An Autonomous labeling approach to SVM algorithms for network traffic anomaly detection

TítuloAn Autonomous labeling approach to SVM algorithms for network traffic anomaly detection
Publication TypeConference Paper
Year of Publication2009
AuthorsBrombereg F, Catania CA, Garino CGarcia
Conference NameArgentine Symposium of Artificial Intelligence (ASAI). Jornadas Argentinas de Informática. Mar del Plata, Argentina.
Date Published08/2009
PublisherSociedad Argentina de Informática
Conference LocationMar del Plata, Argentina
Abstract

In the past years, several support vector machines anomaly detection approaches have been proposed in the network intrusion detetion field. The main advantage of these approaches is that they  can  characterize normal traffic  when trained using a data set  containing not only normal traffic  but also possible attacks. Unfortunately, these algorithms seem to be accurate only when the normal traffic  vastly outnumbers the numbers of attacks or anomalies present in the dataset. This work presents an approach for autonomous labeling of normal traffic   as a way of dealing with situations where  class distributions do not present the required unbalance. The autonomous labeling process is made by SNORT, a misuse-based intrusion detection system. Experiments  conducted on the 1998 DARPA dataset show the proposed autonomous labeling approach not only outperforms existing SVM alternatives but also obtains signicant improvement over SNORT itself.

Miembros del DHARMa que son autores:: 
Peer reviewed?: 
1
Internacional?: 
0