SageMaker IP Insights Algorithm is used for detecting anomalies in network traffic. It is an unsupervised learning algorithm that is trained on historical data to learn the patterns of normal network usage. In production it can detect anomalies in network usage that may indicate changes in user behaviour, network performance or malicious activity.
The IP Insights Algorithm works with data that is presented in data pairs of an entity and an IPv4 address. The entity is an identifiable user or feature, for example a user ID or account number. When the trained model is passed a new entity IP address pair representing an event it returns a score indicating how anomalous the event was compared to the data the model was trained on.
|Data types and format
|Learning paradigm or domain
|IP anomaly detection
|Use case examples
|Protect your application from suspicious users
Training is performed on historical data that is pairs of entity values and IPv4 addresses. The entity will be an alpha numeric value, for example a user ID or account number. The training data format is CSV.
Model artifacts and inference
|CSV, JSON, JSON lines
|JSON, JSON lines
Training is performed on GPU instances, or CPU instances with distributed workloads. Inference uses CPU instances.