AB - Monitoring computer network traffic for anomalous behaviourpresents an important security challenge. Arrivals of new edges in anetwork graph represent connections between a client and server pairnot previously observed, and in rare cases these might suggest thepresence of intruders or malicious implants. We propose a Bayesianmodel and anomaly detection method for simultaneously characterising existing network structure and modelling likely new edge formation. The method is demonstrated on real computer network authentication data and successfully identifies some machines which areknown to be compromised.
