@conference {179, title = {An Autonomous labeling approach to SVM algorithms for network traffic anomaly detection}, booktitle = {Argentine Symposium of Artificial Intelligence (ASAI). Jornadas Argentinas de Inform{\'a}tica. Mar del Plata, Argentina.}, year = {2009}, month = {08/2009}, publisher = {Sociedad Argentina de Inform{\'a}tica}, organization = {Sociedad Argentina de Inform{\'a}tica}, address = {Mar del Plata, Argentina}, abstract = {
In the past years, several support vector machines anomaly detection approaches have been proposed in the network intrusion detetion field. The main advantage of these approaches is that they\ can\ characterize normal traffic\ when trained using a data set\ containing not only normal traffic\ but also possible attacks. Unfortunately, these algorithms seem to be accurate only when the normal traffic\ vastly outnumbers the numbers of attacks or anomalies present in the dataset. This work presents an approach for autonomous labeling of normal traffic\ \ as a way of dealing with situations where\ class distributions do not present the required unbalance. The autonomous labeling process is made by SNORT, a misuse-based intrusion detection system. Experiments\ conducted on the 1998 DARPA dataset show the proposed autonomous labeling approach not only outperforms existing SVM alternatives but also obtains signicant improvement over SNORT itself.
}, author = {Brombereg, Facundo and Catania, Carlos A. and Garcia Garino, Carlos} }