The purpose of this method is to identify objects that differ the most from the total data set. Such mechanisms enable the user to automatically identify the events that need to be addressed and also to find patterns that do not fall under the general rules. For example, identifying atypical network activity help detect malware.
This problem is solved by calculating a degree of exceptionality for each attribute of each object based on all the total data and values of other attributes. Based on these characteristics, objects can be ranked according to their exceptionality.
See also:
Library of Methods and Models | Exception Search | ISmHighlightExceptions