// the find
Stream-AD/MIDAS
Anomaly Detection on Dynamic (time-evolving) Graphs in Real-time and Streaming manner. Detecting intrusions (DoS and DDoS attacks), frauds, fake rating anomalies.
MIDAS is a streaming anomaly detection algorithm for edge streams in dynamic graphs, backed by two peer-reviewed papers (AAAI 2020, TKDD 2022). It uses Count-Min Sketches to flag sudden microclusters — bursts of similar edges arriving together — which maps well to DDoS detection, fake rating spikes, and financial fraud. Aimed at researchers and security engineers who need constant-memory, real-time scoring on high-volume edge streams.
The core algorithm is genuinely elegant: constant memory and O(1) update time regardless of graph size, with theoretical false-positive guarantees — not just empirical claims. The header-only C++ design means you can drop four .hpp files into any project and start scoring edges immediately. Multiple independent ports exist (Python, Go, Rust, Julia, R, Java), which is a good signal the algorithm is clean enough to reimplement. The DARPA benchmark results are reproducible via a dedicated Reproducible.cpp with hardcoded seeds.
Last meaningful commit was 2024-01-10 and the primary author has moved on — the 'OldImplementation' branch being archived and a CHANGELOG that trails off are signs of a finished research artifact, not a maintained library. There is no streaming input interface; you must implement your own data ingestion loop around the core, with a hardcoded CSV demo as the only example. The customization story is 'edit Demo.cpp and recompile', with no config file or runtime parameters. Evaluation tooling leans on a Python sklearn subprocess for ROC-AUC, which is awkward if you're embedding this in a C++ pipeline.