Author
Suvrima Datta
Bio: Suvrima Datta is an academic researcher from University of Calcutta. The author has contributed to research in topics: Computer science & Complete graph. The author has an hindex of 1, co-authored 1 publications receiving 1 citations.
Topics: Computer science, Complete graph, Spanning tree
Papers
More filters
••
01 Jan 2021TL;DR: In this article, the authors proposed an algorithm to generate all possible structures of spanning trees of an undirected complete graph of n vertices, where the process starts with a star-tree (T) of the given complete graph and then replaces the edges of T one by one to generate different possible structures like chain, branch, etc.
Abstract: The objective of this paper is to propose an algorithm to generate all possible structures of spanning trees of an undirected complete graph of n vertices. The process starts with a star-tree (T) of the given complete graph and then replacing the edges of T one by one to generate different possible structures like chain, branch, etc. These spanning tree structures repeat themselves as we move from lower to higher values of n. The authors have attempted to find out some generalized expressions for different structures of spanning trees for a complete graph of order n.
2 citations
••
19 Oct 2022
TL;DR: P4-sKnock as discussed by the authors is a P4-based two-level host authentication and access control mechanism, where the first level introduces encrypted dynamic port knocking to secure the transfer of port knocking sequences over a compromised channel by encrypting them, and a challenge-response host identity verification mechanism is introduced as a second level authentication measure following which a host can be authorized, quarantined or blocked owing to the programmability of the P4 switch providing robust access control.
Abstract: The adoption of Software-Defined Networks (SDN) and the shift towards programmable data planes have led to better network management. However, this has not been accompanied with the implementation of robust host authentication or access control mechanisms to improve network security and prevent unauthorized access to the network. The current literature has explored the implementation of the widely adopted authentication mechanism - port knocking in SDN to address the former. However, they suffer from two major drawbacks making them vulnerable to MITM (Man-In-The-Middle) attacks: unsecured transfer of the port knocking sequences between the SDN controller and hosts, and the lack of host identity verification mechanisms post port knocking authentication. This paper introduces P4-sKnock: a P4 based two level host authentication and access control mechanism. The first level introduces encrypted dynamic port knocking to secure the transfer of port knocking sequences over a compromised channel by encrypting them. Further, a challenge-response host identity verification mechanism is introduced as a second level authentication measure following which a host can be authorized, quarantined or blocked owing to the programmability of the P4 switch providing robust access control. Experimental analysis shows that P4-sKnock can authenticate a new SDN host within 500 ms and mitigate MITM attacks like IP spoofing and replay attacks making it significantly more secure than previous P4 based port knocking authentication systems.
1 citations
••
20 Jul 2022
TL;DR: iDAM monitors and authenticates the behavioral profiles of MUD compliant IoT devices and builds specific-device-type OC-SVM models aggregated using federated learning to detect and mitigate volumetric attacks in IoT networks.
Abstract: The rapid popularity of IoT devices has led to an escalating number of sophisticated cybersecurity attacks. Prior security mechanisms are inaccurate and incur high computational costs for resource-constrained IoT devices, hindering their scalability to large networks. Manufacturer Usage Description (MUD) has been introduced to overcome IoT security challenges. However, it cannot mitigate volumetric attacks in IoT networks. This paper proposes iDAM: a distributed self-learning, autonomous system to detect and mitigate volumetric attacks in IoT networks. iDAM monitors and authenticates the behavioral profiles of MUD compliant IoT devices and builds specific-device-type OC-SVM models aggregated using federated learning. The solution can cope with the occurrence of volumetric attacks at several levels of the IoT infrastructure and the compromise of the internal components of the proposed solution. We have extensively evaluated our solution with the IoT network intrusion dataset, which shows that iDAM can efficiently mitigate several volumetric attacks by detecting anomalous packet flows in the network with an AUC of 0.9597. Testing iDAM against a real-time SYN flood attack in an experimental setup and its ability to quickly mitigate the attack solidifies the conclusion that it can be deployed in a real-time environment to detect and mitigate volumetric attacks effectively.
1 citations
••
TL;DR: In this article , a two-level DNS flooding attack mitigation framework for IoT networks is proposed, which authenticates the behavioral profiles of manufacturer usage description (MUD) compliant IoT devices and monitors traffic to detect and mitigate DNS flooding attacks at the local DNS server.
Abstract: IoT development has increased the likelihood of several security attacks, such as Mirai, VPNFilter, and DNS (Domain Name System) flooding attacks. The DNS is a censorious component of smart home IoT infrastructure, a soft target for adversaries to launch DNS flooding attacks and impact poor QoS. This letter proposes DNSguard, a MUD-enabled two-level DNS flooding attack mitigation framework for IoT networks. DNSguard authenticates the behavioral profiles of Manufacturer Usage Description (MUD) compliant IoT devices and monitors traffic to detect and mitigate DNS flooding attacks at the local DNS server. The solution has been implemented using online DNS traffic in Raspberry Pi, and quantified response time decreased to 67.2%.
1 citations
••
08 May 2023
TL;DR: In this paper , the authors propose a scalable data plane primitive and a system on top of the primitive, which together enforce MUD profiles of thousands of IoT devices in a P4 programmable switch data plane.
Abstract: IoT-based intrusions and network attacks are becoming ever more concerning. As a mitigatory measure, the IETF standardized Manufacturer Usage Description (MUD) which allows IoT device vendors to specify the legitimate communication patterns (as a MUD profile) of an IoT device. A MUD profile allows the validation of the actual communication pattern of an IoT device with the intended behavior at runtime. However, as the number of IoT devices increases, validation at runtime has scalability challenges in terms of the number of switch resources (e.g., TCAM) required to maintain MUD profiles.In this work, we propose a scalable data plane primitive and a system on top of the primitive, which together enforce MUD profiles of thousands of IoT devices in a P4 programmable switch data plane. Our main idea is to avoid inefficiencies because of the repetition of header values while representing MUD profile-based ACL rules. Further, we exploit the characteristics of header values in ACL rules of real IoT devices and carefully partition the rules across multiple hash-based exact match-action tables in the switch data plane. Since hash-based data structures can be implemented using SRAM which is cheap and abundantly available (order of MBs) in commodity programmable switches, our approach scales well for a large IoT network.
Cited by
More filters
••
01 Jan 2022
••
08 May 2023
TL;DR: In this article , a fast and secure authentication protocol is proposed for the authentication of IoT devices for every transaction, which leverages highly secure Physically Unclonable Functions (PUFs) and high speed programmable switch and offloads PUF-based authentication protocol to the switch.
Abstract: Many IoT use cases have ultra-low latency and strong security requirements. But achieving both simultaneously is challenging. In this paper, as a use case, we consider the authentication of IoT devices for every transaction and develop a fast and secure authentication protocol. Our key idea is to leverage highly secure Physically Unclonable Functions (PUFs) and high-speed programmable switch and offload PUF-based authentication protocol to the switch. By doing so, it enables authentication of every transaction at network speed. In this paper, we demonstrate the feasibility of our idea by offloading the authentication protocol to a programmable switch with Tofino chip. Our preliminary experiments show that protocol offloading reduces authentication latency by 2-4 times and scales to a few hundred thousand IoT devices.
••
24 Sep 2021TL;DR: In this article, a topological sorting algorithm for job shop scheduling is proposed, and the steps of algorithm programming are explained in detail, based on the case, the solving performance of the algorithm is analyzed.
Abstract: Job shop Scheduling Problem is an NP-hard combinatorial optimization problem. The research on its solving algorithm has been a hot topic, and many achievements have been made. However, due to the complexity of time and variable space in the solving process of job shop scheduling problems, teaching tools of scheduling algorithms are still lacking. To solve the problem, this paper takes a topological sorting algorithm to illustrate the design principle and solving instances of the scheduling algorithm for job shop scheduling problems. Firstly, the method of using a graph to express the correlation between operations is described. Secondly, the idea of the topological sorting algorithm for job shop scheduling is proposed, and the steps of algorithm programming are explained in detail. Thirdly, based on the case, the solving performance of the algorithm is analyzed, and the solving effect of the algorithm is expounded.
••
••
TL;DR: Zhang et al. as mentioned in this paper presented an application-layer protocol communication model for AL-DDoS attack detection, based on the explicit duration recurrent network (EDRN) for detecting HTTP DDoS attacks on the CICDDoS2019 dataset.
Abstract: Existing application-layer distributed denial of service (AL-DDoS) attack detection methods are mainly targeted at specific attacks and cannot effectively detect other types of AL-DDoS attacks. This study presents an application-layer protocol communication model for AL-DDoS attack detection, based on the explicit duration recurrent network (EDRN). The proposed method includes model training and AL-DDoS attack detection. In the AL-DDoS attack detection phase, the output of each observation sequence is updated in real time. The observation sequences are based on application-layer protocol keywords and time intervals between adjacent protocol keywords. Protocol keywords are extracted based on their identification using regular expressions. Experiments are conducted using datasets collected from a real campus network and the CICDDoS2019 dataset. The results of the experiments show that EDRN is superior to several popular recurrent neural networks in accuracy, F1, recall, and loss values. The proposed model achieves an accuracy of 0.996, F1 of 0.992, recall of 0.993, and loss of 0.041 in detecting HTTP DDoS attacks on the CICDDoS2019 dataset. The results further show that our model can effectively detect multiple types of AL-DDoS attacks. In a comparison test, the proposed method outperforms several state-of-the-art approaches.