- Published on
Whether it's API abuse, scraping, DDoS attacks, or a threat actor probing your endpoints, detecting anomalies in server traffic can help contain these attacks and improve system's resiliency. Building real-time detection pipelines however can be challenging because of variety of factors including infrastructure, cost, etc. Offline anomaly detection is an important tool that can not only be used in the absence of real-time detection but can also complement it. Root Cause Analysis, Forensics & Security Audit, Shadow Testing, Training & Tuning Real-Time Detectors, etc. are some of the use cases. In this article, I will present a simple offline anomaly detection pipeline that can be used to detect anomalies in server traffic. This pipeline is designed to be lightweight, easy to implement, and effective for many common scenarios.