AnomalyAID: Reliable Interpretation for Semi-supervised Network Anomaly Detection

• URL: http://arxiv.org/abs/2411.11293v2
• Date: Mon, 24 Feb 2025 04:27:28 GMT
• Title: AnomalyAID: Reliable Interpretation for Semi-supervised Network Anomaly Detection
• Authors: Yachao Yuan, Yu Huang, Jin Wang,
• Abstract summary: Semi-supervised learning plays a crucial role in network anomaly detection applications.<n>The lack of interpretability creates key barriers to the adoption of semi-supervised frameworks in practice.<n>We propose AnomalyAID to make the anomaly detection process interpretable and improve the reliability of interpretation results.
• Score: 5.587032325025624
• License: http://creativecommons.org/licenses/by-sa/4.0/
• Abstract: Semi-supervised Learning plays a crucial role in network anomaly detection applications, however, learning anomaly patterns with limited labeled samples is not easy. Additionally, the lack of interpretability creates key barriers to the adoption of semi-supervised frameworks in practice. Most existing interpretation methods are developed for supervised/unsupervised frameworks or non-security domains and fail to provide reliable interpretations. In this paper, we propose AnomalyAID, a general framework aiming to (1) make the anomaly detection process interpretable and improve the reliability of interpretation results, and (2) assign high-confidence pseudo labels to unlabeled samples for improving the performance of anomaly detection systems with limited supervised data. For (1), we propose a novel interpretation approach that leverages global and local interpreters to provide reliable explanations, while for (2), we design a new two-stage semi-supervised learning framework for network anomaly detection by aligning both stages' model predictions with special constraints. We apply AnomalyAID over two representative network anomaly detection tasks and extensively evaluate AnomalyAID with representative prior works. Experimental results demonstrate that AnomalyAID can provide accurate detection results with reliable interpretations for semi-supervised network anomaly detection systems. The code is available at: https://github.com/M-Code-Space/AnomalyAID.

Related papers

• Lie Detector: Unified Backdoor Detection via Cross-Examination Framework [68.45399098884364]
  We propose a unified backdoor detection framework in the semi-honest setting. Our method achieves superior detection performance, improving accuracy by 5.4%, 1.6%, and 11.9% over SoTA baselines. Notably, it is the first to effectively detect backdoors in multimodal large language models.
  arXiv  Detail & Related papers  (2025-03-21T06:12:06Z)
• Robust Distribution Alignment for Industrial Anomaly Detection under Distribution Shift [51.24522135151649]
  Anomaly detection plays a crucial role in quality control for industrial applications. Existing methods attempt to address domain shifts by training generalizable models. Our proposed method demonstrates superior results compared with state-of-the-art anomaly detection and domain adaptation methods.
  arXiv  Detail & Related papers  (2025-03-19T05:25:52Z)
• GeneralAD: Anomaly Detection Across Domains by Attending to Distorted Features [68.14842693208465]
  GeneralAD is an anomaly detection framework designed to operate in semantic, near-distribution, and industrial settings. We propose a novel self-supervised anomaly generation module that employs straightforward operations like noise addition and shuffling to patch features. We extensively evaluated our approach on ten datasets, achieving state-of-the-art results in six and on-par performance in the remaining.
  arXiv  Detail & Related papers  (2024-07-17T09:27:41Z)
• CL-Flow:Strengthening the Normalizing Flows by Contrastive Learning for Better Anomaly Detection [1.951082473090397]
  We propose a self-supervised anomaly detection approach that combines contrastive learning with 2D-Flow. Compared to mainstream unsupervised approaches, our self-supervised method demonstrates superior detection accuracy, fewer additional model parameters, and faster inference speed. Our approach showcases new state-of-the-art results, achieving a performance of 99.6% in image-level AUROC on the MVTecAD dataset and 96.8% in image-level AUROC on the BTAD dataset.
  arXiv  Detail & Related papers  (2023-11-12T10:07:03Z)
• Conservative Prediction via Data-Driven Confidence Minimization [70.93946578046003]
  In safety-critical applications of machine learning, it is often desirable for a model to be conservative. We propose the Data-Driven Confidence Minimization framework, which minimizes confidence on an uncertainty dataset.
  arXiv  Detail & Related papers  (2023-06-08T07:05:36Z)
• Ambiguity-Resistant Semi-Supervised Learning for Dense Object Detection [98.66771688028426]
  We propose a Ambiguity-Resistant Semi-supervised Learning (ARSL) for one-stage detectors. Joint-Confidence Estimation (JCE) is proposed to quantifies the classification and localization quality of pseudo labels. ARSL effectively mitigates the ambiguities and achieves state-of-the-art SSOD performance on MS COCO and PASCAL VOC.
  arXiv  Detail & Related papers  (2023-03-27T07:46:58Z)
• Self-Supervised and Interpretable Anomaly Detection using Network Transformers [1.0705399532413615]
  This paper introduces the Network Transformer (NeT) model for anomaly detection. NeT incorporates the graph structure of the communication network in order to improve interpretability. The presented approach was tested by evaluating the successful detection of anomalies in an Industrial Control System.
  arXiv  Detail & Related papers  (2022-02-25T22:05:59Z)
• Benchmarking Deep Models for Salient Object Detection [67.07247772280212]
  We construct a general SALient Object Detection (SALOD) benchmark to conduct a comprehensive comparison among several representative SOD methods. In the above experiments, we find that existing loss functions usually specialized in some metrics but reported inferior results on the others. We propose a novel Edge-Aware (EA) loss that promotes deep networks to learn more discriminative features by integrating both pixel- and image-level supervision signals.
  arXiv  Detail & Related papers  (2022-02-07T03:43:16Z)
• UN-AVOIDS: Unsupervised and Nonparametric Approach for Visualizing Outliers and Invariant Detection Scoring [2.578242050187029]
  UN-AVOIDS is an unsupervised and nonparametric approach for both visualization (a human process) and detection (an algorithmic process) of outliers. It transforms data into a new space, which is introduced in this paper as neighborhood cumulative density function (NCDF) In terms of AUC, UN-AVOIDS was almost an overall winner.
  arXiv  Detail & Related papers  (2021-11-19T02:31:06Z)
• Enhancing Unsupervised Anomaly Detection with Score-Guided Network [13.127091975959358]
  Anomaly detection plays a crucial role in various real-world applications, including healthcare and finance systems. We propose a novel scoring network with a score-guided regularization to learn and enlarge the anomaly score disparities between normal and abnormal data. We next propose a score-guided autoencoder (SG-AE), incorporating the scoring network into an autoencoder framework for anomaly detection.
  arXiv  Detail & Related papers  (2021-09-10T06:14:53Z)
• Exploring Robustness of Unsupervised Domain Adaptation in Semantic Segmentation [74.05906222376608]
  We propose adversarial self-supervision UDA (or ASSUDA) that maximizes the agreement between clean images and their adversarial examples by a contrastive loss in the output space. This paper is rooted in two observations: (i) the robustness of UDA methods in semantic segmentation remains unexplored, which pose a security concern in this field; and (ii) although commonly used self-supervision (e.g., rotation and jigsaw) benefits image tasks such as classification and recognition, they fail to provide the critical supervision signals that could learn discriminative representation for segmentation tasks.
  arXiv  Detail & Related papers  (2021-05-23T01:50:44Z)
• WSSOD: A New Pipeline for Weakly- and Semi-Supervised Object Detection [75.80075054706079]
  We propose a weakly- and semi-supervised object detection framework (WSSOD) An agent detector is first trained on a joint dataset and then used to predict pseudo bounding boxes on weakly-annotated images. The proposed framework demonstrates remarkable performance on PASCAL-VOC and MSCOCO benchmark, achieving a high performance comparable to those obtained in fully-supervised settings.
  arXiv  Detail & Related papers  (2021-05-21T11:58:50Z)
• Uncertainty-Aware Deep Calibrated Salient Object Detection [74.58153220370527]
  Existing deep neural network based salient object detection (SOD) methods mainly focus on pursuing high network accuracy. These methods overlook the gap between network accuracy and prediction confidence, known as the confidence uncalibration problem. We introduce an uncertaintyaware deep SOD network, and propose two strategies to prevent deep SOD networks from being overconfident.
  arXiv  Detail & Related papers  (2020-12-10T23:28:36Z)
• ESAD: End-to-end Deep Semi-supervised Anomaly Detection [85.81138474858197]
  We propose a new objective function that measures the KL-divergence between normal and anomalous data. The proposed method significantly outperforms several state-of-the-arts on multiple benchmark datasets.
  arXiv  Detail & Related papers  (2020-12-09T08:16:35Z)
• Dependency-based Anomaly Detection: a General Framework and Comprehensive Evaluation [33.31923133201812]
  This paper introduces Dependency-based Anomaly Detection (DepAD) DepAD reframes unsupervised anomaly detection as supervised feature selection and prediction tasks. Two DepAD algorithms emerge as all-rounders and superior performers in handling a wide range of datasets.
  arXiv  Detail & Related papers  (2020-11-13T01:39:44Z)
• DNS Covert Channel Detection via Behavioral Analysis: a Machine Learning Approach [0.09176056742068815]
  We propose an effective covert channel detection method based on the analysis of DNS network data passively extracted from a network monitoring system. The proposed solution has been evaluated over a 15-day-long experimental session with the injection of traffic that covers the most relevant exfiltration and tunneling attacks.
  arXiv  Detail & Related papers  (2020-10-04T13:28:28Z)
• Anomaly Detection by One Class Latent Regularized Networks [36.67420338535258]
  Semi-supervised Generative Adversarial Networks (GAN)-based methods have been gaining popularity in anomaly detection task recently. A novel adversarial dual autoencoder network is proposed, in which the underlying structure of training data is captured in latent feature space. Experiments show that our model achieves the state-of-the-art results on MNIST and CIFAR10 datasets as well as GTSRB stop signs dataset.
  arXiv  Detail & Related papers  (2020-02-05T02:21:52Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.