• time series
• anomaly detection
• network monitoring
• machine learning

In this thesis, unsupervised learning techniques are applied to detect unexpected events in hosts' network traffic data. We call these events anomalies and propose a technique that is not only focused on detecting security threats but can also be generalized to different network events of interest like people habits changes. Unlike recent studies, we took advantage of the latent space built by our models to characterize hosts and their behavior. Successively, anomalies are found as those events whose latent representation in the feature space greatly differs from the usual host's activity. Due to the current limitations of the publicly available datasets we were able to test our approach only to detect security threats within network activity. The comparison with publicly available unsupervised tools showed that the proposed approach improves the state of the art detection of those threats. The work also shows that exploiting the network activity latent representation can improve current network monitoring tools by reducing the data that a network administrator has to monitor.