Anomalies are often indicators of malfunction or inefficiency in various systems such as manufacturing, healthcare, finance, surveillance, to name a few. While the literature is abundant in effective detection algorithms due to this practical relevance, autonomous anomaly detection is rarely used in real-world scenarios. Especially in high-stakes applications, a human-in-the-loop is often involved in processes beyond detection such as verification and troubleshooting. In this work, we introduce ALARM (for Analyst-in-the-Loop Anomaly Reasoning and Management); an end-to-end framework that supports the anomaly mining cycle comprehensively, from detection to action. Besides unsupervised detection of emerging anomalies, it offers anomaly explanations and an interactive GUI for human-in-the-loop processes -- visual exploration, sense-making, and ultimately action-taking via designing new detection rules -- that help close ``the loop'' as the new rules complement rule-based supervised detection, typical of many deployed systems in practice. We demonstrate \method's efficacy through a series of case studies with fraud analysts from the financial industry.

翻译：异常现象通常是制造、医疗、金融、监控等多个系统中功能故障或效率低下的指示标志。尽管因其实践价值，有效检测算法的文献已相当丰富，但在实际场景中自主异常检测的应用却十分罕见。特别是在高风险应用中，从验证到故障排除等超出检测范畴的流程往往需要人机协同参与。本研究提出ALARM（分析师在环的异常推理与管理）框架，这是一个支持从检测到行动全流程异常挖掘周期的端到端框架。除了能无监督检测新兴异常外，该框架还提供异常解释功能及用于人机协同流程的交互式图形界面——包括视觉探索、意义建构及通过设计新检测规则最终采取行动——从而通过将新规则补充到基于规则的有监督检测系统中来形成"闭环"，这一机制正是许多实际部署系统的典型特征。我们通过与金融行业欺诈分析师的系列案例研究验证了该方法的有效性。