<p>This paper proposes a human-centered explainable artificial intelligence pipeline for anomaly detection, designed to generate meaningful, context-aware explanations using local large language models. The proposed pipeline translates model outputs and SHAP-based feature attributions into natural language explanations for cybersecurity alerts generated by an autoencoder within an enterprise network. It incorporates a human-in-the-loop component to ground the explanations in validated expert knowledge, enhancing their interpretability and alignment with human decision-making processes. Using a rubric-driven LLM-as-a-Judge evaluation, we benchmark several large language models and show that as smaller models receive more contextual grounding through human-in-the-loop, their explanatory performance improves significantly, narrowing the gap with larger models while maintaining substantially lower computational demands. Our approach provides targeted, context-aware explanations designed to meet the cognitive and operational needs of security analysts, contributing to more ethical, trustworthy, and resource-efficient AI integration in critical cybersecurity environments.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Toward Human-Centered Explainability: Natural Language Explanations for Anomaly Detection

  • Héctor Padín-Torrente,
  • Victor Carneiro-Diaz,
  • Ines Ortega-Fernandez

摘要

This paper proposes a human-centered explainable artificial intelligence pipeline for anomaly detection, designed to generate meaningful, context-aware explanations using local large language models. The proposed pipeline translates model outputs and SHAP-based feature attributions into natural language explanations for cybersecurity alerts generated by an autoencoder within an enterprise network. It incorporates a human-in-the-loop component to ground the explanations in validated expert knowledge, enhancing their interpretability and alignment with human decision-making processes. Using a rubric-driven LLM-as-a-Judge evaluation, we benchmark several large language models and show that as smaller models receive more contextual grounding through human-in-the-loop, their explanatory performance improves significantly, narrowing the gap with larger models while maintaining substantially lower computational demands. Our approach provides targeted, context-aware explanations designed to meet the cognitive and operational needs of security analysts, contributing to more ethical, trustworthy, and resource-efficient AI integration in critical cybersecurity environments.