Pratik Satam

Bio: Pratik Satam is an academic researcher from University of Arizona. The author has contributed to research in topics: Intrusion detection system & Wireless network. The author has an hindex of 8, co-authored 27 publications receiving 188 citations.

Wireless Anomaly Detection Based on IEEE 802.11 Behavior Analysis

Abstract: Wireless communication networks are pervading every aspect of our lives due to their fast, easy, and inexpensive deployment. They are becoming ubiquitous and have been widely used to transfer critical information, such as banking accounts, credit cards, e-mails, and social network credentials. The more pervasive the wireless technology is going to be, the more important its security issue will be. Whereas the current security protocols for wireless networks have addressed the privacy and confidentiality issues, there are unaddressed vulnerabilities threatening their availability and integrity (e.g., denial of service, session hijacking, and MAC address spoofing attacks). In this paper, we describe an anomaly based intrusion detection system for the IEEE 802.11 wireless networks based on behavioral analysis to detect deviations from normal behaviors that are triggered by wireless network attacks. Our anomaly behavior analysis of the 802.11 protocols is based on monitoring the n-consecutive transitions of the protocol state machine. We apply sequential machine learning techniques to model the n-transition patterns in the protocol and characterize the probabilities of these transitions being normal. We have implemented several experiments to evaluate our system performance. By cross validating the system over two different wireless channels, we have achieved a low false alarm rate (<0.1%). We have also evaluated our approach against an attack library of known wireless attacks and has achieved more than 99% detection rate.

Artificial Neural Networks Based Intrusion Detection System for Internet of Things Fog Nodes

Abstract: The Internet of Things (IoT) represents a mean to share resources (memory, storage computational power, data, etc.) between computers and mobile devices, as well as buildings, wearable devices, electrical grids, and automobiles, just to name few. The IoT is leading to the development of advanced information services that will require large storage and computational power, as well as real-time processing capabilities. The integration of IoT with emerging technologies such as Fog Computing can complement these requirements with pervasive and cost-effective services capable of processing large-scale geo-distributed information. In any IoT application, communication availability is essential to deliver accurate and useful information, for instance, to take actions during dangerous situations, or to manage critical infrastructures. IoT components like gateways, also called Fog Nodes, face outstanding security challenges as the attack surface grows with the number of connected devices requesting communication services. These Fog nodes can be targeted by an attacker, preventing the nodes from delivering important information to the final users or to perform accurate automated actions. This paper introduces an Anomaly Behavior Analysis Methodology based on Artificial Neural Networks, to implement an adaptive Intrusion Detection System (IDS) capable of detecting when a Fog node has been compromised, and then take the required actions to ensure communication availability. The experimental results reveal that the proposed approach has the capability for characterizing the normal behavior of Fog Nodes despite its complexity due to the adaptive scheme, and also has the capability of detecting anomalies due to any kind of sources such as misuses, cyber-attacks or system glitches, with high detection rate and low false alarms.

WIDS: An Anomaly Based Intrusion Detection System for Wi-Fi (IEEE 802.11) Protocol

Abstract: Over the last few decades, the Internet has seen unprecedented growth, with over 4.57 billion active users as of July 2022, encompassing 59% of the global population. In recent years, we have seen an increase in mobile computing and the Internet of Things (IoT), allowing more users to communicate through the Internet using wireless devices. Modern Internet users use their wireless IoT devices for a wide variety of services that include cloud computing and storage, social networking, content services, online banking, shopping, to name a few. Moreover, with the omnipresence of IoT devices, wireless networks are used for services like device control, user authentication, etc. Wi-Fi is the network of choice for most of these wireless communications. Although Wi-Fi networks have improved over recent years, little has been done to secure Wi-Fi networks against attacks. In this article, we present a Wireless Intrusion Detection System (WIDS); an anomaly behavior analysis approach to detect attacks on Wi-Fi networks with high accuracy and low false alarms. In this approach, we model the normal behavior of the Wi-Fi protocol, using n-grams, and use machine learning models to classify Wi-Fi traffic flows as normal or malicious. We have extensively tested our approach on multiple datasets collected locally at the University of Arizona and AWID family of datasets. Our approach can successfully detect all attacks on Wi-Fi protocols with low false positives (0.0174) and a varying low rate of false negatives for different attacks.

Anomaly Behavior Analysis of DNS Protocol.

Abstract: DNS protocol is critically important for secure network operations. All networked applications request DNS protocol to translate the network domain names to correct IP addresses. The DNS protocol is prone to attacks like cache poisoning attacks and DNS hijacking attacks that can lead to compromising user’s accounts and stored information. In this paper, we present an anomaly based Intrusion Detection System (IDS) for the DNS protocol (DNS-IDS) that models the normal operations of the DNS protocol and accurately detects any abnormal behavior or exploitation of the protocol. The DNS-IDS system operates in two phases, the training phase and the operational phase. In the training phase, the normal behavior of the DNS protocol is modeled as a finite state machine where we derive the temporal statistics of normal DNS traffic. Then we develop an anomaly metric for the DNS protocol that is a function of the temporal statistics for both the normal and abnormal transitions of the DNS protocol. During the operational phase, the anomaly metric is used to detect DNS attacks (both known and novel attacks). We have evaluated our approach against a wide range of DNS attacks (DNS hijacking, Kaminsky attack, amplification attack, Birthday attack, DNS Rebinding attack). Our results show attack detection rate of 97% with very low false positive alarm rate (0.01397%), and round 3% false negatives.

An explainable and efficient deep learning framework for video anomaly detection.

Abstract: Deep learning-based video anomaly detection methods have drawn significant attention in the past few years due to their superior performance. However, almost all the leading methods for video anomaly detection rely on large-scale training datasets with long training times. As a result, many real-world video analysis tasks are still not applicable for fast deployment. On the other hand, the leading methods cannot provide interpretability due to the uninterpretable feature representations hiding the decision-making process when anomaly detection models are considered as a black box. However, the interpretability for anomaly detection is crucial since the corresponding response to the anomalies in the video is determined by their severity and nature. To tackle these problems, this paper proposes an efficient deep learning framework for video anomaly detection and provides explanations. The proposed framework uses pre-trained deep models to extract high-level concept and context features for training denoising autoencoder (DAE), requiring little training time (i.e., within 10 s on UCSD Pedestrian datasets) while achieving comparable detection performance to the leading methods. Furthermore, this framework presents the first video anomaly detection use of combing autoencoder and SHapley Additive exPlanations (SHAP) for model interpretability. The framework can explain each anomaly detection result in surveillance videos. In the experiments, we evaluate the proposed framework's effectiveness and efficiency while also explaining anomalies behind the autoencoder's prediction. On the USCD Pedestrian datasets, the DAE achieved 85.9% AUC with a training time of 5 s on the USCD Ped1 and 92.4% AUC with a training time of 2.9 s on the UCSD Ped2.

Internet of Things for Smart Healthcare: Technologies, Challenges, and Opportunities

Abstract: Internet of Things (IoT) technology has attracted much attention in recent years for its potential to alleviate the strain on healthcare systems caused by an aging population and a rise in chronic illness. Standardization is a key issue limiting progress in this area, and thus this paper proposes a standard model for application in future IoT healthcare systems. This survey paper then presents the state-of-the-art research relating to each area of the model, evaluating their strengths, weaknesses, and overall suitability for a wearable IoT healthcare system. Challenges that healthcare IoT faces including security, privacy, wearability, and low-power operation are presented, and recommendations are made for future research directions.

Shallow and Deep Networks Intrusion Detection System: A Taxonomy and Survey

Abstract: Intrusion detection has attracted a considerable interest from researchers and industries. The community, after many years of research, still faces the problem of building reliable and efficient IDS that are capable of handling large quantities of data, with changing patterns in real time situations. The work presented in this manuscript classifies intrusion detection systems (IDS). Moreover, a taxonomy and survey of shallow and deep networks intrusion detection systems is presented based on previous and current works. This taxonomy and survey reviews machine learning techniques and their performance in detecting anomalies. Feature selection which influences the effectiveness of machine learning (ML) IDS is discussed to explain the role of feature selection in the classification and training phase of ML IDS. Finally, a discussion of the false and true positive alarm rates is presented to help researchers model reliable and efficient machine learning based intrusion detection systems.

Recent advances in connected and automated vehicles

Abstract: Connected and automated vehicle (CAV) is a transformative technology that has great potential to change our daily life. Therefore, CAV related research has been advanced significantly in recent years. This paper does a comprehensive review on five selected subjects that lie in the heart of CAV research: (i) inter-CAV communications; (ii) security of CAVs; (iii) intersection control for CAVs; (iv) collision-free navigation of CAVs; and (v) pedestrian detection and protection. It is believed that these topics are essential to ensure the success of CAVs and need to be better understood. For inter-CAV communications, this paper focuses on both Dedicated Short Range Communications (DSRC) and the future 5G cellular technologies; for security of CAVs, this paper discusses both passive and active attacks and the existing solutions; for intersection control, this paper summarizes the pros and cons of both centralized and decentralized approaches; for collision avoidance, this paper concentrates on four subareas: maneuverability, vehicle networking, control confliction, and motorcycles; for pedestrian detection, this paper covers sensor, radar, and computer vision based approaches. Under each topic, this paper not only shows the state-of-the-art, but also unveils potential future research directions. By establishing connections among these subjects, this paper shows how they interact with each other and how they can be integrated into a seamless user experience. It is believed that the literature covered and conclusions drawn in this paper are very helpful to CAV researchers, application engineers, and policy makers.

PHY-Layer Authentication With Multiple Landmarks With Reduced Overhead

Abstract: Physical (PHY)-layer authentication systems can exploit channel state information of radio transmitters to detect spoofing attacks in wireless networks. The use of multiple landmarks each with multiple antennas enhances the spatial resolution of radio transmitters, and thus improves the spoofing detection accuracy of PHY-layer authentication. Unlike most existing PHY-layer authentication schemes that apply hypothesis tests and rely on the known radio channel model, we propose a logistic regression-based authentication to remove the assumption on the known channel model, and thus be applicable to more generic wireless networks. The Frank–Wolfe algorithm is used to estimate the parameters of the logistic regression model, in which the convex problem under a $\ell _{1}$ -norm constraint is solved for weight sparsity to avoid over-fitting in the learning process. We design a distributed Frank–Wolfe-based PHY-layer authentication to further reduce the communication overhead between the landmarks and the security agent. Then, we construct an incremental aggregated gradient-based scheme to provide online authentication with a higher accuracy and lower computation overhead. Simulation and experimental results validate the accuracy of the proposed authentication schemes, and show the reduced communication and computation overheads.