Isolation‐based Anomaly Detection

Last updated on Dec 9, 2020

The first successful isolation‐based anomaly detector, i.e., iForest, uses trees as a means to perform isolation. Although it has been shown to have advantages over existing anomaly detectors, we have identified 4 weaknesses, i.e.,

  1. its inability to detect local anomalies;
  2. anomalies with a high percentage of irrelevant attributes;
  3. anomalies that are masked by axis‐parallel clusters; and
  4. anomalies in multimodal data sets.

To overcome these weaknesses, we created an alternative isolation mechanism is required and thus presents iNNE or isolation using Nearest Neighbour Ensemble. The latest source code of iForest and iNNE can be obtained from here.

Anomaly-Detection
Ye Zhu
Ye Zhu
Lecturer in IT

My research works focus on the fields of clustering and anomaly detection.

Related

Publications

Anomaly detection of aircraft lead-acid battery

The experimental results show that the latest isolation‐based anomaly detectors, iForest and iNNE, have outstanding performance on this task and have promising applicability as efficient methods for guaranteeing the lead‐acid battery quality and reliability in civil aviation aircraft.
Project DOI
Anomaly detection of aircraft lead-acid battery

Isolation‐based anomaly detection using nearest‐neighbor ensembles

With a different isolation mechanism, iNNE has been shown to outperform iForest in terms of detecting local anomalies and tolerance to irrelevant attributes, which becomes obvious in the high‐dimensional data sets.
Code Project DOI
Isolation‐based anomaly detection using nearest‐neighbor ensembles