In the past years, several support vector machines anomaly detection approaches have been proposed in the network intrusion detetion field. The main advantage of these approaches is that they  can  characterize normal traffic  when trained using a data set  containing not only normal traffic  but also possible attacks. Unfortunately, these algorithms seem to be accurate only when the normal traffic  vastly outnumbers the numbers of attacks or anomalies present in the dataset. This work presents an approach for autonomous labeling of normal traffic   as a way of dealing with situations where  class distributions do not present the required unbalance. The autonomous labeling process is made by SNORT, a misuse-based intrusion detection system. Experiments  conducted on the 1998 DARPA dataset show the proposed autonomous labeling approach not only outperforms existing SVM alternatives but also obtains signicant improvement over SNORT itself.