Self-Learning and Configurable IDS for Dynamic Environment
A major difficulty of any anomaly-based intrusion detection system is that patterns of normal behavior change over time and the system must be retrained. One of the principal problems of the intrusion detection systems based on the anomaly detection principles is their error rate, both in terms of false negatives (undetected attacks) and false positives, i.e. legitimate traffic labeled as malicious. This problem is amplified by the fact that the sensitivity (and consequently the error rate) varies dynamically as a function of the network traffic. IDS must be able to adapt to these changes and be able to distinguish these changes in normal behavior from intrusive behavior.