Contextual anomaly detection across assets

What is claimed is: 1. A computer-implemented method comprising: obtaining time-series data frames corresponding to a plurality of assets; clustering the assets into one or more cohorts based on the time-series data frames, wherein each one of the cohorts comprises assets having statistically similar time-series data frames; for each given one of the assets within each one of the cohorts: (i) applying a time-context window to a portion of the time-series data frames corresponding to the given asset to generate at least one transformed data frame, and (ii) determining an asset distribution for the given asset based at least in part on said at least one transformed data frame; computing an isolation metric for each given one of the assets within at least one of the cohorts based on a corresponding asset distributions; determining that the at least one of the assets is anomalous in response to the computed isolation metric satisfying a predetermined threshold; and causing at least one remediation action to be performed based at least in part on said determining; wherein the method is carried out by at least one computing device. 2. The computer-implemented method of claim 1 , wherein said clustering comprises applying an unsupervised clustering algorithm to the time-series data frames. 3. The computer-implemented method of claim 1 , wherein said determining the asset distribution for the given asset comprises applying a sparse mixture of sparse Gaussians (SMSG) to the at least one transformed data frame for the given asset. 4. The computer-implemented method of claim 1 , wherein said determining the asset distribution for the given asset comprises applying a Gaussian distribution to the transformed data frame for the given asset. 5. The computer-implemented method of claim 1 , comprising: computing an isolation metric for each one of the cohorts based at least in part on the corresponding asset distributions; and determining that at least one of the cohorts is anomalous in response to the computed isolation metric satisfying a predetermined threshold. 6. The computer-implemented method of claim 5 , wherein said determining that at least one of the cohorts is anomalous comprises: computing a Gaussian dictionary for each one of the cohorts, wherein each of the Gaussian dictionaries comprises the asset distributions of the assets corresponding to the cohort; and averaging all pairs of asset distributions between the assets distributions in the Gaussian dictionary corresponding to a first one of the cohorts and the asset distributions in the Gaussian dictionary corresponding to a second one of the cohorts. 7. The computer-implemented method of claim 1 , wherein the time-series data frames comprise (i) timestamps and (ii) sensor values for the plurality of assets. 8. The computer-implemented method of claim 1 , wherein the at least one remediation action comprises one or more of: outputting a list of the anomalous assets to a user; outputting a list of the anomalous cohorts to a user; disabling the at least on asset; resetting the at least one asset; and adjusting future data frames obtained from one or more of the anomalous assets and the anomalous cohorts. 9. The computer-implemented method of claim 1 , wherein the plurality of assets comprise at least a part of one or more of: (i) a heating system, (ii) a ventilation system, (iii) a cooling system and (iv) a turbine system. 10. A computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a computing device to cause the computing device to: obtain time-series data frames corresponding to a plurality of assets; cluster the assets into one or more cohorts based on the time-series data frames, wherein each one of the cohorts comprises assets having statistically similar time-series data frames; for each given one of the assets within each one of the cohorts: (i) apply a time-context window to a portion of the time-series data frames corresponding to the given asset to generate at least one transformed data frame, and (ii) determine an asset distribution for the given asset based at least in part on said at least one transformed data frame; compute an isolation metric for each given one of the assets within at least one of the cohorts based on a corresponding asset distributions; determine that the at least one of the assets is anomalous in response to the computed isolation metric satisfying a predetermined threshold; and cause at least one remediation action to be performed based at least in part on said determining. 11. The computer program product of claim 10 , wherein said clustering comprises applying an unsupervised clustering algorithm to the time-series data frames. 12. The computer program product of claim 10 , wherein said determining the asset distribution for the given asset comprises applying a sparse mixture of sparse Gaussians (SMSG) to the at least one transformed data frame for the given asset. 13. The computer program product of claim 10 , wherein said determining the asset distribution for the given asset comprises applying a Gaussian distribution to the transformed data frame for the given asset. 14. The computer program product of claim 10 , wherein the computing device is caused to: compute an isolation metric for each one of the cohorts based at least in part on the corresponding asset distributions; and determine that at least one of the cohorts is anomalous in response to the computed isolation metric satisfying a predetermined threshold. 15. The computer program product of claim 14 , wherein said determining that at least one of the cohorts is anomalous comprises: computing a Gaussian dictionary for each one of the cohorts, wherein each of the Gaussian dictionaries comprises the asset distributions of the assets corresponding to the cohort; and averaging all pairs of asset distributions between the assets distributions in the Gaussian dictionary corresponding to a first one of the cohorts and the asset distributions in the Gaussian dictionary corresponding to a second one of the cohorts. 16. The computer program product of claim 10 , wherein the time-series data frames comprise (i) timestamps and (ii) sensor values for the plurality of assets. 17. A system comprising: a memory; and at least one processor operably coupled to the memory and configured for: obtaining time-series data frames corresponding to a plurality of assets; clustering the assets into one or more cohorts based on the time-series data frames, wherein each one of the cohorts comprises assets having statistically similar time-series data frames; for each given one of the assets within each one of the cohorts: (i) applying a time-context window to a portion of the time-series data frames corresponding to the given asset to generate at least one transformed data frame, and (ii) determining an asset distribution for the given asset based at least in part on said at least one transformed data frame; computing an isolation metric for each given one of the assets within at least one of the cohorts based on a corresponding asset distributions; determining that the at least one of the assets is anomalous in response to the computed isolation metric satisfying a predetermined threshold; and causing at least one remediation action to be performed based at least in part on said determining. 18. A computer-implemented method comprising: obtaining time-series data frames corresponding to a p