Graph data is informative to represent complex relationships such as transactions between accounts, communications between devices, and dependencies among machines or processes. Correspondingly, graph anomaly detection (GAD) plays a critical role in identifying anomalies across various domains, including finance, cybersecurity, manufacturing, etc. Facing the large-volume and multi-domain graph data, nascent efforts attempt to develop foundational generalist models capable of detecting anomalies in unseen graphs without retraining. To the best of our knowledge, the different feature semantics and dimensions of cross-domain graph data heavily hinder the development of the graph foundation model, leaving further in-depth continual learning and inference capabilities a quite open problem. Hence, we propose OWLEYE, a novel zero-shot GAD framework that learns transferable patterns of normal behavior from multiple graphs, with a threefold contribution. First, OWLEYE proposes a cross-domain feature alignment module to harmonize feature distributions, which preserves domain-specific semantics during alignment. Second, with aligned features, to enable continuous learning capabilities, OWLEYE designs the multi-domain multi-pattern dictionary learning to encode shared structural and attribute-based patterns. Third, for achieving the in-context learning ability, OWLEYE develops a truncated attention-based reconstruction module to robustly detect anomalies without requiring labeled data for unseen graph-structured data. Extensive experiments on real-world datasets demonstrate that OWLEYE achieves superior performance and generalizability compared to state-of-the-art baselines, establishing a strong foundation for scalable and label-efficient anomaly detection.

翻译：图数据能够有效表示复杂关系，例如账户间交易、设备间通信以及机器或进程间的依赖关系。相应地，图异常检测（GAD）在金融、网络安全、制造业等多个领域中发挥着识别异常的关键作用。面对大规模和多领域的图数据，新兴研究致力于开发能够无需重新训练即可检测未见图的异常的基础通用模型。据我们所知，跨领域图数据的不同特征语义和维度严重阻碍了图基础模型的发展，使得更深层次的持续学习和推理能力成为一个相当开放的问题。为此，我们提出OWLEYE，一种新颖的零样本GAD框架，通过三重贡献从多个图中学习可迁移的正常行为模式。首先，OWLEYE提出跨领域特征对齐模块以协调特征分布，在对齐过程中保留领域特定语义。其次，借助对齐特征，为赋予持续学习能力，OWLEYE设计了多领域多模式字典学习来编码共享的结构和属性模式。第三，为实现上下文学习能力，OWLEYE开发了基于截断注意力的重建模块，无需标记数据即可稳健地检测未见图结构数据中的异常。在真实数据集上的大量实验表明，与最先进的基线方法相比，OWLEYE实现了卓越的性能和泛化能力，为可扩展且标签高效的异常检测奠定了坚实基础。