Level of network suspicion detection

What is claimed is: 1. A method for detecting suspicious groups of entities from a dataset of entity and entity attribute information, the method comprising: receiving, at a processor, entity identifiers and attribute identifiers associated with entities; generating, by the processor, a multi-view graph from the dataset of entity and entity attribute information using the entity identifiers and the attribute identifiers, each node of the multi-view graph corresponding to a respective one of the entity identifiers, each view of the multi-view graph corresponding to a respective one of the attribute identifiers, and each edge between the nodes of a respective view having an edge weight corresponding to attribute value overlap between those nodes in that view; repeating, by the processor, the following steps until a predetermined constraint is met: identifying, by the processor, a multi-view subgraph within the multi-view graph, the multi-view subgraph including more than one view for the group of entities, determining, by the processor, the level of suspicion of the multi-view subgraph, revising, by the processor, the multi-view subgraph by adding or subtracting at least one of an entity or a level, determining, by the processor, the level of suspicion of the revised multi-view subgraph, when the level of suspicion of the revised multi-view subgraph exceeds the level of suspicion of the multi-view subgraph, repeating, by the processor, the revising of the multi-view subgraph and determining the level of suspicion of the revised multi-view subgraph, and when the level of suspicion of the revised multi-view subgraph does not exceed the level of suspicion of the multi-view subgraph, recording, by the processor, an identifier and a level of suspicion for a most-recent revised multi-view subgraph; and presenting, by the processor, recorded identifiers and corresponding levels of suspicion on a display as the suspicious group of entities. 2. The method of claim 1 , wherein the predetermined constraint is a predetermined number of views of the multi-view graph. 3. The method of claim 1 , wherein identifying the multi-view subgraph within the multi-view graph comprises seeding with initial views selected to favor views in which overlap occurs less frequently. 4. The method of claim 1 , wherein identifying the multi-view subgraph within the multi-view graph comprises seeding with at least one seed comprising initial views and nodes selected based on at least one of shared attributes or shared behaviors. 5. The method of claim 4 , comprising identifying the predetermined constraint as at least one of a target density level or a number of attempts. 6. The method of claim 5 , wherein seeding with at least one seed comprising initial views comprises selecting at least one view and initializing a candidate seed with two nodes having similarity in the selected at least one view. 7. The method of claim 6 , wherein seeding with at least one seed comprising initial views further comprises adding another node to the candidate seed and checking if the predetermined constraint has been met. 8. The method of claim 7 , wherein seeding with at least one seed comprising initial views further comprises adding a node to the candidate seed until the predetermined constraint has been met and, once the predetermined constraint has been met, recording the candidate seed as the multi-view subgraph within the multi-view graph. 9. The method of claim 8 , wherein seeding with at least one seed comprising initial views further comprises repeating a determination of the candidate seed when the predetermined constraint has not been satisfied after a predetermined number of attempts. 10. The method of claim 1 , further comprising aggregating and filtering the recorded identifiers and corresponding levels of suspicion to remove redundant multi-view subgraphs covering a same set of nodes. 11. A system for detecting suspicious groups of entities from a dataset of entity and entity attribute information, the system comprising: a memory that stores instructions; and a processor configured by the instructions to perform operations comprising: receiving entity identifiers and attribute identifiers associated with entities; generating a multi-view graph from the dataset of entity and entity attribute information using the entity identifiers and the attribute identifiers, each node of the multi-view graph corresponding to a respective one of the entity identifiers, each view of the multi-view graph corresponding to a respective one of the attribute identifiers, and each edge between the nodes of a respective view having an edge weight corresponding to attribute value overlap between those nodes in that view; repeating the following steps until a predetermined constraint is met: identifying a multi-view subgraph within the multi-view graph, the multi-view subgraph including more than one view for the group of entities, determining the level of suspicion of the multi-view subgraph, revising the multi-view subgraph by adding or subtracting at least one of an entity or a level, determining the level of suspicion of the revised multi-view subgraph, when the level of suspicion of the revised multi-view subgraph exceeds the level of suspicion of the multi-view subgraph, repeating the revising of the multi-view subgraph and determining the level of suspicion of the revised multi-view subgraph, and when the level of suspicion of the revised multi-view subgraph does not exceed the level of suspicion of the multi-view subgraph, recording an identifier and a level of suspicion for a most-recent revised multi-view subgraph; and presenting recorded identifiers and corresponding levels of suspicion on a display as the suspicious group of entities. 12. The system of claim 11 , wherein the processor is further configured by the instructions to perform additional operations comprising identifying the multi-view subgraph within the multi-view graph by seeding with initial views selected to favor views in which overlap occurs less frequently. 13. The system of claim 11 , wherein the processor is further configured by the instructions to perform additional operations comprising identifying the multi-view subgraph within the multi-view graph by seeding with at least one seed comprising initial views and nodes selected based on at least one of shared attributes or shared behaviors. 14. The system of claim 13 , wherein the processor is further configured by the instructions to perform additional operations comprising identifying the predetermined constraint as at least one of a target density level or a number of attempts. 15. The system of claim 14 , wherein the processor is further configured by the instructions to perform additional operations comprising seeding with at least one seed comprising initial views by selecting at least one view and initializing a candidate seed with two nodes having similarity in the selected at least one view. 16. The system of claim 15 , wherein the processor is further configured by the instructions to perform additional operations comprising seeding with at least one seed comprising initial views by adding another node to the candidate seed and checking if the predetermined constraint has been met. 17. The system of claim 16 , wherein the processor is further configured by the instructions to perform additional operations comprising seeding with at least one seed comprising initial views by adding a node to the candidate seed until the predetermined constraint has been met and, once the predeterm