Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Anomaly Detection in Dynamic Graphs: A Comprehensive Survey

Ocheme Anthony Ekle, William Eberle

TL;DR

Anomaly detection in dynamic graphs addresses identifying patterns that deviate from normal behavior in graphs that evolve over time. The paper introduces a DGAD framework that categorizes approaches into traditional ML, matrix factorization, probabilistic, and deep learning methods, and discusses discrete, continuous, and hybrid representations of dynamic graphs. It surveys a broad set of algorithms, including node/edge/subgraph anomaly tasks, and documents datasets and evaluation metrics used in dynamic graph anomaly detection. The authors highlight challenges such as scalability, temporal dynamics, explainability, and fairness, and outline future directions for robust, scalable, and interpretable dynamic graph anomaly detection.

Abstract

This survey paper presents a comprehensive and conceptual overview of anomaly detection using dynamic graphs. We focus on existing graph-based anomaly detection (AD) techniques and their applications to dynamic networks. The contributions of this survey paper include the following: i) a comparative study of existing surveys on anomaly detection; ii) a Dynamic Graph-based Anomaly Detection (DGAD) review framework in which approaches for detecting anomalies in dynamic graphs are grouped based on traditional machine-learning models, matrix transformations, probabilistic approaches, and deep-learning approaches; iii) a discussion of graphically representing both discrete and dynamic networks; and iv) a discussion of the advantages of graph-based techniques for capturing the relational structure and complex interactions in dynamic graph data. Finally, this work identifies the potential challenges and future directions for detecting anomalies in dynamic networks. This DGAD survey approach aims to provide a valuable resource for researchers and practitioners by summarizing the strengths and limitations of each approach, highlighting current research trends, and identifying open challenges. In doing so, it can guide future research efforts and promote advancements in anomaly detection in dynamic graphs. Keywords: Graphs, Anomaly Detection, dynamic networks,Graph Neural Networks (GNN), Node anomaly, Graph mining.

Anomaly Detection in Dynamic Graphs: A Comprehensive Survey

TL;DR

Anomaly detection in dynamic graphs addresses identifying patterns that deviate from normal behavior in graphs that evolve over time. The paper introduces a DGAD framework that categorizes approaches into traditional ML, matrix factorization, probabilistic, and deep learning methods, and discusses discrete, continuous, and hybrid representations of dynamic graphs. It surveys a broad set of algorithms, including node/edge/subgraph anomaly tasks, and documents datasets and evaluation metrics used in dynamic graph anomaly detection. The authors highlight challenges such as scalability, temporal dynamics, explainability, and fairness, and outline future directions for robust, scalable, and interpretable dynamic graph anomaly detection.

Abstract

This survey paper presents a comprehensive and conceptual overview of anomaly detection using dynamic graphs. We focus on existing graph-based anomaly detection (AD) techniques and their applications to dynamic networks. The contributions of this survey paper include the following: i) a comparative study of existing surveys on anomaly detection; ii) a Dynamic Graph-based Anomaly Detection (DGAD) review framework in which approaches for detecting anomalies in dynamic graphs are grouped based on traditional machine-learning models, matrix transformations, probabilistic approaches, and deep-learning approaches; iii) a discussion of graphically representing both discrete and dynamic networks; and iv) a discussion of the advantages of graph-based techniques for capturing the relational structure and complex interactions in dynamic graph data. Finally, this work identifies the potential challenges and future directions for detecting anomalies in dynamic networks. This DGAD survey approach aims to provide a valuable resource for researchers and practitioners by summarizing the strengths and limitations of each approach, highlighting current research trends, and identifying open challenges. In doing so, it can guide future research efforts and promote advancements in anomaly detection in dynamic graphs. Keywords: Graphs, Anomaly Detection, dynamic networks,Graph Neural Networks (GNN), Node anomaly, Graph mining.
Paper Structure (75 sections, 13 equations, 4 figures, 6 tables)

This paper contains 75 sections, 13 equations, 4 figures, 6 tables.

Table of Contents

  1. Introduction
  2. Existing Surveys on Anomaly Detection
  3. Proposed Framework and Structure
  4. Contributions
  5. Background
  6. Understanding Anomalies
  7. Point Anomalies
  8. Contextual Anomalies
  9. Collective Anomalies
  10. Anomaly Detection in Static Graph
  11. What is an anomaly in a static graph?
  12. Existing works in Static Graphs:
  13. Anomaly Detection in Dynamic Graph
  14. Types of Anomalies in Dynamic Graph
  15. Node-level Anomalies:
  16. ...and 60 more sections

Figures (4)

  • Figure 1: Dynamic Graph Representation: (1a) illustrates change in the dynamic graph $\mathcal{G} = (G_1, G_2, \dots, G_T)$, in which changes occur in distinct time intervals (that is, changes are not continuous but rather at specific time points, signifying a pattern of discrete changes over time). (1b) captures a snapshot of an evolving dynamic graph ($\mathcal{G} = (V_t, E_t, \mathcal{T})$), where $V_t$ represents the node set, $E_t$ signifies the evolving edge set, and $\mathcal{T}$ denotes the sequence of time steps over which the dynamic graph evolves. The illustration is embedded within a continuous temporal context, reflecting changes that are not confined to specific time points but instead manifest as continuous transformations.
  • Figure 2: An Overview of Survey Framework on Dynamic Graph-based Anomaly Detection (DGAD).
  • Figure 3: An Overview of how a single target node $U$ aggregates messages from its local neighborhood (recreated from Leskovec et al. lecture slide fig3_message_parsing). Given an input graph, the model computes the neighborhood embedding $h_{U}^{(2)}$ by aggregating the messages from $U$'s local neighbors (nodes $Z, Y, V$), and these incoming messages are based on the information aggregated from their respective layers' representations, $h_{Z}^{(1)}$ for node $Z$, $h_{Y}^{(1)}$ for node $Y$, and $h_{V}^{(1)}$ for node $V$.
  • Figure 4: A timeline illustrating the chronological progression of Anomaly Detection (AD) methods in dynamic graphs from 2016 to 2023, as outlined in Table \ref{['tab2_AD_approach']}. The timeline reflects the publication years, including months, and denotes when each model was initially publicized. Note that the timeline may differ from the citation year if a paper was pre-published.

Theorems & Definitions (8)

  • Definition 1
  • Definition 2: Node Anomaly in static graph:
  • Definition 3: Edge Anomaly in Attributed static graph:
  • Definition 4: Dynamic graph:
  • Definition 5
  • Definition 6
  • Definition 7
  • Definition 8