argus data for machine learning
Carter Bullard via Argus-info
argus-info at lists.andrew.cmu.edu
Mon Jan 23 09:52:47 EST 2017
Rashad,
There are a lot of things you can detect from a single flow record, simple things like fragmentation overlap attacks, violations of policy (if you know the policy) or fishy things like keystrokes coming from a remote HTTP server. But most of the good intrusion detection techniques are centered around complex behavioral anomaly detection. Argus is well suited for this, as it generates lots of data from which you can build models of normal behavior.
Whether you want to build an expert driven supervised system or something as elegant as an unsupervised machine-learning based anomaly detection engine, its the volume and density of data that makes argus a good data source for network based behavioral anomaly detection. If you can process a fair amount of argus data to build your behavioral models of what normal should be, then you maybe able to detect something from a single flow that is significant.
Carter
> On Jan 17, 2017, at 8:58 AM, Rashad Suleymanov via Argus-info <argus-info at lists.andrew.cmu.edu> wrote:
>
> Hi,
> Currently working on Machine Learning algorithm to detect P2P traffic. The main idea is focusing on each flow data not comparing flows each other. But problem is if I pick up only one flow line data which is presented by argus is not enough for selecting feature ML. Could you please share your experience and relevant feature could be useful ?
>
> --
> BR,
> Rashad Suleymanov
More information about the argus
mailing list