Malicious Traffic Detection and Containment based on Connection Attempt Failures using Kernelized ELM with Automated Worm Containment Algorithm

Abstract

Objectives: In the world of Internet today, most of the communications are done through Internet applications. Rapidly with the growth of Internet, the security threat on Internet is also increasing. Internet worms are one of the serious dangerous threats heavy financial losses. To overcome these damages, the proposed methodology provide better defense mechanism through Internet worm detection and containment schemes based on connection attempt failures characteristic. Method: The Internet worm detection is done using the Machine Learning Method based on Anomaly detection schemes and containment based on blocking schemes. The proposed kernelized Extreme Learning Machine with Automated Worm Containment Algorithm (kEA) method is used for detection and containment of malicious traffic from non-existing IP addresses based on connection attempt failures. Findings: Second channel based propagation through botnet worms propagates illegal traffic from malicious IP addresses through connection attempt failures. This traffic is transferred through TCP and UDP transmission schemes. The proposed work is used to identify the second channel propagating worms and containment of malicious traffic. Improvement: The proposed kernelized Extreme Learning Machine (kELM) method achieved detection accuracy improved by 23.67%. Then proposed kEA method blocks all the detected malicious IP addresses with 100% containment at the time span of 33 ms.