Anomaly detection is an important tool to assess the behavior of a communication network. In general, anomaly detection techniques seek to identify network behaviors that deviate from the pattern of normal network behavior. For example, if a given host in the network that does not normally receive a high volume of traffic suddenly begins to experience a high volume of traffic, an anomaly detection mechanism in the network may flag this condition as anomalous.
One prominent application of anomaly detection is the detection of network attacks. For example, anomaly detectors are potentially able to detect zero-day attacks. These types of attacks are so-named because of their root cause: the exploitation of a previously unknown vulnerability in the network. Notably, once the vulnerability is detected, the responsible entity has zero days to correct or mitigate the vulnerability in the network. Since zero-day attacks are, by their very nature, of an unknown type until they occur, anomaly detectors are well suited to detect their presence by identifying behavioral changes in the network.