The schematic diagram of spatiotemporal graph network based on CTDHG. (a) Continuous-time dynamic heterogeneous graph construction. The green node is the destination node, and the yellow and orange are different types of source nodes connected to the destination node. The solid and dashed lines represent two different types of edge connections. (b) Input the graph data into periodic and time linear function to obtain time embedding. (c) The data integrating graph data and time embedding is input into the behaviour embedding computing layers (CDHGN layers): (i) the destination node is mapped through Q-linear-node. (ii) The node features of the source node are mapped with K-linear-node and V-linear-node, respectively. (iii) The edge features of the source node are mapped with K-linear-edge and V-linear-edge, respectively. Assign different weights according to different node types and edge types. Use the self-attention mechanism to learn the adjacency information that contributes the most to downstream tasks, and aggregate the adjacency information to obtain the best embedding representation. (d) Input the embedding representation into the anomaly detection module in decoder. In the training phase, backpropagation is performed through the loss function to update the model parameters; in the testing phase, the anomaly detection results are obtained through the linear layer and SoftMax layer.