{"ID":2896321,"CreatedAt":"2026-06-01T04:54:23.091178241Z","UpdatedAt":"2026-06-01T04:54:23.091178241Z","DeletedAt":null,"paper_url":"https://arxiv.org/abs/2507.08177","arxiv_id":"2507.08177","title":"Rethinking Spatio-Temporal Anomaly Detection: A Vision for Causality-Driven Cybersecurity","abstract":"As cyber-physical systems grow increasingly interconnected and spatially distributed, ensuring their resilience against evolving cyberattacks has become a critical priority. Spatio-Temporal Anomaly detection plays an important role in ensuring system security and operational integrity. However, current data-driven approaches, largely driven by black-box deep learning, face challenges in interpretability, adaptability to distribution shifts, and robustness under evolving system dynamics. In this paper, we advocate for a causal learning perspective to advance anomaly detection in spatially distributed infrastructures that grounds detection in structural cause-effect relationships. We identify and formalize three key directions: causal graph profiling, multi-view fusion, and continual causal graph learning, each offering distinct advantages in uncovering dynamic cause-effect structures across time and space. Drawing on real-world insights from systems such as water treatment infrastructures, we illustrate how causal models provide early warning signals and root cause attribution, addressing the limitations of black-box detectors. Looking ahead, we outline the future research agenda centered on multi-modality, generative AI-driven, and scalable adaptive causal frameworks. Our objective is to lay a new research trajectory toward scalable, adaptive, explainable, and spatially grounded anomaly detection systems. We hope to inspire a paradigm shift in cybersecurity research, promoting causality-driven approaches to address evolving threats in interconnected infrastructures.","short_abstract":"As cyber-physical systems grow increasingly interconnected and spatially distributed, ensuring their resilience against evolving cyberattacks has become a critical priority. Spatio-Temporal Anomaly detection plays an important role in ensuring system security and operational integrity. However, current data-driven appr...","url_abs":"https://arxiv.org/abs/2507.08177","url_pdf":"https://arxiv.org/pdf/2507.08177v1","authors":"[\"Arun Vignesh Malarkkan\",\"Haoyue Bai\",\"Xinyuan Wang\",\"Anjali Kaushik\",\"Dongjie Wang\",\"Yanjie Fu\"]","published":"2025-07-10T21:19:28Z","proceeding":"cs.LG","tasks":"[\"cs.LG\",\"cs.AI\",\"cs.ET\",\"cs.NE\"]","methods":"[]","has_code":false}