Learning Flow Characteristics Distributions with ELM for Distributed Denial of Service Detection and Mitigation

We present a methodology for modeling the distributions of network flow statistics for the specific purpose of network anomaly detection, in the form of Distributed Denial of Service attacks. The proposed methodology offers to model (using Extreme Learning Machines, ELM), at the IP subnetwork level (or all the way down to the single IP level, if computations allow), the usual distributions of certain network flow characteristics (or statistics), and then to use a One-Class classifier in the detection of abnormal joint flow statistics. The methodology makes use of the original ELM for its good performance to computational time ratio, but also because of the needs in this methodology to have simple update rules for making the model evolve in time, as new traffic and hosts come in.

Aapo Kalliola (Nokia Bell Labs, Aalto Unversity), Yoan Miche, Ian Oliver, Silke Holtmanns (Nokia Bell Labs),  Buse Atli (Nokia Bell Labs, Aalto University), Amaury Lendasse (The University of Iowa), Kaj-Mikael Bjork, Anton Akusok (Arcada University of Applied Sciences) Tuomas Aura (Nokia Bell Labs, Aalto University):  Learning Flow Characteristics Distributions with ELM for Distributed Denial of Service Detection and Mitigation

Presented at the International Symposium on Extreme Learning Machines (ELM), Singapore, 2016

https://link.springer.com/chapter/10.1007/978-3-319-57421-9_11

Share on LinkedInGoogle+Tweet about this on TwitterShare on FacebookEmail to someone