A GNN-Based Log Anomaly Detection Framework with Prompt Learning for Edge Computing

Graph Neural Networks (GNNs) have emerged as the state-of-the-art (SOTA) method for graph-based learning tasks. However, it still remains prohibitively challenging to inference GNNs over large graph datasets, limiting their application to large-scale real-world tasks. While end-to-end jointly optimizing GNNs and their accelerators is promising in boosting GNNs' inference efficiency and expediting the design process, it is still underexplored due to the vast and distinct design spaces of GNNs and their accelerators. In this work, we propose G-CoS, a GNN and accelerator co-search framework that can automatically search for matched GNN structures and accelerators to maximize both task accuracy and acceleration efficiency. Specifically, GCoS integrates two major enabling components: (1) a generic GNN accelerator search space which is applicable to various GNN structures and (2) a one-shot GNN and accelerator co-search algorithm that enables simultaneous and efficient search for optimal GNN structures and their matched accelerators. To the best of our knowledge, G-CoS is the first co-search framework for GNNs and their accelerators. Extensive experiments and ablation studies show that the GNNs and accelerators generated by G-CoS consistently outperform SOTA GNNs and GNN accelerators in terms of both task accuracy and hardware efficiency, while only requiring a few hours for the end-to-end generation of the best matched GNNs and their accelerators.

FIAD: Graph anomaly detection framework based feature injection

Unsupervised anomaly detection using graph neural networks integrated with physical-statistical feature fusion and local-global learning

Traffic flow prediction remains a cornerstone of intelligent transportation systems (ITS), facilitating congestion mitigation, route optimization, and sustainable urban planning. Graph Neural Networks (GNNs) have revolutionized this domain by adeptly modeling the intricate graph-structured nature of traffic networks, where nodes represent sensors or intersections and edges denote spatial relationships. Recent years (2023–2025) have witnessed a surge in scientific innovation, with several novel approaches pushing the boundaries of traffic prediction accuracy and robustness. Notably, hybrid GNN-Transformer architectures have emerged, leveraging the spatial reasoning of GNNs and the temporal sequence modeling power of Transformers to capture long-range dependencies and complex spatiotemporal patterns. Physics-informed GNNs integrate domain knowledge, such as conservation laws and traffic flow theory, directly into the learning process, enhancing interpretability and generalization to unseen scenarios. Uncertainty-aware frameworks, including Bayesian GNNs and ensemble methods, provide probabilistic forecasts, crucial for risk-sensitive applications and adaptive traffic management in volatile urban environments. This article provides a comprehensive guide to implementing GNNs for traffic flow prediction, detailing best practices in data preparation (e.g., graph construction, feature engineering, handling missing data), model training (e.g., loss functions, regularization, hyperparameter tuning), and real-time deployment (e.g., edge computing, latency optimization). We critically compare GNNs to traditional statistical and deep learning methods, highlighting their superior ability to capture non-Euclidean spatial dependencies, adapt to dynamic and evolving network topologies, and seamlessly integrate multi-modal data sources such as weather, events, and sensor readings. Empirical evidence from widely used benchmarks, including PeMS and METR-LA, demonstrates that state-of-the-art GNN models achieve up to 15–20 % improvements in accuracy metrics such as Mean Absolute Error (MAE) and Root Mean Square Error (RMSE) over conventional baselines. These gains are attributed to the models’ capacity for dynamic graph learning, attention-based feature selection, and robust handling of heterogeneous data. Drawing on these recent innovations, this synthesis highlights GNNs' pivotal role in fostering resilient, AI-driven traffic systems for future smart cities, setting the stage for next-generation ITS solutions that are adaptive, interpretable, and scalable. In addition to these advancements, the integration of real-time sensor data and external information sources has further improved the responsiveness of traffic prediction models. Modern GNN frameworks are capable of handling large-scale urban networks, making them suitable for deployment in metropolitan areas with complex road infrastructures. The use of transfer learning and domain adaptation techniques allows models trained in one city to be effectively applied to others, reducing the need for extensive retraining. Furthermore, explainable AI approaches within GNNs are gaining traction, enabling stakeholders to understand and trust model decisions in critical traffic management scenarios. Recent research also explores the fusion of GNNs with reinforcement learning, enabling adaptive control strategies for traffic signals and congestion pricing. The scalability of GNNs ensures that they can process data from thousands of sensors in real time, supporting city-wide traffic optimization. Advances in hardware acceleration, such as GPU and edge computing, have made it feasible to deploy these models in latency-sensitive environments. Collaborative efforts between academia, industry, and government agencies are driving the adoption of GNN-based solutions in smart city initiatives. As urban mobility continues to evolve, the ability of GNNs to incorporate emerging data modalities, such as connected vehicle telemetry and mobile device traces, will be crucial for future developments. The ongoing refinement of model architectures and training protocols promises even greater accuracy and robustness in traffic flow prediction. Ultimately, the convergence of GNNs with other AI technologies is set to transform intelligent transportation systems, paving the way for safer, more efficient, and sustainable urban mobility.

Two-stage coarse-to-fine image anomaly segmentation and detection model

The rapid evolution of cloud and edge computing has redefined how data-intensive applications are developed and deployed, with Function-as-a-Service (FaaS) playing a pivotal role in this transformation. FaaS provides a serverless model where functions are executed in response to specific events, offering developers automatic scalability, high availability, and reduced infrastructure management overhead. The latest release of ComFaaS brings substantial improvements in flexibility, scalability, security, and ease of use. It introduces a dynamic architecture that enables FaaS applications to be added and executed at runtime, without the need to modify the core system, streamlining feature integration and enhancing scalability. ComFaaS also includes dynamic load balancing, which intelligently distributes workloads between edge and cloud environments, ensuring that tasks always benefit from the most efficient computing resources available. This hybrid approach allows edge and cloud computing to complement each other, resulting in optimized performance tailored to the specific needs of each application. The fully functional release of ComFaaS now delivers a powerful and adaptable solution for modern FaaS deployments, offering a secure and scalable platform for both cloud and edge environments.

Anomaly detection aims to identify abnormal instances that significantly deviate from normal samples. With the natural connectivity between instances in the real world, graph neural networks have become increasingly important in solving anomaly detection problems. However, existing research mainly focuses on static graphs, while there is less research on mining anomaly patterns in dynamic graphs, which has important application value. This paper proposes a Transformer-based semi-supervised anomaly detection framework for dynamic graphs. The framework adopts the Transformer architecture as the core encoder, which can effectively capture long-range dependencies and complex temporal patterns between nodes in dynamic graphs. By introducing time-aware attention mechanisms, the model can adaptively focus on important information at different time steps, thereby better understanding the evolution process of graph structures. The multi-head attention mechanism of Transformer enables the model to simultaneously learn structural and temporal features of nodes, while positional encoding helps the model understand periodic patterns in time series. Comprehensive experiments on three real datasets show that TSAD significantly outperforms existing methods in anomaly detection accuracy, particularly demonstrating excellent performance in label-scarce scenarios.

Graph Neural Networks (GNNs) are state-of-the-art models for performing prediction tasks on graphs. While existing GNNs have shown great performance on various tasks related to graphs, little attention has been paid to the scenario where out-of-distribution (OOD) nodes exist in the graph during training and inference. Borrowing the concept from CV and NLP, we define OOD nodes as nodes with labels unseen from the training set. Since a lot of networks are automatically constructed by programs, real-world graphs are often noisy and may contain nodes from unknown distributions. In this work, we define the problem of graph learning with out-of-distribution nodes. Specifically, we aim to accomplish two tasks: 1) detect nodes which do not belong to the known distribution and 2) classify the remaining nodes to be one of the known classes. We demonstrate that the connection patterns in graphs are informative for outlier detection, and propose Out-of-Distribution Graph Attention Network (OODGAT), a novel GNN model which explicitly models the interaction between different kinds of nodes and separate inliers from outliers during feature propagation. Extensive experiments show that OODGAT outperforms existing outlier detection methods by a large margin, while being better or comparable in terms of in-distribution classification.

Time series forecasting with additional spatial de-pendencies has attracted a tremendous amount of research interest in social sciences, due to its importance in modern real-world applications. The Graph Neural Networks (GNN) is one of the most exciting deep learning techniques among these spatio-temporal modeling approaches. Most existing spatio-temporal GNN frameworks are based on a two-step modeling process. In such scenario, spatial and temporal dependencies are modeled in separate steps, which lead to problems such as complex architecture design, hard to scale, etc. Targeting the shortcomings of existing studies, we take both spatial and temporal dependencies from another perspective, and consider them as two heterogeneous types of edges in the graph. We propose a unified spatio-temporal GNN framework that captures both dependencies in a single step. More specifically, for each node in the graph, a unified neural network component is designed to simultaneously extract information from its sur-rounding neighbors (spatial) and its past records (temporal), which enables much easier dependency aggregation with faster execution. Experiment results demonstrate the superiority of the proposed framework over state-of-the-art (SOTA) baselines on various applications, including modeling smart cities and data-driven political science research.

In this study, we propose a novel anomaly detection framework designed specifically for Multivariate Time Series (MTS) data, addressing the prevalent challenges in analyzing such complex datasets. The detection of anomalies within MTS data is notably difficult due to the complex interplay of numerous variables, temporal dependencies, and the common issue of class imbalance, where one category significantly outnumbers another. Traditional deep learning (DL) approaches often fall short in simultaneously tackling these issues. Our framework is designed to address these challenges through a two-phased approach. Phase I employs Conditional Tabular Generative Adversarial Networks (CTGAN) to create strategic synthetic data, setting the stage for Phase II, which utilizes a hybrid DL architecture. This architecture combines Gated Recurrent Units (GRU), Temporal Convolutional Networks (TCN), and an Attention Mechanism, significantly improving the detection of anomalies. Our approach is tailored to overcome the hurdles of class imbalance — using strategic data augmentation in Phase I — and to address the intricacies of variable interactions and long-term temporal dependencies through a hybrid DL model in Phase II. The efficacy of our framework is demonstrated through the Controlled Anomaly Time Series (CATS) dataset, notable for its complexity with over 5 million timestamps, 17 features, and a marked class imbalance. Our methodology distinguishes itself by detecting subtle anomalies, capturing long-range dependencies more effectively, and enhancing interpretability through the visualization of attention weights. Furthermore, our anomaly detection framework is both scalable and adaptable across different domains, marking a considerable improvement over existing methods. A performance comparison with other models, including standalone GRU, TCN, combined GRU-TCN, and GRU-TCN with Attention, showcases the superior capability of our framework, particularly in managing the intricacies and rarity of anomalies in the CATS dataset. This framework not only addresses the challenges of data imbalance and complexity inherent in MTS datasets but also harnesses the strengths of various DL architectures to provide an effective anomaly detection solution. Our contribution promises significant advancements in the accuracy, reliability, and interpretability of anomaly detection models, representing a major leap forward in this domain.

Field-programmable gate arrays (FPGAs) are an ideal candidate for accelerating graph neural networks (GNNs). However, the FPGA redeployment process is time-consuming when updating or switching between diverse GNN models across different applications. Existing GNN processors eliminate the need for FPGA redeployment when switching between different GNN models. However, adapting matrix multiplication types by switching processing units decreases hardware utilization. In addition, the bandwidth of DDR limits further improvements in hardware performance. This article proposes a highly flexible FPGA-based overlay processor for GNN accelerations. Graph-OPU provides excellent flexibility and programmability for users, as the executable code of GNN models is automatically compiled and reloaded without requiring FPGA redeployment. First, we customize the compiler and instruction sets for the inference process of different GNN models. Second, we customize the datapath and optimize the data format in the microarchitecture to fully leverage the advantages of high bandwidth memory (HBM). Third, we design a unified matrix multiplication to handle both sparse-dense matrix multiplication (SpMM) and general matrix multiplication (GEMM), enhancing Graph-OPU performance. During Graph-OPU execution, the computational units are shared between SpMM and GEMM instead of being switched, which improves the hardware utilization. Finally, we implement a hardware prototype on the Xilinx Alveo U50 and test the mainstream GNN models using various datasets. Experimental results show that Graph-OPU achieves up to 1,654 \(\times\) and 63 \(\times\) speedup, as well as up to 5,305 \(\times\) and 422 \(\times\) energy efficiency boosts, compared to implementations on CPU and GPU, respectively. Graph-OPU outperforms state-of-the-art (SOTA) end-to-end overlay accelerators for GNN, reducing latency by an average of 1.36 \(\times\) and improving energy efficiency by 1.41 \(\times\) on average. Moreover, Graph-OPU exhibits an average 1.45 \(\times\) speed improvement in end-to-end latency over the SOTA GNN processor. Graph-OPU represents an in-depth study of an FPGA-based overlay processor for GNNs, offering high flexibility, speedup, and energy efficiency.

Cutting-edge platforms of graph neural networks (GNNs), such as DGL and PyG, harness the parallel processing power of GPUs to extract structural information from graph data, achieving state-of-the-art (SOTA) performance in fields such as recommendation systems, knowledge graphs, and bioinformatics. Despite the computational advantages provided by GPUs, these GNN platforms struggle with scalability challenges due to the colossal graphical structures processed and the limited memory capacities of GPUs. In response, this work introduces Capsule, a new out-of-core mechanism for large-scale GNN training. Unlike existing out-of-core GNN systems, which use main or secondary memory as operative memory and use CPU kernels during non-backpropagation computation, Capsule uses GPU memory and GPU kernels. By substantially leveraging the parallelization capabilities of GPUs, Capsule significantly enhances GNN training efficiency. In addition, Capsule can be smoothly integrated to mainstream open-source GNN frameworks, DGL and PyG, in a play-and-plug manner. Through a prototype implementation and comprehensive experiments on real datasets, we demonstrate that Capsule can achieve up to a 12.02× improvement in runtime efficiency, while using only 22.24% of the main memory, compared to SOTA out-of-core GNN systems.

Graph neural network (GNN) ushered in a new era of machine learning with interconnected datasets. While traditional neural networks can only be trained on independent samples, GNN allows for the inclusion of intersample interactions in the training process. This gain, however, incurs additional memory cost, rendering most GNNs unscalable for real-world applications involving vast and complicated networks with tens of millions of nodes (e.g., social circles, web graphs, and brain graphs). This means that storing the graph in the main memory can be difficult, let alone training the GNN model with significantly less GPU memory. While much of the recent literature has focused on either mini-batching GNN methods or quantization, graph reduction methods remain largely scarce. Furthermore, present graph reduction approaches have several drawbacks. First, most graph reduction focuses only on the inference stage (e.g., condensation, pruning, and distillation) and requires full graph GNN training, which does not reduce training memory footprint. Second, many methods focus solely on the graph's structural aspect, ignoring the initial population feature-label distribution, resulting in a skewed postreduction label distribution. Here, we propose a feature-label constrained graph net collapse (FALCON) to address these limitations. Our three core contributions lie in: 1) designing FALCON, a topology-aware graph reduction technique that preserves feature-label distribution by introducing a K-means clustering with a novel dimension-normalized Euclidean distance; 2) implementation of FALCON with other state-of-the-art (SOTA) memory reduction methods (i.e., mini-batched GNN and quantization) for further memory reduction; and 3) extensive benchmarking and ablation studies against SOTA methods to evaluate FALCON memory reduction. Our comprehensive results show that FALCON can significantly collapse various public datasets (e.g., PPI and Flickr to as low as 34% of the total nodes) while keeping equal prediction quality across GNN models. Our FALCON code is available at https://github.com/basiralab/FALCON.

The field of cybersecurity is changing dramatically in this dynamic age of digital revolution. This work on Anomaly Detection in Cybersecurity using Graph- Based Approaches represents a ground- breaking project that uses Graph Neural Networks' (GNNs'), Graph-Based Behavioural Anomaly Detection (GBBAD), Behavioural Identification Graph (BIG) and Graph-Based Botnet Detection (GBBD) capabilities to revolutionize the way we defend our digital borders. The discovery signifies a noteworthy progress in uncovering abnormalities. The precision and flexibility of this system has been emphasized by the ability to identify minute anomalies within intricate network interactions. Graph based techniques locating nodes or edges diverging from the normal behaviour of a graph carry out anomaly detection on graphs. There are several cyber security threats including fraud, malware incursions and network attacks that can be detected using graph-based anomaly detection methods. However, there are still some areas that need more attention. For instance, one possibility is to utilize the graph-based algorithms for pre-filtering alerts from firewalls and other cybersecurity systems. Such development would significantly reduce the workload for security analysts as well as improve overall security posture. In this research work an overview of current methods of detecting anomalies on cyber security using graphs has been presented. Key Words: Graph-Based Anomaly Detection (GBAD), Graph Neural Networks (GNNs), Graph-Based Behavioural Anomaly Detection (GBBAD), Graph-Based Botnet Detection (GBBD), Types of Anomalies, Availabilities of Data Levels.

Blockchain technology has gained significant attention as a secure and decentralized platform for various applications. However, the immutable and distributed nature of blockchain also presents unique challenges for detecting anomalies and suspicious activities within the network. This research paper proposes a novel approach to anomaly detection in blockchain using machine learning techniques. The goal of this study is to develop an effective and scalable anomaly detection framework that can analyze the vast amount of data generated within a blockchain network and identify irregularities or potential security threats. The proposed framework leverages the power of machine learning algorithms to learn patterns, relationships, and behaviours from historical blockchain data, enabling the detection of anomalous activities in real time.The research paper first focuses on feature extraction techniques tailored specifically for blockchain data. These techniques consider key characteristics of blockchain transactions, such as transaction size, timestamp, and involved addresses, to construct meaningful features that capture the underlying patterns and trends. Various dimensionality reduction techniques are also explored to handle the high-dimensional nature of blockchain data.Subsequently, several machine learning algorithms, including clustering, classification, and anomaly detection methods, are employed to train models using the extracted features. The performance of different algorithms is evaluated using benchmark datasets and real-world blockchain data to assess their accuracy, precision, and recall in detecting anomalies. Additionally, the scalability of the proposed framework is investigated to ensure its effectiveness in large-scale blockchain networks.Furthermore, the research paper investigates the integration of domain-specific knowledge, such as known attack patterns and regulatory compliance rules, into the anomaly detection framework. This hybrid approach combines the strengths of machine learning algorithms with expert knowledge to enhance the accuracy and interpretability of anomaly detection results.The experimental results demonstrate that the proposed anomaly detection framework achieves promising performance in identifying various types of anomalies in blockchain data. It exhibits high detection rates while minimizing false positives, thereby providing valuable insights for blockchain network administrators and regulators to mitigate security risks and safeguard the integrity of blockchain systems. In conclusion, this research paper presents an innovative approach to anomaly detection in blockchain using machine learning. The proposed framework addresses the unique challenges posed by blockchain's decentralized and immutable nature, offering an effective solution for detecting suspicious activities and ensuring the security of blockchain networks. The findings of this study contribute to the growing field of blockchain analytics and have significant implications for real-world blockchain applications in domains such as finance, supply chain management, and healthcare.