Guardado en:
Detalles Bibliográficos
Autores principales: Balasubramanian, Prasasthy, Kankanamge, Dumindu, Gilman, Ekaterina, Oussalah, Mourad
Formato: Preprint
Publicado: 2025
Materias:
Acceso en línea:https://arxiv.org/abs/2509.00069
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
_version_ 1866914014245683200
author Balasubramanian, Prasasthy
Kankanamge, Dumindu
Gilman, Ekaterina
Oussalah, Mourad
author_facet Balasubramanian, Prasasthy
Kankanamge, Dumindu
Gilman, Ekaterina
Oussalah, Mourad
contents Conversational AI and Large Language Models (LLMs) have become powerful tools across domains, including cybersecurity, where they help detect threats early and improve response times. However, challenges such as false positives and complex model management still limit trust. Although Explainable AI (XAI) aims to make AI decisions more transparent, many security analysts remain uncertain about its usefulness. This study presents a framework that detects anomalies and provides high-quality explanations through visual tools BERTViz and Captum, combined with natural language reports based on attention outputs. This reduces manual effort and speeds up remediation. Our comparative analysis showed that RoBERTa offers high accuracy (99.6 %) and strong anomaly detection, outperforming Falcon-7B and DeBERTa, as well as exhibiting better flexibility than large-scale Mistral-7B on the HDFS dataset from LogHub. User feedback confirms the chatbot's ease of use and improved understanding of anomalies, demonstrating the ability of the developed framework to strengthen cybersecurity workflows.
format Preprint
id arxiv_https___arxiv_org_abs_2509_00069
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle AnomalyExplainer Explainable AI for LLM-based anomaly detection using BERTViz and Captum
Balasubramanian, Prasasthy
Kankanamge, Dumindu
Gilman, Ekaterina
Oussalah, Mourad
Machine Learning
Conversational AI and Large Language Models (LLMs) have become powerful tools across domains, including cybersecurity, where they help detect threats early and improve response times. However, challenges such as false positives and complex model management still limit trust. Although Explainable AI (XAI) aims to make AI decisions more transparent, many security analysts remain uncertain about its usefulness. This study presents a framework that detects anomalies and provides high-quality explanations through visual tools BERTViz and Captum, combined with natural language reports based on attention outputs. This reduces manual effort and speeds up remediation. Our comparative analysis showed that RoBERTa offers high accuracy (99.6 %) and strong anomaly detection, outperforming Falcon-7B and DeBERTa, as well as exhibiting better flexibility than large-scale Mistral-7B on the HDFS dataset from LogHub. User feedback confirms the chatbot's ease of use and improved understanding of anomalies, demonstrating the ability of the developed framework to strengthen cybersecurity workflows.
title AnomalyExplainer Explainable AI for LLM-based anomaly detection using BERTViz and Captum
topic Machine Learning
url https://arxiv.org/abs/2509.00069