METHOD AND SYSTEM FOR ANOMALY DETECTION BASED ON STATISTICAL CLOSED-FORM ISOLATION FOREST ANALYSIS

Certain embodiments of the present disclosure provide techniques for detecting anomalous activity in a computing system. The method generally includes receiving a request to perform an action in a computing system. The request is added to a historical time-series data set. A portion of the historical time-series data set is selected for use in determining whether the received request is an anomalous request, and a set of previously identified outliers are removed from the selected portion of the historical time-series data set. An anomaly score is calculated based on a statistical analysis of the received request and the selected portion of the historical time-series data set, wherein the anomaly score comprises a predicted number of operations executed to isolate the received request from the selected portion of the historical time-series data set. One or more actions are taken to process the received request based on the calculated anomaly score.