January 27, 2018

Detecting Network Attacks with Isolation Forests

In this post, I will show you how to use the isolation forest algorithm to detect attacks to computer networks in python. The term isolation means separating an instance from the rest of the instances. Since anomalies are ‘few and different’ and therefore they are more susceptible to isolation. In a data-induced random tree, partitioning of instances are repeated recursively until all instances are isolated. This random partitioning produces noticeable shorter paths for anomalies since the fewer instances of anomalies result in a smaller number of partitions – shorter paths in a tree structure, and instances with distinguishable attribute-values are more likely to be separated in early partitioning. Read more

Privacy Imprint

© depends-on-the-definition 2017-2020