Total views : 275

Malicious Traffic Detection and Containment based on Connection Attempt Failures using Kernelized ELM with Automated Worm Containment Algorithm

Affiliations

  • Faculty of Computer Science and Multimedia, Lincoln University College, Selangor, Malaysia
  • Department of Computer Science, Avinashilingam Institute for Home Science and Higher Education for Women,University, Coimbatore - 641043, Tamil Nadu, India

Abstract


Objectives: In the world of Internet today, most of the communications are done through Internet applications. Rapidly with the growth of Internet, the security threat on Internet is also increasing. Internet worms are one of the serious dangerous threats heavy financial losses. To overcome these damages, the proposed methodology provide better defense mechanism through Internet worm detection and containment schemes based on connection attempt failures characteristic. Method: The Internet worm detection is done using the Machine Learning Method based on Anomaly detection schemes and containment based on blocking schemes. The proposed kernelized Extreme Learning Machine with Automated Worm Containment Algorithm (kEA) method is used for detection and containment of malicious traffic from non-existing IP addresses based on connection attempt failures. Findings: Second channel based propagation through botnet worms propagates illegal traffic from malicious IP addresses through connection attempt failures. This traffic is transferred through TCP and UDP transmission schemes. The proposed work is used to identify the second channel propagating worms and containment of malicious traffic. Improvement: The proposed kernelized Extreme Learning Machine (kELM) method achieved detection accuracy improved by 23.67%. Then proposed kEA method blocks all the detected malicious IP addresses with 100% containment at the time span of 33 ms.

Keywords

Connection Attempt Failures, Kernelized ELM, Malicious IP.

Full Text:

 |  (PDF views: 214)

References


  • Pratama A, Rafrastara FA. Computer worm classification. International Journal of Computer Science and Information Security. 2012 Apr 1; 10(4):21.
  • Yu W, Wang X, Champion A, Xuan D, Lee D. On detecting active worms with varying scan rate. Computer Communications. 2011 Jul 15; 34(11):1269–82.
  • Choi YH, Li L, Liu P, Kesidis G. Worm virulence estimation for the containment of local worm outbreak. Computers and Security. 2010 Feb 28; 29(1):104–23.
  • Anbar M, Abdullah R, Manasrah A, Munther A, Manickam S. BADUW: Behavioural based approach for detecting UDP worm. Indian Journal of Science and Technology. 2015 Dec 11; 8(35).
  • Zheng X, Li T, Fang Y. Strategy of fast and light-load cloud-based proactive benign worm countermeasure technology to contain worm propagation. The Journal of Supercomputing. 2012 Dec 1; 62(3):1451–79.
  • Khule M, Singh M, Kulhare D. Enhanced worms detection by Netflow. International Journal of Engineering and Computer Science. 2014 Mar; 3(3):5123–7.
  • Yang X, Shi Y, Zhu H. Detection and location algorithm against local-worm. Science in China Series F: Information Sciences. 2008 Dec 1; 51(12):1935–46.
  • Moskovitch R, Elovici Y, Rokach L. Detection of unknown computer worms based on behavioral classification of the host. Computational Statistics and Data Analysis. 2008 May 15; 52(9):4544–66.
  • Rasheed MM, Norwawi NM, Ghazali O, Kadhum MM. Intelligent failure connection algorithm for detecting internet worms. IJCSNS. 2009 May; 9(5):280.
  • Mohammed A, Nor SM, Marsono MN. Analysis of internet malware propagation models and mitigation strategies. Analysis. 2012; 2(1).
  • Khouzani MH, Altman E, Sarkar S. Optimal quarantining of wireless malware through reception gain control. IEEE Transactions on Automatic Control. 2012 Jan; 57(1):49–61.
  • Chen S, Liu L, Wang X, Zhang X, Zhang Z. A host-based approach for unknown fast-spreading worm detection and containment. ACM Transactions on Autonomous and Adaptive Systems (TAAS). 2014 Jan 1; 8(4):21.
  • Yu W, Wang X, Calyam P, Xuan D, Zhao W. Modeling and detection of camouflaging worm. IEEE Transactions on Dependable and Secure Computing. 2011 May; 8(3):377–90.
  • Fan X, Xiang Y. Defending against the propagation of active worms. The Journal of Supercomputing. 2010 Feb 1; 51(2):167–200.
  • M. Zaki, Hamouda AA. Design of a multi agent system for worm spreading reduction. Springer, Journal of Intelligent Information System. 2010; 35:123–55.
  • Shabtai A, Moskovitch R, Elovici Y, Glezer C. Detection of malicious code by applying machine learning classifiers on static features: A state-of-the-art survey. Information Security Technical Report. 2009 Feb 28; 14(1):16–29.
  • Stopel D, Moskovitch R, Boger Z, Shahar Y, Elovici Y. Using artificial neural networks to detect unknown computer worms. Neural Computing and Applications. 2009 Oct 1; 18(7):663–74.
  • Moskovitch R, Elovici Y, Rokach L. Detection of unknown computer worms based on behavioral classification of the host. Computational Statistics and Data Analysis. 2008 May 15; 52(9):4544–66.
  • Shabtai A, Fledel Y, Elovici Y, Shahar Y. Using the KBTA method for inferring computer and network security alerts from time-stamped, raw system metrics. Journal in Computer Virology. 2010 Aug 1; 6(3):239–59.
  • Huang CY. Effective bot host detection based on network failure models. Computer Networks. 2013 Feb 4; 57(2):514–25.
  • Anbar M, Ramadass S, Manickam S, Al-Wardi A. Connection failure message-based approach for detecting sequential and random TCP scanning. Indian Journal of Science and Technology. 2014 May 28; 7(5):628–36.
  • Torkashvan M, Haghighi H. CBC2: A cloud-based botnet command and control. Indian Journal of Science and Technology. 2015 Sep 22; 8(22).
  • Zhang G, Parashar M. Cooperative detection and protection against network attacks using decentralized information sharing. Cluster Computing. 2010 Mar 1; 13(1):67–86.
  • Soldo F, Argyraki K, Markopoulou A. Optimal source-based filtering of malicious traffic. IEEE/ACM Transactions on Networking (TON). 2012 Apr 1; 20(2):381–95.
  • Zheng L, Zou P, Jia Y, Han W. Traffic anomaly detection and containment using filter-ary-sketch. Procedia Engineering. 2012 Dec 31; 29:4297–306.

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.