Previous attempts to develop outlier network activity detection systems have been based on rules driven and static analysis models. These systems are not updated frequently based on final outcomes, resulting in an inefficient system that is unable to effectively distinguish normal behavior from outlier behavior due to an inability to truly “learn” new patterns in outlier activity. For example, systems that utilize simple threshold detection schemes suffer from problems associated with how the thresholds should be set. If the thresholds are set too high, some outlier network activity may not be detected, and if the thresholds are set too low, the system may generate a lot of false positive indications of outlier network activity, such as flagging network activity as outlier network activity when it is not. Additionally, although thresholds utilized by these systems may be periodically updated, such as once a year, these adjustments are often insufficient with respect to solving the above-described deficiencies. For example, if outlier network activity remained static such that patterns of activity associated with outlier network activity were constant, these threshold detection systems may eventually converge on a set of thresholds that accurately detect all outlier network activity. However, outlier network activities evolve over time as the network users change their behaviors in an attempt to circumvent detection. Thus, systems implementing simple threshold detection schemes are always behind the curve with respect to new and emerging outlier network activities, which may go undetected by those systems for a prolonged period of time. Systems that suffer from the above-identified inefficiencies with respect to accurately identifying outlier activity may fail to meet regulatory expectations and may also fail to identify and report spurious behaviors in a timely manner.