ABSTRACT
Developing widely applicable definitions or models of normal network behavior and anomalies is thus difficult. Alternative approaches are therefore currently being advocated, where instead of being provided with signatures of the anomalies, the algorithm learns the behavior of normal traffic, and autonomously adapts to shifts in the structure of normality itself [8-11]. Ideally, there should be no parametric model prescribed for normal behavior. The disadvantage of a model is that it imposes limitations on the applicability of an algorithm, and even subtle changes in the nature of network traffic can render the model inappropriate.
