Anomaly detection (cont.)

• Machine learning [GSS99]
  • apply AI techniques (Elman, Petri, neural nets, etc.) to learn normal profiles

• Example systems
  • UNM computer immunology, Columbia JAM, etc.

• Problems
  • extremely high false positives due to high sensitivity to variance
  • subject to bad training
  • poor real-time performance, questionable real-world applicability