Characterizing anomalies for reliable machine learning

Files
LAU-DISSERTATION-2025.pdf (31.9 MB)
Author(s)
Lau, Matthew
Advisor(s)
Editor(s)
Associated Organization(s)
Organizational Unit
Organizational Unit
School of Computer Science
School established in 2007
Series
Collections
Theses and Dissertations
Supplementary to:
Permanent Link
https://hdl.handle.net/1853/78671
Abstract
Machine learning (ML) has had much success across a variety of domains and tasks over the past few decades. However, ML models often assume that test data statistically mirrors the training data, an assumption that fails in the presence of anomalies (i.e., test data that do not mirror training). Yet, scenarios that produce anomalies, such as cyber-attacks, are precisely the situations that can be safety- and security-critical. To ensure that ML models are reliable (i.e., they are accurate even when fed anomalies), we propose a framework to characterize anomalies and incorporate this characterization into the ML pipeline. We discuss how to use this framework for unknown and foreseeable types of anomalies, both of which we have no data for. For unknown anomalies, we characterize them as living in large open spaces and ensure that models are conservative in these open spaces. The presence of unknown anomalies is a key trait of anomaly detection. In these large open spaces, we bias neural networks to be conservative, classifying open spaces as anomalous. We show how to bias neural networks statistically and geometrically, incorporating reliability of neural networks in supervised, unsupervised and semi-supervised anomaly detection. For foreseeable anomalies, we aim to analyze and account for their pattern (known as signature) by feature engineering. Attacks on cyber-physical systems (CPSes) are anomalies that we can foresee due to attacks being constrained by the cyber or physical component. Here, we characterize each attack signature and ensure that the ML model accounts for it. We show that our approach is principled by evaluating with two case studies on (1) cyber-attacks against explainable anomaly detection on power grids and (2) physical adversarial attacks against aerial object detection. In the first case study, we design graph change statistics to localize attacked sensors with phase- and amplitude-based signatures. For the second case study, we remove image backgrounds and insert randomized patches during training to improve robustness against the on-manifold adversarial signatures of physical attacks. In these two cases, characterizing attack signatures with feature engineering ensures that ML models are accurate even during attacks. In summary, this thesis proposes a framework to characterize anomalies in ML. For unknown anomalies, we encourage ML models to be conservative in large open spaces. When more information is present, we can use feature engineering to account for signatures from foreseeable anomalies. Accounting for potential anomalies in both cases, we increase the reliability of ML.
Sponsor
Date
2025-07-15
Extent
Resource Type
Text
Resource Subtype
Dissertation
Rights Statement
Rights URI