While machine learning models have demonstrated the ability to detect cyber attacks, their deployment to operational scenarios is often limited due to the possibility of the model failing to detect attacks not included in the training set. Transfer learning has been shown to be a possible response to this common problem in the cyber domain. However, there are many operational questions that must be addressed before transfer learning can be implemented. First, and foremost, is the question of how to detect a change in an operational environment (e.g., the presence of a new attack variant). Transfer distance is a measure of dissimilarity between two learning problems. This study evaluates common distance metrics that could be used to estimate transfer distance between cyber attack learning problems, proposes a new method for calculating a multivariate transfer distance measure, and formulates a method for monitoring streaming data for changes in the environment using a one class Naïve Bayes model. These techniques are tested and evaluated on a publicly available cyber attack detection data set that contains multiple attack types.