With the expansion of, and increased reliance on, computer networks and the internet, the relative threat of malicious activity has increased. Given the value of the information traveling across such networks, loss of data and/or operational capabilities can be very costly to the owners and administrators of the network. Therefore, a great deal of effort is expended on identifying abnormal and/or malicious activities in a quick and efficient manner, which can allow for rapid response.
Many of the current techniques rely on characterizations of traffic flow or traffic content (e.g. payload) and can result in an excessive number of false positives and/or undetected events. Therefore, a need exists for a fast and accurate method and system for detecting abnormal digital traffic.