Abstract
We present a methodology for modeling the distributions of network flow statistics for the specific purpose of network anomaly detection, in the form of Distributed Denial of Service attacks. The proposed methodology offers to model (using Extreme Learning Machines, ELM), at the IP subnetwork level (or all the way down to the single IP level, if computations allow), the usual distributions of certain network flow characteristics (or statistics), and then to use a One-Class classifier in the detection of abnormal joint flow statistics. The methodology makes use of the original ELM for its good performance to computational time ratio, but also because of the needs in this methodology to have simple update rules for making the model evolve in time, as new traffic and hosts come in.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Akamai: Akamai’s [State of the Internet]/Security Q1/2016 Report. http://www.akamai.com/StateOfTheInternet (2016)
Kalliola, A., Lee, K., Lee, H., Aura, T.: Flooding DDoS mitigation and traffic management with software defined networking. In: 2015 IEEE 4th International Conference on Cloud Networking (CloudNet), pp. 248–254, Oct 2015
Iglesias, F., Zseby, T.: Analysis of network traffic features for anomaly detection. Mach. Learn. 101(1), 59–84 (2015)
Claise, B., Trammell, B.: Specification of the IP flow information export (IPFIX) protocol for the exchange of flow information. RFC 7011 (2015)
Cambiaso, E., Papaleo, G., Aiello, M.: Taxonomy of Slow DoS Attacks to Web Applications, pp. 195–204. Springer (2012)
Cybenko, G.: Approximations by superpositions of sigmoidal functions. Math. Control Signals Syst. 2(4), 303–314 (1989)
Guangbin, H., Chen, L., Siew, C.-K., Huang, G.-B., Lei, C., Siew, C.-K.: Universal approximation using incremental constructive feedforward neural networks with random hidden nodes. IEEE Trans. Neural Netw. 17(4), 879–892 (2006)
Leng, Q., Qi, H., Miao, J., Zhu, W., Su, G.: One-class classification with extreme learning machine. Math. Prob. Eng. 2015(Article ID 412957), 1–11 (2015)
Huang, G.-B, Zhu, Q.-Y., Siew, C.-K.: Extreme learning machine: theory and applications. Neurocomputing 70(1), 489–501 (2006)
Miche, Y., Sorjamaa, A., Bas, P., Simula, O., Jutten, C., Lendasse, A.: OP-ELM: optimally-pruned extreme learning machine. IEEE Trans. Neural Netw. 21(1), 158–162 (2010)
Miche, Y., van Heeswijk, M., Bas, P., Simula, O., Lendasse, A.: TROP-ELM: a double-regularized ELM using LARS and Tikhonov regularization. Neurocomputing 74(16), 2413–2421 (2011)
Van Heeswijk, M., Miche, Y., Oja, E., Lendasse, A.: GPU-accelerated and parallelized ELM ensembles for large-scale regression. Neurocomputing 74(16), 2430–2437 (2011)
Cambria, E., Huang, G.-B, Kasun, L.L.C., Zhou, H., Vong, C.M., Lin, J., Yin, J., Cai, Z., Liu, Q., Li, K., Leung, V.C.M., Liang F., Ong, Y.-S., Lim, M.-H., Anton A., Amaury L., Francesco C., Rui N., Yoan M., Paolo G., Rodolfo Z., Sergio D., Xuefeng Y., Kezhi M., Oh, B.-S., Jehyoung J. Toh, K.-A., Teoh, A.B.J., Kim, J., Yu, H., Chen, Y., Liu, J.: Extreme learning machines [trends and controversies]. IEEE Intell. Syst. 28(6), 30–59 (2013)
Radhakrishna C.R., Mitra, S.K.: Generalized Inverse of Matrices and Its Applications. Wiley (1972)
Liang, N.Y., Huang, G.B., Saratchandran, P., Sundararajan, N.: A fast and accurate online sequential learning algorithm for feedforward networks. IEEE Trans. Neural Netw. 17(6), 1411–1423 (2006)
Golub, G.H., Van Loan, C.F.: Matrix Computations. The Johns Hopkins University Press (2013)
Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput. Secur. 31(3), 357–374 (2012)
Barford, P., Plonka, D.: Characteristics of network traffic flow anomalies. In: Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement, IMW ’01, pp. 69–73. ACM, New York, NY, USA (2001)
Seufert, S., O’Brien, D.: Machine learning for automatic defence against distributed denial of service attacks. In: 2007 IEEE International Conference on Communications, pp. 1217–1222, June 2007
Berral, J.L., Poggi, N., Alonso, J., Gavaldà , R., Torres, J., Parashar, M.: Adaptive distributed mechanism against flooding network attacks based on machine learning. In: Proceedings of the 1st ACM Workshop on Workshop on AISec, AISec ’08, pp. 43–50. ACM, New York, NY, USA, (2008)
Cheng, C., Tay, W.P., Huang, G.B.: Extreme learning machines for intrusion detection. In: The 2012 International Joint Conference on Neural Networks (IJCNN), pp. 1–8, June 2012
Srimuang, W., Intarasothonchun, S.: Classification model of network intrusion using weighted extreme learning machine. In: 2015 12th International Joint Conference on Computer Science and Software Engineering (JCSSE), pp. 190–194, July 2015
Fossaceca, John M., Mazzuchi, T.A., Sarkani, S.: Mark-ELM: Application of a novel multiple kernel learning framework for improving the robustness of network intrusion detection. Expert Syst. Appl. 42(8), 4062–4080 (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Kalliola, A. et al. (2018). Learning Flow Characteristics Distributions with ELM for Distributed Denial of Service Detection and Mitigation. In: Cao, J., Cambria, E., Lendasse, A., Miche, Y., Vong, C. (eds) Proceedings of ELM-2016. Proceedings in Adaptation, Learning and Optimization, vol 9. Springer, Cham. https://doi.org/10.1007/978-3-319-57421-9_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-57421-9_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-57420-2
Online ISBN: 978-3-319-57421-9
eBook Packages: EngineeringEngineering (R0)