Activity detection, both friendly and malicious, has long been a priority for computer network administrators. In various public and private computer networks, users employ devices such as desktop computers, laptop computers, tablets, smart phones, browsers, etc. to interact with others through computers and servers that are coupled to the network. Digital data, typically in the form of data packets, are passed along the network by interconnected network devices.
Malicious activity on a network can harm to software hardware, or users that make up or use the network. Malicious activities may include unauthorized access or subsequent unpermitted use of network resources and data. To protect the network, network administrators seek to detect such activities, for example, by searching for patterns of behavior that are abnormal or otherwise vary from an expected use pattern of particular entities, such as an organization, a group of uses, individual users, IP addresses, nodes or groups of nodes in the network, and the like. To combat such activities, network administrators can employ hardware appliances that monitor network traffic or software products, such as anti-virus or anti-malware software to detect and eliminate certain malicious activity.