On the Use of Co-Occurrence Matrices for Network Anomaly Detection