Detection of Anomalous Network Nodes via Hierarchical Prediction and Extreme Value Theory

The project is a fresh (4 days old) reference implementation for an ArXiv paper. While the use of Extreme Value Theory (EVT) for thresholding ARP-based anomalies is a theoretically sound and statistically rigorous approach for industrial (OT) environments, the project currently lacks any significant moat. With 0 stars and only 5 forks (likely mirrors or research collaborators), it has no community adoption or 'data gravity.' The defensibility is low (2) because the core value lies in the mathematical approach described in the paper, which can be easily replicated by established cybersecurity vendors like Darktrace, Claroty, or Dragos. Frontier labs (OpenAI, Anthropic) pose low risk as this is a highly specialized domain-specific networking task. However, the platform risk is high from incumbent Network Detection and Response (NDR) and XDR providers who could integrate similar hierarchical prediction models into their existing agentless monitoring suites. The 1-2 year displacement horizon reflects the time it would take for these incumbents to productize similar academic findings into their broader security platforms.