Learning Flow Characteristics Distributions with ELM for Distributed Denial of Service Detection and Mitigation

Aapo Kalliola, Yoan Miche, Ian Oliver, Silke Holtmanns, Buse Atli, Amaury Lendasse, Kaj-Mikael Björk, Anton Akusok, Tuomas Aura

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review


We present a methodology for modeling the distributions of network flow statistics for the specific purpose of network anomaly detection, in the form of Distributed Denial of Service attacks. The proposed methodology offers to model (using Extreme Learning Machines, ELM), at the IP subnetwork level (or all the way down to the single IP level, if computations allow), the usual distributions of certain network flow characteristics (or statistics), and then to use a One-Class classifier in the detection of abnormal joint flow statistics. The methodology makes use of the original ELM for its good performance to computational time ratio, but also because of the needs in this methodology to have simple update rules for making the model evolve in time, as new traffic and hosts come in.
Original languageEnglish
Title of host publicationProceedings of ELM-2016
Number of pages15
Place of PublicationCham
Publication date26.05.2017
ISBN (Print)978-3-319-57420-2
ISBN (Electronic)978-3-319-57421-9
Publication statusPublished - 26.05.2017
MoE publication typeA4 Article in conference proceedings
Event2016 the 7th International Conference on Extreme Learning Machines (ELM) - Marina Bay Sands, Singapore
Duration: 13.12.201615.12.2016

Publication series

Name Proceedings in Adaptation, Learning and Optimization (PALO)


  • 512 Business and Management


Dive into the research topics of 'Learning Flow Characteristics Distributions with ELM for Distributed Denial of Service Detection and Mitigation'. Together they form a unique fingerprint.

Cite this