Many conventional anomaly detection techniques attempt to detect global anomalies. Global anomalies, also referred to as point anomalies, are data objects that deviate from normal behavior of an entire dataset. For example, a global anomaly in a social network may be an inactive account with few contacts or friends. According to another example, a global anomaly in an academic collaboration network may be an infrequent contributor with few collaborators. However, global anomalies may not be particularly useful or relevant for some applications.
Other conventional techniques attempt to detect contextual anomalies. A contextual anomaly is a data object that is anomalous with respect to a specific context, but may seem normal when in a different context. Contextual anomalies may be interesting if the corresponding context has practical implications. For example, a contextual anomaly in a security network can imply unauthorized access or identity theft if the contexts are different organizational groups. According to another example, a contextual anomaly in an academic collaboration network can indicate cross-disciplinary research when the contexts are different research areas.
Some approaches for detecting contextual anomalies treat context formation and anomaly detection as separate steps. Thus, contexts are defined using contextual attributes. After defining the contexts, then contextual anomalies can be defined as global anomalies (e.g., point anomalies) for each specific context. Other approaches for detecting contextual anomalies model a structure in the data and then detect contextual anomalies based on such model.