| Hi-index | 0.00 |
Although there are many anomaly detection systems based on learning algorithms that are able to detect unknown attacks or variants of known attacks, most systems require sophisticated training data for supervised learning. Because it is difficult to prepare the training data, anomaly detection systems are not widely used in the practical environment. In this paper, we propose an anomaly detection system based on machine learning that requires no prepared training data. The system generates sophisticated training data that is applicable to the learning by processing alerts that a signature based Intrusion Detection System (IDS) outputs. We evaluated the system using two types of traffic: the 1999 DARPA IDS evaluation data and the security scanner data. The results show that the training data generated by the system is suitable for learning attack behaviors and the system is able to detect variants of worms and known attacks.