Abstract
We present a methodology for modeling the distributions of network flow statistics for the specific purpose of network anomaly detection, in the form of Distributed Denial of Service attacks. The proposed methodology offers to model (using Extreme Learning Machines, ELM), at the IP subnetwork level (or all the way down to the single IP level, if computations allow), the usual distributions of certain network flow characteristics (or statistics), and then to use a One-Class classifier in the detection of abnormal joint flow statistics. The methodology makes use of the original ELM for its good performance to computational time ratio, but also because of the needs in this methodology to have simple update rules for making the model evolve in time, as new traffic and hosts come in.
Original language | English |
---|---|
Title of host publication | Proceedings of ELM-2016 |
Number of pages | 15 |
Place of Publication | Cham |
Publisher | Springer |
Publication date | 26.05.2017 |
Pages | 129-143 |
ISBN (Print) | 978-3-319-57420-2 |
ISBN (Electronic) | 978-3-319-57421-9 |
DOIs | |
Publication status | Published - 26.05.2017 |
MoE publication type | A4 Article in conference proceedings |
Event | 2016 the 7th International Conference on Extreme Learning Machines (ELM) - Marina Bay Sands, Singapore Duration: 13.12.2016 → 15.12.2016 |
Publication series
Name | Proceedings in Adaptation, Learning and Optimization (PALO) |
---|---|
Volume | 9 |
Keywords
- 512 Business and Management