Activity-based temporal anomaly detection in enterprise-cyber security

Statistical anomaly detection is emerging as an important complement to signature-based methods for enterprise network defence. In this paper, we isolate a persistent structure in two different enterprise network data sources. This structure provides the basis of a regression-based anomaly detection method. The procedure is demonstrated on a large public domain data set