To diagnostic between the attack and the normal we need to determine and predetermine the behavior of any unknown data or person
There are many ways to do this.. as you said above you already have records means is that pcap ? If so now you can run snort against it and capture all security incidents against that pcap or session or If you want to make your own scriptable code python has libraries for this. Even you can consider SilK for Log analayis.
Labeling the records as attack or normal is a time consuming process and it needs extensive domain expertise. Data mining tools can be used to classify the events and again human experts are needed to decide on whether it is an attack or not.
Working Paper A Machine Learning Approach to Improve the Efficiency of Fak...
- Badges
- Science topic
- Similar topics
- Biological Science
- Bioecology
- Systems Ecology
- Landscape Ecology
- Connectivity