Vol.:(0123456789) SN Computer Science (2021) 2:219 https://doi.org/10.1007/s42979-021-00603-x SN Computer Science REVIEW ARTICLE Group Anomaly Detection: Past Notions, Present Insights, and Future Prospects Aqeel Feroze 1  · Ali Daud 1,2  · Tehmina Amjad 1  · Malik Khizar Hayat 3 Received: 7 November 2020 / Accepted: 19 March 2021 / Published online: 16 April 2021 © The Author(s), under exclusive licence to Springer Nature Singapore Pte Ltd 2021 Abstract Anomaly detection has evolved as a successful research subject in the areas such as bibliometrics, informatics and computer networks including security-based and social networks. Almost all existing anomaly detection techniques have some limita- tions and do not focus specifcally on detecting anomalous groups. Anomaly detection is also a crucial problem in process- ing large-scale datasets when our goal is to fnd abnormal values or unusual events. The authors decided to survey existing group anomaly detection techniques because there is a need to consider group anomalies for mitigation of risks, prevention of malicious collaborative activities, and other interesting explanatory insights by identifying groups that are not consist- ent with regular group patterns. In this research, we bifurcated group anomaly detection techniques into activity-based and graph-based methods. The graphical methodologies are then further classifed under static versus dynamic and attributed versus plain graph methods. We have also listed the datasets used in various studies to detect group anomalies along with detected anomalies and the various performance measures used to validate the results. Towards the end, we have provided various applications of group anomaly detection and the research challenges that group anomaly detection presents to the scientifc community and enlisted some of the future trends for this particular research area. Keywords Group anomaly detection · Graph-centric features · Performance metrics · Static · Dynamic · Academic social network Introduction Detecting abnormality from certain data is considered the most challenging task in the data mining feld. Abnormal value is also termed as an outlier in statistics whereas ‘sur- prise’, ‘unusual’, ‘outbreak’, ‘event’, ‘change’, ‘fraud’, ‘nov- elty’, ‘rare’ or ‘exception’ are other terminologies being used for this phenomenon in the literature [1]. A certain activity in a particular dataset that is beyond normal is an anomaly. For instance, in social networks, an anomaly occurs if some- one conceivably performs an abnormal activity by manipu- lating a compromised account or a fake review. However, if a group of people is engaged in some sort of activity that digresses from a set pattern in a dataset, then the resultant activity is said to be a group anomaly. For instance, in the case of social networking platforms, group anomaly occurs if a group is performing activities such as cyber-attacks or fooding denial of service attacks, where similar types of normal data instances appear in abnormally large numbers. An individual instance in group abnormality could possi- bly be normal, however, the collection of such patterns is * Ali Daud alimsdb@gmail.com Aqeel Feroze aqeel.phdcs96@iiu.edu.pk Tehmina Amjad tehminaamjad@iiu.edu.pk Malik Khizar Hayat khizerhayat92@gmail.com 1 Department of Computer Science and Software Engineering, International Islamic University, Islamabad, Pakistan 2 Department of Computer Science and Artifcial Intelligence, College of Computer Science and Engineering, Jeddah University, Jeddah, Saudi Arabia 3 Department of Information Technology, Faculty of Information Technology and Engineering, The University of Haripur, Haripur, Pakistan