The background description provided herein is for the purpose of generally presenting the context of the disclosure. Unless otherwise indicated herein, the materials described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
Most approaches to detecting network threats take a rules and/or supervised learning approach based approach. As such, they are narrowly focused on specific use cases or on identifying specific types of attacks and can fail to adapt to new or changing threats. Rules-based approaches often miss “low and slow” attacks that are able to unfold without triggering specific rules. Supervised learning approaches often suffer from a lack of labelled examples, instead relying on simulated data to learn models. Such approaches can have both high false positive rates as well as a high number of false negatives.