5

3

I am looking at time series security attack data where a given IP can either be labeled as (1) attack or (0) no attack. In total we will have thousands of IPs and roughly an equal number of attacks and non attacks. The data is rather noisy and every time series sequence can have a different length.

I am looking for advise on state of the art approaches to time series classification. I am past the stage of simple things like moving averages and I am looking for ways to improve my current methods or new things to try.

I have currently implemented a few different techniques:

- K-nearest neighbor with DTW. I am successfully using http://www.cs.ucr.edu/~eamonn/UCRsuite.html which provides state of the art performance.
- Logical shapelets (http://www.cs.ucr.edu/~mueen/LogicalShapelet/). This seems promising but have not been able to get any existing code base to work.

Can anyone suggest different technique to try? I have seen papers about discords and motifs but still need to investigate if they are relevant for my problem.

Since you've had some success with k-nearest neighbor and KNN is the simplest of the analogue based classifiers and is usually significantly outperformed by SVM (i.e. the best analogue based classifier), have you considered just changing the KNN to an SVM? – AN6U5 – 2015-12-29T23:12:20.463

I can help you if you provide some details? What is your time-series exactly? and you want to classify different time-series or different part of a single time-series? – Kasra Manshaei – 2015-12-30T11:40:53.680