Distributing extreme learning machines with Apache Spark for NetFlow-based malware activity detection

The Netflow protocol is often used for network auditing, analysis, and monitoring. However, it also can be successfully used as a reliable source of information for incidents detection and forensic purposes. In this paper, the method that combines NetFlows with Extreme Learning Machines (ELM) classifier trained in a distributed environment of Apache Spark framework is proposed. The main contribution of this research is an algorithm that leverages Map-Reduce programming model to scale and distribute a training process of an ELM classifier for a NetFlow-based malware activities detection. Results reported on a benchmark dataset show that the proposed ELM-based NetFlow analysis can be considered as a reliable tool for a network incidents detection.