Information fusion techniques for reliably training intrusion detection systems

Many approaches have been proposed to tackle network security; among them, many exploit machine learning and pattern recognition techniques, by regarding malicious behavior detection as a classification problem. Supervised and unsupervised techniques are used, each with its own benefits and shortcomings. When using supervised techniques, a suitably representative training set is required, which reliably indicates what a human expert wants the system to]cam and recognize. To this aim, we present an approach based on the Dempster-Shafer theory, which exploits the Dempster-Shafer combination rule for automatically building a database of labeled network traffic from raw tcpdump packet captures. We also show that systems trained on such a database perform approximatively as well as the same systems trained on correctly labeled data.