SageMaker IP Insights Algorithm is used for detecting anomalies in network traffic. It is an unsupervised learning algorithm that is trained on historical data to learn the patterns of normal network usage. In production it can detect anomalies in network usage that may indicate changes in user behaviour, network performance or malicious activity.
The IP Insights Algorithm works with data that is presented in data pairs of an entity and an IPv4 address. The entity is an identifiable user or feature, for example a user ID or account number. When the trained model is passed a new entity IP address pair representing an event it returns a score indicating how anomalous the event was compared to the data the model was trained on.
|Data types and format||Tabular, IPv4|
|Learning paradigm or domain||Unsupervised Learning|
|Problem type||IP anomaly detection|
|Use case examples||Protect your application from suspicious users|
Training is performed on historical data that is pairs of entity values and IPv4 addresses. The entity will be an alpha numeric value, for example a user ID or account number. The training data format is CSV.
Model artifacts and inference
|Learning paradigm||Unsupervised Learning|
|Request format||CSV, JSON, JSON lines|
|Result||JSON, JSON lines|
Training is performed on GPU instances, or CPU instances with distributed workloads. Inference uses CPU instances.