Anand Gupta

Sequenced Tagged Captcha: Generation and its Analysis

Security of websites and online systems is of paramount concern today. A significant threat comes from malicious automated programs designed to take advantage of online facilities, resulting in wastage of resources and breach of web security. To counter them, CAPTCHAS are employed as a means of differentiating these bots from humans. However, highly sophisticated computer programs evolved over time have kept pace with all the current CAPTCHA generation schemes to render them ineffective. Due to the vulnerability of current CAPTCHAS, generation schemes of greater stability are required. Therefore, in this paper we propose a novel scheme of embedding numbers in text CAPTCHAS. It incorporates two levels of testing that includes identification of displayed characters and secondly interpreting the logical ordering based on the embedded numbers. Our CAPTCHA can be conveniently implemented on web-sites and provides the advantages of robustness and low space requirements. Discussion and conclusion, at the end of the paper, justify our approach.

DGW-canny: An improvised version of Canny edge detector

Edge detection is a field which has intrigued programmers since early 1970s. Since then, a good number of edge detection techniques have come up but the technique used by Canny [1] is very widely used. However, it has been observed that the results are not that efficient while dealing with alpha-numeric sections or geometrical figures or fine grain region in an image. To mitigate these limitations, we propose an improvised edge detection technique. The technique uses a Laplacian of Gaussian gradient with a new approach towards the thresholding section. The DGW-Canny framework has been experimented on a data set of images categorized on the basis of vectors proposed by us. The encouraging experimental results show that the DGW-Canny edge detector renders much better results compared to those of Canny. We have also performed experiments by varying parameters like nature and man-made component in an image. It is observed that varying the latter parameter adversely affects the edges of the image.

Malafide intension based detection of privacy violation in information system

In the past few years there has been an increased focus on privacy issues for Information Systems. This has resulted in concerted systematic work focused on regulations, tools and enforcement. Despite this, privacy violations still do take place. Therefore there is an increased need to develop efficient methods to detect privacy violations. After a privacy violation has taken place, the post-event diagnostics should make use of any post-event information which might be available. This information (malafide intention) might play a decisive role in determining violations. In this paper we propose one such framework which makes use of malafide intentions. The framework is based on the hypothesis that any intrusion/unauthorized access has a malafide intention always associated with it and is available in a post-event scenario. We hereby propose that by analyzing the privacy policies and the available malafide intention, it is possible to detect probable privacy violations.

Overlapping variants of sequenced tagged captcha (STC): Generation and their comparative analysis

Sophisticated and evolving CAPTCHA breaking algorithms as mentioned in [1, 4, 7] have successfully broken currently employed CAPTCHAs. This has resulted in a continuous requirement for more robust CAPTCHAs. In light of this, STC generation scheme was introduced in [3] to stay secure for a long time. In this paper, we focus on the generation and comparative study of four variations in STC. These variations occur in overlapping of characters and/or Tagged numbers in the STC and further expand the STC concept. Further, we have identified two parameters viz. readability and security in this paper. These parameters have been used to compare and quantitatively analyze these schemes in order to find a suitably balanced one with an optimum combination of both.

Luring: A framework to induce a suspected user into Context Honeypot

The objective of context honeypot is to identify a probable privacy violator before he actually succeeds in capturing desired precious information. We believe that in the environment of robust implementation of privacy policy, privacy breaches can occur only through masquerading. Success of context honeypot depends on efficient luring (by using lure messages) of probable privacy violator. Lure messages are built by using real and fake data in such a way that the probable violator remains oblivious of being lured. In this paper, we propose a lure model and an architecture for generating lure messages.

Malafide Intension and its mapping to Privacy Policy Purposes for Masquerading

In presence of a robust privacy infrastructure, an attacker can fulfil his purpose (malafide intension) only by masquerading it with bonafide purposes besides other authentication parameters. We address the issue of masquerading of purpose for a malafide intension by defining the mapping from a malafide intension to bonafide purposes in this paper. An understanding of such a mapping can facilitate both a hacker (assist him in masquerading) and a forensic expert to investigate malafide accesses. Determination of these bonafide purposes may help speed up the violation detection if the user accesses log has listed bonafide purpose with each user access. The bonafide purposes can be determined in data-independent (without accessing the database) or data-dependent (database access is required) mode. In this paper we define a mapping of a malafide intension to bonafide purposes in data-independent mode

DTC: A framework to Detect Traffic Congestion by mining versatile GPS data

With increase in availability of GPS enabled devices, a large amount of GPS data is being collected over time. The mining of this data is likely to help in detection of the locations which face frequent traffic congestion. The prior knowledge of such locations will help the users in deciding whether or not to opt for that route. Avoidance of plying on such routes will also help in reducing the congestion in such locations. However, the authors feel that the work done so far in this field does not give very accurate results. The reason behind this is the inability of the work done so far to distinguish between jams and random short-term stoppages like traffic lights. To incorporate such differentiation in this paper, the authors propose an improvised traffic-jam-detection framework - DTC (Detect Traffic Congestion). This framework can be applied to versatile GPS data i.e. data coming from various kinds of devices like mobile phones, tablets or from vehicles etc. In the technique associated with this framework, these GPS data is first clusterized using the Expectation Maximization Algorithm. The clusters hence obtained are filtered out to acquire on-the-road vehicle data clusters. On further processing these clusters, a final binary output of either Traffic jam or Traffic light is obtained. The output is then fed to a J48 Classification Model to train it and hence make the predictions more accurate. The results obtained in the experiments are then cross-checked with the real-time data giving an accuracy of 86%.

Mining Regular Patterns in Weighted-Directed Networks

Mining of regular patterns in dynamic networks finds immense application in characterizing the local properties of the networks, like behaviour (friendship relation), event occurrence (football matches). They in then are used to predict their future trends. But if they do not entail weight and direction aspects of the dynamic network, there can be loss of several significant details, such as strength of a relationship or event, specification of the person responsible for it in a relationship, winning or losing in case of events. To the best of our knowledge, no work has been reported yet to extract regular patterns that take into account weight and direction aspects of dynamic networks. We thus propose a novel method to mine regular patterns in weighted and directed networks. In the proposed method, different snapshots of the dynamic network are taken, and through the concept of Regular Expression, we obtain repetition rule for each of: occurrence sequence, weight sequence, direction sequence and weight-direction sequence. For each of these four categories, edges having same rule are grouped to obtain evolution patterns. To ensure the practical feasibility of the approach, experimental evaluation is done on the real world dataset of Enron emails. The results obtained show that, 2.39%, 6.92%, 9.96% and 1.81% of the edges are found to be regular on weight, direction, occurrence and weight-direction respectively.

Auditing Inference Based Disclosures in Dynamic Databases

A privacy violation in an information system could take place either through explicit access or inference over already revealed facts using domain knowledge. In a post violation scenario, an auditing framework should consider both these aspects to determine exact set of minimal suspicious queries set. Update operations in database systems add more complexity in case of auditing, as inference rule applications on different data versions may generate erroneous information in addition to the valid information. In this paper, we formalize the problem of auditing inference based disclosures in dynamic databases, and present a sound and complete algorithm to determine a suspicious query set for a given domain knowledge, a database, an audit query, updates in the database. Each element of the output set is a minimal set of past user queries made to the database system such that data revealed to these queries combined with domain knowledge can infer the valid data specified by the audit query.

Context Honeypot: A Framework for Anticipatory Privacy Violation

Honeypots have been studied in the network domain for detection and information collection against external threats in the past few years. They lure a potential attacker by simulating resources having vulnerabilities and observing the behavior of a potential attacker to identify him before a damaging attack takes place. A lot of work has been done in the area of privacy and security in databases. Though the number of attacks and complexity for database attacks are increasing day by day, there has been no attempt to design honeypots for privacy enforcing databases. The use of honeypots for databases would help in confirming the suspicion (malafide intention) of a suspicious user without leaking the target information (information which would fulfill the malafide intention) to the attacker. We propose a framework for database honeypots for certain types of attacks in privacy context. The proposed honeypots for databases are termed as context honeypots.