Abstract—Traditional Network Intrusion Detection Systems
(NIDSs) rely on either specialized signatures of previously seen
attacks, or on expensive and difficult to produce labeled traffic
datasets for profiling and training. Both approaches share a
common downside: they require the knowledge provided by an
external agent, either in terms of signatures or as normal-operation
profiles. In this paper we describe UNIDS, an Unsupervised
NIDS capable of detecting 0-day attacks, i.e., network attacks
for which no signature is yet available, without using any kind
of signatures, labeled traffic, or training.
more here...........http://hal.archives-ouvertes.fr/docs/00/94/55/92/PDF/1569906451.pdf
(NIDSs) rely on either specialized signatures of previously seen
attacks, or on expensive and difficult to produce labeled traffic
datasets for profiling and training. Both approaches share a
common downside: they require the knowledge provided by an
external agent, either in terms of signatures or as normal-operation
profiles. In this paper we describe UNIDS, an Unsupervised
NIDS capable of detecting 0-day attacks, i.e., network attacks
for which no signature is yet available, without using any kind
of signatures, labeled traffic, or training.
more here...........http://hal.archives-ouvertes.fr/docs/00/94/55/92/PDF/1569906451.pdf