Anomaly detection and its explanation is important in many research areas such as intrusion detection, fraud detection, unknown attack detection in network traffic and logs. It is challenging to identify the cause or explanation of why one instance is an anomaly? and the other is not due to its unbounded and lack of supervisory nature. The answer to this question is possible with the emerging technique of explainable artificial intelligence (XAI). XAI provides tools and techniques to interpret and explain the output and working of complex models such as Deep Learning (DL). This paper aims to detect and explain network anomalies with XAI, kernelSHAP method. The same approach is used to improve the network anomaly detection model in terms of accuracy, recall, precision and f score. The experiment is conduced with the latest CICIDS2017 dataset. Two models are created (Model_1 and OPT_Model) and compared. The overall accuracy and F score of OPT_Model (when trained in unsupervised way) are 0.90 and 0.76, respectively.

翻译：异常检测及其解释在入侵检测、欺诈检测、网络流量与日志中的未知攻击检测等诸多研究领域具有重要意义。由于异常检测具有无边界且缺乏监督性特征，识别某个实例为何为异常而另一个实例不为异常的原因或解释极具挑战性。新兴的可解释人工智能（XAI）技术为这一问题的解答提供了可能。XAI提供了解释和说明深度学习等复杂模型输出及其运行机制的工具与方法。本文旨在利用XAI的核SHAP方法对网络异常进行检测与解释，并采用相同方法在准确率、召回率、精确率和F值方面优化网络异常检测模型。实验基于最新的CICIDS2017数据集展开，构建了两个模型（Model_1和OPT_Model）并进行对比。OPT_Model（以无监督方式训练时）的整体准确率和F值分别为0.90和0.76。