Anomaly detection

Under construction: Applying predictive analysis techniques to incoming requests.

  • Cluster data points within similar behavioural groups using inter-request time, number of unique endpoints and IP location (or content address (IPNS) or agent identifier).
  • Train a classifier with labelled traffic data (request attributes) from historical malicious requests.
  • Test on logs or data stores with unlabelled traffic data.
  • Validate against data provided by third parties (coalition partners).