Haodong Yan,Fudong Li,Jinglong Chen,Zijun Liu,Jun Wang,Yong Feng,Xinwei Zhang

DOI: https://doi.org/10.1016/j.ress.2023.109418

2023-06-09

Abstract:Real-time anomaly detection is essential for the safe launch of some sophisticated equipment, such as liquid rocket engines (LRE), in order to head off disasters. However, the Industrial Internet of Things (IIoT) edge's real-time requirements cannot be addressed by the present methodologies, and the outcome is poor when dealing with a lack of training samples on the device side. We provide a solution for device-side real-time anomaly detection using the architecture known as Graph Embedded in Graph Networks to address these issues (GG-Nets). To fully extract features under insufficient training data, in our method, we learn the temporal relationship of timestamps in the multivariate signal through a time-series graph attention network (T-GAT) and extract features, and use the extracted features to replace the original signal as the information of the sensor attention network (S-GAT) nodes. For efficiency, the signals in the original sample are divided into odd and even sequences, which greatly reduces the number of nodes in the T-GAT. Experiments reveal that the proposed method outperforms other state-of-the-art models on the LRE ignition dataset. Furthermore, the ablation experiment proves that each module of the model improves the effect and extensive discussions explore interpretability. Our code can be found on: https://github.com/yhd-ai/GG-Nets .

engineering, industrial,operations research & management science

Andy Zhou,Xiaojun Xu,Ramesh Raghunathan,Alok Lal,Xinze Guan,Bin Yu,Bo Li

2024-10-11

Abstract:Graph-based anomaly detection is pivotal in diverse security applications, such as fraud detection in transaction networks and intrusion detection for network traffic. Standard approaches, including Graph Neural Networks (GNNs), often struggle to generalize across shifting data distributions. Meanwhile, real-world domain knowledge is more stable and a common existing component of real-world detection strategies. To explicitly integrate such knowledge into data-driven models such as GCNs, we propose KnowGraph, which integrates domain knowledge with data-driven learning for enhanced graph-based anomaly detection. KnowGraph comprises two principal components: (1) a statistical learning component that utilizes a main model for the overarching detection task, augmented by multiple specialized knowledge models that predict domain-specific semantic entities; (2) a reasoning component that employs probabilistic graphical models to execute logical inferences based on model outputs, encoding domain knowledge through weighted first-order logic formulas. Extensive experiments on these large-scale real-world datasets show that KnowGraph consistently outperforms state-of-the-art baselines in both transductive and inductive settings, achieving substantial gains in average precision when generalizing to completely unseen test graphs. Further ablation studies demonstrate the effectiveness of the proposed reasoning component in improving detection performance, especially under extreme class imbalance. These results highlight the potential of integrating domain knowledge into data-driven models for high-stakes, graph-based security applications.

Cryptography and Security,Artificial Intelligence,Machine Learning

Wei Dong,Yi Gao,Haoyu Li

DOI: https://doi.org/10.1109/ICPADS60453.2023.00055

2023-12-17

Abstract:The popularity of the wireless network and the embedded system has promoted the widespread application of the Internet of Things (IoT) monitoring system which detects anomalies for discovering emergency events to avoid losses by deploying various sensors. In the face of anomaly detection algorithms for multi-dimensional data in the IoT monitoring system, the currently popular method is to implement a model based on the graph neural network (GNN). Graph attention network (GAT), a mutant of GNN, is widely used because of the attention mechanism in capturing multi-dimensional nonlinear features between nodes. However, the GAT’s weakness in processing complex temporal features leads to the fact that anomalies with distinctive temporal features are hard to detect. In this paper, we propose Time-Series Graph Attention Network (TSGAT), an innovative GAT-based model for anomaly detection. Given the simplified attention mechanism of the GAT and its weakness in extracting temporal pattern features, we embed the time-series layer to enhance the ability to process time-series data. In addition, we designed the loss function and anomaly scoring mechanism based on data reconstruction features, multidimensional features, and temporal features. TSGAT achieves the improvement of 7%-8% F1 score on two classical public datasets for IoT monitoring: SWaT and WADI, compared with the state-of-the-art GNN-based anomaly detection model.

Computer Science,Engineering

Guoying Wang,Jiafeng Ai,Lufeng Mo,Xiaomei Yi,Peng Wu,Xiaoping Wu,Linjun Kong

DOI: https://doi.org/10.3390/drones7050326

IF: 5.532

2023-05-19

Drones

Abstract:Anomaly detection has an important impact on the development of unmanned aerial vehicles, and effective anomaly detection is fundamental to their utilization. Traditional anomaly detection discriminates anomalies for single-dimensional factors of sensing data, which often performs poorly in multidimensional data scenarios due to weak computational scalability and the problem of dimensional catastrophe, ignoring potential correlations between sensing data and some important information of certain characteristics. In order to capture the correlation of multidimensional sensing data and improve the accuracy of anomaly detection effectively, GTAF, an anomaly detection model for multivariate sequences based on an improved graph neural network with a transformer, a graph attention mechanism and a multi-channel fusion mechanism, is proposed in this paper. First, we added a multi-channel transformer structure for intrinsic pattern extraction of different data. Then, we combined the multi-channel transformer structure with GDN’s original graph attention network (GAT) to attain better capture of features of time series, better learning of dependencies between time series and hence prediction of future values of adjacent time series. Finally, we added a multi-channel data fusion module, which utilizes channel attention to integrate global information and upgrade anomaly detection accuracy. The results of experiments show that the average accuracies of GTAF, the anomaly detection model proposed in this paper, are 92.83% and 96.59% on two datasets from unmanned systems, respectively, which has higher accuracy and computational efficiency compared with other methods.

Sanggeon Yun,Ryozo Masukawa,William Youngwoo Chung,Minhyoung Na,Nathaniel Bastian,Mohsen Imani

2024-11-14

Abstract:The increasing demand for robust security solutions across various industries has made Video Anomaly Detection (VAD) a critical task in applications such as intelligent surveillance, evidence investigation, and violence detection. Traditional approaches to VAD often rely on finetuning large pre-trained models, which can be computationally expensive and impractical for real-time or resource-constrained environments. To address this, MissionGNN introduced a more efficient method by training a graph neural network (GNN) using a fixed knowledge graph (KG) derived from large language models (LLMs) like GPT-4. While this approach demonstrated significant efficiency in computational power and memory, it faces limitations in dynamic environments where frequent updates to the KG are necessary due to evolving behavior trends and shifting data patterns. These updates typically require cloud-based computation, posing challenges for edge computing applications. In this paper, we propose a novel framework that facilitates continuous KG adaptation directly on edge devices, overcoming the limitations of cloud dependency. Our method dynamically modifies the KG through a three-phase process: pruning, alternating, and creating nodes, enabling real-time adaptation to changing data trends. This continuous learning approach enhances the robustness of anomaly detection models, making them more suitable for deployment in dynamic and resource-constrained environments.

Machine Learning

Xiaokang Zhou,Jiayi Wu,Wei Liang,Kevin I-Kai Wang,Zheng Yan,Laurence T Yang,Qun Jin

DOI: https://doi.org/10.1109/TNNLS.2024.3389714

Abstract:The proliferation of Internet-of-Things (IoT) technologies in modern smart society enables massive data exchange for offering intelligent services. It becomes essential to ensure secure communications while exchanging highly sensitive IoT data efficiently, which leads to high demands for lightweight models or algorithms with limited computation capability provided by individual IoT devices. In this study, a graph representation learning model, which seamlessly incorporates graph neural network (GNN) and knowledge distillation (KD) techniques, named reconstructed graph with global-local distillation (RG-GLD), is designed to realize the lightweight anomaly detection across IoT communication networks. In particular, a new graph network reconstruction strategy, which treats data communications as nodes in a directed graph while edges are then connected according to two specifically defined rules, is devised and applied to facilitate the graph representation learning in secure and efficient IoT communications. Both the structural and traffic features are then extracted from the graph data and flow data respectively, based on the graph attention network (GAT) and multilayer perceptron (MLP) techniques. These can benefit the GNN-based KD process in accordance with the more effective feature fusion and representation, considering both structural and data levels across the dynamic IoT networks. Furthermore, a lightweight local subgraph preservation mechanism improved by the graph attention mechanism and downsampling scheme to better utilize the topological information, and a so-called global information alignment defined based on the self-attention mechanism to effectively preserve the global information, are developed and incorporated in a refined graph attention based KD scheme. Compared with four different baseline methods, experiments and evaluations conducted based on two public datasets demonstrate the usefulness and effectiveness of our proposed model in improving the efficiency of knowledge transfer with higher classification accuracy but lower computational load, which can be deployed for lightweight anomaly detection in sustainable IoT computing environments.

Liwen Zhou,Qingkui Zeng,Bo Li

DOI: https://doi.org/10.1109/access.2022.3167640

IF: 3.9

2022-01-01

IEEE Access

Abstract:In the real world, a large number of multivariate time series data are generated by Internet of Things systems, which are composed of many connected sensing devices. Therefore, it is impractical to consider only a single univariate time series for decision-making. High-dimensional time series decrease the performance of traditional anomaly detection methods. Moreover, many previously developed methods capture temporal correlations instead of spatial correlations. Therefore, it is necessary to learn the temporal and spatial correlations between different time series and timestamps. In this paper, to achieve improved anomaly detection performance for multivariate time series, we propose a novel architecture based on a graph attention network (GAT) with multihead dynamic attention (MDA). This framework simultaneously learns the dependencies between sensors in both the temporal and spatial dimensions. To tackle the overfitting problem in autoencoder (AE)-based methods, we propose a hybrid approach that combines a novel generative adversarial network (GAN) architecture as a reconstruction model with a multilayer perceptron (MLP) as a prediction-based model to detect anomalies together. The detection framework proposed in this paper is called the HAD-multihead dynamic GAT (MDGAT). Extensive experiments on different public benchmarks demonstrate the superior performance of HAD-MDGAT over state-of-the-art methods.

computer science, information systems,telecommunications,engineering, electrical & electronic

Siwei Guan,Binjie Zhao,Zhekang Dong,Mingyu Gao,Zhiwei He

DOI: https://doi.org/10.3390/e24060759

IF: 2.738

2022-05-28

Entropy

Abstract:The rapid development of smart factories, combined with the increasing complexity of production equipment, has resulted in a large number of multivariate time series that can be recorded using sensors during the manufacturing process. The anomalous patterns of industrial production may be hidden by these time series. Previous LSTM-based and machine-learning-based approaches have made fruitful progress in anomaly detection. However, these multivariate time series anomaly detection algorithms do not take into account the correlation and time dependence between the sequences. In this study, we proposed a new algorithm framework, namely, graph attention network and temporal convolutional network for multivariate time series anomaly detection (GTAD), to address this problem. Specifically, we first utilized temporal convolutional networks, including causal convolution and dilated convolution, to capture temporal dependencies, and then used graph neural networks to obtain correlations between sensors. Finally, we conducted sufficient experiments on three public benchmark datasets, and the results showed that the proposed method outperformed the baseline method, achieving detection results with F1 scores higher than 95% on all datasets.

physics, multidisciplinary

Ziyu Guo,Weiyang Kong,Yubao Liu

DOI: https://doi.org/10.1109/ijcnn60899.2024.10649927

2024-01-01

Abstract:Anomaly detection in time series data (e.g., sensor data) is becoming a fundamental research problem that has various applications. Due to the complex inter-sensor relationships, it is challenging to detect anomalous events such as system faults and attacks hidden the high-dimensional time series. Recent advancements in deep learning approaches such as Graph Neural Networks (GNN) have greatly improved anomaly detection performance in time series data. However, existing methods do not learn the dependence relationships between sensors and groups of sensors and may not efficiently detect anomalous events in time series. In this paper, we propose a novel approach GGNN (short for Grouped Graph Neural Networks) that combines a structure learning approach with graph neural networks. In particular, GGNN learns the graph structure containing groups of sensors, which are represented by virtual nodes. In addition, we use the learned graph structure and attention weights to explain the detected anomalies. The experiments on three real world datasets show our superiority in detection accuracy, anomaly diagnosis, and model interpretation compared with state-of-the-art methods.

Kang Xu,Yuan Li,Yixuan Li,Liyan Xu,Ruiyao Li,Zhenjiang Dong

DOI: https://doi.org/10.3390/s23177552

IF: 3.9

2023-08-31

Sensors

Abstract:Anomaly detection has been widely used in grid operation and maintenance, machine fault detection, and so on. In these applications, the multivariate time-series data from multiple sensors with latent relationships are always high-dimensional, which makes multivariate time-series anomaly detection particularly challenging. In existing unsupervised anomaly detection methods for multivariate time series, it is difficult to capture the complex associations among multiple sensors. Graph neural networks (GNNs) can model complex relations in the form of a graph, but the observed time-series data from multiple sensors lack explicit graph structures. GNNs cannot automatically learn the complex correlations in the multivariate time-series data or make good use of the latent relationships among time-series data. In this paper, we propose a new method—masked graph neural networks for unsupervised anomaly detection (MGUAD). MGUAD can learn the structure of the unobserved causality among sensors to detect anomalies. To robustly learn the temporal context from adjacent time points of time-series data from the same sensor, MGUAD randomly masks some points of the time-series data from the sensor and reconstructs the masked time points. Similarly, to robustly learn the graph-level context from adjacent nodes or edges in the relation graph of multivariate time series, MGUAD masks some nodes or edges in the graph under the framework of a GNN. Comprehensive experiments are conducted on three public datasets. According to the experimental findings, MGUAD outperforms state-of-the-art anomaly detection methods.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Xiang Li,Jianpeng Qi,Zhongying Zhao,Guanjie Zheng,Lei Cao,Junyu Dong,Yanwei Yu

2024-11-19

Abstract:Graph anomaly detection (GAD) is a critical task in graph machine learning, with the primary objective of identifying anomalous nodes that deviate significantly from the majority. This task is widely applied in various real-world scenarios, including fraud detection and social network analysis. However, existing GAD methods still face two major challenges: (1) They are often limited to detecting anomalies in single-type interaction graphs and struggle with multiple interaction types in multiplex heterogeneous graphs; (2) In unsupervised scenarios, selecting appropriate anomaly score thresholds remains a significant challenge for accurate anomaly detection. To address the above challenges, we propose a novel Unsupervised Multiplex Graph Anomaly Detection method, named UMGAD. We first learn multi-relational correlations among nodes in multiplex heterogeneous graphs and capture anomaly information during node attribute and structure reconstruction through graph-masked autoencoder (GMAE). Then, to further weaken the influence of noise and redundant information on abnormal information extraction, we generate attribute-level and subgraph-level augmented-view graphs respectively, and perform attribute and structure reconstruction through GMAE. Finally, We learn to optimize node attributes and structural features through contrastive learning between original-view and augmented-view graphs to improve the model's ability to capture anomalies. Meanwhile, we also propose a new anomaly score threshold selection strategy, which allows the model to be independent of the ground truth in real unsupervised scenarios. Extensive experiments on four datasets show that our \model significantly outperforms state-of-the-art methods, achieving average improvements of 13.48% in AUC and 11.68% in Macro-F1 across all datasets.

Machine Learning

Yuqi Li,Guosheng Zang,Chunyao Song,Xiaojie Yuan

DOI: https://doi.org/10.1016/j.ipm.2024.103905

IF: 7.466

2024-09-28

Information Processing & Management

Abstract:Graph-based anomaly detection aims to identify anomalous vertices in graph-structured data. It relies on the ability of graph neural networks (GNNs) to capture both relational and attribute information within graphs. However, previous GNN-based methods exhibit two critical shortcomings. Firstly, GNN is inherently a low-pass filter that tends to lead similar representations of neighboring vertices, which may result in the loss of critical anomalous information, termed as low-frequency constraints. Secondly, anomalous vertices that deliberately mimic normal vertices in features and structures are hard to detect, especially when the distribution of labels is unbalanced. To address these defects, we propose a U niversal A daptive A lgorithm for G raph A nomaly D etection ( U-A 2 GAD ), which employs enhanced high frequency filters to overcome the low-frequency constraints, as well as aggregating both k -nearest neighbor ( k NN) and k -farthest neighbor ( k FN) to resolve the vertices' camouflage problem. Extensive experiments demonstrated the effectiveness and universality of our proposed U-A 2 GAD and its constituent components, achieving improvements of up to 6% and an average increase of 2% on AUC-PR over the state-of-the-art methods. The source codes, and parameter setting details can be found at https://github.com/LIyvqi/U-A2GAD .

computer science, information systems,information science & library science

Mengmeng Zhao,Haipeng Peng,Lixiang Li,Yeqing Ren

DOI: https://doi.org/10.3390/s24051522

IF: 3.9

2024-02-27

Sensors

Abstract:Time series anomaly detection is very important to ensure the security of industrial control systems (ICSs). Many algorithms have performed well in anomaly detection. However, the performance of most of these algorithms decreases sharply with the increase in feature dimension. This paper proposes an anomaly detection scheme based on Graph Attention Network (GAT) and Informer. GAT learns sequential characteristics effectively, and Informer performs excellently in long time series prediction. In addition, long-time forecasting loss and short-time forecasting loss are used to detect multivariate time series anomalies. Short-time forecasting is used to predict the next time value, and long-time forecasting is employed to assist the short-time prediction. We conduct a large number of experiments on industrial control system datasets SWaT and WADI. Compared with most advanced methods, we achieve competitive results, especially on higher-dimensional datasets. Moreover, the proposed method can accurately locate anomalies and realize interpretability.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Zhe Liu,Xiang Huang,Jingyun Zhang,Zhifeng Hao,Li Sun,Hao Peng

DOI: https://doi.org/10.1145/3627673.3679614

2024-08-23

Abstract:Unsupervised anomaly detection in time series is essential in industrial applications, as it significantly reduces the need for manual intervention. Multivariate time series pose a complex challenge due to their feature and temporal dimensions. Traditional methods use Graph Neural Networks (GNNs) or Transformers to analyze spatial while RNNs to model temporal dependencies. These methods focus narrowly on one dimension or engage in coarse-grained feature extraction, which can be inadequate for large datasets characterized by intricate relationships and dynamic changes. This paper introduces a novel temporal model built on an enhanced Graph Attention Network (GAT) for multivariate time series anomaly detection called TopoGDN. Our model analyzes both time and feature dimensions from a fine-grained perspective. First, we introduce a multi-scale temporal convolution module to extract detailed temporal features. Additionally, we present an augmented GAT to manage complex inter-feature dependencies, which incorporates graph topology into node features across multiple scales, a versatile, plug-and-play enhancement that significantly boosts the performance of GAT. Our experimental results confirm that our approach surpasses the baseline models on four datasets, demonstrating its potential for widespread application in fields requiring robust anomaly detection. The code is available at <a class="link-external link-https" href="https://github.com/ljj-cyber/TopoGDN" rel="external noopener nofollow">this https URL</a>.

Machine Learning,Artificial Intelligence

Katie Buchhorn,Edgar Santos-Fernandez,Kerrie Mengersen,Robert Salomone

DOI: https://doi.org/10.12688/f1000research.136097.2

2024-03-28

F1000Research

Abstract:Background Water is the lifeblood of river networks, and its quality plays a crucial role in sustaining both aquatic ecosystems and human societies. Real-time monitoring of water quality is increasingly reliant on in-situ sensor technology. Anomaly detection is crucial for identifying erroneous patterns in sensor data, but can be a challenging task due to the complexity and variability of the data, even under typical conditions. This paper presents a solution to the challenging task of anomaly detection for river network sensor data, which is essential for accurate and continuous monitoring. Methods We use a graph neural network model, the recently proposed Graph Deviation Network (GDN), which employs graph attention-based forecasting to capture the complex spatio-temporal relationships between sensors. We propose an alternate anomaly threshold criteria for the model, GDN+, based on the learned graph. To evaluate the model’s efficacy, we introduce new benchmarking simulation experiments with highly-sophisticated dependency structures and subsequence anomalies of various types. We also introduce software called gnnad. Results We further examine the strengths and weaknesses of this baseline approach, GDN, in comparison to other benchmarking methods on complex real-world river network data. Conclusions Findings suggest that GDN+ outperforms the baseline approach in high-dimensional data, while also providing improved interpretability.

English Else

Shuo Liang,Dechang Pi,Xiangyan Zhang

DOI: https://doi.org/10.1088/1361-6501/ad545e

IF: 2.398

2024-06-06

Measurement Science and Technology

Abstract:Multivariate time series (MTS) anomaly detection is vital for ensuring the safety and reliability of large-scale industrial systems. However, existing deep learning methods often overlook complex interrelationships between different time series and the study of anomalies has been limited to detection. To address this, we propose an MTS anomaly detection model based on transfer entropy (TE) and graph attention network (GAT). In the graph construction module, by combining modified TE with automatic structure learning, we extract intricate relationships between features. In the prediction module, we modify the GAT to implement the dynamic attention mechanism and non-linear interaction between different features to improve the accuracy of model prediction. Finally, our model combines the modified TE with anomaly detection task, which can be used to provide interpretability for the detected anomalies using the constructed causal graph. Experimental results on both real and public datasets show that our approach outperforms the mainstream methods, in particular, achieving optimal results in terms of F1 scores and recall.

engineering, multidisciplinary,instruments & instrumentation

Ziyu Guo,Weiyang Kong,Yubao Liu

DOI: https://doi.org/10.1088/1742-6596/2735/1/012016

2024-04-09

Journal of Physics Conference Series

Abstract:Anomaly detection in time series data (e.g., sensor data) is becoming a fundamental research problem that has various applications. Due to the complex inter-sensor relationships, it is challenging to detect anomalous events such as system faults and attacks hidden the high-dimensional time series. Recent advancements in deep learning approaches such as Graph Neural Networks (GNN) have greatly improved anomaly detection performance in time series data. However, existing methods usually use separate components to capture spatial and temporal dependence relationship and ignore the heterogeneities in spatial-temporal data which motivates us to capture them together. In this paper, we propose a novel approach STGDNN (short for Spatial-Temporal Graph Deviation Neural Networks) that learns the spatial-temporal dependence relationship together in structure learning of graph neural networks. In addition, we use the learned spatial-temporal graph structure and attention weights to explain the detected anomalies. The experiments on three real world datasets show our superiority in detection accuracy, anomaly diagnosis, and model interpretation compared with state-of-the-art methods.

Li Zheng,Zhenpeng Li,Jian Li,Zhao Li,Jun Gao

DOI: https://doi.org/10.24963/ijcai.2019/614

2019-08-01

Abstract:Anomaly detection in dynamic graphs becomes very critical in many different application scenarios, e.g., recommender systems, while it also raises huge challenges due to the high flexible nature of anomaly and lack of sufficient labelled data. It is better to learn the anomaly patterns by considering all possible features including the structural, content and temporal features, rather than utilizing heuristic rules over the partial features. In this paper, we propose AddGraph, a general end-to-end anomalous edge detection framework using an extended temporal GCN (Graph Convolutional Network) with an attention model, which can capture both long-term patterns and the short-term patterns in dynamic graphs. In order to cope with insufficient explicit labelled data, we employ the negative sampling and margin loss in training of AddGraph in a semi-supervised fashion. We conduct extensive experiments on real-world datasets, and illustrate that AddGraph can outperform the state-of-the-art competitors in anomaly detection significantly.

Jie Wen,Nan Jiang,Lang Li,Jie Zhou,Yanpei Li,Hualin Zhan,Guang Kou,Weihao Gu,Jiahui Zhao

DOI: https://doi.org/10.1145/3672401

2024-06-19

Abstract:With the rise of mobile Internet and AI, social media integrating short messages, images, and videos has developed rapidly. As a guarantee for the stable operation of social media, information security, especially graph anomaly detection (GAD), has become a hot issue inspired by the extensive attention of researchers. Most GAD methods are mainly limited to enhancing the homophily or considering homophily and heterophilic connections. Nevertheless, due to the deceptive nature of homophily connections among anomalies, the discriminative information of the anomalies can be eliminated. To alleviate the issue, we explore a novel method TA-Detector in GAD by introducing the concept of trust into the classification of connections. In particular, the proposed approach adopts a designed trust classier to distinguish trust and distrust connections with the supervision of labeled nodes. Then, we capture the latent factors related to GAD by graph neural networks (GNN), which integrate node interaction type information and node representation. Finally, to identify anomalies in the graph, we use the residual network mechanism to extract the deep semantic embedding information related to GAD. Experimental results on two real benchmark datasets verify that our proposed approach boosts the overall GAD performance in comparison to benchmark baselines.

computer science, information systems, theory & methods, software engineering

Amit Roy,Juan Shu,Jia Li,Carl Yang,Olivier Elshocht,Jeroen Smeets,Pan Li

DOI: https://doi.org/10.1145/3616855.3635767

2024-02-06

Abstract:Graph Anomaly Detection (GAD) is a technique used to identify abnormal nodes within graphs, finding applications in network security, fraud detection, social media spam detection, and various other domains. A common method for GAD is Graph Auto-Encoders (GAEs), which encode graph data into node representations and identify anomalies by assessing the reconstruction quality of the graphs based on these representations. However, existing GAE models are primarily optimized for direct link reconstruction, resulting in nodes connected in the graph being clustered in the latent space. As a result, they excel at detecting cluster-type structural anomalies but struggle with more complex structural anomalies that do not conform to clusters. To address this limitation, we propose a novel solution called GAD-NR, a new variant of GAE that incorporates neighborhood reconstruction for graph anomaly detection. GAD-NR aims to reconstruct the entire neighborhood of a node, encompassing the local structure, self-attributes, and neighbor attributes, based on the corresponding node representation. By comparing the neighborhood reconstruction loss between anomalous nodes and normal nodes, GAD-NR can effectively detect any anomalies. Extensive experimentation conducted on six real-world datasets validates the effectiveness of GAD-NR, showcasing significant improvements (by up to 30% in AUC) over state-of-the-art competitors. The source code for GAD-NR is openly available. Importantly, the comparative analysis reveals that the existing methods perform well only in detecting one or two types of anomalies out of the three types studied. In contrast, GAD-NR excels at detecting all three types of anomalies across the datasets, demonstrating its comprehensive anomaly detection capabilities.

Machine Learning