The present invention, in some embodiments thereof, relates to systems and methods for detection of anomalous behavior and, more specifically, but not exclusively, to systems and methods for detection of anomalous behavior based on network activity.
Different systems and methods have been developed to detect network security threats. The security threats can originate from activity of a human party, such as a hacker or a malicious insider, and/or from activities of malicious code.
One approach to network security threat detection is termed network behavior anomaly detection (NBAD). NBAD involves learning normal behavior patterns within the network, and continuously monitoring the network for unusual events that do not fit within the learned normal behavior patterns. Examples of network parameters that are monitored to detect abnormal behavior include, traffic volume, bandwidth use, and protocol use. The abnormal behavior is suspicious for malicious activity.