[2510.26307] A Survey of Heterogeneous Graph Neural Networks for Cybersecurity Anomaly Detection

Computer Science > Cryptography and Security arXiv:2510.26307 (cs) [Submitted on 30 Oct 2025 (v1), last revised 28 Mar 2026 (this version, v2)] Title:A Survey of Heterogeneous Graph Neural Networks for Cybersecurity Anomaly Detection Authors:Laura Jiang, Reza Ryan, Qian Li, Nasim Ferdosian View a PDF of the paper titled A Survey of Heterogeneous Graph Neural Networks for Cybersecurity Anomaly Detection, by Laura Jiang and 3 other authors View PDF HTML (experimental) Abstract:Anomaly detection is a critical task in cybersecurity, where identifying insider threats, access violations, and coordinated attacks is essential for ensuring system resilience. Graph-based approaches have become increasingly important for modeling entity interactions, yet most rely on homogeneous and static structures, which limits their ability to capture the heterogeneity and temporal evolution of real-world environments. Heterogeneous Graph Neural Networks (HGNNs) have emerged as a promising paradigm for anomaly detection by incorporating type-aware transformations and relation-sensitive aggregation, enabling more expressive modeling of complex cyber data. However, current research on HGNN-based anomaly detection remains fragmented, with diverse modeling strategies, limited comparative evaluation, and an absence of standardized benchmarks. To address this gap, we provide a comprehensive survey of HGNN-based anomaly detection methods in cybersecurity. We introduce a taxonomy that classifies approach...