Flow-based anomaly detection using semisupervised learning

In recent years, flow-based anomaly detection has been used as a scalable method for high-speed networks. The application of supervised learning in flow-based anomaly detection has been considered in a number of studies. However, supervised methods are not very useful as they are only trained with labelled data. Therefore, in this study, we use a semi-supervised method to address the problem of the limitation of labelled data. S4VM is a semi-supervised method which can work with both labelled and unlabelled data. This method is used in this study to detect anomalies in flow traffic. The results show that S4VM has high accuracy when a large proportion of data is unlabelled. Although the accuracy of S4VM is slightly less than supervised learning, this method reduces the cost of labeling data, as only a small number of labelled flows are required. To evaluate the proposed anomaly detection method, a number of flow-based datasets are generated.