Detect by Yourself: Self-Designing Agentic Workflows for Few-Shot Graph Anomaly Detection

SignGAD introduces a novel framework for graph anomaly detection that dynamically designs task-specific workflows rather than relying on fixed detection pipelines. The approach combines self-designing agentic workflows with a guarded refit strategy to improve detection accuracy in few-shot learning scenarios, addressing longstanding limitations in identifying anomalous nodes within attributed graphs.

Graph anomaly detection represents a critical challenge in machine learning, particularly for identifying suspicious patterns in networked data across fraud detection, cybersecurity, and financial monitoring applications. Traditional methods employ fixed detection architectures that struggle to adapt when labeled training data is scarce and graph structures vary significantly across domains. SignGAD addresses this limitation by introducing an adaptive paradigm that shifts from static model training to dynamic workflow construction, allowing the framework to select appropriate graph encodings and detector designs based on specific task characteristics.

The framework's innovation lies in its ability to generate contextually-aware detection workflows that explicitly incorporate both structural and contextual anomaly signals. Rather than forcing a single detector architecture across diverse scenarios, SignGAD evaluates multiple encoding and detection combinations, identifying the most suitable configuration for each particular graph structure. This adaptability proves especially valuable in few-shot scenarios where labeled anomalies are limited, making traditional supervised approaches unreliable.

The guarded final refit strategy represents another significant contribution, introducing a calibration mechanism that refines selected workflows while maintaining reliability despite sparse supervision. This addresses a persistent challenge in anomaly detection: preventing overfitting to limited training examples while preserving generalization capacity.

For practitioners in fraud detection, cybersecurity, and financial networks, this approach offers tangible benefits through improved detection accuracy and adaptability across diverse graph topologies. The framework's demonstrated performance improvements over state-of-the-art methods suggest practical applicability in production environments requiring robust anomaly identification with minimal labeled data.

• →SignGAD replaces fixed anomaly detection pipelines with dynamically designed task-specific workflows that adapt to different graph structures.
• →The framework explicitly incorporates structural and contextual anomaly signals through selective graph encoding and detector design choices.
• →A guarded refit strategy calibrates workflow refinement to enhance reliability in few-shot learning scenarios with limited labeled data.
• →Experimental results demonstrate superior performance compared to existing graph anomaly detection methods across real-world datasets.
• →The approach addresses critical challenges in fraud detection, cybersecurity, and financial monitoring where anomalous node identification is essential.