Go to TMLR homepageIRL-GAD: Graph Anomaly Detection via Inverse Reinforcement Learning as Normality Modeling
Abstract: Most graph anomaly detection methods define anomaly as statistical outlier-ness in a fitted representation, a framing that faces a
specific weakness when adversaries position themselves close to normal nodes in feature space. We propose a behavioral
alternative: anomaly as deviation from an implicit policy governing the normal population. We recast each node's multi-hop
neighborhood as a trajectory in a Markov decision process (the Node-MDP), recover the reward driving normal demonstrations via
maximum-entropy inverse reinforcement learning (MaxEnt-GIRL), and score nodes by the KL divergence between their observed
aggregation policy and the soft-optimal policy induced by the recovered reward. The reward decomposes into structural, semantic,
and temporal components, yielding component-level interpretability of every detection. Theoretically, we establish reward
identifiability with a graph-specific strengthening, a finite-sample recovery bound, a camouflage detection margin under
a bounded threat model that holds adaptively within the budget against an omniscient adversary, a closed-form soft-value regret
bound, and a PAC-style bound on the deployed detector's false-positive rate. Across six benchmarks (homophilic, camouflaged, dynamic, large-scale), IRL-GAD improves on the strongest baseline by $+1.7$ AUC-ROC points on average and by $+2.3$ on YelpChi, with the learned reward transferring to anomaly types absent at training.
Submission Type: Long submission (more than 12 pages of main content)
Assigned Action Editor: ~Sheng_Li3
Submission Number: 8891
Loading