Learning Flow Characteristics Distributions with ELM for Distributed Denial of Service Detection and Mitigation

Aapo  Kalliola; Yoan Miche; Ian  Oliver; Silke  Holtmanns; Buse  Atli; Amaury Lendasse; Kaj-Mikael Björk; Anton Akusok; Tuomas  Aura

doi:10.1007/978-3-319-57421-9_11

Learning Flow Characteristics Distributions with ELM for Distributed Denial of Service Detection and Mitigation

Aapo Kalliola, Yoan Miche, Ian Oliver, Silke Holtmanns, Buse Atli, Amaury Lendasse, Kaj-Mikael Björk, Anton Akusok, Tuomas Aura

Finansiell ekonomi, Helsingfors

Forskningsoutput: Kapitel i bok/rapport/konferenshandling › Konferensbidrag › Vetenskaplig › Peer review

Sammanfattning

We present a methodology for modeling the distributions of network flow statistics for the specific purpose of network anomaly detection, in the form of Distributed Denial of Service attacks. The proposed methodology offers to model (using Extreme Learning Machines, ELM), at the IP subnetwork level (or all the way down to the single IP level, if computations allow), the usual distributions of certain network flow characteristics (or statistics), and then to use a One-Class classifier in the detection of abnormal joint flow statistics. The methodology makes use of the original ELM for its good performance to computational time ratio, but also because of the needs in this methodology to have simple update rules for making the model evolve in time, as new traffic and hosts come in.

Originalspråk	Engelska
Titel på gästpublikation	Proceedings of ELM-2016
Antal sidor	15
Utgivningsort	Cham
Förlag	Springer
Utgivningsdatum	26.05.2017
Sidor	129-143
ISBN (tryckt)	978-3-319-57420-2
ISBN (elektroniskt)	978-3-319-57421-9
DOI	https://doi.org/10.1007/978-3-319-57421-9_11
Status	Publicerad - 26.05.2017
MoE-publikationstyp	A4 Artikel i en konferenspublikation
Evenemang	2016 the 7th International Conference on Extreme Learning Machines (ELM) - Marina Bay Sands, Singapore Varaktighet: 13.12.2016 → 15.12.2016

Publikationsserier

Namn	Proceedings in Adaptation, Learning and Optimization (PALO)
Volym	9

Nyckelord

512 Företagsekonomi

Åtkomst av dokument

10.1007/978-3-319-57421-9_11

Fingeravtryck Fördjupa i forskningsämnen för ”Learning Flow Characteristics Distributions with ELM for Distributed Denial of Service Detection and Mitigation”. Tillsammans bildar de ett unikt fingeravtryck.

Citera det här

Kalliola, A., Miche, Y., Oliver, I., Holtmanns, S., Atli, B., Lendasse, A., Björk, K-M., Akusok, A., & Aura, T. (2017). Learning Flow Characteristics Distributions with ELM for Distributed Denial of Service Detection and Mitigation. I Proceedings of ELM-2016 (s. 129-143 ). ( Proceedings in Adaptation, Learning and Optimization (PALO); Vol. 9). Springer. https://doi.org/10.1007/978-3-319-57421-9_11

Kalliola, Aapo ; Miche, Yoan ; Oliver, Ian ; Holtmanns, Silke ; Atli, Buse ; Lendasse, Amaury ; Björk, Kaj-Mikael ; Akusok, Anton ; Aura, Tuomas . / Learning Flow Characteristics Distributions with ELM for Distributed Denial of Service Detection and Mitigation. Proceedings of ELM-2016. Cham : Springer, 2017. s. 129-143 ( Proceedings in Adaptation, Learning and Optimization (PALO)).

@inproceedings{8aa4bd48e609415f91565b904d33127b,

title = "Learning Flow Characteristics Distributions with ELM for Distributed Denial of Service Detection and Mitigation",

abstract = "We present a methodology for modeling the distributions of network flow statistics for the specific purpose of network anomaly detection, in the form of Distributed Denial of Service attacks. The proposed methodology offers to model (using Extreme Learning Machines, ELM), at the IP subnetwork level (or all the way down to the single IP level, if computations allow), the usual distributions of certain network flow characteristics (or statistics), and then to use a One-Class classifier in the detection of abnormal joint flow statistics. The methodology makes use of the original ELM for its good performance to computational time ratio, but also because of the needs in this methodology to have simple update rules for making the model evolve in time, as new traffic and hosts come in.",

keywords = "512 Business and Management",

author = "Aapo Kalliola and Yoan Miche and Ian Oliver and Silke Holtmanns and Buse Atli and Amaury Lendasse and Kaj-Mikael Bj{\"o}rk and Anton Akusok and Tuomas Aura",

year = "2017",

month = may,

day = "26",

doi = "10.1007/978-3-319-57421-9_11",

language = "English",

isbn = "978-3-319-57420-2",

series = " Proceedings in Adaptation, Learning and Optimization (PALO)",

publisher = "Springer",

pages = "129--143 ",

booktitle = "Proceedings of ELM-2016",

address = "International",

note = "2016 the 7th International Conference on Extreme Learning Machines (ELM) ; Conference date: 13-12-2016 Through 15-12-2016",

}

Kalliola, A, Miche, Y, Oliver, I, Holtmanns, S, Atli, B, Lendasse, A, Björk, K-M, Akusok, A & Aura, T 2017, Learning Flow Characteristics Distributions with ELM for Distributed Denial of Service Detection and Mitigation. i Proceedings of ELM-2016. Proceedings in Adaptation, Learning and Optimization (PALO), vol. 9, Springer, Cham, s. 129-143 , 2016 the 7th International Conference on Extreme Learning Machines (ELM) , Marina Bay Sands, Singapore, 13.12.2016. https://doi.org/10.1007/978-3-319-57421-9_11

Learning Flow Characteristics Distributions with ELM for Distributed Denial of Service Detection and Mitigation. / Kalliola, Aapo ; Miche, Yoan; Oliver, Ian; Holtmanns, Silke ; Atli, Buse ; Lendasse, Amaury; Björk, Kaj-Mikael; Akusok, Anton; Aura, Tuomas .

Proceedings of ELM-2016. Cham : Springer, 2017. s. 129-143 ( Proceedings in Adaptation, Learning and Optimization (PALO); Vol. 9).

Forskningsoutput: Kapitel i bok/rapport/konferenshandling › Konferensbidrag › Vetenskaplig › Peer review

TY - GEN

T1 - Learning Flow Characteristics Distributions with ELM for Distributed Denial of Service Detection and Mitigation

AU - Kalliola, Aapo

AU - Miche, Yoan

AU - Oliver, Ian

AU - Holtmanns, Silke

AU - Atli, Buse

AU - Lendasse, Amaury

AU - Björk, Kaj-Mikael

AU - Akusok, Anton

AU - Aura, Tuomas

PY - 2017/5/26

Y1 - 2017/5/26

N2 - We present a methodology for modeling the distributions of network flow statistics for the specific purpose of network anomaly detection, in the form of Distributed Denial of Service attacks. The proposed methodology offers to model (using Extreme Learning Machines, ELM), at the IP subnetwork level (or all the way down to the single IP level, if computations allow), the usual distributions of certain network flow characteristics (or statistics), and then to use a One-Class classifier in the detection of abnormal joint flow statistics. The methodology makes use of the original ELM for its good performance to computational time ratio, but also because of the needs in this methodology to have simple update rules for making the model evolve in time, as new traffic and hosts come in.

AB - We present a methodology for modeling the distributions of network flow statistics for the specific purpose of network anomaly detection, in the form of Distributed Denial of Service attacks. The proposed methodology offers to model (using Extreme Learning Machines, ELM), at the IP subnetwork level (or all the way down to the single IP level, if computations allow), the usual distributions of certain network flow characteristics (or statistics), and then to use a One-Class classifier in the detection of abnormal joint flow statistics. The methodology makes use of the original ELM for its good performance to computational time ratio, but also because of the needs in this methodology to have simple update rules for making the model evolve in time, as new traffic and hosts come in.

KW - 512 Business and Management

U2 - 10.1007/978-3-319-57421-9_11

DO - 10.1007/978-3-319-57421-9_11

M3 - Conference contribution

SN - 978-3-319-57420-2

T3 - Proceedings in Adaptation, Learning and Optimization (PALO)

SP - 129

EP - 143

BT - Proceedings of ELM-2016

PB - Springer

CY - Cham

T2 - 2016 the 7th International Conference on Extreme Learning Machines (ELM)

Y2 - 13 December 2016 through 15 December 2016

ER -