Date of Award:
12-2024
Document Type:
Dissertation
Degree Name:
Doctor of Philosophy (PhD)
Department:
Computer Science
Committee Chair(s)
Shuhan Yuan
Committee
Shuhan Yuan
Committee
Curtis Dyreson
Committee
Mario Harper
Committee
Mahdi Nasrullah Al-Ameen
Committee
Kevin Moon
Abstract
Anomaly detection is crucial in fields like cybersecurity, healthcare, and finance, as it helps identify unusual or potentially harmful events in data. With the rise of deep learning, advanced models have been developed for anomaly detection, but they often operate as "black boxes" that lack transparency and can be susceptible to malicious attacks. My research addresses these issues by creating methods that make deep learning-based anomaly detection more understandable and by investigating how such models can be compromised by backdoor attacks.
To improve transparency, I propose three methods that explain how these models detect anomalies. The first method, called Anomalous Entry Detection in Sequential Data via Counterfactual Explanations (CFDet), explains which specific entries in a sequence are abnormal. The second method, Globally and Locally Explainable Anomaly Detection (GLEAD), uses an attention-based approach to explain why a model flags certain sequences as anomalies and offers insights into common patterns of anomalies across a dataset. The third method, Explainable Sequential Anomaly Detection via Prototypes (ESAD), describes anomalies by matching them to predefined examples, making results more understandable.
My research also examines how anomaly detection systems can be vulnerable to backdoor attacks, where a hidden trigger causes the model to overlook certain anomalies. I developed three types of attacks to test the robustness of these models. For example, one method, Blog, targets log analysis models, making it possible for attackers to hide malicious events in system logs. Another method, BadSVDD, compromises one-class detection models by embedding subtle alterations in data that evade detection. Lastly, BadSAD manipulates image anomaly detection models so they mistakenly identify certain abnormal images as normal when a hidden trigger is present.
This work highlights the need to strengthen security and transparency in deep learning-based anomaly detection models, contributing methods that explain model decisions and expose critical vulnerabilities to backdoor attacks. These advances help improve the reliability and trustworthiness of anomaly detection in real-world applications.
Recommended Citation
Cheng, He, "Interpretable and Robust Deep Anomaly Detection" (2024). All Graduate Theses and Dissertations, Fall 2023 to Present. 359.
https://digitalcommons.usu.edu/etd2023/359
Included in
Copyright for this work is retained by the student. If you have any questions regarding the inclusion of this work in the Digital Commons, please email us at .