Abstract: Implementations described and claimed herein provide systems, methods and computer-readable media with instructions for detecting anomalies in computer network traffic online, real-time, historical, forensic, and/or playback mode. The implementations can include monitoring network traffic metadata, parsing the metadata, constructing a multi-partite graph of nodes and edges based on a long-term incremental signal transformation or a short-term concurrent snapshot, and generating streaming analytics based on the multi-partite graph representing a likelihood that network traffic associated with a specified network component is infected with malware.