Anomaly detection in traffic using L1-norm minimization extreme learning machine

Machine learning algorithms are widely used for traffic classification and anomaly detection nowadays, however, how to fast and accurately classify the flows remains extremely challengeable. In this paper, we propose an extreme learning machine (ELM) based algorithm called L1-Norm Minimization ELM, which fully inherits the merits of ELM, and meanwhile, exhibits the sparsity-induced characteristics which could reduce the complexity of learning model. At the evaluation stage, we preprocessed the raw data trace from trans-Pacific backbone link between Japan and the United States, and generated 248 features datasets. The empirical study shows that L1-ELM can achieve good generalization performance on the evaluation datasets, while preserving the fast learning and little human intervened advantages that ELM has.

[1]  Maurizio Dusi,et al.  Traffic classification through simple statistical fingerprinting , 2007, CCRV.

[2]  Antonio Pescapè,et al.  K-Dimensional Trees for Continuous Traffic Classification , 2010, TMA.

[3]  Jieping Ye,et al.  Large-scale sparse logistic regression , 2009, KDD.

[4]  Benoît Frénay,et al.  Feature selection for nonlinear models with extreme learning machines , 2013, Neurocomputing.

[5]  Antonio Pescapè,et al.  Issues and future directions in traffic classification , 2012, IEEE Network.

[6]  Jun Liu,et al.  Efficient Euclidean projections in linear time , 2009, ICML '09.

[7]  Guang-Bin Huang,et al.  Convex incremental extreme learning machine , 2007, Neurocomputing.

[8]  Xiaohong Guan,et al.  Accurate Classification of the Internet Traffic Based on the SVM Method , 2007, 2007 IEEE International Conference on Communications.

[9]  Li Dong,et al.  Large Scale Extreme Learning Machine using MapReduce , 2012 .

[10]  Paolo Gastaldo,et al.  Efficient Digital Implementation of Extreme Learning Machines for Classification , 2012, IEEE Transactions on Circuits and Systems II: Express Briefs.

[11]  Sebastian Zander,et al.  A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification , 2006, CCRV.

[12]  Dong Yu,et al.  Efficient and effective algorithms for training single-hidden-layer neural networks , 2012, Pattern Recognit. Lett..

[13]  Hongming Zhou,et al.  Extreme Learning Machine for Regression and Multiclass Classification , 2012, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[14]  Sanjay Ghemawat,et al.  MapReduce: Simplified Data Processing on Large Clusters , 2004, OSDI.

[15]  Carey L. Williamson,et al.  Identifying and discriminating between web and peer-to-peer traffic in the network core , 2007, WWW '07.

[16]  Oliver Spatscheck,et al.  Accurate, scalable in-network identification of p2p traffic using application signatures , 2004, WWW '04.

[17]  Michalis Faloutsos,et al.  Internet traffic classification demystified: myths, caveats, and the best practices , 2008, CoNEXT '08.

[18]  Dario Rossi,et al.  Reviewing Traffic Classification , 2013, Data Traffic Monitoring and Analysis.

[19]  Chee Kheong Siew,et al.  Universal Approximation using Incremental Constructive Feedforward Networks with Random Hidden Nodes , 2006, IEEE Transactions on Neural Networks.

[20]  R. Tibshirani,et al.  Least angle regression , 2004, math/0406456.

[21]  Chih-Jen Lin,et al.  LIBSVM: A library for support vector machines , 2011, TIST.

[22]  Andrew W. Moore,et al.  Bayesian Neural Networks for Internet Traffic Classification , 2007, IEEE Transactions on Neural Networks.

[23]  Konstantina Papagiannaki,et al.  Toward the Accurate Identification of Network Applications , 2005, PAM.

[24]  Akira Kato,et al.  Traffic Data Repository at the WIDE Project , 2000, USENIX Annual Technical Conference, FREENIX Track.

[25]  Michalis Faloutsos,et al.  BLINC: multilevel traffic classification in the dark , 2005, SIGCOMM '05.

[26]  Anirban Mahanti,et al.  Traffic classification using clustering algorithms , 2006, MineNet '06.

[27]  R. Tibshirani Regression Shrinkage and Selection via the Lasso , 1996 .

[28]  Guang-Bin Huang,et al.  Extreme learning machine: a new learning scheme of feedforward neural networks , 2004, 2004 IEEE International Joint Conference on Neural Networks (IEEE Cat. No.04CH37541).

[29]  Antonio Pescapè,et al.  Traffic Classification through Joint Distributions of Packet-Level Statistics , 2011, 2011 IEEE Global Telecommunications Conference - GLOBECOM 2011.

[30]  Anthony McGregor,et al.  Flow Clustering Using Machine Learning Techniques , 2004, PAM.

[31]  George Varghese,et al.  Network monitoring using traffic dispersion graphs (tdgs) , 2007, IMC '07.

[32]  Yoram Singer,et al.  Efficient projections onto the l1-ball for learning in high dimensions , 2008, ICML '08.

[33]  Andrew W. Moore,et al.  Internet traffic classification using bayesian analysis techniques , 2005, SIGMETRICS '05.

[34]  Patrick Haffner,et al.  ACAS: automated construction of application signatures , 2005, MineNet '05.

[35]  Phillipp Kaestner,et al.  Linear And Nonlinear Programming , 2016 .

[36]  A. Ng Feature selection, L1 vs. L2 regularization, and rotational invariance , 2004, Twenty-first international conference on Machine learning - ICML '04.

[37]  Andrew W. Moore,et al.  Discriminators for use in flow-based classification , 2013 .

[38]  Matthew Roughan,et al.  Class-of-service mapping for QoS: a statistical signature-based approach to IP traffic classification , 2004, IMC '04.

[39]  Timo Similä,et al.  Multiresponse Sparse Regression with Application to Multidimensional Scaling , 2005, ICANN.

[40]  Amaury Lendasse,et al.  OP-ELM: Optimally Pruned Extreme Learning Machine , 2010, IEEE Transactions on Neural Networks.