Evolving Machine Learning Models for Anomaly Detection: An Integrative Review on Evolving Machine Learning Models for Anomaly Detection of Cross-Domain Approaches

Abstract

Machine learning (ML) has become a cornerstone of modern anomaly detection, yet existing reviews predominantly emphasize pre-2021 studies and focus narrowly on network intrusion detection. Building upon these limitations, this paper presents an integrative review of machine learning models for anomaly detection published between 2020 and 2025, emphasizing hybridization, explainability, and cross-domain applicability. Using Bou Nassif et al. (2021) and Yang et al. (2022) as baseline systematic reviews, we extend their scope through the inclusion of recent developments such as adaptive density-based clustering (K-DBSCAN, GWOKM), optimized support-vector models (EMSVM), explainable Isolation Forest derivatives (DIFFI, RIFIFI), and active-learning frameworks (ALIF). The study systematically maps algorithms, performance metrics, and application domains ranging from cybersecurity and industrial systems to geochemical and renewable-energy contexts. Results reveal an emerging shift toward interpretable, data-centric, and federated approaches capable of handling concept drift and limited labeling. We identify persistent challenges in cross-domain generalization, dataset imbalance, and evaluation standardization. A conceptual taxonomy linking model family, evaluation criteria, and domain context is proposed to guide future research. This review thus bridges earlier surveys with the current generation of intelligent, interpretable, and adaptive ML systems, providing a comprehensive foundation for advancing anomaly detection research beyond traditional network-centric paradigms.