Marnerides, Angelos and Pezaros, Dimitrios P. and Kim, Hyun-chul and Hutchison, David (2009) Unsupervised two-class & multi-class support vector machines for abnormal traffic characterization. In: Passive and Active Measurements (PAM) Conference Student Workshop 2009, 2009-01-01 - 2009-01-04.
Abstract
Although measurement-based real-time traffic classification has received considerable research attention, the timing constraints imposed by the high accuracy requirements and the learning phase of the algorithms employed still remain a challenge. In this paper we propose a measurement-based classification framework that exploits unsupervised learning to accurately categorise network anomalies to specific classes. We introduce the combinatorial use of two-class and multi-class unsupervised Support Vector Machines (SVM)s to first distinguish normal from anomalous traffic and to further classify the latter category to individual groups depending on the nature of the anomaly.