I completed my presentation and delivered it to members of the machine learning group on Tuesday.
It was agreed that my investigation involves a number of complex problems, and that a simple approach would be required for the time being to create a training data set of elephant flows.

I was also advised to use the command line version of Weka when using large data sets, as it tends to be more efficient.

With a shift in focus, I will now be investigating simpler methods for identifying hot-spot IP address and port combinations. Essentially each time a packet exceeds an elephant threshold, it's IP address and port number will be logged. If a certain number of elephants are observed from this combination, each flow originating from there will be treated as an elephant.