A user can access an application hosted by a remote server from a client device. To improve network security, misuse detection techniques can be used to determine whether the user appears to interacting with the application in a malicious manner. Such misuse also can be characterized to provide an explanation for identifying the user's network traffic as a potential misuse.