Title : Adaptive Anomaly Detection using Isolation Forest

Ranking measure is of prime importance in anomaly detection tasks because it is required to rank the instances from the most anomalous to the most normal. This paper investigates the underlying assumptions and definitions used for ranking in existing anomaly detection methods; and it has three aims: First, we show evidence that the two commonly used ranking measures—distance and density—cannot accurately rank clustered anomalies in anomaly detection tasks. We introduce a new measure—mass, which can accurately rank both scattered and clustered anomalies. Second, we propose a definition of anomaly based on this new measure and contrast it with the current definitions based on distance and density. We identify the strengths and weaknesses of these definitions, and demonstrate the advantages of the new definition based on mass. Third, we propose a mass-based approach for anomaly detection called Half-Space Tree and show that it performs favourably to three existing state-of-the-art distance-based and density-based anomaly detection methods in term of detection accuracy, runtime and memory space requirements.