06 Chapter

Anomaly Detection

Flag rare, suspicious, or faulty observations that deviate from the norm.

Anomaly detection flags the rare, suspicious, or faulty observations that deviate from expected patterns. The methods below range from tree-based and density approaches to statistical thresholds and neural detectors for complex high-dimensional data.

  • Use Isolation Forest as a strong general-purpose baseline.
  • Use statistical thresholds for simple monitoring; autoencoders for high-dimensional data.
#AlgorithmBest forCommon fields
1Isolation Forest General anomaly detection
  • Fraud
  • cybersecurity
  • operations
  • IoT
2One-Class SVM Novelty detection on smaller datasets
  • Manufacturing
  • security
  • quality control
3Local Outlier Factor Density-based outliers
  • Sensor data
  • geospatial data
  • fraud
4Autoencoders Complex high-dimensional anomalies
  • Images
  • network traffic
  • medical scans
5Gaussian / Statistical Threshold Models Simple monitoring
  • DevOps
  • finance
  • process control
6Robust Covariance / Elliptic Envelope Gaussian-like data
  • Risk modeling
  • industrial monitoring