|
| Types | Descriptions & Typical methods | Advantages | Disadvantages |
|
| Neighbour-based detection | Identifying anomalies by using neighbourhood information. Typical examples include kNN[9], kNNW[10], LOF[11], LoOP[12], ODIN[13], RBDA[6], etc. | (i) Independent of the data distributions
(ii) Intuitively understood and easily interpreted | (i) Sensitive to parameters
(ii) Relatively poor performance |
| Subspace-based detection | Finding anomalies by sifting through different feature subsets. Representative examples include SOD[7], Zhang et al. [14, 15], RODS[16], OR[17], Muller et al. [18], etc. | (i) High efficiency
(ii) Very effectiveness in some cases | (i) Finding the relevant feature subspaces for outliers is nontrivial and difficult |
| Ensemble-based detection | Integrating various anomaly detection results to achieve a consensus. Representatives are FB [19], HiCS [8], Stein et al. [20], Zimek et al. [21], Passillas et al. [22], and so on. | (i) High accuracy
(ii) Less sensitive | (i) Inefficient
(ii) Choosing the right meta-detectors is difficult |
| Mixed-type detection | Making a unified model for different data types, or taking each data type separately. Classical examples have LOADED [23], ODMAD [24], Zhang et al. [25], Lu et al. [26], Do et al. [27], and so on. | (i) Capable of handling the data with different types
(ii) Relatively high accuracy | (i) Obtaining the correlation structures of features is difficult
(ii) High complexity |
|
