Anomaly detection is an emerging field with applicability to a wide number of areas, such as network threat detection/prevention, identifying misconfigured devices, and the like. In general, anomaly detection entails modeling the behavior of a system to identify behavioral changes over time. For example, in the case of detecting malware, many approaches are signature-based, meaning that these types of approaches detect specific types of malware by matching device behavior to a predefined behavioral pattern attributable to a malware type (e.g., virus A causes devices to exhibit behavior B). In contrast, anomaly detection may simply assess whether or not the behavior of the device has significantly changed. Both approaches are often complimentary and can be used together, in some systems.
While analyzing a single behavioral metric over time is relatively straightforward for purposes of anomaly detection, many communication systems and devices exhibit complex behaviors with highly dimensional metrics.