Advertisement

Learning Flow Characteristics Distributions with ELM for Distributed Denial of Service Detection and Mitigation

  • Aapo Kalliola
  • Yoan Miche
  • Ian Oliver
  • Silke Holtmanns
  • Buse Atli
  • Amaury Lendasse
  • Kaj-Mikael Bjork
  • Anton Akusok
  • Tuomas Aura
Conference paper
Part of the Proceedings in Adaptation, Learning and Optimization book series (PALO, volume 9)

Abstract

We present a methodology for modeling the distributions of network flow statistics for the specific purpose of network anomaly detection, in the form of Distributed Denial of Service attacks. The proposed methodology offers to model (using Extreme Learning Machines, ELM), at the IP subnetwork level (or all the way down to the single IP level, if computations allow), the usual distributions of certain network flow characteristics (or statistics), and then to use a One-Class classifier in the detection of abnormal joint flow statistics. The methodology makes use of the original ELM for its good performance to computational time ratio, but also because of the needs in this methodology to have simple update rules for making the model evolve in time, as new traffic and hosts come in.

References

  1. 1.
    Akamai: Akamai’s [State of the Internet]/Security Q1/2016 Report. http://www.akamai.com/StateOfTheInternet (2016)
  2. 2.
    Kalliola, A., Lee, K., Lee, H., Aura, T.: Flooding DDoS mitigation and traffic management with software defined networking. In: 2015 IEEE 4th International Conference on Cloud Networking (CloudNet), pp. 248–254, Oct 2015Google Scholar
  3. 3.
    Iglesias, F., Zseby, T.: Analysis of network traffic features for anomaly detection. Mach. Learn. 101(1), 59–84 (2015)Google Scholar
  4. 4.
    Claise, B., Trammell, B.: Specification of the IP flow information export (IPFIX) protocol for the exchange of flow information. RFC 7011 (2015)Google Scholar
  5. 5.
    Cambiaso, E., Papaleo, G., Aiello, M.: Taxonomy of Slow DoS Attacks to Web Applications, pp. 195–204. Springer (2012)Google Scholar
  6. 6.
    Cybenko, G.: Approximations by superpositions of sigmoidal functions. Math. Control Signals Syst. 2(4), 303–314 (1989)Google Scholar
  7. 7.
    Guangbin, H., Chen, L., Siew, C.-K., Huang, G.-B., Lei, C., Siew, C.-K.: Universal approximation using incremental constructive feedforward neural networks with random hidden nodes. IEEE Trans. Neural Netw. 17(4), 879–892 (2006)CrossRefGoogle Scholar
  8. 8.
    Leng, Q., Qi, H., Miao, J., Zhu, W., Su, G.: One-class classification with extreme learning machine. Math. Prob. Eng. 2015(Article ID 412957), 1–11 (2015)Google Scholar
  9. 9.
    Huang, G.-B, Zhu, Q.-Y., Siew, C.-K.: Extreme learning machine: theory and applications. Neurocomputing 70(1), 489–501 (2006)Google Scholar
  10. 10.
    Miche, Y., Sorjamaa, A., Bas, P., Simula, O., Jutten, C., Lendasse, A.: OP-ELM: optimally-pruned extreme learning machine. IEEE Trans. Neural Netw. 21(1), 158–162 (2010)Google Scholar
  11. 11.
    Miche, Y., van Heeswijk, M., Bas, P., Simula, O., Lendasse, A.: TROP-ELM: a double-regularized ELM using LARS and Tikhonov regularization. Neurocomputing 74(16), 2413–2421 (2011)Google Scholar
  12. 12.
    Van Heeswijk, M., Miche, Y., Oja, E., Lendasse, A.: GPU-accelerated and parallelized ELM ensembles for large-scale regression. Neurocomputing 74(16), 2430–2437 (2011)Google Scholar
  13. 13.
    Cambria, E., Huang, G.-B, Kasun, L.L.C., Zhou, H., Vong, C.M., Lin, J., Yin, J., Cai, Z., Liu, Q., Li, K., Leung, V.C.M., Liang F., Ong, Y.-S., Lim, M.-H., Anton A., Amaury L., Francesco C., Rui N., Yoan M., Paolo G., Rodolfo Z., Sergio D., Xuefeng Y., Kezhi M., Oh, B.-S., Jehyoung J. Toh, K.-A., Teoh, A.B.J., Kim, J., Yu, H., Chen, Y., Liu, J.: Extreme learning machines [trends and controversies]. IEEE Intell. Syst. 28(6), 30–59 (2013)Google Scholar
  14. 14.
    Radhakrishna C.R., Mitra, S.K.: Generalized Inverse of Matrices and Its Applications. Wiley (1972)Google Scholar
  15. 15.
    Liang, N.Y., Huang, G.B., Saratchandran, P., Sundararajan, N.: A fast and accurate online sequential learning algorithm for feedforward networks. IEEE Trans. Neural Netw. 17(6), 1411–1423 (2006)Google Scholar
  16. 16.
    Golub, G.H., Van Loan, C.F.: Matrix Computations. The Johns Hopkins University Press (2013)Google Scholar
  17. 17.
    Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput. Secur. 31(3), 357–374 (2012)Google Scholar
  18. 18.
    Barford, P., Plonka, D.: Characteristics of network traffic flow anomalies. In: Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement, IMW ’01, pp. 69–73. ACM, New York, NY, USA (2001)Google Scholar
  19. 19.
    Seufert, S., O’Brien, D.: Machine learning for automatic defence against distributed denial of service attacks. In: 2007 IEEE International Conference on Communications, pp. 1217–1222, June 2007Google Scholar
  20. 20.
    Berral, J.L., Poggi, N., Alonso, J., Gavaldà, R., Torres, J., Parashar, M.: Adaptive distributed mechanism against flooding network attacks based on machine learning. In: Proceedings of the 1st ACM Workshop on Workshop on AISec, AISec ’08, pp. 43–50. ACM, New York, NY, USA, (2008)Google Scholar
  21. 21.
    Cheng, C., Tay, W.P., Huang, G.B.: Extreme learning machines for intrusion detection. In: The 2012 International Joint Conference on Neural Networks (IJCNN), pp. 1–8, June 2012Google Scholar
  22. 22.
    Srimuang, W., Intarasothonchun, S.: Classification model of network intrusion using weighted extreme learning machine. In: 2015 12th International Joint Conference on Computer Science and Software Engineering (JCSSE), pp. 190–194, July 2015Google Scholar
  23. 23.
    Fossaceca, John M., Mazzuchi, T.A., Sarkani, S.: Mark-ELM: Application of a novel multiple kernel learning framework for improving the robustness of network intrusion detection. Expert Syst. Appl. 42(8), 4062–4080 (2015)Google Scholar

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  • Aapo Kalliola
    • 1
    • 2
  • Yoan Miche
    • 1
  • Ian Oliver
    • 1
  • Silke Holtmanns
    • 1
  • Buse Atli
    • 1
    • 2
  • Amaury Lendasse
    • 4
  • Kaj-Mikael Bjork
    • 3
  • Anton Akusok
    • 3
  • Tuomas Aura
    • 2
  1. 1.Bell LabsNokiaFinland
  2. 2.Aalto UniversityEspooFinland
  3. 3.Arcada University of Applied SciencesHelsinkiFinland
  4. 4.The University of IowaIowaUSA

Personalised recommendations