<p>Enterprise Resource Planning (ERP) systems in manufacturing environments process hundreds of thousands of daily transactions, yet anomalies evade detection in the majority of cases under routine manual audit regimes. Although neural network approaches achieve F-scores exceeding 0.90 on synthetic benchmarks, they sacrifice the explainability that regulatory compliance and audit requirements demand for production deployment. Here we present an explainable ensemble learning framework combining six heterogeneous anomaly detection models—Isolation Forest, Local Outlier Factor, One-Class SVM, Elliptic Envelope, Gradient Boosting, and a Robust Autoencoder—for multidimensional ERP transaction analysis. Evaluated on 209,666 real-world procurement transactions, the ensemble achieves an F-score of 0.8437 (95&#xa0;% CI on held-out test set of 41,933 transactions: [0.8305, 0.8569]) while providing a three-layer interpretability stack: gradient-boosting feature importance rankings, interpretable decision rules with 87.3&#xa0;% logic coverage, and SHAP-based instance-level attribution. This F-score is lower than those of the highest-performing individual constituent models (Gradient Boosting: 0.9321; Robust Autoencoder: 0.9254), a trade-off that is deliberate: the ensemble provides significantly improved cross-validation stability (coefficient of variation: 0.49&#xa0;% vs. 1.4–2.1&#xa0;% for top individual models) and a 19.4&#xa0;% reduction in false-positive rate (relative to the unweighted arithmetic mean constituent FP rate of 14.1&#xa0;%), as demonstrated through Pareto-front analysis over all 63 non-trivial model subsets. Statistical validation through 5-fold stratified cross-validation, paired <i>t</i>-tests (<InlineEquation ID="IEq1"><EquationSource Format="TEX">\(t=33.5\)</EquationSource></InlineEquation>, <InlineEquation ID="IEq2"><EquationSource Format="TEX">\(p&lt;0.001\)</EquationSource></InlineEquation>) verified via the Shapiro–Wilk test (<InlineEquation ID="IEq3"><EquationSource Format="TEX">\(W=0.94\)</EquationSource></InlineEquation>, <InlineEquation ID="IEq4"><EquationSource Format="TEX">\(p=0.42\)</EquationSource></InlineEquation>), and Wilcoxon signed-rank tests (<InlineEquation ID="IEq5"><EquationSource Format="TEX">\(p&lt;0.05\)</EquationSource></InlineEquation>) confirm significant performance gains over the unsupervised-only baseline; the large Cohen’s <InlineEquation ID="IEq6"><EquationSource Format="TEX">\(d_{z}=14.94\)</EquationSource></InlineEquation> reflects the supervised–unsupervised paradigm gap and should be interpreted accordingly. Generalizability sensitivity analyses across five heterogeneous ERP scenarios—varying anomaly prevalence, feature-distribution shift, module composition, and cross-industry correlation structure—confirm F-scores in the range [0.794, 0.862], supporting the framework’s transferability beyond the primary dataset. Deployment in a manufacturing environment demonstrates $4.1&#xa0;million in fraud prevention value with a net benefit of $3.27&#xa0;million (conservative ROI: 392%; an optimistic scenario including a speculative, empirically unvalidated deterrence multiplier projects 884&#xa0;% ROI and is provided for illustrative purposes only) and regulatory compliance across SOX&#xa0;404, the COSO framework, and ISO&#xa0;27001.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Explainable ensemble learning using SHAP for ERP anomaly detection

  • Adiah Qazi,
  • Ammad Ali Khan Jadoon

摘要

Enterprise Resource Planning (ERP) systems in manufacturing environments process hundreds of thousands of daily transactions, yet anomalies evade detection in the majority of cases under routine manual audit regimes. Although neural network approaches achieve F-scores exceeding 0.90 on synthetic benchmarks, they sacrifice the explainability that regulatory compliance and audit requirements demand for production deployment. Here we present an explainable ensemble learning framework combining six heterogeneous anomaly detection models—Isolation Forest, Local Outlier Factor, One-Class SVM, Elliptic Envelope, Gradient Boosting, and a Robust Autoencoder—for multidimensional ERP transaction analysis. Evaluated on 209,666 real-world procurement transactions, the ensemble achieves an F-score of 0.8437 (95 % CI on held-out test set of 41,933 transactions: [0.8305, 0.8569]) while providing a three-layer interpretability stack: gradient-boosting feature importance rankings, interpretable decision rules with 87.3 % logic coverage, and SHAP-based instance-level attribution. This F-score is lower than those of the highest-performing individual constituent models (Gradient Boosting: 0.9321; Robust Autoencoder: 0.9254), a trade-off that is deliberate: the ensemble provides significantly improved cross-validation stability (coefficient of variation: 0.49 % vs. 1.4–2.1 % for top individual models) and a 19.4 % reduction in false-positive rate (relative to the unweighted arithmetic mean constituent FP rate of 14.1 %), as demonstrated through Pareto-front analysis over all 63 non-trivial model subsets. Statistical validation through 5-fold stratified cross-validation, paired t-tests (\(t=33.5\), \(p<0.001\)) verified via the Shapiro–Wilk test (\(W=0.94\), \(p=0.42\)), and Wilcoxon signed-rank tests (\(p<0.05\)) confirm significant performance gains over the unsupervised-only baseline; the large Cohen’s \(d_{z}=14.94\) reflects the supervised–unsupervised paradigm gap and should be interpreted accordingly. Generalizability sensitivity analyses across five heterogeneous ERP scenarios—varying anomaly prevalence, feature-distribution shift, module composition, and cross-industry correlation structure—confirm F-scores in the range [0.794, 0.862], supporting the framework’s transferability beyond the primary dataset. Deployment in a manufacturing environment demonstrates $4.1 million in fraud prevention value with a net benefit of $3.27 million (conservative ROI: 392%; an optimistic scenario including a speculative, empirically unvalidated deterrence multiplier projects 884 % ROI and is provided for illustrative purposes only) and regulatory compliance across SOX 404, the COSO framework, and ISO 27001.