Abstract: |
Anomaly detection is often performed using models derived from off-line analysis of network audit data. Such datasets are typically very large. A method for efficiently applying GP to such audit data is presented in which training times for datasets with 500,000 exemplars is completed in 15 minutes. Six basic session features are demonstrated to be sufficient for detecting 95.15% Denial of Service attacks and 53.1% of Probe attacks in the DARPA 98 Intrusion Detection benchmark. |