Traditional detection of abnormal network activity does not use categorical data, but numerical data and statistical analysis, which do not work due to the high dimensionality of the data and create a huge number of false positives. Malicious activity goes undetected or its detected occurs too late.

Let me remind you that the following messages from the news on the threat detection front may be interesting to you: Microsoft Defender Is Now Available with Built-In Troubleshooting Mode, as [...]