Anomaly detection is a critical task in cybersecurity, where identifying insider threats, access violations, and coordinated attacks is essential for ensuring system resilience. Graph-based approaches have become increasingly important for modeling entity interactions, yet most rely on homogeneous and static structures, which limits their ability to capture the heterogeneity and temporal evolution of real-world environments. Heterogeneous Graph Neural Networks (HGNNs) have emerged as a promising paradigm for anomaly detection by incorporating type-aware transformations and relation-sensitive aggregation, enabling more expressive modeling of complex cyber data. However, current research on HGNN-based anomaly detection remains fragmented, with diverse modeling strategies, limited comparative evaluation, and an absence of standardized benchmarks. To address this gap, we provide a comprehensive survey of HGNN-based anomaly detection methods in cybersecurity. We introduce a taxonomy that classifies approaches by anomaly type and graph dynamics, analyze representative models, and map them to key cybersecurity applications. We also review commonly used benchmark datasets and evaluation metrics, highlighting their strengths and limitations. Finally, we identify key open challenges related to modeling, data, and deployment, and outline promising directions for future research. This survey aims to establish a structured foundation for advancing HGNN-based anomaly detection toward scalable, interpretable, and practically deployable solutions.

翻译：异常检测是网络安全中的关键任务，识别内部威胁、访问违规和协同攻击对于确保系统弹性至关重要。基于图的方法在建模实体交互方面变得越来越重要，但大多数方法依赖同质静态结构，这限制了其捕捉现实环境中异质性和时序演化的能力。异构图神经网络（HGNNs）通过引入类型感知变换和关系敏感聚合，成为一种有前景的异常检测范式，能够对复杂网络数据进行更具表达力的建模。然而，当前基于HGNN的异常检测研究仍然零散，建模策略多样、比较评估有限且缺乏标准化基准。为填补这一空白，我们对网络安全中基于HGNN的异常检测方法进行了全面综述。我们提出了一种按异常类型和图动态分类方法的分类体系，分析了代表性模型，并将其映射到关键网络安全应用。我们还回顾了常用的基准数据集和评估指标，突出其优势与局限性。最后，我们明确了与建模、数据和部署相关的关键开放挑战，并概述了未来研究的有前景方向。本综述旨在为推进基于HGNN的异常检测走向可扩展、可解释且实际可部署的解决方案建立结构化基础。