Padmalochan Bera | IIT Bhubaneswar (original) (raw)
Papers by Padmalochan Bera
Budget-Constrained Controller Placement in Software-Defined Networking
SSRN Electronic Journal
Integration of role based access control with homomorphic cryptosystem for secure and controlled access of data in cloud
Proceedings of the 10th International Conference on Security of Information and Networks, 2017
Recent advances in cloud technology facilitates data owners having limited resources to outsource... more Recent advances in cloud technology facilitates data owners having limited resources to outsource their data and computations to remote servers in Cloud. To protect against unauthorized information access, sensitive data are encrypted before outsourcing. However, traditional cryptosystems need decrypting ciphertext for outsourced computations that may violate data security as well may introduce higher computational complexity. Homomorphic encryption is a solution that allows performing computations directly on ciphertext. On the otherhand, it is evident that the computations on data may vary from users to users depending on the requirements. So, it is not always feasible to allow all computations to different users on the whole ciphertext stored in cloud. In this paper, we proposed a framework for integration of role based access control (RBAC) mechanism with homomorphic cryptosystem for secure and controlled access of data in cloud. Our proposed framework is developed based on trust and role hierarchy with multi-granular operational access rights to heterogeneous stakeholders or users.
Formal Modelling and Verification of Requirements of Adaptive Routing Protocol for Mobile Ad-Hoc Network
2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC), 2017
A group of mobile nodes with limited capabilities sparsed in different clusters forms the backbon... more A group of mobile nodes with limited capabilities sparsed in different clusters forms the backbone of Mobile Ad-Hoc Networks (MANET). In such situations, the requirements (mobility, performance, security, trust and timing constraints) vary with change in context, time, and geographic location of deployment. This leads to various performance and security challenges which necessitates a trade-off between them on the application of routing protocols in a specific context. The focus of our research is towards developing an adaptive and secure routing protocol for Mobile Ad-Hoc Networks, which dynamically configures the routing functions using varying contextual features with secure and real-time processing of traffic. In this paper, we propose a formal framework for modelling and verification of requirement constraints to be used in designing adaptive routing protocols for MANET. We formally represent the network topology, behaviour, and functionalities of the network in SMT-LIB languag...
A Novel Malware Analysis Framework for Malware Detection and Classification using Machine Learning Approach
Proceedings of the 19th International Conference on Distributed Computing and Networking, 2018
Nowadays, the digitization of the world is under a serious threat due to the emergence of various... more Nowadays, the digitization of the world is under a serious threat due to the emergence of various new and complex malware every day. Due to this, the traditional signature-based methods for detection of malware effectively become an obsolete method. The efficiency of the machine learning techniques in context to the detection of malwares has been proved by state-of-the-art research works. In this paper, we have proposed a framework to detect and classify different files (e.g., exe, pdf, php, etc.) as benign and malicious using two level classifier namely, Macro (for detection of malware) and Micro (for classification of malware files as a Trojan, Spyware, Ad-ware, etc.). Our solution uses Cuckoo Sandbox for generating static and dynamic analysis report by executing the sample files in the virtual environment. In addition, a novel feature extraction module has been developed which functions based on static, behavioral and network analysis using the reports generated by the Cuckoo Sandbox. Weka Framework is used to develop machine learning models by using training datasets. The experimental results using the proposed framework shows high detection rate and high classification rate using different machine learning algorithms
An Anomaly Free Distributed Firewall System for SDN
2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), 2021
Firewall is a core element of a network security system which takes care of the availability, pri... more Firewall is a core element of a network security system which takes care of the availability, privacy, and integrity of network resources. However, managing a system with large scale, heterogeneous policies is complex and error prone. In multi-firewall systems, it is very important to configure the policy rules in the relevant firewall to prevent malicious flow into the network. Any modification to a firewall rule or insertion of a new rule needs intra and inter firewall conflict resolution to find correct mapping of rule to firewall. In SDN, the controller generates flow rules for different switches depending on application requirements and network topologies. Firewall can be used as a first line of defense against different attacks to the data plane and the control plane of SDN. The state-of-art work on firewall implementation in SDN shows various anomalies that may introduce functional failures and security violations. In this paper, we have proposed a novel approach for distributed anomaly-free firewall implementation on SDN controller. Here, the controller receives the firewall policies of different domains through north bound API and resolves the intra and inter firewall conflicts and derives a single anomaly-free firewall policy at the controller level. When the controller receives a packet_in message from a switch at run time, it selects a conflict free rule from global policy and sends it to appropriate switches. We have evaluated our proposed distributed firewall system for different network topologies under different attacking scenarios, e.g., DDoS attacks and experimental results are reported. The results show the efficacy of our solution in terms of reduced malicious traffic flows, improvements in CPU utilization of controller, packet loss and response time of legitimate packets.
A novel malware analysis for malware detection and classification using machine learning algorithms
Proceedings of the 10th International Conference on Security of Information and Networks, 2017
Nowadays, Malware has become a serious threat to the digitization of the world due to the emergen... more Nowadays, Malware has become a serious threat to the digitization of the world due to the emergence of various new and complex malware every day. Due to this, the traditional signature-based methods for detection of malware effectively becomes an obsolete method. The efficiency of the machine learning model in context to the detection of malware files has been proved by different researches and studies. In this paper, a framework has been developed to detect and classify different files (e.g exe, pdf, php, etc.) as benign and malicious using two level classifier namely, Macro (for detection of malware) and Micro (for classification of malware files as a Trojan, Spyware, Adware, etc.). Cuckoo Sandbox is used for generating static and dynamic analysis report by executing files in the virtual environment. In addition, a novel model is developed for extracting features based on static, behavioral and network analysis using analysis report generated by the Cuckoo Sandbox. Weka Framework is used to develop machine learning models by using training datasets. The experimental results using proposed framework shows high detection rate with an accuracy of 100% using J48 Decision tree model, 99% using SMO (Sequential Minimal Optimization) and 97% using Random Forest tree. It also shows effective classification rate with accuracy 100% using J48 Decision tree, 91% using SMO and 66% using Random Forest tree. These results are used for detecting and classifying unknown files as benign or malicious.
Wireless Personal Communications, 2020
The rapidly emerging wireless service requirements and deployment demands over last few decades n... more The rapidly emerging wireless service requirements and deployment demands over last few decades necessitates the application of Mobile Ad hoc Networks in many areas. These application areas vary from social networks to safety-critical domains such as environmental monitoring, disaster rescue operations, military communications, etc. The potency of the ad hoc network deployment in a specific context is significantly affected by the underlying routing protocol. Hence, developing an efficient and secure routing protocol for MANETs is an important task in order to achieve the service level requirements and to satisfy the deployment demands effectively. However, development of such routing protocol is a challenging problem due to the inherent characteristics of ad hoc networks: frequent topology changes, open wireless medium, and limited resource constraints, etc. In addition, the stringent requirements: mobility, performance, security, trust and timing constraints, etc. add complexity to this problem. In this paper, we present an adaptive routing protocol for MANETs, which dynamically configures the routing function with respect to the metrics: (1) the varying requirement parameters and (2) the contextual features as per the desired application context. The requirement models include various performance, security, and functional parameters. On the other hand, the contextual features include mobility of nodes/groups of nodes, nodes' trust values, resource constraints of nodes, geographical context, roles of individual nodes etc. Our routing protocol is evaluated with extensive simulation test cases and the efficacy of the protocol is reported.
Computer Networks, 2019
Software-defined networking (SDN) is considered as one of the promising paradigms for the future ... more Software-defined networking (SDN) is considered as one of the promising paradigms for the future Internet. It allows users to configure the network depending on the application-level requirements. One of the major challenges in SDN is the uneven distribution of traffic load in the controllers that degrades system performance. In this paper, we propose a self-adaptive load balancing (SALB) scheme that balances load among multiple controllers dynamically with multiple switch migration from source controllers to target controllers. The key feature of our scheme is an effective distribution of load under high load condition while considering the distance between switches and target controllers simultaneously. The efficacy of our proposed scheme is demonstrated through experimentation, where we compare our scheme with existing approaches. The results show that SALB experiences a small number of packet drops, which is less than 1.23% of the total number of message exchanges among the controllers.
Computers & Security, 2018
Software Defined Network (SDN) paradigm provides intelligent and efficient management of differen... more Software Defined Network (SDN) paradigm provides intelligent and efficient management of different network control functions (NF) depending on changes in traffic behavior, service providers' requirements and application context. However, the logical centralization of controllers' functions opens up challenges towards enforcing security perimeter over the underlying network and the assets involved. In this paper, we propose a risk assessment model for pro-active secure flow control and routing of traffic in SDN. The proposed model determines threat value of different SDN entities by analyzing vulnerability and exposure with respect to Common Vulnerability Scoring System (CVSS). The risk of a given traffic is calculated as cumulative threat values of the SDN entities that guides the flow and routing control functions in generating secure flow rules for the forwarding switches. The efficacy of the proposed model is demonstrated through extensive case studies of an enterprise network.
A Novel Secure and Efficient Policy Management Framework for Software Defined Network
2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC), 2016
Software Defined Network (SDN) paradigm provides a flexible execution platform for running differ... more Software Defined Network (SDN) paradigm provides a flexible execution platform for running different Network Control and Management Functions (NF). This provides scope for efficient management and control of traffic flows in the network. The network functions heavily rely on heterogeneous and complex network policies. These network policies can be defined by different administrators and configured (pushed to the controller) through distributed Network Application and Management Servers. Thus, efficient management and correct enforcement of network policies is an important, but a challenging problem. Our proposed policy management framework ensures, the policies are enforced by certified servers as well as focuses on detecting and resolving the potential conflicts among the heterogeneous policy rules. In addition, it maintains consistency between the flow table rules and the on-demand changes in policy rules in the application layer. Our proposed framework comprises of three novel network control functions namely, Trust_Verify, Policy_Conflict_Resolve and Policy_Consistency_Check. These functions combinedly ensure security, correctness and adaptability with the dynamic on-demand changes in heterogeneous policy rules in an SDN environment. We demonstrate our framework with an extended case study of an SDN-based enterprise network.
Analysis of trust models in Mobile Ad Hoc Networks: A simulation based study
2016 8th International Conference on Communication Systems and Networks (COMSNETS), 2016
The Mobile Ad Hoc Network (MANET) has become a key communication technology in various domains su... more The Mobile Ad Hoc Network (MANET) has become a key communication technology in various domains such as, military defense networks, disastrous and rescue operational command centers, vehicular networks, etc. The dynamic topology and open wireless communication medium may potentially introduce various security threats in MANET. The recent research on MANET focuses on developing security enforcement mechanisms based on various trust models. However, most of the existing trust models are application specific which impose limitations on their applicability with changes in requirements, resource constraints, and behavioural dynamics. In this paper, we present a comparative study of various trust models in MANET with respect to their performance, security enforcing features, and usability. This study experimentally reveals the limitations of existing trust models. It also shows that their is a need for designing adaptive, multi-level trust models for MANET, that supports heterogeneous applications with different requirements and contexts.
Today, cloud computing infrastructure is largely being deployed in healthcare to access various h... more Today, cloud computing infrastructure is largely being deployed in healthcare to access various healthcare services easily over the Internet on an as-needed basis. The main advantage of healthcare cloud is that it can be used as a tool for patients, medical professionals and insurance providers, to query and coordinate among medical departments, organizations and other healthcare related hubs. Although healthcare cloud services can enable better medication process with high responsiveness, but, the privacy and other requirements of the patients need to be ensured in the process. Patients' medical data may be required by the medical professionals, hospitals, diagnostic centers for analysis and diagnosis. However, data privacy and service quality cannot be compromised. In other words, there may exist various service providers corresponding to a specific healthcare service. The main challenge is to find the appropriate providers that comply best with patients' requirement. In this paper, we propose a query based optimal medication framework to support the patients' healthcare service accessibility comprehensively with considerable response time. The framework accepts related healthcare queries in natural language through a comprehensive user-interface and then processes the input query through a first-order logic based evaluation engine and finds all possible services satisfying the requirements. First order logic is used for modeling of user requirements and queries. The query evaluation engine is built using zChaff, a Boolean logic satisfiability solver. The efficacy and usability of the framework is evaluated with initial case studies on synthetic and real life healthcare cloud.
Synthesizing Optimal Security Configurations for Enterprise Networks : A Formal Approach
9th IET International Conference on System Safety and Cyber Security (2014), 2014
In this paper, we present NetSecSlider, an automated framework for synthesizing network configura... more In this paper, we present NetSecSlider, an automated framework for synthesizing network configurations exploring various security and safety design alternatives. The design alternatives include distribution of different level of isolations (firewall, IPSec, etc.) and safety enforcement process (e.g. tampering of network flow) in the network. NetSecSlider takes the network topology, organizational security and safety requirements and business constraints as input, and synthesizes a correct and optimal security configuration. Finally, it determines the optimal placement of enabling devices in the network. The framework uses (i) a SMT solver for finding the correct and optimal security configuration and (ii) a method for determining the optimal placement of devices. The framework is evaluated on different networks with varying security and safety requirements.
VM migration auction: Business oriented federation of cloud providers for scaling of application services
2014 International Conference on Parallel, Distributed and Grid Computing, 2014
One of the key indicators of leveraging Cloud Computing is the penetration of e-business among Cl... more One of the key indicators of leveraging Cloud Computing is the penetration of e-business among Cloud Service Providers(CSP). The cloud computing applications are being developed across various domains to enable easy and efficient access to the data and services remotely. There is a potential for CSPs in applying e-business technologies, especially in the migration process between virtual machines (VM) running in different hosts. It is to enable efficient computing, resource sharing and to provide a real time response. There is a need to integrate an auction (bidding) in the VM migration process by applying new business models in the cloud computing marketplace to ensure competitiveness among CSPs. This paper describes an effort to establish a novel bidding process for the VM migration process in Cloud environment for e-business. The Internet-based auction process has been developed by considering English and Dutch auction. Various components for VM auction (actors, relations, VM, and business model) are presented. The suitable architecture in the VM auction service and the required tools are described. The IDEF0 model has been used for the central functionality of the broker service. In this proposed approach, the objective is to make independent CSPs function in a co-operative manner to provide uninterrupted service to the users on their interest and preference.
Designing an adaptive firewall for enterprise cloud
2014 International Conference on Parallel, Distributed and Grid Computing, 2014
Cloud technology is becoming more and more popular in recent time. With the popularity of the Clo... more Cloud technology is becoming more and more popular in recent time. With the popularity of the Cloud Computing, Cloud security becomes a vital issue in the Cloud computing domain. Particularly, the new evolving threat to the enterprise cloud makes the firewall systems of enterprise cloud to slow down the operation. On the other hand, one of the central challenges to deploy, Cloud applications into the existing environment is to configure the Cloud firewalls. The state of art technology is to open the ports as many as required. Such firewall policy is so hazardous, and a more dynamic means of checking the firewall is called for. In this report, we offer a dynamic and dependable mechanism to adaptively control the firewall for enterprise cloud computing. Likewise, a conceptual design and its execution have been talked about.
Security and Communication Networks, 2010
In today's organizations, the large scale deployment of wireless networks has opened up new d... more In today's organizations, the large scale deployment of wireless networks has opened up new directions in network security management. The organizational security policies aim at protecting the network resources from unauthorized accesses in the wireless local area networks (WLAN). In WLAN security policy management, the standard IP‐based access control mechanisms are not sufficient due to dynamic changes in network topology and access control states. The role‐based access control (RBAC) models may be appropriate to strengthen the security perimeter over the network resources. However, formalizing the dynamic binding of the access policies to the roles, depending on various control states, is a major challenge. In this paper, we propose a WLAN security policy management framework based on a formal spatio‐temporal RBAC (STRBAC) model. The present work primarily focuses on dynamic computation of security policies based on various control states, its formal representation using STR...
A Security Enforcement Framework for Virtual Machine Migration Auction
Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense - SafeConfig '15, 2015
Virtual machine migration auction (VMMA) is a bidding process to select potential target cloud se... more Virtual machine migration auction (VMMA) is a bidding process to select potential target cloud service providers (CSPs) for migration. It is realized as a single application running on top of the hypervisor, where the overall communication between the CSPs is done through the Internet, an insecure channel. Therefore, ensuring security along with performance satisfaction of the VMMA system is an important but challenging problem. This requires identification of various threats and development of security and systematic protection mechanism. In this paper, we present a security enforcement framework for VMMA system. The core element of our proposed framework identifies various potential threats and security constraints by investigating different interactions between participants in VMMA system. Then our framework extracts a set of formal security requirements based on the identified threats which enforces the security by using elliptic curve cryptography and bilinear pairing. Our approach will facilitate in designing and implementing strong security defense-in-depth against various threats to VMMA system in cloud computing platform.
SmartAnalyzer: A noninvasive security threat analyzer for AMI smart grid
The Advanced Metering Infrastructure (AMI) is the core component in smart grid that exhibits high... more The Advanced Metering Infrastructure (AMI) is the core component in smart grid that exhibits highly complex network configurations comprising of heterogeneous cyber-physical components. These components are interconnected through different communication media, protocols, and secure tunnels, and they are operated using different data delivery modes and security policies. The inherent complexity and heterogeneity in AMI significantly increase the potential of security threats due to misconfiguration or absence of defense, which may cause devastating damage to AMI. Therefore, there is a need of creating a formal model that can represent the global behavior of AMI configuration in order to verify the potential threats. In this paper, we present SmartAnalyzer, a formal security analysis tool, which offers manifold contributions: (i) formal modeling of AMI configuration including device configurations, topology, communication properties, interactions between the devices, data flows, and security properties; (ii) formal modeling of AMI invariant and user-driven constraints based on the interdependencies between AMI device configurations, security properties, and security control guidelines; (iii) verifying the AMI configuration's compliances with security constraints using Satisfiability Modulo Theory (SMT) solver; (iv) generating a comprehensive security threat report with possible remediation plan based on the verification results. The accuracy, scalability, and usability of the tool are evaluated on real smart grid environment and synthetic test networks.
Security and Communication Networks, 2010
In today's organizations, the large scale deployment of wireless networks has opened up new direc... more In today's organizations, the large scale deployment of wireless networks has opened up new directions in network security management. The organizational security policies aim at protecting the network resources from unauthorized accesses in the wireless local area networks (WLAN). In WLAN security policy management, the standard IP-based access control mechanisms are not sufficient due to dynamic changes in network topology and access control states. The role-based access control (RBAC) models may be appropriate to strengthen the security perimeter over the network resources. However, formalizing the dynamic binding of the access policies to the roles, depending on various control states, is a major challenge. In this paper, we propose a WLAN security policy management framework based on a formal spatio-temporal RBAC (STRBAC) model. The present work primarily focuses on dynamic computation of security policies based on various control states, its formal representation using STRBAC model, and security property verification of the proposed STRBAC model. The proposed policy management framework logically partitions the WLAN topology into various security policy zones. The framework includes a Central Authentication & Role Server (CARS) which authenticates the users (nodes) and access points (AP) and also assigns appropriate roles to the users; a Global Policy Server (GPS) that dynamically computes the global security policy and policy configurations for different policy zones based on local user-role and control state information; a distributed policy zone control architecture. Each policy zone consists of a Policy Zone Controller (WPZCon) which dynamically computes the low-level access configurations. Finally, a SAT based verification procedure has been presented for verifying the security properties of the proposed STRBAC model. Copyright © 2010 John Wiley & Sons, Ltd.
Generating policy based security implementation in enterprise network: a formal framework
Page 1. Generating Policy based Security Implementations in Enterprise Networks-A formal framewor... more Page 1. Generating Policy based Security Implementations in Enterprise Networks-A formal framework Padmalochan Bera School of Information Technology Indian Institute of Technology, Kharagpur 721302, India bera.padmalochan@gmail.com ...
Budget-Constrained Controller Placement in Software-Defined Networking
SSRN Electronic Journal
Integration of role based access control with homomorphic cryptosystem for secure and controlled access of data in cloud
Proceedings of the 10th International Conference on Security of Information and Networks, 2017
Recent advances in cloud technology facilitates data owners having limited resources to outsource... more Recent advances in cloud technology facilitates data owners having limited resources to outsource their data and computations to remote servers in Cloud. To protect against unauthorized information access, sensitive data are encrypted before outsourcing. However, traditional cryptosystems need decrypting ciphertext for outsourced computations that may violate data security as well may introduce higher computational complexity. Homomorphic encryption is a solution that allows performing computations directly on ciphertext. On the otherhand, it is evident that the computations on data may vary from users to users depending on the requirements. So, it is not always feasible to allow all computations to different users on the whole ciphertext stored in cloud. In this paper, we proposed a framework for integration of role based access control (RBAC) mechanism with homomorphic cryptosystem for secure and controlled access of data in cloud. Our proposed framework is developed based on trust and role hierarchy with multi-granular operational access rights to heterogeneous stakeholders or users.
Formal Modelling and Verification of Requirements of Adaptive Routing Protocol for Mobile Ad-Hoc Network
2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC), 2017
A group of mobile nodes with limited capabilities sparsed in different clusters forms the backbon... more A group of mobile nodes with limited capabilities sparsed in different clusters forms the backbone of Mobile Ad-Hoc Networks (MANET). In such situations, the requirements (mobility, performance, security, trust and timing constraints) vary with change in context, time, and geographic location of deployment. This leads to various performance and security challenges which necessitates a trade-off between them on the application of routing protocols in a specific context. The focus of our research is towards developing an adaptive and secure routing protocol for Mobile Ad-Hoc Networks, which dynamically configures the routing functions using varying contextual features with secure and real-time processing of traffic. In this paper, we propose a formal framework for modelling and verification of requirement constraints to be used in designing adaptive routing protocols for MANET. We formally represent the network topology, behaviour, and functionalities of the network in SMT-LIB languag...
A Novel Malware Analysis Framework for Malware Detection and Classification using Machine Learning Approach
Proceedings of the 19th International Conference on Distributed Computing and Networking, 2018
Nowadays, the digitization of the world is under a serious threat due to the emergence of various... more Nowadays, the digitization of the world is under a serious threat due to the emergence of various new and complex malware every day. Due to this, the traditional signature-based methods for detection of malware effectively become an obsolete method. The efficiency of the machine learning techniques in context to the detection of malwares has been proved by state-of-the-art research works. In this paper, we have proposed a framework to detect and classify different files (e.g., exe, pdf, php, etc.) as benign and malicious using two level classifier namely, Macro (for detection of malware) and Micro (for classification of malware files as a Trojan, Spyware, Ad-ware, etc.). Our solution uses Cuckoo Sandbox for generating static and dynamic analysis report by executing the sample files in the virtual environment. In addition, a novel feature extraction module has been developed which functions based on static, behavioral and network analysis using the reports generated by the Cuckoo Sandbox. Weka Framework is used to develop machine learning models by using training datasets. The experimental results using the proposed framework shows high detection rate and high classification rate using different machine learning algorithms
An Anomaly Free Distributed Firewall System for SDN
2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), 2021
Firewall is a core element of a network security system which takes care of the availability, pri... more Firewall is a core element of a network security system which takes care of the availability, privacy, and integrity of network resources. However, managing a system with large scale, heterogeneous policies is complex and error prone. In multi-firewall systems, it is very important to configure the policy rules in the relevant firewall to prevent malicious flow into the network. Any modification to a firewall rule or insertion of a new rule needs intra and inter firewall conflict resolution to find correct mapping of rule to firewall. In SDN, the controller generates flow rules for different switches depending on application requirements and network topologies. Firewall can be used as a first line of defense against different attacks to the data plane and the control plane of SDN. The state-of-art work on firewall implementation in SDN shows various anomalies that may introduce functional failures and security violations. In this paper, we have proposed a novel approach for distributed anomaly-free firewall implementation on SDN controller. Here, the controller receives the firewall policies of different domains through north bound API and resolves the intra and inter firewall conflicts and derives a single anomaly-free firewall policy at the controller level. When the controller receives a packet_in message from a switch at run time, it selects a conflict free rule from global policy and sends it to appropriate switches. We have evaluated our proposed distributed firewall system for different network topologies under different attacking scenarios, e.g., DDoS attacks and experimental results are reported. The results show the efficacy of our solution in terms of reduced malicious traffic flows, improvements in CPU utilization of controller, packet loss and response time of legitimate packets.
A novel malware analysis for malware detection and classification using machine learning algorithms
Proceedings of the 10th International Conference on Security of Information and Networks, 2017
Nowadays, Malware has become a serious threat to the digitization of the world due to the emergen... more Nowadays, Malware has become a serious threat to the digitization of the world due to the emergence of various new and complex malware every day. Due to this, the traditional signature-based methods for detection of malware effectively becomes an obsolete method. The efficiency of the machine learning model in context to the detection of malware files has been proved by different researches and studies. In this paper, a framework has been developed to detect and classify different files (e.g exe, pdf, php, etc.) as benign and malicious using two level classifier namely, Macro (for detection of malware) and Micro (for classification of malware files as a Trojan, Spyware, Adware, etc.). Cuckoo Sandbox is used for generating static and dynamic analysis report by executing files in the virtual environment. In addition, a novel model is developed for extracting features based on static, behavioral and network analysis using analysis report generated by the Cuckoo Sandbox. Weka Framework is used to develop machine learning models by using training datasets. The experimental results using proposed framework shows high detection rate with an accuracy of 100% using J48 Decision tree model, 99% using SMO (Sequential Minimal Optimization) and 97% using Random Forest tree. It also shows effective classification rate with accuracy 100% using J48 Decision tree, 91% using SMO and 66% using Random Forest tree. These results are used for detecting and classifying unknown files as benign or malicious.
Wireless Personal Communications, 2020
The rapidly emerging wireless service requirements and deployment demands over last few decades n... more The rapidly emerging wireless service requirements and deployment demands over last few decades necessitates the application of Mobile Ad hoc Networks in many areas. These application areas vary from social networks to safety-critical domains such as environmental monitoring, disaster rescue operations, military communications, etc. The potency of the ad hoc network deployment in a specific context is significantly affected by the underlying routing protocol. Hence, developing an efficient and secure routing protocol for MANETs is an important task in order to achieve the service level requirements and to satisfy the deployment demands effectively. However, development of such routing protocol is a challenging problem due to the inherent characteristics of ad hoc networks: frequent topology changes, open wireless medium, and limited resource constraints, etc. In addition, the stringent requirements: mobility, performance, security, trust and timing constraints, etc. add complexity to this problem. In this paper, we present an adaptive routing protocol for MANETs, which dynamically configures the routing function with respect to the metrics: (1) the varying requirement parameters and (2) the contextual features as per the desired application context. The requirement models include various performance, security, and functional parameters. On the other hand, the contextual features include mobility of nodes/groups of nodes, nodes' trust values, resource constraints of nodes, geographical context, roles of individual nodes etc. Our routing protocol is evaluated with extensive simulation test cases and the efficacy of the protocol is reported.
Computer Networks, 2019
Software-defined networking (SDN) is considered as one of the promising paradigms for the future ... more Software-defined networking (SDN) is considered as one of the promising paradigms for the future Internet. It allows users to configure the network depending on the application-level requirements. One of the major challenges in SDN is the uneven distribution of traffic load in the controllers that degrades system performance. In this paper, we propose a self-adaptive load balancing (SALB) scheme that balances load among multiple controllers dynamically with multiple switch migration from source controllers to target controllers. The key feature of our scheme is an effective distribution of load under high load condition while considering the distance between switches and target controllers simultaneously. The efficacy of our proposed scheme is demonstrated through experimentation, where we compare our scheme with existing approaches. The results show that SALB experiences a small number of packet drops, which is less than 1.23% of the total number of message exchanges among the controllers.
Computers & Security, 2018
Software Defined Network (SDN) paradigm provides intelligent and efficient management of differen... more Software Defined Network (SDN) paradigm provides intelligent and efficient management of different network control functions (NF) depending on changes in traffic behavior, service providers' requirements and application context. However, the logical centralization of controllers' functions opens up challenges towards enforcing security perimeter over the underlying network and the assets involved. In this paper, we propose a risk assessment model for pro-active secure flow control and routing of traffic in SDN. The proposed model determines threat value of different SDN entities by analyzing vulnerability and exposure with respect to Common Vulnerability Scoring System (CVSS). The risk of a given traffic is calculated as cumulative threat values of the SDN entities that guides the flow and routing control functions in generating secure flow rules for the forwarding switches. The efficacy of the proposed model is demonstrated through extensive case studies of an enterprise network.
A Novel Secure and Efficient Policy Management Framework for Software Defined Network
2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC), 2016
Software Defined Network (SDN) paradigm provides a flexible execution platform for running differ... more Software Defined Network (SDN) paradigm provides a flexible execution platform for running different Network Control and Management Functions (NF). This provides scope for efficient management and control of traffic flows in the network. The network functions heavily rely on heterogeneous and complex network policies. These network policies can be defined by different administrators and configured (pushed to the controller) through distributed Network Application and Management Servers. Thus, efficient management and correct enforcement of network policies is an important, but a challenging problem. Our proposed policy management framework ensures, the policies are enforced by certified servers as well as focuses on detecting and resolving the potential conflicts among the heterogeneous policy rules. In addition, it maintains consistency between the flow table rules and the on-demand changes in policy rules in the application layer. Our proposed framework comprises of three novel network control functions namely, Trust_Verify, Policy_Conflict_Resolve and Policy_Consistency_Check. These functions combinedly ensure security, correctness and adaptability with the dynamic on-demand changes in heterogeneous policy rules in an SDN environment. We demonstrate our framework with an extended case study of an SDN-based enterprise network.
Analysis of trust models in Mobile Ad Hoc Networks: A simulation based study
2016 8th International Conference on Communication Systems and Networks (COMSNETS), 2016
The Mobile Ad Hoc Network (MANET) has become a key communication technology in various domains su... more The Mobile Ad Hoc Network (MANET) has become a key communication technology in various domains such as, military defense networks, disastrous and rescue operational command centers, vehicular networks, etc. The dynamic topology and open wireless communication medium may potentially introduce various security threats in MANET. The recent research on MANET focuses on developing security enforcement mechanisms based on various trust models. However, most of the existing trust models are application specific which impose limitations on their applicability with changes in requirements, resource constraints, and behavioural dynamics. In this paper, we present a comparative study of various trust models in MANET with respect to their performance, security enforcing features, and usability. This study experimentally reveals the limitations of existing trust models. It also shows that their is a need for designing adaptive, multi-level trust models for MANET, that supports heterogeneous applications with different requirements and contexts.
Today, cloud computing infrastructure is largely being deployed in healthcare to access various h... more Today, cloud computing infrastructure is largely being deployed in healthcare to access various healthcare services easily over the Internet on an as-needed basis. The main advantage of healthcare cloud is that it can be used as a tool for patients, medical professionals and insurance providers, to query and coordinate among medical departments, organizations and other healthcare related hubs. Although healthcare cloud services can enable better medication process with high responsiveness, but, the privacy and other requirements of the patients need to be ensured in the process. Patients' medical data may be required by the medical professionals, hospitals, diagnostic centers for analysis and diagnosis. However, data privacy and service quality cannot be compromised. In other words, there may exist various service providers corresponding to a specific healthcare service. The main challenge is to find the appropriate providers that comply best with patients' requirement. In this paper, we propose a query based optimal medication framework to support the patients' healthcare service accessibility comprehensively with considerable response time. The framework accepts related healthcare queries in natural language through a comprehensive user-interface and then processes the input query through a first-order logic based evaluation engine and finds all possible services satisfying the requirements. First order logic is used for modeling of user requirements and queries. The query evaluation engine is built using zChaff, a Boolean logic satisfiability solver. The efficacy and usability of the framework is evaluated with initial case studies on synthetic and real life healthcare cloud.
Synthesizing Optimal Security Configurations for Enterprise Networks : A Formal Approach
9th IET International Conference on System Safety and Cyber Security (2014), 2014
In this paper, we present NetSecSlider, an automated framework for synthesizing network configura... more In this paper, we present NetSecSlider, an automated framework for synthesizing network configurations exploring various security and safety design alternatives. The design alternatives include distribution of different level of isolations (firewall, IPSec, etc.) and safety enforcement process (e.g. tampering of network flow) in the network. NetSecSlider takes the network topology, organizational security and safety requirements and business constraints as input, and synthesizes a correct and optimal security configuration. Finally, it determines the optimal placement of enabling devices in the network. The framework uses (i) a SMT solver for finding the correct and optimal security configuration and (ii) a method for determining the optimal placement of devices. The framework is evaluated on different networks with varying security and safety requirements.
VM migration auction: Business oriented federation of cloud providers for scaling of application services
2014 International Conference on Parallel, Distributed and Grid Computing, 2014
One of the key indicators of leveraging Cloud Computing is the penetration of e-business among Cl... more One of the key indicators of leveraging Cloud Computing is the penetration of e-business among Cloud Service Providers(CSP). The cloud computing applications are being developed across various domains to enable easy and efficient access to the data and services remotely. There is a potential for CSPs in applying e-business technologies, especially in the migration process between virtual machines (VM) running in different hosts. It is to enable efficient computing, resource sharing and to provide a real time response. There is a need to integrate an auction (bidding) in the VM migration process by applying new business models in the cloud computing marketplace to ensure competitiveness among CSPs. This paper describes an effort to establish a novel bidding process for the VM migration process in Cloud environment for e-business. The Internet-based auction process has been developed by considering English and Dutch auction. Various components for VM auction (actors, relations, VM, and business model) are presented. The suitable architecture in the VM auction service and the required tools are described. The IDEF0 model has been used for the central functionality of the broker service. In this proposed approach, the objective is to make independent CSPs function in a co-operative manner to provide uninterrupted service to the users on their interest and preference.
Designing an adaptive firewall for enterprise cloud
2014 International Conference on Parallel, Distributed and Grid Computing, 2014
Cloud technology is becoming more and more popular in recent time. With the popularity of the Clo... more Cloud technology is becoming more and more popular in recent time. With the popularity of the Cloud Computing, Cloud security becomes a vital issue in the Cloud computing domain. Particularly, the new evolving threat to the enterprise cloud makes the firewall systems of enterprise cloud to slow down the operation. On the other hand, one of the central challenges to deploy, Cloud applications into the existing environment is to configure the Cloud firewalls. The state of art technology is to open the ports as many as required. Such firewall policy is so hazardous, and a more dynamic means of checking the firewall is called for. In this report, we offer a dynamic and dependable mechanism to adaptively control the firewall for enterprise cloud computing. Likewise, a conceptual design and its execution have been talked about.
Security and Communication Networks, 2010
In today's organizations, the large scale deployment of wireless networks has opened up new d... more In today's organizations, the large scale deployment of wireless networks has opened up new directions in network security management. The organizational security policies aim at protecting the network resources from unauthorized accesses in the wireless local area networks (WLAN). In WLAN security policy management, the standard IP‐based access control mechanisms are not sufficient due to dynamic changes in network topology and access control states. The role‐based access control (RBAC) models may be appropriate to strengthen the security perimeter over the network resources. However, formalizing the dynamic binding of the access policies to the roles, depending on various control states, is a major challenge. In this paper, we propose a WLAN security policy management framework based on a formal spatio‐temporal RBAC (STRBAC) model. The present work primarily focuses on dynamic computation of security policies based on various control states, its formal representation using STR...
A Security Enforcement Framework for Virtual Machine Migration Auction
Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense - SafeConfig '15, 2015
Virtual machine migration auction (VMMA) is a bidding process to select potential target cloud se... more Virtual machine migration auction (VMMA) is a bidding process to select potential target cloud service providers (CSPs) for migration. It is realized as a single application running on top of the hypervisor, where the overall communication between the CSPs is done through the Internet, an insecure channel. Therefore, ensuring security along with performance satisfaction of the VMMA system is an important but challenging problem. This requires identification of various threats and development of security and systematic protection mechanism. In this paper, we present a security enforcement framework for VMMA system. The core element of our proposed framework identifies various potential threats and security constraints by investigating different interactions between participants in VMMA system. Then our framework extracts a set of formal security requirements based on the identified threats which enforces the security by using elliptic curve cryptography and bilinear pairing. Our approach will facilitate in designing and implementing strong security defense-in-depth against various threats to VMMA system in cloud computing platform.
SmartAnalyzer: A noninvasive security threat analyzer for AMI smart grid
The Advanced Metering Infrastructure (AMI) is the core component in smart grid that exhibits high... more The Advanced Metering Infrastructure (AMI) is the core component in smart grid that exhibits highly complex network configurations comprising of heterogeneous cyber-physical components. These components are interconnected through different communication media, protocols, and secure tunnels, and they are operated using different data delivery modes and security policies. The inherent complexity and heterogeneity in AMI significantly increase the potential of security threats due to misconfiguration or absence of defense, which may cause devastating damage to AMI. Therefore, there is a need of creating a formal model that can represent the global behavior of AMI configuration in order to verify the potential threats. In this paper, we present SmartAnalyzer, a formal security analysis tool, which offers manifold contributions: (i) formal modeling of AMI configuration including device configurations, topology, communication properties, interactions between the devices, data flows, and security properties; (ii) formal modeling of AMI invariant and user-driven constraints based on the interdependencies between AMI device configurations, security properties, and security control guidelines; (iii) verifying the AMI configuration's compliances with security constraints using Satisfiability Modulo Theory (SMT) solver; (iv) generating a comprehensive security threat report with possible remediation plan based on the verification results. The accuracy, scalability, and usability of the tool are evaluated on real smart grid environment and synthetic test networks.
Security and Communication Networks, 2010
In today's organizations, the large scale deployment of wireless networks has opened up new direc... more In today's organizations, the large scale deployment of wireless networks has opened up new directions in network security management. The organizational security policies aim at protecting the network resources from unauthorized accesses in the wireless local area networks (WLAN). In WLAN security policy management, the standard IP-based access control mechanisms are not sufficient due to dynamic changes in network topology and access control states. The role-based access control (RBAC) models may be appropriate to strengthen the security perimeter over the network resources. However, formalizing the dynamic binding of the access policies to the roles, depending on various control states, is a major challenge. In this paper, we propose a WLAN security policy management framework based on a formal spatio-temporal RBAC (STRBAC) model. The present work primarily focuses on dynamic computation of security policies based on various control states, its formal representation using STRBAC model, and security property verification of the proposed STRBAC model. The proposed policy management framework logically partitions the WLAN topology into various security policy zones. The framework includes a Central Authentication & Role Server (CARS) which authenticates the users (nodes) and access points (AP) and also assigns appropriate roles to the users; a Global Policy Server (GPS) that dynamically computes the global security policy and policy configurations for different policy zones based on local user-role and control state information; a distributed policy zone control architecture. Each policy zone consists of a Policy Zone Controller (WPZCon) which dynamically computes the low-level access configurations. Finally, a SAT based verification procedure has been presented for verifying the security properties of the proposed STRBAC model. Copyright © 2010 John Wiley & Sons, Ltd.
Generating policy based security implementation in enterprise network: a formal framework
Page 1. Generating Policy based Security Implementations in Enterprise Networks-A formal framewor... more Page 1. Generating Policy based Security Implementations in Enterprise Networks-A formal framework Padmalochan Bera School of Information Technology Indian Institute of Technology, Kharagpur 721302, India bera.padmalochan@gmail.com ...