Anomaly detection experiment
Im undertaking my final year project on machine learning for cyber security and am a complete beginner to RM. I wish to create a process that will demonstrate how effective machine learning techniques are for detecting both signatures and anomalies in an IDS, for this I am using the KD99 cup dataset for which i have labelled and unlabeled sets. the aim is to obviously create a classifier that will train from this data and be able to spot anomalies. I have downloaded the anomaly detection extensions but am also not too sure how to use them.
Additionally since the data is already labelled I would like to know if it would be better to have the results name the specific attack that happens (i.e smurf, SQLattack etc) or to simply output 'malicious' or 'benign' and how to do this.
Fraser