Evolving Machine Learning Models for Anomaly Detection: An Integrative Review on Evolving Machine Learning Models for Anomaly Detection of Cross-Domain Approaches

Machine learning (ML) has become a cornerstone of modern anomaly detection, yet existing reviews predominantly emphasize pre-2021 studies and focus narrowly on network intrusion detection. Building upon these limitations, this paper presents an integrative review of machine learning models for anomaly detection published between 2020 and 2025, emphasizing hybridization, explainability, and cross-domain applicability. Using Bou Nassif et al. (2021) and Yang et al. (2022) as baseline systematic reviews, we extend their scope through the inclusion of recent developments such as adaptive density-based clustering (K-DBSCAN, GWOKM), optimized support-vector models (EMSVM), explainable Isolation Forest derivatives (DIFFI, RIFIFI), and active-learning frameworks (ALIF). The study systematically maps algorithms, performance metrics, and application domains ranging from cybersecurity and industrial systems to geochemical and renewable-energy contexts. Results reveal an emerging shift toward interpretable, data-centric, and federated approaches capable of handling concept drift and limited labeling. We identify persistent challenges in cross-domain generalization, dataset imbalance, and evaluation standardization. A conceptual taxonomy linking model family, evaluation criteria, and domain context is proposed to guide future research. This review thus bridges earlier surveys with the current generation of intelligent, interpretable, and adaptive ML systems, providing a comprehensive foundation for advancing anomaly detection research beyond traditional network-centric paradigms.

Anomaly Detection, Machine Learning Models

1. Abdelrahman, H., O., Gelenbe, E., Görbil, G., Oklander, &, & B. (2013). . Mobile network anomaly detection and mitigation: The NEMESYS approach. 429–438. [Google Scholar] [Crossref]

2. Abdulghani, Q., A., UCAN, N., O., Alheeti, &, & A., K. M. (2021). Credit card fraud detection using XGBoost algorithm. 2021, 487–492. https://doi.org/10.1109/DeSE54285.2021.9719580 [Google Scholar] [Crossref]

3. Abdulla, R., A., Jameel, &, & M., N. G. (2023). . A review on IoT intrusion detection systems using supervised machine learning: Techniques, datasets, and algorithms. 7(1), 53–65. [Google Scholar] [Crossref]

4. Abinaya, N., Kumar, S., V., A., Chaturvedi, A., Arya, & N. (2023). Big data in real time to detect anomalies. 2023. https://doi.org/10.4018/979-8-3693-0413-6.ch015 [Google Scholar] [Crossref]

5. Carletti, M., Terzi, M., & Susto, G. A. (2023). Interpretable anomaly detection with DIFFI: Depth-based feature importance of isolation forest. Engineering Applications of Artificial Intelligence, 119, 105730. https://doi.org/10.1016/j.engappai.2022.105730 [Google Scholar] [Crossref]

6. Chater, M., Borgi, A., Slama, M. T., Sfar-Gandoura, K., & Landoulsi, M. I. (2022). Fuzzy isolation forest for anomaly detection. Procedia Computer Science, 207, 916–925. https://doi.org/10.1016/j.procs.2022.09.147 [Google Scholar] [Crossref]

7. Dakalbab, F., Abu Talib, M., Abu Waraga, O., Bou Nassif, A., Abbas, S., & Nasir, Q. (2022). Artificial intelligence & crime prediction: A systematic literature review. Social Sciences & Humanities Open, 6(1), 100342. https://doi.org/10.1016/j.ssaho.2022.100342 [Google Scholar] [Crossref]

8. Dal Pozzolo, G. Boracchi, O. Caelen, C. Alippi and G. Bontempi, "Credit Card Fraud Detection: A Realistic Modeling and a Novel Learning Strategy," in IEEE Transactions on Neural Networks and Learning Systems, vol. 29, no. 8, pp. 3784-3797, Aug. 2018, doi: 10.1109/TNNLS.2017.2736643. [Google Scholar] [Crossref]

9. Daviran, M., Ghezelbash, R., & Maghsoudi, A. (2024). GWOKM: A novel hybrid optimization algorithm for geochemical anomaly detection based on Grey wolf optimizer and K-means clustering. Geochemistry, 84(1), 126036. https://doi.org/10.1016/j.chemer.2023.126036 [Google Scholar] [Crossref]

10. Farzad, A., & Gulliver, T. A. (2020). Unsupervised log message anomaly detection. ICT Express, 6(3), 229–237. https://doi.org/10.1016/j.icte.2020.06.003 [Google Scholar] [Crossref]

11. Gonçalves, M. A., Rasteiro da Silva, D., Duuring, P., Gonzalez-Alvarez, I., & Ibrahimi, T. (2024). Mineral exploration and regional surface geochemical datasets: An anomaly detection and K-means clustering exercise applied on laterite in Western Australia. Journal of Geochemical Exploration, 258, 107400. https://doi.org/10.1016/j.gexplo.2024.107400 [Google Scholar] [Crossref]

12. Jain, M., Kaur, G., & Saxena, V. (2022). A K-means clustering and SVM-based hybrid concept drift detection technique for network anomaly detection. Expert Systems with Applications, 193, 116510. https://doi.org/10.1016/j.eswa.2022.116510 [Google Scholar] [Crossref]

13. Kanishima, Y., Sudo, T., & Yanagihashi, H. (2022). Autoencoder with adaptive loss function for supervised anomaly detection. Procedia Computer Science, 207, 563–572. https://doi.org/10.1016/j.procs.2022.09.111 [Google Scholar] [Crossref]

14. Li, Q., Zhang, L., Zhang, G., Ouyang, H., & Bai, M. (2023). Simultaneous detection for multiple anomaly data in internet of energy based on random forest. Applied Soft Computing, 134, 109993. https://doi.org/10.1016/j.asoc.2023.109993 [Google Scholar] [Crossref]

15. Lifandali, O., Abghour, N., & Chiba, Z. (2023). Feature selection using a combination of ant colony optimization and random forest algorithms applied to isolation forest-based intrusion detection system. Procedia Computer Science, 220, 796–805. https://doi.org/10.1016/j.procs.2023.03.106 [Google Scholar] [Crossref]

16. Ma, B., Yang, C., Li, A., Chi, Y., & Chen, L. (2023). A faster DBSCAN algorithm based on self-adaptive determination of parameters. Procedia Computer Science, 221, 113–120. https://doi.org/10.1016/j.procs.2023.07.017 [Google Scholar] [Crossref]

17. Ma, Z., Li, X., & Sun, J. (2024). A data-driven fault detection approach for unknown large-scale systems based on GA-SVM. Information Sciences, 658, 120023. https://doi.org/10.1016/j.ins.2023.120023 [Google Scholar] [Crossref]

18. Marcelli, E., Barbariol, T., Sartor, D., & Susto, G. A. (2024). Active learning-based isolation forest (ALIF): Enhancing anomaly detection with expert feedback. Information Sciences, 678, 121012. https://doi.org/10.1016/j.ins.2024.121012 [Google Scholar] [Crossref]

19. Mieczyńska, M., & Czarnowski, I. (2021). DBSCAN algorithm for AIS data reconstruction. Procedia Computer Science, 192, 2512–2521. https://doi.org/10.1016/j.procs.2021.09.020 [Google Scholar] [Crossref]

20. Mohammad, R. M. A. (2022). An enhanced multiclass support vector machine model and its application to classifying file systems affected by a digital crime. Journal of King Saud University - Computer and Information Sciences, 34(2), 179–190. https://doi.org/10.1016/j.jksuci.2019.10.010 [Google Scholar] [Crossref]

21. Novoa-Paradela, D., Fontenla-Romero, O., & Guijarro-Berdiñas, B. (2023). Fast deep autoencoder for federated learning. Pattern Recognition, 143, 109805. https://doi.org/10.1016/j.patcog.2023.109805 [Google Scholar] [Crossref]

22. Togbe, M. U., Chabchoub, Y., Boly, A., Barry, M., Chiky, R., & Bahri, M. (2021). Anomalies Detection Using Isolation in Concept-Drifting Data Streams . Computers, 10(1), 13. https://doi.org/10.3390/computers10010013 [Google Scholar] [Crossref]

23. Yan, C., Zhang, C., Shen, M., Li, N., Liu, J., Qi, Y., Lu, Z., & Liu, Y. (2023). Aparecium: understanding and detecting scam behaviors on Ethereum via biased random walk. 6(1), 46. [Google Scholar] [Crossref]

24. Yang, L., Moubayed, A., Shami, A., Boukhtouta, A., Heidari, P., Preda, S., Brunner, R., Migault, D., & Larabi, A. (2023). Forensic data analytics for anomaly detection in evolving networks (pp. 99–137). [Google Scholar] [Crossref]

25. Yang, Y. Yu and T. Li, "Deep Learning Techniques for Financial Fraud Detection," 2022 14th International Conference on Computer Research and Development (ICCRD), Shenzhen, China, 2022, pp. 16-22, doi: 10.1109/ICCRD54409.2022.9730314. [Google Scholar] [Crossref]

26. Yepmo, V., Smits, G., Lesot, M.-J., & Pivert, O. (2024). Leveraging an isolation forest to anomaly detection and data clustering. Data & Knowledge Engineering, 151, 102302. https://doi.org/10.1016/j.datak.2024.102302 [Google Scholar] [Crossref]

27. Zulfauzi, I. A., Dahlan, N. Y., Sintuya, H., & Setthapun, W. (2023). Anomaly detection using K-means and long short-term memory for predictive maintenance of large-scale solar photovoltaic plant. Energy Reports, 9(Suppl. 12), 154–158. https://doi.org/10.1016/j.egyr.2023.09.159 [Google Scholar] [Crossref]

• What the Desert Fathers Teach Data Scientists: Ancient Ascetic Principles for Ethical Machine-Learning Practice
• Comparative Analysis of Some Machine Learning Algorithms for the Classification of Ransomware
• Comparative Performance Analysis of Some Priority Queue Variants in Dijkstra’s Algorithm
• Transfer Learning in Detecting E-Assessment Malpractice from a Proctored Video Recordings.
• Dual-Modal Detection of Parkinson’s Disease: A Clinical Framework and Deep Learning Approach Using NeuroParkNet