In recent years there has been significant progress in time series anomaly
detection. However, after detecting an (perhaps tentative) anomaly, can we
explain it? Such explanations would be useful to triage anomalies. For example,
in an oil refinery, should we respond to an anomaly by dispatching a hydraulic
engineer, or an intern to replace the battery on a sensor? There have been some
parallel efforts to explain anomalies, however many proposed techniques produce
explanations that are indirect, and often seem more complex than the anomaly
they seek to explain. Our review of the literature/checklists/user-manuals used
by frontline practitioners in various domains reveals an interesting
near-universal commonality. Most practitioners discuss, explain and report
anomalies in the following format: The anomaly would be like normal data A, if
not for the corruption B. The reader will appreciate that is a type of
counterfactual explanation. In this work we introduce a domain agnostic
counterfactual explanation technique to produce explanations for time series
anomalies. As we will show, our method can produce both visual and text-based
explanations that are objectively correct, intuitive and in many circumstances,
directly actionable.
Expert Commentary: Explaining Time Series Anomalies for Effective Triage
Time series anomaly detection has made significant progress in recent years, allowing us to identify deviations from normal patterns. However, simply detecting an anomaly is not enough. To effectively respond and triage anomalies, we need to understand and explain them. This is where the concept of counterfactual explanations becomes crucial.
Counterfactual explanations allow us to describe an anomaly by highlighting the specific characteristics or factors that make it different from normal data. By employing domain agnostic techniques, we can generate both visual and text-based explanations that are not only objectively correct but also intuitive for frontline practitioners in various domains.
One key feature of counterfactual explanations is their multi-disciplinary nature. They bring together expertise from different fields such as data analysis, machine learning, and domain knowledge. This interdisciplinary approach allows for a more comprehensive understanding of anomalies and their underlying causes.
When discussing anomalies, frontline practitioners often utilize the format, “The anomaly would be like normal data A, if not for the corruption B.” This format helps in providing a clear and concise explanation of the anomaly, making it easier for decision-makers to determine the appropriate response.
By applying the proposed counterfactual explanation technique, we can enhance anomaly triage by providing actionable insights. For instance, in an oil refinery scenario, our method can suggest whether dispatching a hydraulic engineer or replacing a sensor battery would be the most appropriate action based on the anomaly explanation.
Furthermore, the effectiveness of counterfactual explanations lies in their ability to simplify complex anomalies. Many existing techniques often produce explanations that are indirect or more complex than the anomalies themselves. The domain agnostic approach presented in this work strives to create explanations that are not only reliable but also easy to comprehend and act upon.
The development of this novel technique for counterfactual explanation represents a significant advancement in the field of time series anomaly detection. By bridging the gap between anomaly detection and explanation, we can empower practitioners to make informed decisions and take effective actions based on a comprehensive understanding of anomalies.
Going forward, it will be crucial to explore the scalability and applicability of this technique across various domains. Conducting extensive case studies and user evaluations will provide valuable insights into the real-world utility of these explanations and help refine the methodology even further.