# SecurePay — Intelligent Transaction Anomaly Detection System  
## Notebook 03 — Isolation Forest Anomaly Detection

---

## Introduction

Isolation Forest is an unsupervised anomaly detection algorithm designed to identify rare and unusual observations within a dataset. Instead of learning normal and abnormal labels directly, the algorithm isolates observations based on how easily they can be separated from the rest of the data.

In the context of financial transactions, suspicious activity often differs significantly from normal behavioral patterns. This notebook applies the Isolation Forest model to detect globally anomalous transactions based on deviations in behavioral features such as transaction timing, amount, and activity indicators.


#Stage 1

In [1]:
import pandas as pd
from sklearn.ensemble import IsolationForest

df = pd.read_csv("securepay_txn_stream.csv")

features = [
    'txn_hour',
    'txn_amount',
    'amount_deviation',
    'txn_velocity',
    'behavior_score'
]

X = df[features]


#Stage 2

In [2]:
model = IsolationForest(
    n_estimators=100,
    contamination=0.015,
    random_state=42
)

model.fit(X)


#Stage 3

In [3]:
df['iforest_flag'] = model.predict(X)
df['iforest_flag'] = df['iforest_flag'].map({1: 0, -1: 1})

df[['iforest_flag']].head()


Unnamed: 0,iforest_flag
0,0
1,0
2,0
3,0
4,0


#Stage 4

In [4]:
df[df['iforest_flag'] == 1].head(10)


Unnamed: 0,txn_id,txn_hour,txn_amount,amount_deviation,txn_velocity,behavior_score,payment_channel,risk_flag,iforest_flag
9850,TXN09851,2,10778.93,3.03,4.0,0.87,UPI,1,1
9851,TXN09852,0,6865.35,2.35,4.26,1.0,CreditCard,1,1
9852,TXN09853,4,10267.06,3.17,4.09,0.93,UPI,1,1
9853,TXN09854,4,7216.05,3.24,3.07,0.97,CreditCard,1,1
9854,TXN09855,0,11651.4,3.65,3.97,0.83,UPI,1,1
9855,TXN09856,2,14118.99,3.5,4.54,0.9,CreditCard,1,1
9856,TXN09857,3,14525.4,2.65,5.64,0.98,CreditCard,1,1
9857,TXN09858,1,9506.99,2.15,4.12,0.91,UPI,1,1
9858,TXN09859,0,13318.0,2.84,4.53,0.83,UPI,1,1
9859,TXN09860,1,10428.19,3.45,5.43,0.97,UPI,1,1


#Stage 5

In [5]:
df['iforest_flag'].value_counts()


Unnamed: 0_level_0,count
iforest_flag,Unnamed: 1_level_1
0,9850
1,150


## Observations

The Isolation Forest model was applied to detect globally anomalous transactions based on behavioral deviations. The model successfully identified a small portion of transactions as anomalous, reflecting the rare nature of suspicious activity in financial datasets. Transactions flagged as anomalies typically showed higher deviation in behavioral indicators such as transaction amount, activity velocity, and behavior score.

## Conclusion

The Isolation Forest algorithm effectively isolated globally unusual transactions from the dataset without requiring labelled training. The number of detected anomalies aligns closely with the expected proportion of suspicious transactions, indicating appropriate model behavior. These results confirm that the dataset contains detectable behavioral deviations suitable for anomaly detection. In the next notebook, the Local Outlier Factor (LOF) algorithm will be applied to detect locally anomalous transaction patterns and compare results.
