Isolation‐based Anomaly Detection
The first successful isolation‐based anomaly detector, i.e., iForest, uses trees as a means to perform isolation. Although it has been shown to have advantages over existing anomaly detectors, we have identified 4 weaknesses, i.e.,
- its inability to detect local anomalies;
- anomalies with a high percentage of irrelevant attributes;
- anomalies that are masked by axis‐parallel clusters; and
- anomalies in multimodal data sets.
To overcome these weaknesses, we created an alternative isolation mechanism is required and thus presents iNNE or isolation using Nearest Neighbour Ensemble. The latest source code of iForest and iNNE can be obtained from here.
Recently, Isolation Distributional Kernel or IDK is introduced to measure the similarity of two distributions. The first application of IDK is a kernel-based point anomaly detector that needs no learning. It is also a new treatment for timeseries as a paradigm shift from the time domain and frequency domain approaches that have been around for more than 100 years.
All source code of Isolation-based methods can be obtained from https://github.com/IsolationKernel/Codes.
The R Package of Isolation Kernel can be obtained from https://github.com/zhuye88/isokernel.