Jian Chen,Fagui Liu,Jun Jiang,Guoxiang Zhong,Dishi Xu,Zhuanglun Tan,Shangsong Shi

DOI: https://doi.org/10.1016/j.comcom.2023.03.028

2022-01-01

SSRN Electronic Journal

Abstract:Trace is widely used to detect anomalies in distributed microservice systems because of the capability of precisely reconstructing user request paths. However, most existing trace-based anomaly detection approaches treat the trace as a sequence of microservice invocations with response time information, which ignores the graph structure of trace and abnormal resource consumption of the complex distributed deployment environment of microservice. In this paper, we propose TraceGra, an unsupervised encoder–decoder anomaly detection approach. TraceGra first provides a unified graph representation to combine traces and performance metrics of the container. Then, it introduces the graph neural network (GNN) and long short-term memory network (LSTM) to extract the topology and temporal features, respectively. Finally, it adds the two-part loss value with two hyperparameters as the anomaly score. The evaluation results on an open-source dataset and a local dataset collected from an ARM server cluster show that TraceGra achieves a high precision (0.97) and recall (0.93), outperforming some state-of-the-art approaches with an average increase of 0.1 in F1-score.

Ping Liu,Haowen Xu,Qianyu Ouyang,Rui Jiao,Zhekang Chen,Shenglin Zhang,Jiahai Yang,Linlin Mo,Jice Zeng,Wenman Xue,Dan Pei

DOI: https://doi.org/10.1109/issre5003.2020.00014

2020-01-01

Abstract:The anomalies of microservice invocation traces (traces) often indicate that the quality of the microservice-based large software service is being impaired. However, timely and accurately detecting trace anomalies is very challenging due to: 1) the large number of underlying microservices, 2) the complex call relationships between them, 3) the interdependency between the response times and invocation paths. Our core idea is to use machine learning to automatically learn the overall normal patterns of traces during periodic offline training. In online anomaly detection, a new trace with a small anomaly score (computed based on the learned normal pattern) is considered anomalous. With our novel trace representation and the design of deep Bayesian networks with posterior flow, our unsupervised anomaly detection system, called TraceAnomaly, can accurately and robustly detect trace anomalies in a unified fashion. TraceAnomaly has been deployed on 18 online services in a company S. Detailed evaluations on four large online services which contain hundreds of microservices and a testbed which contains 41 microservices show that the recall and precision of TraceAnomaly are both above 0.97, outperforming the existing approach in S (hard-coded rule) by 19.6% and 7.1%, and seven other baselines by 57.0% and 41.6% on average.

Shenglin Zhang,Chenyu Zhao,Yicheng Sui,Ya Su,Yongqian Sun,Yuzhi Zhang,Dan Pei,Yizhe Wang

DOI: https://doi.org/10.1109/ISSRE52982.2021.00023

2021-01-01

Abstract:To ensure the reliability of software services, operators collect and monitor a large number of KPI (Key Performance Indicator) streams constantly. KPI anomaly detection is vitally important for software service management. However, none of supervised learning methods, semi-supervised learning methods, transfer learning methods, or unsupervised learning methods achieve accurate anomaly detection for the large-scale, diverse, dynamically changing KPI streams with little labeling effort. In this paper, we propose PUAD, a PU learning-based method, to achieve accurate KPI anomaly detection requiring a few partial labels. It integrates clustering, PU learning, and semisupervised learning to minimize labeling effort and improve anomaly detection accuracy simultaneously. Additionally, we propose a novel active learning method that selects the samples most likely to be positive in each iteration to avoid false alarms. We apply 208 real-world KPI streams collected from a large-scale software service provider to evaluate the performance of PUAD, demonstrating that it achieves a close F1-score to supervised learning methods with much fewer manual labels, and greatly outperforms semi-supervised learning methods, transfer learning methods, and unsupervised learning methods.

Zhe Xie,Changhua Pei,Wanxue Li,Huai Jiang,Liangfei Su,Jianhui Li,Gaogang Xie,Dan Pei

DOI: https://doi.org/10.1145/3611643.3613861

2023-01-01

Abstract:As Internet applications continue to scale up, microservice architecture has become increasingly popular due to its flexibility and logical structure. Anomaly detection in traces that record inter-microservice invocations is essential for diagnosing system failures. Deep learning-based approaches allow for accurate modeling of structural features (i.e., call paths) and latency features (i.e., call response time), which can determine the anomaly of a particular trace sample. However, the point-wise manner employed by these methods results in substantial system detection overhead and impracticality, given the massive volume of traces (billion-level). Furthermore, the point-wise approach lacks high-level information, as identical sub-structures across multiple traces may be encoded differently. In this paper, we introduce the first Group-wise Trace anomaly detection algorithm, named GTrace. This method categorizes the traces into distinct groups based on their shared sub-structure, such as the entire tree or sub-tree structure. A group-wise Variational AutoEncoder (VAE) is then employed to obtain structural representations. Moreover, the innovative "predicting latency with structure" learning paradigm facilitates the association between the grouped structure and the latency distribution within each group. With the group-wise design, representation caching, and batched inference strategies can be implemented, which significantly reduces the burden of detection on the system. Our comprehensive evaluation reveals that GTrace outperforms state-of-the-art methods in both performances (2.64% to 195.45% improvement in AUC metrics and 2.31% to 40.92% improvement in best F-Score) and efficiency (21.9x to 28.2x speedup). We have deployed and assessed the proposed algorithm on eBay's microservices cluster, and our code is available at https://github.com/NetManAIOps/GTrace.git.

Kaize Ding,Qinghai Zhou,Hanghang Tong,Huan Liu

DOI: https://doi.org/10.48550/arXiv.2102.11165

2021-02-23

Abstract:Network anomaly detection aims to find network elements (e.g., nodes, edges, subgraphs) with significantly different behaviors from the vast majority. It has a profound impact in a variety of applications ranging from finance, healthcare to social network analysis. Due to the unbearable labeling cost, existing methods are predominately developed in an unsupervised manner. Nonetheless, the anomalies they identify may turn out to be data noises or uninteresting data instances due to the lack of prior knowledge on the anomalies of interest. Hence, it is critical to investigate and develop few-shot learning for network anomaly detection. In real-world scenarios, few labeled anomalies are also easy to be accessed on similar networks from the same domain as of the target network, while most of the existing works omit to leverage them and merely focus on a single network. Taking advantage of this potential, in this work, we tackle the problem of few-shot network anomaly detection by (1) proposing a new family of graph neural networks -- Graph Deviation Networks (GDN) that can leverage a small number of labeled anomalies for enforcing statistically significant deviations between abnormal and normal nodes on a network; and (2) equipping the proposed GDN with a new cross-network meta-learning algorithm to realize few-shot network anomaly detection by transferring meta-knowledge from multiple auxiliary networks. Extensive evaluations demonstrate the efficacy of the proposed approach on few-shot or even one-shot network anomaly detection.

Machine Learning

Qihang Zhou,Shibo He,Haoyu Liu,Tao Chen,Jiming Chen

DOI: https://doi.org/10.1109/tcsvt.2022.3218587

IF: 5.859

2023-01-01

IEEE Transactions on Circuits and Systems for Video Technology

Abstract:Recently, much attention has been paid to segmenting subtle unknown defect regions by knowledge distillation in an unsupervised setting. Most previous studies concentrated on guiding the student network to learn the same representations on the normality, neglecting the different behaviors of the abnormality. This leads to a high probability of false detection of subtle defects. To address such an issue, we propose to push representations on abnormal areas of the teacher and student network as far as possible while pulling representations on normal areas as close as possible. Based on this idea, we design an efficient teacher-student model for anomaly detection and localization, which maximizes pixel-wise discrepancies for anomalous regions approximated by data augmentation and simultaneously minimizes discrepancies for pixel-wise normal regions between these two networks. The explicit differential knowledge distillation enlarges the margin between normal representations and abnormal ones in favour of discriminating them. Then, the appropriate small student network is not only efficient, but more importantly, helps inhibit the generalization ability of anomalous patterns when learning normal patterns, facilitating the precise decision boundary. The experimental results on the MVTec AD, Fashion-MNIST, and CIFAR-10 datasets demonstrate that our proposed method achieves better performance than current state-of-the-art (SOTA) approaches. Especially, For the MVTec AD dataset with high resolution images, we achieve 98.1 AUROC% and 93.6 AUPRO% in anomaly localization, outperforming knowledge distillation based SOTA methods by 1.1 AUROC% and 1.5 AUPRO% with a lightweight model.

Huiyu Mu,Ruizhi Sun,Gang Yuan,Guoqing Shi

DOI: https://doi.org/10.1002/int.22437

IF: 8.993

2021-05-02

International Journal of Intelligent Systems

Abstract:<p>Anomaly detection plays a critical role in intelligent video surveillance. However, real‐world video data obtained always contains large numbers of normal video data, along with large numbers of unlabeled data. A promising solution with one‐class classification and semi‐supervised learning may not be satisfactory as they fail to make good use of unlabeled data with only normal data available. In this paper, we introduced a new framework, called Positive Unlabeled learning‐based Anomaly event Detection (PU‐AD), to exploit the weakly‐supervised information. To the best of our knowledge, this is the first work that introduces the PU idea and achieves detecting abnormal events with a limited number of partially labeled data. Experiments on real‐world surveillance videos show that the proposed method outperforms the existing state‐of‐the‐art methods.</p>

computer science, artificial intelligence

Ke Zhang,Xiya Wu,Xin Peng,Dongmei Zhang,Chenxi Zhang,Zhenqing Fu,Qingwei Lin,Chaofeng Sha

DOI: https://doi.org/10.1145/3510003.3510180

2022-05-01

Abstract:A microservice system in industry is usually a large-scale dis-tributed system consisting of dozens to thousands of services run-ning in different machines. An anomaly of the system often can be reflected in traces and logs, which record inter-service interactions and intra-service behaviors respectively. Existing trace anomaly detection approaches treat a trace as a sequence of service invocations. They ignore the complex structure of a trace brought by its invocation hierarchy and parallel/asynchronous invocations. On the other hand, existing log anomaly detection approaches treat a log as a sequence of events and cannot handle microservice logs that are distributed in a large number of services with complex interactions. In this paper, we propose DeepTraLog, a deep learning based microservice anomaly detection approach. DeepTraLog uses a unified graph representation to describe the complex structure of a trace together with log events embedded in the structure. Based on the graph representation, DeepTraLog trains a GGNNs based deep SVDD model by combing traces and logs and detects anom-alies in new traces and the corresponding logs. Evaluation on a microservice benchmark shows that DeepTraLog achieves a high precision (0.93) and recall (0.97), outperforming state-of-the-art trace/log anomaly detection approaches with an average increase of 0.37 in F1-score. It also validates the efficiency of DeepTraLog, the contribution of the unified graph representation, and the impact of the configurations of some key parameters.

Computer Science

Yilin Wang,Sha Zhao,Shiwei Zhao,Runze Wu,Yuhong Xu,Jianrong Tao,Tangjie Lv,Shijian Li,Zhipeng Hu,Gang Pan

DOI: https://doi.org/10.1145/3638561

IF: 4.157

2024-01-01

ACM Transactions on Knowledge Discovery from Data

Abstract:Massive multiplayer online role-playing games (MMORPG) have been becoming one of the most popular and exciting online games. In recent years, a cheating phenomenon called real money trading (RMT) has arisen and damaged the fantasy world in many ways. RMT is the sale of in-game items, currency, or even characters to earn real money, breaking the balance of the game economy ecosystem and damaging the game experience. Therefore, some studies have emerged to address the problem of RMT detection. However, they cannot well handle the label uncertainty problem in practice, where there are only labeled RMT samples (positive samples) and unlabeled samples, which could either be RMT samples or normal transactions (negative samples). Meanwhile, the trading relationship between RMTers is modeled in a simple way, leading to some normal transactions being falsely classified as RMT. In this article, we propose PU-Detector, a novel framework based on PU learning (learning from positive and unlabeled data) for RMT detection, considering the fact that there are only labeled RMT samples and other unlabeled transactions. We first automatically estimate the likelihood of one transaction being RMT by developing an improved PU learning method and proposing an assessment rule. Sequentially, we use the estimated likelihood as edge weight to construct a trading graph to learn trader representation. Then, with the trader representations and basic trading features, we detect RMT samples by the improved PU learning method. PU-Detector is evaluated on a large-scale real world dataset consisting of 33,809,956 transaction logs generated by 43,217 unique players. Compared with other approaches, it achieves the state-of-the-art performance and demonstrates its advantages in detecting underlying RMT samples.

Yi Li,Zhangbing Zhou,Shuiguang Deng,Xiao Sun,Xiao Xue,Sami Yangui,Walid Gaaloul

DOI: https://doi.org/10.1109/icws62655.2024.00077

2024-01-01

Abstract:Anomaly detection is a long-standing research topic to support the prompt remedy of potential risks for dependency-aware tasks, where Graph Neural Networks (GNNs) models have been adopted to differentiate anomalies from normal patterns. Generally, GNN models utilize time series data to construct graph structures for capturing task dependencies between Internet of Things (IoT) devices, such that deviations from predicted behaviours are assumed as anomalies. Current forecasting-based anomaly detection methods can hardly detect anomalies, which are uncovered by historical sensory data, but are explicitly specified by domain knowledge. To solve this issue, this paper proposes a Knowledge-enhanced graph attention-based Anomaly Detection (KeAD) method. Specifically, a knowledge-enhanced graph structure is constructed by incorporating domain-specific knowledge to represent spatio-temporal dependencies between IoT devices. Thereafter, a knowledge-enhanced graph attention-based forecasting network is developed to predict future behaviours of IoT devices. Anomalies are detected by analyzing deviations from these predicted behaviours, taking domain-specific knowledge into account. Extensive experiments are conducted based on publicly-available datasets, and evaluation results demonstrate that our KeAD outperform the state-of-the-art techniques in terms of the accuracy of anomaly detection.

CAI Long-zheng,YU Sheng-sheng,ZHOU Jing-li,WANG Xiao-feng

DOI: https://doi.org/10.3969/j.issn.1000-1220.2006.10.014

2006-01-01

Abstract:This paper proposed a network connection based anomaly detection approach with unlabeled training data (ADUTD). It can be considered as an enhancement to traditional anomaly detection methods by building detection models from noisy training data. ADUTD exploits the property that if there are intrusions hidden in training data, they are likely to consist of some kinds of attribute values with low frequency of occurrence. Both fields of packets' header and application layer data are used as attributes for building models and detecting intrusions. Furthermore, network traffic is divided into different parts according to their service types, and models are built for each part so as to enhance the ability of detecting attacks. Empirical experiments with DARPA 1999 IDS evaluation data set show that with unlabeled noisy training data, ADUTD has compared performance with previous schemes trained with clean or labeled data. When both trained with clean data, ADUTD has higher detection rate then previous schemes.

Yongqian Sun,Kunlin Jian,Liyue Cui,Guifei Jiang,Shenglin Zhang,Yuzhi Zhang,Dan Pei

DOI: https://doi.org/10.1016/j.jss.2022.111322

2022-01-01

Abstract:Detecting malicious non-existent domain names (NXDomains) in a real-time manner is vitally important to the security of large-scale dependable systems. Existing detection methods are trained based on the assumption that the NXDomains, which cannot be recognized by the domain generation algorithm (DGA) archive, are benign. However, new types of malicious NXDomains are continuously generated, and the DGA archive cannot cover all of them, making the NXDomains partially labeled. Additionally, extracting all the features for distinguishing malicious and benign NXDomains is computationally inefficient and inappropriate for online detection in large-scale dependable systems. This work proposes a framework, PUFS, to train an accurate malicious NXDomain detection model according to partial labels and conduct efficient online detection for large-scale dependable systems. PUFS adopts a novel, simple, yet effective three-step strategy to combine PU learning and feature selection. We conduct extensive experiments using real-world data collected from a top-tier global online bank. PUFS achieves 99.19% of F1-Score, and improves the feature extraction efficiency by 1153%, making it suitable for online detection scenarios.

Junliang Luo,Farimah Poursafaei,Xue Liu

DOI: https://doi.org/10.48550/arXiv.2303.02462

IF: 5.414

2023-03-04

Machine Learning

Abstract:Detecting illicit nodes on blockchain networks is a valuable task for strengthening future regulation. Recent machine learning-based methods proposed to tackle the tasks are using some blockchain transaction datasets with a small portion of samples labeled positive and the rest unlabelled (PU). Albeit the assumption that a random sample of unlabeled nodes are normal nodes is used in some works, we discuss that the label mechanism assumption for the hidden positive labels and its effect on the evaluation metrics is worth considering. We further explore that PU classifiers dealing with potential hidden positive labels can have improved performance compared to regular machine learning models. We test the PU classifiers with a list of graph representation learning methods for obtaining different feature distributions for the same data to have more reliable results.

Zhu Wang,Shuang Zhou,Junnan Dong,Chang Yang,Xiao Huang,Shengjie Zhao

2024-07-08

Abstract:Graph anomaly detection (GAD) has been widely applied in many areas, e.g., fraud detection in finance and robot accounts in social networks. Existing methods are dedicated to identifying the outlier nodes that deviate from normal ones. While they heavily rely on high-quality annotation, which is hard to obtain in real-world scenarios, this could lead to severely degraded performance based on noisy labels. Thus, we are motivated to cut the edges of suspicious nodes to alleviate the impact of noise. However, it remains difficult to precisely identify the nodes with noisy labels. Moreover, it is hard to quantitatively evaluate the regret of cutting the edges, which may have either positive or negative influences. To this end, we propose a novel framework REGAD, i.e., REinforced Graph Anomaly Detector. Specifically, we aim to maximize the performance improvement (AUC) of a base detector by cutting noisy edges approximated through the nodes with high-confidence labels. (i) We design a tailored action and search space to train a policy network to carefully prune edges step by step, where only a few suspicious edges are prioritized in each step. (ii) We design a policy-in-the-loop mechanism to iteratively optimize the policy based on the feedback from base detector. The overall performance is evaluated by the cumulative rewards. Extensive experiments are conducted on three datasets under different anomaly ratios. The results indicate the superior performance of our proposed REGAD.

Machine Learning,Artificial Intelligence

Fu Lin,Haonan Gong,Mingkang Li,Zitong Wang,Yue Zhang,Xuexiong Luo

DOI: https://doi.org/10.1145/3603719.3603739

2023-07-22

Abstract:Graph structure patterns are widely used to model different area data recently. How to detect anomalous graph information on these graph data has become a popular research problem. The objective of this research is centered on the particular issue that how to detect abnormal graphs within a graph set. The previous works have observed that abnormal graphs mainly show node-level and graph-level anomalies, but these methods equally treat two anomaly forms above in the evaluation of abnormal graphs, which is contrary to the fact that different types of abnormal graph data have different degrees in terms of node-level and graph-level anomalies. Furthermore, abnormal graphs that have subtle differences from normal graphs are easily escaped detection by the existing methods. Thus, we propose a multi-representations space separation based graph-level anomaly-aware detection framework in this paper. To consider the different importance of node-level and graph-level anomalies, we design an anomaly-aware module to learn the specific weight between them in the abnormal graph evaluation process. In addition, we learn strictly separate normal and abnormal graph representation spaces by four types of weighted graph representations against each other including anchor normal graphs, anchor abnormal graphs, training normal graphs, and training abnormal graphs. Based on the distance error between the graph representations of the test graph and both normal and abnormal graph representation spaces, we can accurately determine whether the test graph is anomalous. Our approach has been extensively evaluated against baseline methods using ten public graph datasets, and the results demonstrate its effectiveness.

Machine Learning,Artificial Intelligence

Jie Wen,Nan Jiang,Lang Li,Jie Zhou,Yanpei Li,Hualin Zhan,Guang Kou,Weihao Gu,Jiahui Zhao

DOI: https://doi.org/10.1145/3672401

2024-06-19

Abstract:With the rise of mobile Internet and AI, social media integrating short messages, images, and videos has developed rapidly. As a guarantee for the stable operation of social media, information security, especially graph anomaly detection (GAD), has become a hot issue inspired by the extensive attention of researchers. Most GAD methods are mainly limited to enhancing the homophily or considering homophily and heterophilic connections. Nevertheless, due to the deceptive nature of homophily connections among anomalies, the discriminative information of the anomalies can be eliminated. To alleviate the issue, we explore a novel method TA-Detector in GAD by introducing the concept of trust into the classification of connections. In particular, the proposed approach adopts a designed trust classier to distinguish trust and distrust connections with the supervision of labeled nodes. Then, we capture the latent factors related to GAD by graph neural networks (GNN), which integrate node interaction type information and node representation. Finally, to identify anomalies in the graph, we use the residual network mechanism to extract the deep semantic embedding information related to GAD. Experimental results on two real benchmark datasets verify that our proposed approach boosts the overall GAD performance in comparison to benchmark baselines.

computer science, information systems, theory & methods, software engineering

Weina Niu,Zhenqi Yu,Zimu Li,Beibei Li,Runzi Zhang,Xiaosong Zhang

DOI: https://doi.org/10.1109/globecom48099.2022.10000804

2022-01-01

Abstract:Information systems have penetrated into all areas of social life, however, unknown threats represented by APT attacks pose serious challenges to their security. In recent years, approaches based on log analysis and provenance graph have been extensively used in the anomaly detection and tracing of malicious attacks. However, traditional method has low detection accuracy, high complexity and low efficiency. To address those shortcomings, we propose an efficient anomaly tracing approach (LogTracer), which combines system log detection and provenance graph together. The proposed LogTracer extracts the attack path from provenance graph, which is constructed with the anomaly degrees of the system logs anomaly detection results. Compar-ative experiments with OmegaLog, NoDoze and ALchemist are conducted on a simulated dataset with 16 attack types totaling 290 million logs. The experimental results show that our method approximately 5.4x, 0.2x and 7.2x faster than these three methods in processing efficiency, and its malicious node coverage rate reaches 98.1%.

Sicai Lv,Yang Liu,Zhiyao Liu,Wang Chao,Chenrui Wu,Bailing Wang

DOI: https://doi.org/10.1109/ddcls49620.2020.9275048

2020-01-01

Abstract:Due to the diversity of network traffic flow, intrusion detection is usually studied as an anomaly detection problem. In this paper, Positive-unlabeled with Non-negative Risk Estimator(nnPU) learning is introduced for intrusion detection. The cyber attacks is treated as positive samples in PU learning. A risk estimator is raised to estimates the binary classification loss. For data imbalance in intrusion detection, we improve the risk estimator of nnPU through focal loss(FL-nnPU). The dynamic weights in focal loss is used to balance the small class prior. The experiments result show that FL-nnPU have a close performance to binary classification, and it performs better than nnPU under data imbalance problems.

Hui Zhang,Zuxuan Wu,Zheng Wang,Zhineng Chen,Yu-Gang Jiang

DOI: https://doi.org/10.1109/cvpr52729.2023.01562

2022-01-01

Computer Vision and Pattern Recognition

Abstract:Anomaly detection and localization are widely used in industrial manufacturing for its efficiency and effectiveness. Anomalies are rare and hard to collect and supervised models easily over-fit to these seen anomalies with a handful of abnormal samples, producing unsatisfactory performance. On the other hand, anomalies are typically subtle, hard to discern, and of various appearance, making it difficult to detect anomalies and let alone locate anomalous regions. To address these issues, we propose a framework called Prototypical Residual Network (PRN), which learns feature residuals of varying scales and sizes between anomalous and normal patterns to accurately reconstruct the segmentation maps of anomalous regions. PRN mainly consists of two parts: multi-scale prototypes that explicitly represent the residual features of anomalies to normal patterns; a multisize self-attention mechanism that enables variable-sized anomalous feature learning. Besides, we present a variety of anomaly generation strategies that consider both seen and unseen appearance variance to enlarge and diversify anomalies. Extensive experiments on the challenging and widely used MVTec AD benchmark show that PRN outperforms current state-of-the-art unsupervised and supervised methods. We further report SOTA results on three additional datasets to demonstrate the effectiveness and generalizability of PRN.

Yiqing Lin,Jianheng Tang,Chenyi Zi,H.Vicky Zhao,Yuan Yao,Jia Li

2024-11-10

Abstract:Graph Anomaly Detection (GAD) aims to identify uncommon, deviated, or suspicious objects within graph-structured data. Existing methods generally focus on a single graph object type (node, edge, graph, etc.) and often overlook the inherent connections among different object types of graph anomalies. For instance, a money laundering transaction might involve an abnormal account and the broader community it interacts with. To address this, we present UniGAD, the first unified framework for detecting anomalies at node, edge, and graph levels jointly. Specifically, we develop the Maximum Rayleigh Quotient Subgraph Sampler (MRQSampler) that unifies multi-level formats by transferring objects at each level into graph-level tasks on subgraphs. We theoretically prove that MRQSampler maximizes the accumulated spectral energy of subgraphs (i.e., the Rayleigh quotient) to preserve the most significant anomaly information. To further unify multi-level training, we introduce a novel GraphStitch Network to integrate information across different levels, adjust the amount of sharing required at each level, and harmonize conflicting training goals. Comprehensive experiments show that UniGAD outperforms both existing GAD methods specialized for a single task and graph prompt-based approaches for multiple tasks, while also providing robust zero-shot task transferability. All codes can be found at <a class="link-external link-https" href="https://github.com/lllyyq1121/UniGAD" rel="external noopener nofollow">this https URL</a>.

Machine Learning