|
Types | Descriptions & Typical methods | Advantages | Disadvantages |
|
Neighbour-based detection | Identifying anomalies by using neighbourhood information. Typical examples include kNN[9], kNNW[10], LOF[11], LoOP[12], ODIN[13], RBDA[6], etc. | (i) Independent of the data distributions (ii) Intuitively understood and easily interpreted | (i) Sensitive to parameters (ii) Relatively poor performance |
Subspace-based detection | Finding anomalies by sifting through different feature subsets. Representative examples include SOD[7], Zhang et al. [14, 15], RODS[16], OR[17], Muller et al. [18], etc. | (i) High efficiency (ii) Very effectiveness in some cases | (i) Finding the relevant feature subspaces for outliers is nontrivial and difficult |
Ensemble-based detection | Integrating various anomaly detection results to achieve a consensus. Representatives are FB [19], HiCS [8], Stein et al. [20], Zimek et al. [21], Passillas et al. [22], and so on. | (i) High accuracy (ii) Less sensitive | (i) Inefficient (ii) Choosing the right meta-detectors is difficult |
Mixed-type detection | Making a unified model for different data types, or taking each data type separately. Classical examples have LOADED [23], ODMAD [24], Zhang et al. [25], Lu et al. [26], Do et al. [27], and so on. | (i) Capable of handling the data with different types (ii) Relatively high accuracy | (i) Obtaining the correlation structures of features is difficult (ii) High complexity |
|