Learning Flow Characteristics Distributions with ELM for Distributed Denial of Service Detection and Mitigation

Research output: Chapter in Book/Report/Conference proceedingChapterScientificpeer-review


  • Aapo Kalliola
  • Yoan Miche
  • Ian Oliver
  • Silke Holtmanns
  • Buse Atli
  • Amaury Lendasse
  • Kaj-Mikael Bjork
  • Anton Akusok
  • Tuomas Aura

Research units

  • Nokia Bell Labs
  • University of Iowa
  • Arcada University of Applied Sciences


We present a methodology for modeling the distributions of network flow statistics for the specific purpose of network anomaly detection, in the form of Distributed Denial of Service attacks. The proposed methodology offers to model (using Extreme Learning Machines, ELM), at the IP subnetwork level (or all the way down to the single IP level, if computations allow), the usual distributions of certain network flow characteristics (or statistics), and then to use a One-Class classifier in the detection of abnormal joint flow statistics. The methodology makes use of the original ELM for its good performance to computational time ratio, but also because of the needs in this methodology to have simple update rules for making the model evolve in time, as new traffic and hosts come in.


Original languageEnglish
Title of host publicationProceedings of ELM-2016
EditorsJiuwen Cao, Erik Cambria, Amaury Lendasse, Yoan Miche, Chi Man Vong
Publication statusPublished - 2018
MoE publication typeA3 Part of a book or another research book
EventInternational Conference on Extreme Learning Machines - Singapore, Singapore
Duration: 13 Dec 201615 Dec 2016

Publication series

NameProceedings in Adaptation, Learning and Optimization


ConferenceInternational Conference on Extreme Learning Machines
Abbreviated titleELM

ID: 16813227