A photograph of IT network cables and sockets to symbolize the SageMaker built in algorithm IP Insights

IP Insights Algorithm

SageMaker IP Insights Algorithm is used for detecting anomalies in network traffic. It is an unsupervised learning algorithm that is trained on historical data to learn the patterns of normal network usage. In production it can detect anomalies in network usage that may indicate changes in user behaviour, network performance or malicious activity. 

The IP Insights Algorithm works with data that is presented in data pairs of an entity and an IPv4 address. The entity is an identifiable user or feature, for example a user ID or account number. When the trained model is passed a new entity IP address pair representing an event it returns a score indicating how anomalous the event was compared to the data the model was trained on.


Problem attributeDescription
Data types and formatTabular, IPv4
Learning paradigm or domainUnsupervised Learning
Problem typeIP anomaly detection
Use case examplesProtect your application from suspicious users


Training is performed on historical data that is pairs of entity values and IPv4 addresses. The entity will be an alpha numeric value, for example a user ID or account number. The training data format is CSV.

Model artifacts and inference

Learning paradigmUnsupervised Learning
Request formatCSV, JSON, JSON lines
ResultJSON, JSON lines

Processing environment

Training is performed on GPU instances, or CPU instances with distributed workloads. Inference uses CPU instances.

Similar Posts