection system will be able to effectively inform us about security attacks. By obtaining concrete evidence for the machine’s decision-making process, researchers and responders can better understand and react to threatening situations when they arise.
“We want to go beyond the algorithm itself and benefit other real-world industries like medical groups and national security organizations,” Zhao said. “With our open-source library, anyone can access and leverage these tools to build advanced detection and response systems that can protect us from harm.”
Published on January 27th, 2025
Last updated on January 27th, 2025
