Bhushan Trivedi

Bio: Bhushan Trivedi is an academic researcher. The author has contributed to research in topics: Intrusion detection system & Traffic congestion. The author has an hindex of 6, co-authored 42 publications receiving 221 citations.

Artificial Neural Network based Intrusion Detection System: A Survey

Abstract: Detecting unknown or modified attacks is one of the recent challenges in the field of IDS. Anomaly based IDS can play a very important role in this case. In the first part of this paper, we will focus on how ANN is recently used to address these issues. Number of the researchers has already shown the importance of the various Artificial Neural Network (ANN) based techniques for anomaly detection. In this paper, we will focus on Simple and Hybrid ANN based approach for anomaly detection. In simple approach we will discuss on how Back Propagation Neural Network (BPNN), Self Organizing Maps (SOM), Support Vector Machine (SVM), and Simulated Annealing Neural Network (SA) are used for anomaly detection? While in hybrid approach, we will focus on how more than one above technique are used? In the second part of the paper, we will try to compare the different ANN based techniques in terms of training time, number of the epochs required, converge rate, detection rate, learning approach, etc. Finally we will provide guidelines for the future work.

Reducing Features of KDD CUP 1999 Dataset for Anomaly Detection Using Back Propagation Neural Network

Abstract: To detect and classify the anomaly in computer network, KDD CUP 1999 dataset is extensively used. This KDD CUP 1999 data set was generated by domain expert at MIT Lincon lab. To reduced number of features of this KDD CUP data set, various feature reduction techniques has been already used. These techniques reduce features from 41 into range of 10 to 22. Usage of such reduced dataset in machine learning algorithm leads to lower complexity, less processing time and high accuracy. Out of the various feature reduction technique available, one of them is Information Gain (IG) which has been already applied for the random forests classifier by Tesfahun et al. Tesfahun's approach reduces time and complexity of model and improves the detection rate for the minority classes in a considerable amount. This work investigates the effectiveness and the feasibility of Tesfahun et al.'s feature reduction technique on Back Propagation Neural Network classifier. We had performed various experiments on KDD CUP 1999 dataset and recorded Accuracy, Precision, Recall and Fscore values. In this work, we had done Basic, N-Fold Validation and Testing comparisons on reduced dataset with full feature dataset. Basic comparison clearly shows that the reduced dataset outer performs on size, time and complexity parameters. Experiments of N-Fold validation show that classifier that uses reduced dataset, have better generalization capacity. During the testing comparison, we found both the datasets are equally compatible. All the three comparisons clearly show that reduced dataset is better or is equally compatible, and does not have any drawback as compared to full dataset. Our experiments shows that usage of such reduced dataset in BPNN can lead to better model in terms of dataset size, complexity, processing time and generalization ability.

Machine Learning Classifiers for Android Malware Detection

Abstract: With the growing popularity of Android devices, it is also more prone to malware attacks. There are many malware scanning tools available for scanning the Android Malware but most of them perform static analysis and also require a lot of resources and manual overhead. By using Machine Learning Classifiers, this study aims to improve detecting Android Malware. In this paper, analysis is done on different Android Malware Detection Techniques with different Machine Learning Classifiers. This paper also discusses its strengths and weaknesses with their future scope. The conclusion of the paper also states that one of the Machine Learning Classifier known as Random Forest has the greatest accuracy compared to SVM and Naive Bayes. Also, Random Forest, SVM, Naive Bayes classifiers are highly used for performance evaluation.

SDN Issues - A Survey

Abstract: SDN separates the control plane and data plane. SDN needs to be equipped with complex and proprietary networking devices as it needs to separate the infrastructure layer (network device) from the control layer (network OS, which provides a central view and control over the network and network services) and the application layer (software/business application)[1][6][8]. When a single controller is given the job of controlling multiple devices (switches/routers) these changes in network structure brought about by SDN will inevitably impact on network security. In this paper we studied issues and security challenges in SDN and current status.

A Survey on Android Malware and their Detection Techniques

Abstract: The usage of Smartphones is increasing very fast. All the private and confidential information is stored in smartphones. The popularity of Android is also increased massively. Android offers a large number of applications free of cost to be downloaded and used. Statistics revealed that Android phones are more vulnerable to malware. This paper analyses different kinds of malware, their detection techniques with pros and cons and their future scope.

Software Defined Networking Architecture, Security and Energy Efficiency: A Survey

Abstract: Software-defined networking (SDN) is an emerging paradigm, which breaks the vertical integration in traditional networks to provide the flexibility to program the network through (logical) centralized network control. SDN has the capability to adapt its network parameters on the fly based on its operating environment. The decoupled structure of SDN serves as a solution for managing the network with more flexibility and ease. In SDN, the centralized cost effective architecture provides network visibility which helps to achieve efficient resource utilization and high performance. Due to the increasingly pervasive existence of smart programmable devices in the network, SDN provides security, energy efficiency, and network virtualization for enhancing the overall network performance. We present various security threats that are resolved by SDN and new threats that arise as a result of SDN implementation. The recent security attacks and countermeasures in SDN are also summarized in the form of tables. We also provide a survey on the different strategies that are implemented to achieve energy efficiency and network security through SDN implementation. In an effort to anticipate the future evolution of this new paradigm, we discuss the main ongoing research efforts, challenges, and research trends in this area. With this paper, readers can have a more thorough understanding of SDN architecture, different security attacks and countermeasures, and energy efficiency.

Survey on Network Virtualization Hypervisors for Software Defined Networking

Abstract: Software defined networking (SDN) has emerged as a promising paradigm for making the control of communication networks flexible. SDN separates the data packet forwarding plane, i.e., the data plane, from the control plane and employs a central controller. Network virtualization allows the flexible sharing of physical networking resources by multiple users (tenants). Each tenant runs its own applications over its virtual network, i.e., its slice of the actual physical network. The virtualization of SDN networks promises to allow networks to leverage the combined benefits of SDN networking and network virtualization and has therefore attracted significant research attention in recent years. A critical component for virtualizing SDN networks is an SDN hypervisor that abstracts the underlying physical SDN network into multiple logically isolated virtual SDN networks (vSDNs), each with its own controller. We comprehensively survey hypervisors for SDN networks in this paper. We categorize the SDN hypervisors according to their architecture into centralized and distributed hypervisors. We furthermore sub-classify the hypervisors according to their execution platform into hypervisors running exclusively on general-purpose compute platforms, or on a combination of general-purpose compute platforms with general- or special-purpose network elements. We exhaustively compare the network attribute abstraction and isolation features of the existing SDN hypervisors. As part of the future research agenda, we outline the development of a performance evaluation framework for SDN hypervisors.

Detecting and Preventing Cyber Insider Threats: A Survey

Abstract: Information communications technology systems are facing an increasing number of cyber security threats, the majority of which are originated by insiders. As insiders reside behind the enterprise-level security defence mechanisms and often have privileged access to the network, detecting and preventing insider threats is a complex and challenging problem. In fact, many schemes and systems have been proposed to address insider threats from different perspectives, such as intent, type of threat, or available audit data source. This survey attempts to line up these works together with only three most common types of insider namely traitor, masquerader, and unintentional perpetrator, while reviewing the countermeasures from a data analytics perspective. Uniquely, this survey takes into account the early stage threats which may lead to a malicious insider rising up. When direct and indirect threats are put on the same page, all the relevant works can be categorised as host, network, or contextual data-based according to audit data source and each work is reviewed for its capability against insider threats, how the information is extracted from the engaged data sources, and what the decision-making algorithm is. The works are also compared and contrasted. Finally, some issues are raised based on the observations from the reviewed works and new research gaps and challenges identified.