It will not be far from the truth if we say this is the” golden age” for Cyberattacks and hackers. During the Pandemic, there has been a massive increase in public IP addresses and the volume of internet traffic, leading to vulnerabilities that Cybercriminals could exploit. Evidently, this has led to a rise in Cyberattacks. This number of Cyber-attacks reached an all-time high at the end of 2021, peaking at 925 a week per organization globally. Overall, in 2021, security experts have witnessed 50% more attacks on corporate networks than in 2020.2

It has always been challenging to identify cybersecurity attacks. One of the biggest challenges facing security practitioners is a combination of a wide breadth of threats, large-scale attacks, and a broad surface. These attacks originate internally due to malicious intent or negligent actions and externally by malware, target attacks, and APT (Advanced Persistent Threats).

Insider threats are more challenging and can cause more damage than external threats because they are already within the network. These malicious threat vectors can steal, destroy or alter the assets of an enterprise. Hence, it is of grave concern to enterprises to enable anomaly detection for cyber network security.

A few years back, firewalls, web gateways, and some intrusion prevention tools were enough  secure networks, but hackers and advanced cyber threats have since bypassed these defence systems. Therefore, the use of Machine Learning, AI models, and cyber tools to detect the presence of hackers or a malicious vector in the network system is critical. 

Behaviour Anomaly detection provides real-time detection of Cyberattack threats. It monitors the anomalous user behavior that protects the enterprise against threats. Abnormal behavior can be detected and predicted using Machine Learning techniques.

A team of researchers designed and developed Machine Learning models to detect anomalous nodes in real-time or near real-time in the presence of multi-attribute nodes in a network. They examined the data from a behavioral Multi-dimensional and a Graph perspective. The team detected anomalies on IP addresses through traffic ports & network packet signatures and identified the anomalous node and its blast radius. The team provided the weighted anomaly scores of the top 2%-3% based on severity. IP’s outlier score indicated the tendency of a record to be malicious once it passes through the model.

The researchers shared the anomalous node information with the firm for their evaluation and suggested checking the malicious IP in the data based on the model. The study suggested deploying additional requirements like Streaming Data, Cloud Computing of this streaming data, and unfiltered traffic data for broader threat detection.  


1: Dr. Mantri S., Agarwal, A., Ram O., Singh M., Julka Y., ‘Network Anomaly Detection using Opensource Graph Frameworks’, 2021