Rapid7, Inc.
Detecting anomalous network activity

Abstract:

Methods and systems for detecting anomalous network activity. The system may receive network metadata regarding activity on a network and generate at least one of a z-score and a directionality magnitude related to the network activity. The system may then issue an alert upon detecting an anomaly exists on the network based upon at least one of the generated z-score exceeding a z-score threshold and the generated directionality magnitude deviating from a baseline directionality magnitude.