A survey of heterogeneous graph neural networks for cybersecurity anomaly detection

2.1. Graph representations

A graph is a data structure formally defined as G = ( V , E ) , where V is the set of nodes and E is the set of edges that represent relationships between node pairs. ¹⁷

2.1.1. Homogeneous graphs

Homogeneous graphs ¹⁸ are those where all nodes and edges belong to a single type and share the same features and label space. These graphs are widely used in early GNN literature and are often applied to settings such as citation networks or communication graphs, where relationships are uniform across the network. An example is an IP communication graph, where nodes represent IP addresses and edges represent undifferentiated communication links, as shown in Figure 1(a). The uniform structure simplifies both modeling and computation, making homogeneous graphs a foundational case in graph learning research.

OPEN IN VIEWER

Figure 1.

Comparison of homogeneous and heterogeneous graph structures. Panel (a) shows a single-type graph with uniform nodes and edges, while panel (b) shows a heterogeneous cyber graph with multiple entity and relation types.

2.2. Graph neural networks: basics

A fundamental concept in GNNs is the node embedding, which maps each node to a vector in a continuous feature space. Nodes with similar structural roles or semantic attributes are positioned close to each other, enabling graph-structured data to be processed by standard machine learning models while preserving relational patterns. In heterogeneous graphs, embeddings must additionally encode type-specific information, ensuring that differences in node categories and relation types are reflected in the learned representations. To update these embeddings, GNNs employ a message passing mechanism. At each layer l , the representation of a node v is updated by aggregating information from its neighbors:

h v ( l ) = UPDATE ( l ) ( h v ( l − 1 ) , AGGREGATE ( l ) ( { h u ( l − 1 ) : u ∈ N ( v ) } ) ) .

(1)

Dynamic graphs extend the conventional static graph representation by incorporating temporal information into nodes, edges, and their attributes. ²¹ While static graphs capture a single snapshot of relationships, temporal graphs describe how these relationships evolve over time, enabling the modeling of interaction sequences, evolution patterns, and time-dependent dependencies. This temporal perspective is particularly important when analyzing environments in which entity interactions are inherently time-varying.

A critical phenomenon in dynamic graph data is concept drift, ²² where the statistical properties of the graph structure or associated features change over time. Such drift may arise from shifts in connectivity patterns, evolving behavioral trends, or modifications in attribute distributions. If unaccounted for, concept drift can degrade the performance of models trained on historical data, as patterns that were once indicative of normal or abnormal behavior may no longer hold. In the cybersecurity domain, dynamic graph modeling is essential for capturing the continuously changing nature of both benign and malicious activities. User behaviors, network configurations, and attack strategies are not static. They adapt in response to new technologies, security measures, and adversarial tactics. ²³ By representing these evolving interactions—such as user-device access patterns, file transfers, or communication flows—temporal graph analysis enables the detection of emerging anomalies and facilitates proactive threat mitigation. ²⁴ This capability goes beyond the limitations of static graph approaches, which may overlook subtle yet critical temporal signals in security-sensitive environments.

2.4. Types of anomalies in graph-structured data

Anomalies in graph data refer to nodes, edges, or subgraphs whose behaviors significantly deviate from patterns learned from the global topology, local neighborhood context, or temporal evolution. ²⁵ These deviations often correspond to critical events such as coordinated attacks, fraud, misconfiguration, or system failures, particularly in domains such as cybersecurity, financial systems, and industrial monitoring. In both static and dynamic graphs, anomaly detection becomes more challenging, as irregularities may emerge from evolving multi-relational semantics or shift over time. ²⁶

Classical anomaly detection frameworks have traditionally grouped anomalies into three categories: point, contextual, and collective, depending on whether the deviation occurs independently, within a specific context, or through a set of related instances.^27,28 Although conceptually comprehensive, these categories do not align directly with the structural components of graph data. Following recent surveys,^6,7,25 this paper instead adopts a graph-centric taxonomy that categorizes anomalies according to the type of graph element affected.

In this view, node-level anomalies describe individual nodes whose attributes, connectivity, or temporal behaviors deviate from normal patterns.^25,29 Edge-level anomalies capture irregular or suspicious interactions between nodes such as unexpected or unauthorized links that violate relational norms. ²⁷ Subgraph-level anomalies involve groups of nodes and edges that collectively exhibits abnormal topology, density, or semantics, often reflecting coordinated or covert behavior.^25,27 This taxonomy captures the full spectrum of structural irregularities observed in heterogeneous and dynamic graphs and provides a unified conceptual basis for designing and evaluating graph-based anomaly detection models.

2.4.1. Node anomalies

Node anomalies refer to individual nodes whose structural positioning, interaction patterns, or temporal behaviors deviate from the expected norms of a graph. ²⁹ These deviations may be structural (e.g., a user account with unusually low connectivity compared to peers), attribute-based (e.g., a host machine with atypical system configurations), or temporal (e.g., an employee suddenly shifting access to critical servers after months of stable behavior). In cybersecurity datasets such as CERT ³⁰ and UNSW-NB15, ³¹ such anomalies often correspond to insider accounts, compromised devices, or misconfigured hosts that diverge from expected interaction patterns.

To detect node anomalies in static graphs, one common approach is to examine irregularities in local connectivity or interaction density. As shown in Figure 2(a), the anomalous node appears structurally distinct from the rest of the graph because its connectivity pattern differs from that of surrounding nodes. This type of structural outlier can indicate unusual behavior, misconfiguration, or compromised activity. However, static graphs provide only a snapshot view, ignoring the temporal evolution of interactions. As a result, short-lived anomalies may disappear in aggregation, and gradual behavioral shifts may remain undetected. These limitations highlight the need for dynamic graph modeling, where temporal information is explicitly incorporated into anomaly detection.

OPEN IN VIEWER

Figure 2.

Node anomalies in static (a) and dynamic (b) graphs. Panel (a) illustrates a structurally atypical node within a static graph, while panel (b) shows a node whose connectivity pattern changes over time and becomes anomalous at t 2 .

In dynamic graphs, node-level anomalies can manifest through temporal inconsistencies, such as changes in access patterns or community affiliation. In Figure 2(b), a node that appears normal at time t 1 becomes anomalous at t 2 because its interaction pattern changes relative to the surrounding graph. This behavioral drift may indicate a role transition, lateral movement, or policy violation—common in stealthy attacks or insider threats. Capturing context-sensitive anomalies is challenging for static models, which rely on a fixed graph structure and cannot account for temporal or semantic shifts. ²¹ In contrast, HGNN-based approaches offer enhanced capabilities for detecting complex and evolving node behaviors in heterogeneous systems by incorporating temporal reasoning, type-aware message passing, and schema-guided evolution modeling.^4,19

2.4.2. Edge anomalies

Edge anomalies describe irregular interactions between nodes that diverge from expected structural, semantic, or temporal patterns. ³² These deviations are particularly challenging to detect in heterogeneous graphs, where node and edge types constrain valid relationships. In static graphs, anomalous edges often arise when a connection violates known access policies or interaction norms. As shown in Figure 3(a), one highlighted edge links an otherwise typical user-device pattern to a suspicious target, making the irregularity visible at the relation level rather than the node level alone. In cybersecurity contexts, such an anomalous edge may correspond to unauthorized access, privilege escalation, or misuse of restricted resources.

OPEN IN VIEWER

Figure 3.

Edge anomalies in static (a) and dynamic (b) graphs. Panel (a) highlights an irregular edge in an otherwise normal interaction pattern, while panel (b) shows a new suspicious edge appearing over time at t 2 .

In dynamic graphs, edge anomalies are characterized by abrupt changes in connectivity over time. ³² In Figure 3(b), the interaction pattern at t 1 appears routine, whereas at t 2 a new suspicious edge emerges. Such changes qualify as edge anomalies because the irregularity arises from the appearance of a new connection that deviates from historical or role-consistent patterns, rather than from the intrinsic properties of the node itself. In cybersecurity contexts, these anomalous edges may signal privilege escalation or lateral movement, where attackers establish unauthorized links to new devices or systems. Detecting these anomalies requires sensitivity to both relational semantics and temporal evolution. HGNN-based models address this by learning edge-aware representations, capturing interaction dynamics across time, and incorporating context through attention-based aggregation mechanisms.^18,33

2.4.3. Subgraph anomalies

Subgraph anomalies arise when a group of nodes and edges collectively exhibit behavior that deviates from the structural or semantic norms of the overall graph. ³² Unlike node or edge anomalies, which are localized to individual elements, subgraph anomalies involve the topology, density, or temporal dynamics of a subset, often reflecting coordinated or covert behavior. In static graphs, such anomalies are typically characterized by irregular internal connectivity, motif structures, or semantic outliers. ³⁴ As shown in Figure 4(a), a compact highlighted region forms a dense local structure that stands apart from the broader graph topology. This kind of isolated dense subgraph may indicate covert collaboration, unauthorized exchanges, or coordinated malicious behavior. Recent work on subgraph anomaly detection over dynamic graphs highlights that such irregular substructures are critical indicators of coordinated attacks and evolving malicious behaviors. ³⁵ In dynamic graphs, subgraph anomalies can emerge through temporal densification or behavioral shifts.^36,37 As illustrated in Figure 4(b), a relatively sparse subgraph at t 1 becomes much denser at t 2 . This sudden increase in internal connectivity suggests coordinated activity that may signal collusion or synchronized access behavior. Detecting subgraph anomalies requires reasoning over higher-order structures and capturing temporal progression. HGNN-based approaches support this by enabling subgraph-level representations, modeling group semantics, and incorporating dynamic context to identify complex, evolving group behaviors.^37–39

OPEN IN VIEWER

Figure 4.

Subgraph anomalies in static (a) and dynamic (b) graphs. Panel (a) shows an anomalous dense local structure embedded within a larger graph, while panel (b) shows a subgraph that becomes substantially denser over time and indicates coordinated behavior at t 2 .

Node, edge, and subgraph anomalies represent conceptually distinct categories, yet they frequently co-occur in real-world graphs. An anomalous node may simultaneously belong to an irregular substructure and participate in unexpected interactions. The perception of anomalies is often context-dependent. A pattern that appears irregular in one region of a graph or at a particular time may be entirely typical in another. This complexity increases in heterogeneous graphs, where multiple node and relation types introduce rich semantic dependencies. ⁴ Detecting such complex and evolving patterns requires models that account for structural context, semantic meaning, and temporal progression. These challenges have led to the development of graph neural frameworks that incorporate heterogeneous modeling and dynamic reasoning.^1,25,26,34 In summary, node, edge, and subgraph anomalies represent conceptually distinct categories, yet they frequently co-occur in real-world graphs. An anomalous node may simultaneously belong to an irregular substructure and participate in unexpected interactions. Detecting such complex and evolving patterns requires models that account for structural context, semantic meaning, and temporal progression. These challenges have led to the development of graph neural frameworks that incorporate heterogeneous modeling and dynamic reasoning, which we will categorize in the next section.

Node-level anomaly detection focuses on identifying individual nodes whose structural, semantic, or temporal behaviors deviate from expected patterns. ⁶⁷ In heterogeneous graphs, this task is particularly challenging because multiple node and edge types, role-dependent interactions, and evolving neighborhood semantics make abnormality harder to define. Over the years, a wide variety of HGNN-based models have been proposed, each grounded in different methodological principles. To systematically compare these methods, we group existing models into five categories according to their core learning strategy: reconstruction-based, attention and inconsistency-aware, contrastive learning, semi-supervised, and temporal approaches. Table 2 presents this taxonomy, where each row corresponds to a representative model and each column specifies its supervision type, temporal characteristics, and key architectural mechanisms. This structured comparison illustrates how different modeling choices capture complementary aspects of node-level anomaly detection in heterogeneous graphs.

Reconstruction-based methods operate under the assumption that anomalous nodes are harder to reconstruct than normal ones. For example, DOMINANT ²⁵ optimizes a joint reconstruction loss:

L = ( 1 − α ) ‖ A − A ^ ‖ F 2 + α ‖ X − X ^ ‖ F 2 ,

(2)

Attention and inconsistency-aware methods shift the focus from reconstruction error to semantic irregularities. ALARM ⁴⁶ constructs multiple graph convolutional network (GCN) ⁶⁸ channels for different semantic neighborhoods and applies entropy-based penalties to emphasize uncertain node representations. GraphConsis ⁴⁷ further models inconsistencies across features, relations, and contexts, aligning these heterogeneous views to detect stealthy anomalies. These models are particularly effective in schema-rich graphs where relation diversity provides abundant semantic cues. However, they depend heavily on balanced and well-defined relation patterns, which may limit their robustness in sparse or incomplete networks. Compared with reconstruction-based methods, attention and inconsistency-aware approaches capture finer-grained relational semantics but are generally more sensitive to noise and data imbalance.

Contrastive learning provides a self-supervised alternative by aligning node embeddings across different semantic or structural views. GraphCAD ⁴⁰ generates semantic augmentations of local neighborhoods and applies contrastive objectives, while HeCo ⁴¹ constructs dual metapath-based views and enforces consistency between them. These methods are effective in low-label scenarios and scale well to large graphs, but their performance is sensitive to the design of augmentations and view sampling strategies.

Semi-supervised approaches take advantage of limited labeled data by combining relational schema with label propagation. SemiGNN ⁶⁹ uses hierarchical attention over metapath-defined subgraphs for fraud detection, whereas GCNSI ⁷⁰ integrates GCN ⁶⁸ encoding with label diffusion for rumor source detection. These methods can improve accuracy under label scarcity but are highly dependent on the quality and distribution of labels, which are often uneven in practice.

Temporal models extend anomaly detection into dynamic settings by explicitly modeling node behavior over time. TADDY ⁵² utilizes a relational transformer to encode temporal–relational interactions:

z i ( t ) = Transformer ( { h j ( t − τ ) : j ∈ N ( i ) , τ ∈ [ 0 , T ] } ) .

(3)

For static enterprise graphs with well-defined schemas, attention-aware models like ALARM are preferred due to their interpretability. In contrast, for rapidly evolving network traffic where labels are unavailable, self-supervised temporal models like TADDY offer superior robustness to concept drift. Many modern frameworks are increasingly hybrid, combining temporal reasoning with contrastive objectives to alleviate label dependence while capturing dynamic patterns.

In summary, node-level HGNN anomaly detection exhibits diverse strategies with complementary strengths. Reconstruction-based models are transparent but assume homogeneity. Attention and inconsistency-aware methods capture rich semantics but depend on diverse relational structures. Contrastive frameworks scale well without labels but rely on high-quality augmentations. Semi-supervised approaches exploit partial labels but are constrained by the quality and distribution of labels. Temporal models excel in dynamic environments but often introduce significant computational costs. Recently, research has increasingly shifted toward hybrid and self-supervised frameworks that combine multiple learning signals. Multi-view and contrastive paradigms are gaining popularity because they alleviate label dependence while enhancing representation robustness. Temporal extensions of HGNNs are also becoming more common, driven by the need to capture evolving attack behaviors and adaptive relational patterns in cybersecurity and fraud detection. Despite these advances, several challenges remain unresolved:

Limited integration of temporal reasoning, semantic consistency, and supervision within a single unified framework.

Addressing these gaps requires end-to-end dynamic HGNNs capable of adaptive reasoning across structure, time, and semantics. Evaluating such models under realistic conditions will be essential to improve robustness, generalizability, and practical deployment in high-stakes domains such as fraud detection and cybersecurity.

Edge-level anomaly detection focuses on identifying irregular or suspicious relationships between nodes, including the sudden creation, disappearance, or behavioral change of links.^32,71 Unlike node anomalies, these irregularities are more challenging to capture because they depend not only on the characteristics of the connected nodes but also on the semantic meaning and temporal dynamics of their interactions. ⁷² Such complexities make edge-level analysis essential for applications such as fraud detection, abnormal communication monitoring, and information flow analysis.^47,71 To enable systematic comparison, existing HGNN-based models for edge-level anomaly detection are grouped into four categories based on their primary learning strategy: reconstruction and autoencoding, temporal modeling, hierarchical designs, and adversarial or generative frameworks. Table 3 presents this taxonomy, where each row corresponds to a representative model and each column reports its supervision type, temporal capability, and key architectural mechanism. This organization provides a clear basis for analyzing how different design philosophies address complementary aspects of edge-level anomaly detection.

Reconstruction and autoencoding methods model edge anomalies by learning embeddings that reconstruct edge presence or attributes, with deviations indicating abnormal links. AER-AD ⁴³ extends autoencoders with relational attention, explicitly scoring edges based on type-specific interactions between incident nodes. eFraudCom ⁴⁴ applies a graph autoencoder in transaction networks, flagging anomalous edges via reconstruction error. These models are effective in schema-rich or transaction settings but often assume that rare edges are abnormal, which risks misclassifying legitimate but infrequent interactions.

Temporal modeling approaches capture anomalies that emerge from changes in connectivity patterns over time. AddGraph ⁵⁵ integrates temporal attention into GCNs, ⁶⁸ encoding historical activation patterns in a memory module to preserve long-term dependencies. DynAD ⁵⁶ aggregates temporal snapshots using gated attention to adapt flexibly to streaming data. StrGNN ³² combines recurrent neural networks with GCNs to jointly capture sequential dependencies and structural context. Specifically, it extracts a k -hop enclosing subgraph S e ( t ) for each edge e = ( u , v ) at time t and applies a GCN to learn structural representations g e ( t ) , which are then fed into a GRU to model temporal evolution:

h e ( t ) = GRU ( g e ( t ) , h e ( t − 1 ) ) , where g e ( t ) = GCN ( S e ( t ) ) .

(4)

Hierarchical approaches embed edges by aggregating information at multiple neighborhood scales. Hierarchical-GCN ⁶⁵ learns both local and global edge-centric regions, improving detection of anomalies that are invisible at the node-pair level but emerge in broader structural contexts, such as inter-community links. While this improves generalization in multi-scale networks, it increases computational complexity and is sensitive to the chosen hierarchy.

Adversarial and generative frameworks learn edge embeddings by aligning them with latent priors or generating synthetic samples. AANE ⁶⁶ employs an adversarial autoencoder that pushes embeddings to match a learned prior, while unsupervised scoring identifies low-density edges as anomalies. These approaches offer flexibility in label-scarce settings but can struggle when benign rare interactions resemble true anomalies.

Comparative analysis: For edge-level detection, reconstruction methods like AER-AD are well-suited for static, schema-rich environments where anomalies manifest as rare interactions. However, in dynamic settings such as network traffic, temporal models like StrGNN and DynAD are preferred because they can capture evolving behaviors and periodic patterns. Adversarial frameworks like AANE offer strong unsupervised capabilities but may struggle with false positives in highly sparse graphs.

In summary, edge-level anomaly detection in HGNNs reflects a variety of modeling strategies. Reconstruction and autoencoding methods are intuitive but sensitive to rarity bias. Temporal models capture evolving patterns but depend on time discretization and require higher computational overhead. Hierarchical approaches improve robustness by leveraging multi-scale contexts but add structural complexity. Adversarial frameworks enhance unsupervised performance but risk false positives in sparse graphs. Recent research in edge-level anomaly detection shows a clear shift from pure reconstruction-based models toward temporal and adversarial designs. Temporal HGNNs are gaining popularity for their ability to capture evolving interaction patterns, while adversarial and generative frameworks attract attention for improving robustness and realism in training. Early hybrid architectures that combine structural reconstruction with temporal reasoning or generative adaptation are also emerging, reflecting a growing interest in unified modeling of dynamic relational behavior.

Despite these advances, edge-level anomaly detection remains an open challenge. Current methods often address structural, temporal, or semantic irregularities separately, and few frameworks attempt to integrate these dimensions in a unified manner. Many models still assume clean relational schemas or regular temporal granularity, which limits their robustness in real-world settings where edge dynamics are noisy, asynchronous, and partially observable. Evaluations are also frequently conducted on static or synthetic benchmarks, overlooking practical factors such as evolving role semantics, bursty interactions, and context-dependent edge rarity. Future work should prioritize the development of flexible HGNN frameworks capable of jointly reasoning over structure, semantics, and time, while adapting to irregular and incomplete observations. Building richer heterogeneous benchmarks that capture realistic edge evolution will likewise be essential for improving the practical applicability of these models in domains such as fraud detection, communication networks, and cybersecurity.

Subgraph-level anomaly detection addresses the task of identifying groups of nodes and edges that collectively exhibit abnormal behavior.^73,74 Unlike node- or edge-level irregularities, which are tied to individual elements, subgraph anomalies arise from the joint behavior of multiple entities that may appear normal in isolation but anomalous as a whole. ⁷⁵ This makes detection more challenging, particularly in heterogeneous graphs where diverse node and edge types give rise to complex relational patterns. Applications include coordinated fraud campaigns, cybersecurity monitoring, and anomaly detection in biological or chemical graphs. A wide range of HGNN-based models have been proposed for this task, but they vary considerably in their detection paradigms. To establish a coherent taxonomy, we categorize existing approaches into six groups: metapath- and metagraph-based methods, structural invariance and motif-based approaches, temporal models, one-class classification, knowledge distillation, and hybrid designs. Table 4 summarizes representative models across these categories, highlighting their supervision type, temporal support, and architectural mechanisms.

Metapath- and metagraph-based methods capture semantic consistency by leveraging schema-guided relational patterns. SubAnom ³⁵ constructs candidate subgraphs through metapath sampling and learns embeddings with a GNN encoder, identifying anomalies as deviations from typical semantic patterns. mHGNN ⁶⁰ extends this idea by aggregating higher-order semantic motifs encoded in metagraphs, which allows the model to capture multi-hop and inter-relational dependencies. While effective in networks with strong type-specific structure, these methods are heavily dependent on schema quality, and metagraph reasoning, though more expressive, introduces higher computational demands.

Structural invariance and motif-based approaches instead focus on subgraph topologies. MatchGNet ⁶¹ uses hierarchical attention and subgraph matching to identify program structures that violate learned invariants. It computes a matching score between a target subgraph S q and a set of normal invariant subgraphs { S 1 , … , S K } :

Score ( S q ) = max k ∈ [ 1 , K ] sim ( h S q , h S k ) , h S = Readout ( GNN ( S ) ) ,

(5)

Temporal models integrate subgraph evolution into the detection process. ST-GCAE ⁵⁸ combines spatial and temporal autoencoders to capture motif disruptions across evolving subgraphs, while TGBULLY ⁵⁹ models abusive behavior in social networks by applying GRU and GAT layers to evolving interaction patterns. These methods highlight the importance of temporal reasoning, particularly in detecting staged or progressive anomalies, but they increase computational cost and are sensitive to temporal discretization.

One-class classification methods are particularly useful when labeled anomalies are rare. OCGATL ⁶³ learns a compact representation boundary from normal subgraphs to isolate abnormal ones, while OCGNN ⁴⁵ integrates graph isomorphism networks with autoencoding for molecular and transactional subgraph anomaly detection. These approaches are valuable in domains with limited supervision, though their effectiveness depends on the representativeness of normal subgraphs.

Knowledge distillation introduces a different perspective by transferring structural information across tasks. GLocalKD ⁶⁴ uses bi-level knowledge transfer between node-level and subgraph-level encoders, improving robustness by aligning local consistency with macro-level deviations. While effective in balancing fine- and coarse-grained information, the approach is sensitive to the alignment between teacher and student networks.

Hybrid designs combine deep embeddings with ensemble methods to improve robustness and interpretability. GraphRfi ⁶² embeds subgraphs using GCNs ⁶⁸ and applies a neural random forest classifier, capturing both local and global structural abnormalities in review networks. Unlike purely embedding-based methods, GraphRfi enhances interpretability but may be less flexible across diverse graph domains.

Comparative analysis: For subgraph-level detection, metapath and metagraph methods like mHGNN are effective when the graph schema is well-defined and anomalies follow known semantic patterns. In contrast, structural invariance models like MatchGNet are better suited for detecting novel attack chains (e.g., APTs) where the exact semantics may vary but the underlying execution structure remains anomalous. Temporal models like ST-GCAE are essential for capturing progressive anomalies but require significant computational resources.

In summary, subgraph-level HGNN anomaly detection demonstrates diverse modeling strategies with complementary strengths. Metapath- and metagraph-based models effectively encode semantic consistency but depend on schema quality and scalability. Structural and motif-based approaches capture topological invariants but are sensitive to motif strength. Temporal methods detect evolving anomalies but at a high computational cost. One-class models address label scarcity but rely on representative training data. Knowledge distillation offers cross-level robustness but requires careful alignment, while hybrid designs improve interpretability at the cost of generality.

Despite the variety of existing approaches, subgraph-level anomaly detection remains underexplored compared to node- and edge-level tasks. Most models focus on either semantic consistency or structural invariance, but few frameworks attempt to integrate both dimensions in a unified manner. Temporal methods remain limited, often requiring discretized snapshots that fail to capture long-term or irregular dynamics. One-class and distillation approaches reduce label dependence but are sensitive to representation bias, while hybrid methods improve interpretability but sacrifice flexibility. Another critical gap is the scarcity of realistic benchmarks, since most evaluations rely on synthetic anomalies or domain-specific datasets that do not capture the scale and heterogeneity of real-world systems. Future work should prioritize scalable frameworks that jointly reason across structure, semantics, and time, while also addressing cross-level anomalies and evaluating under more realistic conditions.

We previously discussed methods for detecting anomalous nodes, edges, and subgraphs. However, these methods share a major limitation. They primarily focus on static graphs. This static view is especially problematic for subgraph-level detection. Many key anomalies are defined by their temporal evolution. They are not just structural oddities. For instance, a dense community might form suddenly, or a group’s behavior might change. Real-world networks are inherently dynamic. They constantly change in areas like cybersecurity and finance. This evolution over time often indicates an anomaly. To capture these patterns, researchers developed dynamic HGNNs. The next section will review these methods, which are designed for evolving graph data.

4.1. Insider threat detection

Insider threat detection focuses on identifying malicious actions perpetrated by legitimate users who exploit their access privileges to exfiltrate data, escalate access, or conduct sabotage. Unlike external attacks, insider threats often mimic normal behavior patterns, making them difficult to detect through traditional signature or rule-based systems. Graph-based modeling provides a powerful alternative by capturing the contextual relationships between users, systems, processes, and access events over time, thus enabling the discovery of subtle behavioral deviations embedded in complex relational structures.

In graph anomaly detection, insider threats are typically modeled using heterogeneous temporal graphs, where nodes represent users, machines, processes, or resources, and edges represent interaction events such as logins, file accesses, or privilege escalations. Temporal dynamics are essential, as malicious behavior often unfolds gradually or through behavioral drift. Bipartite or multi-partite graphs are frequently used to separate user entities from system assets, and edge timestamps allow for modeling sequential patterns or time windows.

Several HGNN-based models discussed in Section 3 are well aligned with this task. AddGraph ⁵⁵ is particularly suitable for detecting access-based anomalies by modeling temporal user behavior via graph attention mechanisms. It constructs user-event graphs across discrete time windows and applies attention-based aggregation to track behavioral consistency. This allows it to flag abnormal user transitions or irregular access patterns even in unsupervised settings. GCAN ⁵¹ originally developed for fake news propagation, demonstrates strong generalization to user behavior tracking by capturing sequential dependencies through its GRU–CNN–GCN hybrid architecture. In the context of insider threats, this allows for detecting suspicious propagation of commands, unusual file transfers, or unexpected account switching. OCAN ⁵⁰ is another representative model that leverages sequential modeling through an LSTM-based autoencoder and employs adversarial training to refine detection boundaries. The model is trained in sequences of benign user activity and uses a GAN ⁷⁸ discriminator to distinguish between generated and observed behavior. This approach is particularly effective for detecting insiders who slowly evolve their behavior to avoid triggering simple statistical thresholds. OCAN has been evaluated on the CERT Insider Threat Dataset, ⁷⁹ a widely used benchmark consisting of simulated user activity logs from a fictitious enterprise, developed by Carnegie Mellon University. TADDY ⁵² introduces a graph transformer framework capable of modeling long-range temporal dependencies across relation types, which is essential for capturing lateral movement or APTs within enterprise networks. In the context of insider threats, it enables the system to detect complex temporal sequences that may include login attempts, command execution, and privilege escalations across multiple machines and sessions. Complementary enterprise-scale evidence is available in the Los Alamos National Laboratory Unified Host and Network Data Set, ⁸⁰ which provides authentication events, network connections, and process creation data suitable for graph-based insider threat analysis. Both datasets are high-dimensional, temporally dense, and semantically rich, making them ideal testbeds for graph-based insider threat detection research. Despite these advances, several challenges persist. Insider threat datasets suffer from extreme class imbalance, with anomalies often below 1%. Behavioral mimicry, where insiders imitate normal users, complicates detection, while gradual behavioral drift demands models that capture long-term context without overfitting to short-term noise. As a result, future research in HGNN-based insider threat detection should focus on adaptive temporal modeling, unsupervised semantic drift detection, and the fusion of structured logs with relational graph embeddings. Models that can reason over both short-term bursts and long-term deviations will be crucial for improving resilience against insider abuse.

Quantitative perspective: Application-level results in insider threat detection remain highly dependent on the underlying release, user population, and temporal aggregation strategy, so they should not be interpreted as a direct benchmark ranking. Even so, recently reported graph-based insider threat studies show that strong performance is achievable on CERT-style benchmarks. For example, HOGPNN-ITD reports accuracy, precision, and detection rate of 0.989, 0.979, and 0.973, respectively, on CERT r4.2, while also reaching 0.972 accuracy on CERT r4.1. ⁸¹ These results suggest that temporally aware graph models can capture insider behavior effectively, but they also reinforce the need for standardized evaluation protocols before claims across studies can be compared fairly.

4.2. Network intrusion detection

Network intrusion detection focuses on identifying unauthorized or malicious activities within computer networks, including port scanning, brute-force login attempts, data exfiltration, and protocol violations. Unlike traditional log-based methods, graph-based approaches offer a structural view of communication behavior, capturing not only the volume and frequency of connections but also the contextual and temporal relationships among communicating entities. Graph representations of network flows allow anomaly detection models to reason over communication patterns, session dynamics, and inter-device dependencies, offering improved sensitivity to stealthy or distributed attacks. Graphs used in intrusion detection are commonly constructed as IP-host graphs, host-session graphs, or temporal communication graphs, where nodes represent IP addresses, hosts, or processes, and edges denote communication sessions or flow records, often with timestamp and protocol features. Temporal windows are applied to construct evolving snapshots or streaming graphs, enabling the capture of dynamic attack behavior, such as multi-step exploits or time-distributed probes. HGNN-based anomaly detection models offer strong potential in this domain due to their ability to integrate temporal dynamics, relational heterogeneity, and context-aware representation learning. GDN, originally designed for cyber-physical systems, is well-suited to network intrusion settings through its graph structure learning and multivariate time series forecasting components. In GDN, each node learns an adaptive neighborhood graph and predicts future behavior based on temporal dependencies, allowing the model to flag deviations as anomalies. Its capacity to handle multivariate node features and implicit relation learning makes it applicable to intrusion detection, where relationships among traffic flows are not explicitly labeled. DynAD ⁵⁶ extends this dynamic modeling by explicitly learning time-evolving edge behaviors. It uses gated attention mechanisms to aggregate subgraph sequences across time and detect anomalous transitions in network topology. In intrusion detection, DynAD can model the progression of low-and-slow attacks or detect the sudden appearance of anomalous connections that deviate from historical patterns. Compared to GDN, DynAD offers finer-grained modeling of edge dynamics, which is particularly useful for capturing ephemeral connections and distributed scanning behavior.

StrGNN ³² introduces a spatio-temporal framework that fuses recurrent neural networks with GCN encoders to model both sequential activity and structural patterns. When applied to network graphs, StrGNN captures not only the topology of interactions but also periodic behaviors, such as repeated authentication attempts or scheduled transfers. Its recurrent component enables the model to maintain a memory of previous interactions, which is critical in identifying multi-phase attacks that unfold over extended periods. Bi-GCN, ⁵⁷ although originally proposed for rumor detection, employs bidirectional message passing to model influence propagation across graph edges. When adapted for network traffic graphs, Bi-GCN can detect asymmetric information flows indicative of command-and-control behavior, backdoors, or malicious redirection. Its bidirectional design enhances sensitivity to anomalous flow sequences that would be difficult to detect with unidirectional propagation alone. More recent graph-based IDS research reinforces this trajectory. Anomal-E ⁹ and TS-IDS ¹⁰ use self-supervised graph learning to exploit node–edge interactions under limited labels, while 2025 models such as BS-GAT ¹³ and TE-G-SAGE ¹⁴ emphasize behavior-aware graph construction, edge-aware learning, chronological evaluation, and explainability for operational settings. Complementary evidence from real-world IoT communication studies further shows that graph-based anomaly detection remains effective under low false-positive constraints and dynamic traffic conditions. ¹⁵ A key strength of these models is their capacity to operate in unsupervised or weakly supervised settings, which is crucial given that network intrusion datasets often lack labeled nodes or precise attack annotations. Datasets such as UNSW-NB15, ⁸² CICIDS2017, ⁸³ and CTU13 ⁸⁴ provide session-level or flow-level labels and have been used extensively for evaluating GNN-based intrusion detection. Graphs can be constructed by aggregating these flows over time intervals, embedding host-level attributes, and encoding session statistics (e.g., packet count, duration, protocol). However, deploying GNN-based models in real-world intrusion detection systems remains challenging. High traffic volume imposes significant computational burdens, especially for models that require neighborhood aggregation or historical memory. Furthermore, the need for streaming inference limits the feasibility of models that rely on full-batch training or multi-hop subgraph extraction. Finally, the lack of labeled ground truth for individual nodes or subgraphs hinders supervised fine-tuning and evaluation. To address these challenges, future work should focus on scalable inductive models, incremental graph construction, and semi-supervised anomaly ranking that do not require full supervision or static graphs. HGNNs capable of modeling both short-term and long-term dependencies while preserving efficient online inference will be critical for advancing the practical deployment of GNN-based network intrusion detection.

Quantitative perspective: Although results are not directly comparable across datasets or graph-construction pipelines, published network intrusion studies do provide useful application-level evidence. On NF-BoT-IoT-v2 and NF-ToN-IoT-v2, BS-GAT reports binary-classification F 1 -scores of 0.9899 and 0.9790 with accuracies of 0.9900 and 0.9788, respectively. ¹³ Under chronological evaluation on NF-UNSW-NB15-v3, TE-G-SAGE reports macro-average accuracy, precision, recall, and F 1 of 0.9559, 0.4942, 0.6274, and 0.4906, outperforming a GCN baseline in recall and interpretability-oriented analysis. ¹⁴ Taken together, these results support the broader conclusion of this survey: temporal and edge-aware graph models are especially valuable when intrusion detection must balance detection quality with operational interpretability.

4.3. Fraud detection in access logs

Fraud detection in enterprise environments involves identifying unauthorized, anomalous, or policy-violating behaviors within access control systems, enterprise resource usage, and cloud-based environments. Unlike intrusion detection which often centers on external threats, access fraud is typically conducted by legitimate users through unusual activity patterns, abuse of privileges, or coordinated circumvention of access policies. Given the complex relational structure and temporal evolution of access behaviors, graph-based modeling—particularly HGNNs—has become a compelling approach for contextualizing and detecting such fraud. Access logs are naturally represented as heterogeneous graphs, where nodes can denote users, actions (e.g., login, upload), and resources (e.g., files, APIs, servers), and edges represent observed interactions over time. Graphs can be constructed from user–action–resource triplets, forming temporal session graphs with edge attributes such as timestamps, durations, or success/failure codes. These session-based graphs capture not only co-occurrence but also behavioral sequences and semantic relationships among access events, which are critical for modeling intent and consistency.

HGNN-based models have demonstrated significant promise in this domain. SemiGNN ⁶⁹ introduces a semi-supervised graph attention network designed for fraud detection in financial systems. It leverages both labeled and unlabeled nodes and incorporates hierarchical attention over metapath-based subgraphs. This makes it well-suited for access fraud scenarios where only partial labels are available and fraud behaviors differ across user roles and access types. GraphConsis ⁴⁷ addresses fraud detection by modeling multiple sources of inconsistency in graph data—specifically, inconsistencies in features, relations, and context. This is particularly useful in enterprise logs, where fraudulent access may manifest through conflicting behavior patterns across access contexts (e.g., accessing an internal HR system from an unusual department). GraphConsis applies GCNs to multiple subgraph views and penalizes representational divergence, effectively surfacing anomalies that violate inter-type behavioral norms. GCNSI, ⁷⁰ although originally proposed for rumor propagation, introduces a label propagation framework over GCN-encoded graphs. When adapted to access fraud detection, it allows for the detection of anomalous user behavior based on relational diffusion—capturing how misuse patterns may spread across user-resource interactions or departments. Its simplicity and scalability make it suitable for enterprise settings where access graphs are updated regularly.

Common datasets for fraud detection in access logs include enterprise simulation logs, such as synthetically generated policy violation data, or real-world transaction graphs (e.g., from Alibaba or eBay platforms). While public access to corporate logs remains limited due to privacy concerns, research communities have increasingly relied on anonymized datasets and controlled simulations to benchmark graph-based fraud detectors. This domain presents unique challenges. First, behavioral heterogeneity is high—different departments, user roles, and systems generate diverse access patterns, making “normal” behavior difficult to define. Second, fraud itself is contextual and loosely defined; what is malicious in one role may be benign in another. Finally, label imbalance is severe: fraudulent events are rare, inconsistently labeled, and often delayed in discovery, which hampers supervised training and evaluation. Future work should address these limitations by combining HGNNs with meta-learning, domain adaptation, and semantic-aware contrastive learning, allowing models to generalize across dynamic enterprise domains and usage regimes. Semi-supervised and unsupervised approaches that incorporate access semantics, user hierarchy, and policy constraints will be key to improving robustness in fraud detection systems.

Quantitative perspective: Public fraud-detection results are especially difficult to compare because many studies rely on proprietary interaction graphs, different fraud definitions, and different label ratios. Nevertheless, representative graph-based studies indicate clear practical gains. On public fraud benchmarks, HHLN-GNN reports improvements of 10.0% in F 1 -macro, 12.5% in area under the curve (AUC), and 17.3% in G-mean on YelpChi, with smaller but still positive gains on Amazon. ⁸⁵ In industrial transaction settings, xFraud reports an AUC of 0.9074 on eBay-xlarge and demonstrates precision above 0.95 at operationally relevant recall levels under selected thresholds. ⁴⁷ These figures are illustrative rather than directly comparable, but they show that graph-based fraud detectors can provide measurable advantages when relational context is preserved.

4.4. APTs or lateral movement detection

APTs refer to stealthy, multi-stage cyber intrusions that aim to maintain prolonged access within a system. Unlike one-off attacks, APTs unfold gradually through lateral movement, privilege escalation, and internal reconnaissance, often mimicking legitimate behavior to evade detection. Detecting APTs require reasoning over long temporal sequences, diverse entity interactions, and cross-context anomalies—challenges well-suited to heterogeneous and temporal graph modeling. In practice, graph construction for APT detection typically involves host-process graphs, user-device-process graphs, or command-session graphs, where nodes represent system entities (users, machines, processes), and edges denote interactions such as command execution, session access, or process spawning. Temporal dependencies are central to this task, as APT stages (initial access, foothold, escalation, exfiltration) unfold over time and across multiple components.

HGNN-based models address these complexities through advanced spatio-temporal and relational reasoning. MatchGNet ⁶¹ introduces an invariant graph modeling framework that captures structural and semantic invariants from benign subgraphs and uses hierarchical attention to detect substructures that violate these learned templates. This makes MatchGNet particularly effective for detecting APT lateral movements, where attackers traverse unexpected host-process paths without altering node-level features significantly. GLocalKD ⁶⁴ enhances detection by distilling knowledge between node- and subgraph-level GNNs. In the context of APTs, this allows the model to align fine-grained local behaviors (e.g., user logins or process spawns) with high-level behavior patterns (e.g., suspicious movement through internal hosts), capturing the multi-resolution nature of threats. The joint learning strategy helps detect subtle escalations and role shifts, which may go unnoticed in models focusing solely on one level of granularity. TGBULLY, ⁵⁹ though originally proposed for detecting online bullying, uses a temporal GAT-GRU architecture that adapts well to capturing evolving behavior patterns in user interactions. In an enterprise setting, the same framework can be applied to session graphs where sequences of access events reflect potential staging activity for lateral movement. The model’s temporal edge modeling and context attention help distinguish coordinated internal traversal from benign variability.

The DARPA Operationally Transparent Cyber (OpTC)/Transparent Computing data release ⁸⁶ provides a practical source of labeled APT-like behaviors, offering detailed host, process, and network telemetry with red-team ground truth. Beyond OpTC, APT-oriented audit collections remain fragmented and are often described only through secondary reviews, ⁸⁷ which reinforces the lack of a single standardized benchmark for persistent-threat detection. Despite recent progress, APT detection remains one of the most challenging applications of graph-based anomaly detection. First, APT campaigns span long temporal windows, requiring models to maintain memory over extended sequences without overfitting. Second, ground truth is sparse, making supervised training difficult and raising the need for unsupervised or weakly supervised strategies. Third, reasoning over heterogeneous relational dependencies—such as mapping user behaviors to underlying host-process interactions—requires multi-modal learning architectures that balance structural, semantic, and temporal cues. Future research should explore explainable graph transformers, online subgraph tracking, and relational motif reasoning for interpretable and real-time detection of persistent threats. Integrating domain knowledge—such as known privilege escalation paths or device roles—into HGNN architectures may further improve performance and trust in operational settings.

Quantitative perspective: Compared with intrusion detection, quantitative evidence for APT and lateral-movement detection is still relatively sparse and often task-specific. A representative example is MatchGNet, which reports 50% fewer false positives while maintaining zero false negatives in unknown-malware detection based on execution-behavior graphs. ⁶¹ Although malware detection is not identical to enterprise APT monitoring, the result is highly relevant because it shows that invariant subgraph matching can materially reduce analyst burden while preserving detection sensitivity in attack-sequence-like settings. This also helps explain why structural and subgraph-level reasoning remains attractive for persistent-threat detection despite the limited availability of standardized APT benchmarks.

To complement the broader application discussion, a targeted empirical case study of representative HGNN models is presented later in the evaluation section under a unified pre-processing pipeline.

5.1. Evaluation metrics

The evaluation of HGNN-based anomaly detection models centers on their ability to rank true anomalies above benign instances. In practice, most methods compute anomaly scores for nodes, edges, or subgraphs, and performance is assessed using ranking-oriented metrics. The choice of metric critically affects the interpretation of model performance, especially given the prevalence of class imbalance and heterogeneous structures in real-world graphs. These metrics are used across different anomaly types: area under the receiver operating characteristic curve (AUROC) ⁸⁸ and area under the precision–recall curve (AUPRC) ⁸⁹ are most common in node-level benchmarks like ACM and DBLP. Precision@ K and Recall@ K are suited for streaming edge-level detection tasks like AddGraph or DynAD, where only top-ranked alerts are reviewed. NDCG@ K is primarily used in subgraph-level detection settings, such as in cybersecurity or molecular domains, where anomalies carry varying degrees of severity. F 1 -score, while widely reported in semi-supervised node-level tasks, depends on pre-defined thresholds and is often used in synthetic or label-limited benchmarks.

One of the most widely reported metrics is the AUROC. AUROC quantifies the overall ability of the model to distinguish between anomalous and normal instances across all possible thresholds. It is computed as the AUC plotting the true positive rate (TPR) against the false positive rate (FPR), where:

TPR = TP TP + FN , FPR = FP FP + TN .

(6)

Precision = TP TP + FP , Recall = TP TP + FN .

(7)

For practical deployment scenarios—where analysts typically investigate only the top-ranked results—metrics such as Precision@ K and Recall@ K provide actionable insight. Precision@ K measures the fraction of true anomalies within the top K ranked predictions:

Precision @ K = Number of True Anomalies in Top K K .

(8)

NDCG @ K = 1 IDCG @ K ∑ i = 1 K 2 rel i − 1 log 2 ( i + 1 ) ,

(9)

F 1 = 2 × Precision × Recall Precision + Recall .

(10)

Recent studies have underscored common pitfalls in metric selection and reporting. These include threshold sensitivity, potential inflation of AUROC in highly imbalanced datasets, and a lack of standardized operational evaluation protocols. To mitigate these challenges, current best practices emphasize reporting multiple complementary metrics, ensuring clarity around threshold selection, and aligning evaluations with the intended deployment context. Table 5 summarizes the core evaluation metrics discussed above, including their mathematical formulations and recommended usage contexts within HGNN-based anomaly detection.

Given the wide range of anomaly structures and task formulations, no single metric provides a complete picture. As such, recent studies increasingly advocate for multi-metric evaluation strategies that combine global ranking metrics (e.g., AUROC) with task-oriented metrics (e.g., Precision@ K or NDCG), especially when evaluating models under real-world operational constraints. In particular, for streaming cybersecurity systems, Precision@ K is often the most critical metric as it directly correlates with the false alert fatigue experienced by security analysts. A high AUROC may be misleading if the top-ranked results are dominated by false positives, rendering the system unusable in practice.

The choice of benchmark datasets strongly influences both model design and evaluation outcomes. In the context of heterogeneous graphs, benchmark datasets must capture multi-typed node and edge structures, temporal evolution, and realistic anomaly patterns. Existing benchmarks vary widely in annotation quality, graph construction assumptions, and temporal richness, often posing challenges for consistent and reproducible evaluation. This subsection reviews commonly used datasets across node-level, edge-level, and subgraph-level anomaly detection tasks, detailing how graphs are constructed from raw data and examining critical factors such as heterogeneity, temporal scope, and label quality. By highlighting dataset characteristics and limitations, we aim to clarify where current evaluation practice remains weak and what properties future benchmarks should provide.

5.2.5. Targeted empirical case study

To complement the survey discussion with concrete evidence, we conducted a targeted empirical case study using public-code implementations of representative graph anomaly detection models. Although numerous graph anomaly detection methods exist, evaluating all of them is neither feasible nor necessary for a survey-aligned empirical study. Instead, we intentionally selected three models—DOMINANT, TADDY, and StrGNN—because they collectively span three major methodological paradigms discussed throughout this survey: static reconstruction-based modeling, temporal sequence modeling, and structural–temporal joint learning. These models therefore provide a compact but methodologically diverse comparison set, while also being among the few methods with reproducible public implementations suitable for evaluation under a unified pipeline.

All three models were executed under a unified local pre-processing pipeline that converted the public UNSW-NB15 release into model-specific inputs. This design supports a fair and transparent comparison under shared practical constraints while avoiding the redundancy and limited interpretive value of adding many closely related variants.

Because the publicly accessible UNSW-NB15 release does not expose raw host identities in a form directly usable for host-to-host graph construction, we generated a documented behavioral-profile proxy graph from the available flow attributes. Consequently, the following results should be interpreted as a reproducible case study under a common graph-construction protocol rather than as directly comparable benchmark numbers from the original papers. Even with this limitation, the experiment is useful because it illustrates how representative static, temporal, and structural–temporal methods behave under the same practical pre-processing assumptions.

The results in Table 7 show that executable reproduction is feasible, but performance is sensitive to graph construction choices. All models were evaluated under consistent pre-processing, feature extraction, and graph construction. While alternative graph construction strategies may lead to different absolute performance levels, using a consistent proxy graph ensures that observed differences reflect relative model behavior under identical structural assumptions. On the prepared UNSW-NB15 proxy graph, DOMINANT achieved an AUROC of approximately 0.365, TADDY achieved a total AUC of approximately 0.639, and StrGNN achieved an AUROC of approximately 0.733 with an average precision of approximately 0.730 under a lightweight reproducibility run. The relatively low performance of DOMINANT is expected in this setting, as reconstruction-based methods assume feature homophily and static structure, which are not well aligned with the heterogeneous and behavior-driven proxy graph constructed from UNSW-NB15. Within this unified setup, the structural–temporal model produced the strongest anomaly separation behavior, while the dynamic transformer remained clearly stronger than the static reconstruction baseline. These observations are directionally consistent with the broader survey argument that temporal and structure-aware models are better suited to evolving cybersecurity anomalies than purely static methods.

OPEN IN VIEWER

Table 7.

Targeted empirical case study under a unified public-code pipeline.

Model	Paradigm	Setting	Observed result
DOMINANT 25	Static reconstruction	20 training epochs	AUROC ≈ 0.365
TADDY 52	Dynamic transformer	5 training epochs	Total AUC ≈ 0.639
StrGNN 32	Structural–temporal GNN	Consistent-budget run	AUROC ≈ 0.733 ; AP ≈ 0.730

AUROC: area under the receiver operating characteristic curve; AUC: area under the curve.

Results are reported on the normalized public UNSW-NB15 release and should be interpreted as case-study outputs under a reproducible local graph-construction protocol.

Figure 6 complements the empirical case study by providing a compact cross-model comparison that is difficult to convey through text alone. In particular, it highlights the trade-offs between dynamic modeling strength, heterogeneous support, interpretability, scalability, and deployment readiness, helping readers quickly identify which representative models are better aligned with different cybersecurity settings.

OPEN IN VIEWER

Figure 6.

Visual comparison of representative HGNN-based anomaly detection models across anomaly granularity, temporal capability, heterogeneous support, interpretability, scalability, and deployment readiness. Filled cells indicate primary task support, while shaded labels indicate relative strengths inferred from the surveyed literature. HGNN: heterogeneous graph neural network.

Cybersecurity graphs are complex and constantly evolving, creating several open challenges for HGNN-based anomaly detection.^17,65,67 A key issue is temporal dynamics: many models rely on static graph snapshots and fail to capture long-term dependencies that are critical for identifying staged attacks or gradual privilege escalation.^29,56 Another challenge lies in heterogeneity and modality, since real systems combine multiple entity types and often include logs, textual reports, or event traces that current approaches rarely exploit. ²²

A further challenge concerns interpretability. Anomaly scores generated by HGNNs are often opaque, which hinders analysts from understanding or trusting model outputs in high-stakes cybersecurity environments. In operational settings, explainability is not merely desirable but essential for incident investigation, compliance auditing, and human–AI collaboration. Although attention mechanisms and feature attribution have been explored to provide interpretive insights,^25,39 these methods typically offer coarse-grained explanations and are difficult to extend to heterogeneous graphs, where multiple relation types and semantics coexist. Future research should focus on integrating fine-grained interpretability within HGNN architectures, enabling anomaly reasoning that is traceable to specific entities, relations, and causal contexts.

Future research should also emphasize hybrid modeling architectures that combine temporal reasoning, multi-modal fusion, and interpretable learning. Promising directions include graph transformers for cross-type dependency modeling, ²⁵ neuro-symbolic reasoning for explainable anomaly inference, and causal or contrastive frameworks that can disentangle spurious correlations from meaningful behavioral deviations. ³⁹ Advancing these directions will require balancing transparency, scalability, and robustness within unified, end-to-end HGNN architectures.

6.2. Data challenges

Data limitations remain one of the most significant barriers to advancing HGNN-based anomaly detection.^4,70 A major challenge is label scarcity and imbalance: malicious events are rare and costly to annotate, while benign activities dominate most datasets.^26,36 This imbalance makes models prone to bias and reduces their ability to detect rare but high-impact anomalies. Semi-supervised, self-supervised, and weakly supervised learning strategies show promise, yet they require careful adaptation to heterogeneous and temporal graph settings. ⁶⁸

Another persistent issue is benchmark realism. Many publicly available datasets are synthetic, outdated, or lack the structural and temporal complexity observed in operational systems. ³³ As a result, models that perform well on controlled datasets often fail to generalize in production environments. Closing this simulation-to-real gap will require large-scale, richly annotated, and temporally consistent benchmarks that capture noise, incomplete observability, and evolving adversarial tactics. ⁴⁹ Collaboration between academia and industry could facilitate the creation of shared, privacy-preserving cybersecurity graph datasets. Future directions include federated graph learning for secure data sharing, ⁵¹ synthetic data generation to augment rare attack cases, and transfer learning pipelines to adapt HGNNs across different environments while respecting privacy and confidentiality constraints.^53,58

6.3. Evaluation challenges

Current studies employ highly varied evaluation metrics and graph construction protocols, which complicates cross-paper comparison and limits reproducibility.^5,27 Without standardized practices, it becomes difficult to measure progress or validate new methods consistently. Establishing community-agreed benchmarks with unified metrics (e.g., AUROC, Precision@ K ) and consistent pre-processing pipelines would enable fairer comparison and stronger claims of improvement.^6,23

Beyond metric unification, the field needs reproducible and transparent evaluation frameworks. ²⁴ Public leaderboards, standardized data splits, and open-source codebases can encourage more rigorous benchmarking and reduce fragmentation. Another pressing need is for robust evaluation under realistic conditions, such as noisy, partially observable, or evolving graphs.^41,59 These efforts will help ensure that reported improvements reflect genuine robustness and operational value rather than overfitting to idealized datasets.

6.4. Practical deployment challenges

Deploying HGNN-based anomaly detection in real environments raises critical challenges of scalability, adaptability, and operational reliability. ²⁸ Cybersecurity graphs often contain millions of nodes and edges that evolve in near real time, yet many existing HGNN architectures remain too computationally expensive for production use.^30,43 Real-time decision latency is another major constraint: anomaly detectors must process streaming updates and generate alerts within strict time budgets to support timely incident response. Achieving this balance between inference speed and detection accuracy requires efficient message-passing schemes, streaming graph processing, and resource-aware model compression. ⁷²

Beyond latency and scale, deployment also introduces security and privacy concerns. HGNNs may themselves become targets of adversarial manipulation, including model poisoning or evasion attacks that exploit their learned representations. ³² Moreover, training on sensitive logs or network data raises privacy and compliance risks, especially when graph embeddings inadvertently encode identifiable or confidential information. ³⁸ Mitigating these risks calls for privacy-preserving learning techniques such as federated or encrypted graph learning, as well as robust model auditing, explainability dashboards, and access-control mechanisms.

Operational environments further demand reliability, interpretability, and maintainability. ⁶⁹ Threat behaviors evolve continuously, and static models can quickly degrade as attack patterns shift. ⁵⁵ Online and continual learning techniques are required to adapt parameters as new data arrive without catastrophic forgetting.^45,57 Equally important is interpretability at the deployment stage: transparent anomaly explanations allow analysts to validate alerts efficiently, reduce false positives, and improve overall response speed. Designing human-in-the-loop pipelines that integrate interpretability with adaptive learning will be essential to ensure operational trust and long-term resilience.

Future progress will depend on the development of lightweight, secure, and adaptive HGNN frameworks that can meet real-time constraints while preserving privacy and interpretability. Integrating scalable inference, adversarial robustness, and continual learning into unified operational pipelines will be central to advancing HGNN anomaly detection from research prototypes to robust, field-deployable cybersecurity systems.