Securing Deep Learning Models with Autoencoder based Anomaly Detection



Published Jun 29, 2021
Joana Kühne Christian März Clemens G¨uhmann


Deep learning models are on the rise in many scientific fields. Their ability to solve complex and nonlinear tasks has made them very popular. However, in comparison to physical models, they struggle with extrapolation. Hence, it is important that the input data in the production stage is similar to the data seen in training. Deviations to the training often occur in real world applications due to sensor delays and drifts, aging of the system, and communication errors such as noise. Especially in safety relevant applications, securing those models against these influences, which can be seen as anomalies, is essential.


In the past, Autoencoders, especially Variational Autoencoders (VAEs), have been proven useful for anomaly detection. Many researches focus on improving the Autoencoder’s separation ability for an optimal set anomaly threshold. However, the setting of the threshold is not trivial and is crucial for a good anomaly detection. Setting the threshold optimal becomes especially challenging if the anomaly is unknown in the training process, which is often the case in a real world application.


The proposed method combines a deep learning model with an Autoencoder. The input data is handed to the trained Autoencoder which reconstructs the input. If the data is similar to the training data, the Autoencoder should be able to reconstruct the input data accurately. Otherwise, an anomaly is suspected. The reconstruction and the original input data are both passed through the deep learning model, generating two predictions, which are then compared.


For classification and reinforcement tasks with discrete result space the prediction of non-anomalous data should lead to the same class for both samples. For those tasks this allows us to sort out samples as anomalies for which the two results are not the same, hence the threshold becomes obsolete.


For regression and continuous reinforcement tasks, the difference between the two predictions can be interpreted as a safety measure and is easier to grasp than the Autoencoder’s reconstruction error, which is typically used.


The advantage of this method is the distinction between samples that can or cannot be handled by the subsequent application model instead of just deciding if the input is anomalous. This leads to a higher robustness of the joint model and a better usage of resources of the deep leaning model. Moreover, the Autoencoder and the deep learning model are trained separately which makes the training a lot more stable than using coupled training methods.


The proposed method is proven on both, a classification and a regression task. For the classification, the publicly available UEA multivariate time series classification dataset was used. For regression, a dataset simulating a SCR catalyst as part of an automotive exhaust gas aftertreatment system was evaluated. For both tasks common anomalies such as delay and noise were applied to the data.

How to Cite

Kühne, J., März, C., & G¨uhmann, C. . (2021). Securing Deep Learning Models with Autoencoder based Anomaly Detection. PHM Society European Conference, 6(1), 13.
Abstract 399 | PDF Downloads 410



Anomaly detection, Unsupervised Learning, Multivariate Timeseries

Technical Papers