Showing papers by "Muttukrishnan Rajarajan published in 2018"

Scale Inside-Out: Rapid Mitigation of Cloud DDoS Attacks

Abstract: The distributed denial of service (DDoS) attacks in cloud computing requires quick absorption of attack data. DDoS attack mitigation is usually achieved by dynamically scaling the cloud resources so as to quickly identify the onslaught features to combat the attack. The resource scaling comes with an additional cost which may prove to be a huge disruptive cost in the cases of longer, sophisticated, and repetitive attacks. In this work, we address an important problem, whether the resource scaling during attack, always result in rapid DDoS mitigation? For this purpose, we conduct real-time DDoS attack experiments to study the attack absorption and attack mitigation for various target services in the presence of dynamic cloud resource scaling. We found that the activities such as attack absorption which provide timely attack data input to attack analytics, are adversely compromised by the heavy resource usage generated by the attack. We show that the operating system level local resource contention, if reduced during attacks, can expedite the overall attack mitigation. The attack mitigation would otherwise not be completed by the dynamic scaling of resources alone. We conceived a novel relation which terms “Resource Utilization Factor” for each incoming request as the major component in forming the resource contention. To overcome these issues, we propose a new “Scale Inside-out” approach which during attacks, reduces the “Resource Utilization Factor” to a minimal value for quick absorption of the attack. The proposed approach sacrifices victim service resources and provides those resources to mitigation service in addition to other co-located services to ensure resource availability during the attack. Experimental evaluation shows up to 95 percent reduction in total attack downtime of the victim service in addition to considerable improvement in attack detection time, service reporting time, and downtime of co-located services.

Privacy-Preserving Searchable Encryption Framework for Permissioned Blockchain Networks

Abstract: Enabling keyword search directly over the data stored on the blockchain is a desirable technique that can help in the effective utilization of the data while preserving the privacy. Searchable Encryption (SE) is a well-known technique that allows search queries over the encrypted Cloud data, however, existing solutions are based on the assumption of the Cloud Server being “trusted-but-curious” or “honest-but-curious”. This leads to a compelling case to use permissioned blockchain technology to ensure greater levels of security when the Cloud Server is malicious. The amalgamation of SE and permissioned blockchain empowers a client to place complete trust on the Cloud Server and the services it has to offer. This paper presents a novel privacy - preserving framework to facilitate keyword search over encrypted data stored on the blockchain network. The framework for the first time studies SE over a permissioned blockchain network i.e., Hyperledger-Fabric. The SE scheme is privacy-preserving as it is based on probabilistic trapdoors. As a result the framework guarantees prominent security and privacy gains.

CARE: Criticality-Aware Data Transmission in CPS-Based Healthcare Systems

Abstract: In this paper, we propose a scheme, criticality-aware data transmission (CARE) in CPS-based healthcare systems, for increasing the processing rate of the sensed physiological parameters' value of any patient. The criticality of a patient may vary at any instant of time, and thus, continuous monitoring and quick processing of the physiological parameter value of a patient is essential. Therefore, in order to reduce the latency of data processing of a critical patient, we consider fog computing in our architecture. Based on the criticality value of physiological parameters, a Local Processing Unit (LPU) transmits the sensor data either to the fog aggregation node or cloud. We use a cooperative game theory-based Nash bargaining approach, where the LPUs bargain among themselves to decide whether the sensor data need to be transmitted to cloud or fog aggregation node. Based on the criticality index and the weight factor assigned to the LPU participating in the bargaining process, the utility of each LPU is computed. Analytical results show that the utility increases with the increase in the criticality index of any patient. Considering the total number of WBANs 5, 10, and 15, the average utility varies 75%-80%. Moreover, the data dissemination delay and power consumption are reduced by 23.39% and 31.089% respectively in the presence of fog node.

Towards automated privacy risk assessments in IoT systems

Abstract: Internet of Things (IoT) systems can often pose risk to users' privacy via disclosure of personal information to third parties. In this paper, we argue that to assess privacy risks associated with IoT systems, an automated solution is required due to the increasing pervasiveness and complexity of deployed IoT systems. We propose requirements for an automated privacy risk assessment service and outline our future plans for realising such a solution.

Detection of Bitcoin-Based Botnets Using a One-Class Classifier

Abstract: Botnets have been part of some of the most aggressive cyberattacks reported in recent years. To make them even harder to be detected and mitigated, attackers have built C&C (Command and Control) infrastructures on top of popular Internet services such as Skype and Bitcoin. In this work, we propose an approach to detect botnets with C&C infrastructures based on the Bitcoin network. First, transactions are grouped according to the users that issued them. Next, features are extracted for each group of transactions, aiming to identify whether they behave systematically, which is a typical bot characteristic. To analyse this data, we employ the OSVM (One-class Support Vector Machine) algorithm, which requires only samples from legitimate behaviour to build a classification model. Tests were performed in a controlled environment using the ZombieCoin botnet and real data from the Bitcoin blockchain. Results showed that the proposed approach can detect most of the bots with a low false positive rate in multiple scenarios.

An attack tree based risk evaluation approach for the internet of things

Abstract: Internet of Things (IoTs) are being widely used for a large number of use case scenarios, where a wide range of devices, with different computational resources, are marshalled for the purpose of a certain mission goal. The unique combination of these devices and the nature of sensitive information that they hold poses a large number of risks where the risks are highly dependant upon the type of devices and the type of attacks that an adversary can launch. In this work, we propose an attack tree model to evaluate the user's privacy risks associated with an IoT eco system. We evaluate the potential risks based on varying attack attributes, the probable considerations/preferences of an adversary and the varying computational resources available on a device. The proposed model identifies the probability of risk associated with each attack scenario and thus benefits an analyst in identifying which attack is more likely of the use case scenario.

Context Awareness for Improved Continuous Face Authentication on Mobile Devices

Abstract: In this paper we produce a transparent continuous facial authentication scheme that is aware of the current activity and illumination context. It has recently been shown that contextual differences in environment and user activity have significant effects on the accuracy of the scheme. Furthermore, cross-comparisons or permutations of facial data captured in different contexts can see detrimental authentication results. Our scheme models both ambient light and activity accelerometer data for contextual awareness. This data is used to train separate facial classifiers for different activity and illumination contexts (e.g.: when a user is walking). When a face is captured for classification, a window of accelerometer and ambient light data is firstly classified to select which classifier has been trained on facial data obtained from the current context. In our experiments we use two state-of-the-art facial datasets. We describe the architecture and performance of our context recognition components. We show that activity and illumination awareness decreases the equal error rate by 4.05% and 4.39%, respectively. We also perform experiments to show the required accuracy needed from contextual components to yield facial recognition improvements.

Measurement of Frequency Occupancy Levels in TV Bands in Urban Environment in Kosovo

Abstract: In this study we conduct an assessment of usage and availability of frequency bands, traditionally assigned to TV broadcasters, in urban environments in Kosovo. The assessment was performed for VHF and UHF bands at 8 different urban locations. Localized measurements indicate that a major part of these frequencies is severely under-utilized even in highly urbanized areas where a higher utilization level would be expected. Preliminary results further show that spectrum utilization level varies significantly with altitude and is much lower in indoor environments. Our initial calculations show that current percentage of availability of TV bands in tested locations varies between 87.5% and 100%. These results indicate that spectrum utilization in these bands could be greatly improved by allowing the opportunistic use of spectrum by cognitive radios and other wireless communication technologies, such as future cellular networks.

Facial Recognition System for Secured Mobile Banking

Abstract: .

Botnet-Based Attacks and Defence Mechanisms

Abstract: This chapter considers the threat posed by botnets and the impact of botnet-based attacks on both private domains and the global digital infrastructure. Botnets are widely employed by cyber-criminals for a variety of malicious activities and are frequently observed as a component within large-scale organised cyber-crime campaigns. In addition to this, botnets are a varied and evolving threat, bound to grow in parallel with our increasing dependence on digital services and the Internet, as well as the adoption of upcoming technologies like the Internet-of-Things. Botnets can be considered as attacks in-and-of themselves, as well as platforms for future attacks. With this as the foundational perspective, this study examines how a botnet is defined and classified, how it is built and used, the characteristics of a botnet attack, and the factors contributing towards its success. We then analyse how a botnet provides other attack capabilities for the cyber-criminal. This is supplemented with a discussion of how the threat is adapting to new technologies, followed by a short survey of some outstanding problems to be considered in future research.

Modelling Botnet Propagation in Networks with Layered Defences

Abstract: Botnets are still a pertinent threat to our digital infrastructure and a central topic for study in the cyber-research community. At the start of a botnet's life, the aim of the botmaster is to achieve enough spread to make their botnet functional and as potent as possible. Therefore, propagation dynamics are a vital area to address in order to effectively defend against this type of malware. Over the years, there have been many propagation models based on the principles of disease spread but these often do not take specific network characteristics into account. In this paper, we propose the novel use of a probabilistic adaptation of the SEIR (Susceptible, Exposed, Infected, Recovered) model applied to defence-in-depth networks with heterogeneous contact rates and node impact. We test this approach through numerical simulation and discuss our findings.

Towards Transparency of IoT Message Brokers

Abstract: In this paper we propose an ontological model for documenting provenance of MQTT message brokers to enhance the transparency of interactions between IoT agents.

Redesign of Gaussian Mixture Model for Efficient and Privacy-preserving Speaker Recognition

Abstract: This paper proposes an algorithm to perform privacy-preserving (PP) speaker recognition using Gaussian mixture models (GMM). We consider a scenario where the users have to enrol their voice biometric with the third-party service providers to access different services (i.e., banking). Once the enrolment is done, the users can authenticate themselves to the system using their voice instead of passwords. Since the voice is unique for individuals, storing the users’ voice features at the third-party server raises privacy concerns. Hence, in this paper we propose a novel technique using randomization to perform voice authentication, which allows users to enrol and authenticate their voice in the encrypted domain, hence privacy is preserved. To achieve this, we redesign the GMM to work on encrypted domain. The proposed algorithm is validated using the widely used TIMIT speech corpus. Experimental results demonstrate that the proposed PP algorithm does not degrade the performance compared to the non-PP method and achieve 96.16% true positive rate and 1.77% false positive rate. Demonstration on Android smartphone shows that the algorithm can be executed within two seconds with only 30% of CPU power.

Privacy-preserving Anonymization with Restricted Search (PARS) on Social Network Data for Criminal Investigations

Abstract: Social network platforms have become the new norm for ensuring swift dissemination of information to a large audience. This has thus made these platforms a preferred choice of communication for many criminal organizations who tend to use them for their own iniquitous gains. These organizations take cover behind the user data/identity privacy policies, such as the General Data Protection Regulation (GDPR) [2] and Safe Harbor [4], which limit the Law Enforcement Agencies (LEAs) from accessing and analysing social media data without the consent of the users. Their veil is complemented by the fact that these malicious organization can operate from any part of the world and LEAs from different countries dither in sharing intelligence information among themselves. To overcome this issue, in this paper we propose a novel Privacy-preserving Anonymization with Restricted Search (PARS) approach which will provide LEAs with the leverage they need to access and analyse social media data without compromising individual privacy. We propose a new privacy concious node grouping approach that antagonizes relational information of a social network platform and we compliment this approach with the Public-key Encryption with Keyword Search (PEKS) mechanism that will enable LEAs to perform a restrictive search among each others' dataset without violating the privacy or leakage of the entire dataset to a third party. The proposed approach is applied on a Twitter dataset comprising of 277359 users that comment, re-tweet and/or like 11528 tweets and encryption and search times are evaluated. Furthermore, the proposed approach is tested for the effect of anonymization on information entropy of the twitter dataset.