Graph Neural Networks for Anomaly Detection: Scenarios, Methods, and Real‑World Applications

Speaker : Yang Yang, Associate Professor, Zhejiang University (AI & Graph Data).

Outline : (1) Anomaly detection scenarios, (2) GNN‑based anomaly detection, (3) Adversarially robust models, (4) Real‑world case studies.

1. Anomaly Detection Scenarios

Various sectors suffer from abnormal events: telecom fraud (>5 × 10⁸ cases in 2021, $164 B loss), financial loan defaults, energy theft, etc. Graph neural networks (GNNs) excel at processing large‑scale graph data and can be leveraged for anomaly detection.

Industry‑level example : Using >700 M electricity‑usage records from the State Grid, a graph of industries was built to evaluate post‑COVID‑19 recovery. Nodes represent industries; directed edges capture influence. Supporting high‑impact industries (e.g., transportation) accelerates overall economic recovery.

Financial risk control : Traditional credit‑risk models rely on historical loan records, which fail for first‑time fraudsters. By constructing a user‑relationship graph (normal users in blue, fraudsters in red, unknown users in gray), GNNs can predict whether unknown users are fraudulent.

2. GNN‑Based Anomaly Detection

2.1 Spectral‑domain GNN

Spectral GNNs perform graph convolution via Fourier transform of the Laplacian, applying a filter h(Λ) to the signal Uᵀx . Low‑pass filtering removes high‑frequency components, which are often the anomalies; therefore, retaining high‑frequency signals is crucial for anomaly detection.

Experiments on four datasets (fake reviews, Bitcoin fraud, financial fraud, telecom fraud) show that adding back the top 30 % high‑frequency signals improves detection (GCN vs. AMNet vs. high‑frequency‑augmented GCN).

2.2 Spatial‑domain GNN

Spatial GNNs aggregate one‑hop neighbor features, assuming homophily (connected nodes share labels). This works well for recommendation but poorly for anomalies, which break homophily. Examples illustrate loss of discriminative information when aggregating only immediate neighbors.

To overcome this, the PathNet framework samples diverse paths, encodes ordered node sequences with a recurrent unit, and uses attention to weight paths differently for each node, allowing the model to capture long‑range, heterogeneous patterns.

2.3 Robustness to Adversarial Attacks

Adversarial attacks on graph models can be black‑box (only know the model is a graph) or white‑box. A black‑box attack framework (AAAI 2022) demonstrates successful attacks without model parameters.

Defensive strategy: integrate robustness into the graph pre‑training stage, so that any downstream task benefits from a defended representation, avoiding per‑task defenses.

3. Real‑World Case Studies

Game anomaly detection : In the game "Honor of Kings", player‑hero interactions form a graph. Analysis reveals that players choosing assassin heroes have a higher probability of abusive language.

Epileptic seizure diagnosis : Collaboration with Shenzhen Children’s Hospital builds a brain‑region graph from intracranial EEG channels. The BrainNet model learns inter‑regional propagation patterns, achieving strong detection performance even when seizure signals constitute only 0.2 % of the data.

All examples illustrate how GNNs can turn complex relational data into actionable anomaly‑detection solutions.

Thank you for attending.