Embedded Files
CyberShip: Cyber Resilience for the Shipping Industry
Period: December 2017 - April 2019
Description: The aim of this project is to provide shipping companies and regulators with a reference framework and decision support model to
better cope with disruptions originating from cyber attack in an automated way.
• Developed a framework consisting of cyber physical components of the ship and with their communication process.
• Established metrics to evaluate the performance of the framework and how it affects the shipping companies.
• Designed cyber risk analysis template for the cyber physical system of ship.
SUPERCLOUD: User-Centric Management Of Security And Dependability In Clouds Of Clouds
Period: May 2016 - September 2017
Description: https://supercloud-project.eu/
The aim of this project is to provide:
Self-service security: It allows the users to define their own security requirements and instantiate the security and network policies accordingly.
Self-Managed Security: We developed a framework for automated security management framework that works between service provider and customer. It computes the resources according to the network status for deployment to mitigate the attacks. In this regard, we develop a policy-based management system using SDN technology to provide QoS and mitigation service to the customers of the service providers. A policy language is designed to express the high-level policies in human readable format which are automatically translated for the enforcement into the network and security devices based on the requirements.
Resilience: A resource management framework is implemented in a robust manner considering the primitives from different service providers.
End-to-End Security: It enables the composition of security services across different administrative domains.
Tools used: Mininet, Iperf, RYU SDN Controller, Python
NECOMA: Cybersecurity for improved resilience against cyber threats
Period: Dec 2013- April 2016
Description: http://www.necoma-project.eu/
The aim of the NECOMA project was to collect the data for threat data analysis. The purpose of the threat data analysis was to develop metrics to evaluate the impact of attacks on the network infrastructure. Third aim was to develop a cyberdefense mechanism which leverage these metrics for evaluation. In this regard, we develop an automated collaborative mitigation framework to mitigate the attacks. Currently, when the customers are under attack they perform the mitigation. Even the mitigation action performed by them do not reduce the impact of attack in the ISP network. So, we develop a framework in which when the attack is detected by the customers they share the threat information with the ISP. ISP provides a security API through which customer can share threat information and request for the mitigation service. Depending on the threat information ISP performs the mitigation to reduce the impact of attack in its network, as well as to its multiple customers.
Tools Used: Mininet, BoNeSi, Dell server, IBM Rack switches, RYU SDN controller, Python, TAPAS video streaming tool.
Development of a system to identify,filter and traceback network security attacks using new packet marking techniques.
Development of a system to identify,filter and traceback network security attacks using new packet marking techniques.
Period: October 2011- April 2013
Organization: Indian Institute of Technology Patna
Description: Previously, I was working on the IP traceback scheme to traceback the network security attacks.
This work is done at Indian Institute of Technology Patna under supervision of Dr. Ashok Singh Sairam.
My contribution is:
Extraction of 42 features from tcpdump dataset.
I have developed new star coloring technique "Balanced Star Coloring".
This technique balances the reassignment of colors and thus minimizes the total number of colours required for the Internet graph.
I have worked on the Star coloring of the network topologies and found their Star chromatic number.
I have mathematically shown that attack path colliding in the network graph is minimal.
Topology generation using BRITE with Waxman model containing 50 nodes.
Network graph generation.
Implementation of a system to traceback network security attacks using color balanced star coloring.
Development of new Intrusion Detection System using the power of genetic algorithm and support vector machine.
Performed the video streaming from one PC to another and then performed the cyber attacks TCP Sync, UDP flood, Ping of death etc at the video streaming client in the network scenario and captured the packets using Wireshark.
I have used the captured dataset to train the Intrusion Detection System and use the test dataset to test the accuracy of IDS.
Current Intrusion Detection System with machine learning have error rate at about 40%. I have reduced the error rate to 23%.
Currently, I am working on the signature generation. I have used the packet mark in the IP identification field, and Path ID and to generate the signature for the attacks.
I have used the Snort IDS to detect the attacks at the victim and blocked the attack traffic from the source nearest to the source of attacks to avoid the interruption of the normal traffic from the intermediate routers in the path of the attack traffic.
I have created the Neighbour Table for the network scenario.
Neighbour Table contains the IP address of the node,Color of the node and Next hop IP address of the nodes.
I have developed the hop by hop Packet Dropping algorithm.
After construction of the attack path at the victim my attack path construction algorithm has successfully performed the traceback upto nearest to the attacker.
I have also developed distributed hop-by-hop Packet dropping algorithm it drops the attack traffic hop by hop. When the congestion in the network is very high and number of hops increases it performs significantly better.
I have mathematically shown that hop by hop packet dropping is better than end to end technique.
Title: Topology generation using BRITE with Waxman model for 50 routers and network graph preparation using color balanced star coloring
algorithm.
Fig.1
The topology generated have 50 nodes. Topology have been generated with Waxman model.
Fig.2
Fig.3. Network Scenario
Fig.4 Output Traceback at the Victim
Tools Used: Exata cyber, C, Low Orbit Ion Canon (LOIC), VLC media player
Security in Digital Right Management
Security in Digital Right Management
Period: June 2010- June 2011
Organization: Indian Institute of Technology Kharagpur
Description: We designed multiparty multilevel Digital Rights Management architecture. Multiparty means that there are multiple parties involved in the
architecture. The term multilevel means that there are various level of distributors involved in the architecture. There is still no generic architecture
for the multiparty multilevel Digital Rights Management architecture. I have designed multiparty multilevel Digital Rights Management architecture.
There is issue of privacy and anonymity of consumers in the Digital Rights Management architecture. I have used the Identity based Key
management technique to provide the privacy and anonymity to the consumers. There is also issue of interoperability among the devices that
consumers buy with the same distributors. In my architecture there is provision for the interoperability. In DRM there is issue of rights violation
detection done by the consumers and distributors. I have used the machine learning technique to detect the rights violations done by the
consumers distributors.
Tools Used: Java
In the proposed DRM architecture core component are owner, distributor, license server and customer. This DRM architecture facilitate the multiple levels of distribution system, in other word this system support super distribution. Here sub distributor can download the protected content from super distributor. This Proposed model gives the clear picture of functionality of DRM components. In our DRM architecture owner have content deliverable like server, Packager, Financial clearing house (FCH), Tracking server, and monitoring server (MS). Owner provides the unprotected contents to the packager. Packager after encrypting the content send the key seeds and usages rules to the License distribution authority and encrypted content with their unique content ID to the distributor; Distributor receive this data and keep the encrypted content over his media server and display content catalogue with price structure over his website. A consumer visit the website and select the content of his choice, customer can also download
encrypted content from media server. Some time distributors also provide trail of content to the customer. Since customer can only download the protected content, to usage these contents customer need to have license key that he can get from the license server. To get the license customer contact to the access server, access server first check the authenticity of the costumer and if verification succeeds, it takes the payment and send a request to the license server for issuing the license. Here consumer have the freedom to choose the mode of payment ( such as frequency to access, pay per view, pay per content, advanced payment, etc.).
Despite these core component DRM architecture involve some other important component for proper functioning of DRM system and provide practical secure and efficient way to distribute the content. To keep the data base updated of license distribution and payment, architecture have clearing house, tracking server, usage clearing house, financial clearing house. Tracking server track the license distribution and send statistics to the usage clearing house, usage clearing house update his data base. Financial clearing house received the royalty from the distributor, and make the payment data base, and provide financial transaction related to the details to the usage clearing house. By using information provided by financial clearing house and tracking server, usage clearing house send instruction to the clearing house. On the basis of these instruction clearing house decide which licence request should be forward of not.
Consumer may have multiple devices, and consumer may not want to purchase the same component for each device. Its usually happen that all devices may not support the same component of same player, so there need a mechanism to handle this problem of format Conversion. Distribution server provides the interoperability to the DRM architecture. If the contents are not compatible to device used by Customer, then format converter converts the content according to requirement.
To control and monitoring all the system and detect illegal use of content need some system. Monitoring server, tracking server, registration authority and access control provide the way to achieve some safety, security and authenticity parameters. Registration authority, registrar the costumer by verifying the details provided by customer, and issued an unique ID to further transaction in DRM system. All these registration details provided to access server. When some customer approach to access server, server check his authenticity and then forward his request of license issuing. Monitoring server (MS) at the distributor's site gets the usage details of the content from the client machine and check for rights violation done by the client. Monitoring system (MS) at the distributor site also monitors the lower level distributors. If rights violation is done by the lower level distributors then it reports to the concerned distributor. At regular times, on a monthly basis for example, the content owner gets a compensation for the trading of his content by the distributors.
Machine Learning technique, I have used to detect the rights violation done by consumers. I have used the K-Means clustering algorithm to detect the rights violation detection on consumer's log data. I have implemented this algorithm on the Prima diabetes dataset to classify and cluster the dataset. Algorithm classify the dataset into tested positive and tested negative classes. In this way,we can cluster the consumer log data into normal data and rights violation data. The ROC curve is shown below.
Google Sites
Report abuse