Definitions Edit

Anomalous activity is

[i]rregular or unusual deviations from what is usual, normal, or expected; activity inconsistent with the expected norm.
network activities that are inconsistent with the expected norms that may suggest FIE [Foreign Intelligence Entity] exploitation of cyber vulnerabilities or prior knowledge of U.S. national security information, processes, or capabilities.[1]
[a]ctivity that deviates from normal. The result of the process of comparing definitions of what activity is considered normal against observed events to identify significant deviations.[2]

References Edit

  1. DoD Instruction S-5240.23.
  2. FFIEC, IT Examination Handbook Infobase, Glossary (full-text).