Aravind Ashok

A lexical approach for classifying malicious URLs

Given the continuous growth of malicious activities on the internet, there is a need for intelligent systems to identify malicious web pages. It has been shown that URL analysis is an effective tool for detecting phishing, malware, and other attacks. Previous studies have performed URL classification using a combination of lexical features, network traffic, hosting information, and other strategies. These approaches require time-intensive lookups which introduce significant delay in real-time systems. In this paper, we describe a lightweight approach for classifying malicious web pages using URL lexical analysis alone. Our goal is to explore the upper-bound of the classification accuracy of a purely lexical approach. We also aim to develop a scalable approach which could be used in a real-time system. We develop a classification system based on lexical analysis of URLs. It correctly classifies URLs of malicious web pages with 99.1% accuracy, a 0.4% false positive rate, an F1-Score of 98.7, and 0.62 milliseconds on average. Our method also outperforms similar approaches when classifying out-of-sample data.

Demalvertising: A Kernel Approach for Detecting Malwares in Advertising Networks

From search engines to e-commerce websites and online video channels to smartphone applications, most of the internet applications use advertising as one of their primary source of revenue generation. Malvertising is the act of distributing malicious software to users via advertisements on websites. The major causes of malvertisement are the presence of hundreds of third party advertising solutions and the improper verification of ads at the publisher’s site. Moreover, smartly tailored advertisements are placed which exploit a browser’s bugs and vulnerabilities to infect user with malicious software. In this paper, we highlight loopholes in the currently applied advertising policies and the vulnerabilities that are exploited to attack customers by serving malicious ads on user applications. The major contribution of the authors is a framework developed to identify malicious advertisements at the publishers’ end. It is based on two types of analyses. The first type of analysis involves static analysis of the advertisement’s source code. The other type is the behavioral analysis of the advertisements done in a secure sandboxed environment to detect any malicious activity. We extracted a total of 9 features from 15,000 advertisements and classified it using a trained one class SVM classifier. Our result shows that 53 % of the suspicious ads contain dubious iFrames while 69 % of them perform redirections followed by drive by download 18 % with very low false positive and false negative rates.

B-secure: A dynamic reputation system for identifying anomalous BGP paths

BGP (Border Gateway Protocol) is one of the core internet backbone protocols, which were designed to address the large-scale routing among the ASes (Autonomous System) in order to ensure the reachability among them. However, an attacker can inject update messages into the BGP communication from the peering BGP routers and those routing information will be propagated across the global BGP routers. This could cause disruptions in the normal routing behavior. Specially crafted BGP messages can reroute the traffic path from a source ASN to a specific destination ASN via another path and this attack is termed as AS Path Hijacking. This research work is focused on the detection of suspicious deviation in the AS path between a source and destination ASNs, by analyzing the BGP update messages that are collected by passive peering to the BGP routers. The research mainly focuses on identifying the AS Path Hijacking by quantifying: (1). How far the deviation occurred for a given AS Path and (2). How much credible is the deviated AS path. We propose a novel approach to calculate the deviation occurred by employing weighted edit distance algorithm. A probability score using n-gram frequency is used to determine credibility of the path. Both the scores are correlated together to determine whether a given AS Path is suspicious or not. The experimental results show that our approach is capable of identifying AS path hijacks with low false positives.

Password Reuse Behavior: How Massive Online Data Breaches Impacts Personal Data in Web

Web 2.0 has given a new dimension to Internet bringing in the “social web” where personal data of a user resides in a public space. Personal Knowledge Management (PKM) by websites like Facebook, LinkedIn, and Twitter, etc. has given rise to need of a proper security. All these websites and other online accounts manage authentication of the users with simple text-based passwords. Password reuse behavior can compromise connected user accounts if any of the company’s data is breached. The main idea of this paper is to demonstrate that the password reuse behavior makes one’s account vulnerable and these accounts are prone to attack/hack. In this study, we collected usernames and passwords dumps of 15 different websites from public forums like pastebin.com. We used 62,000 and 3000 login credentials from Twitter and Thai4promotion websites, respectively for our research. Our experiments revealed an extensive password reuse behavior across sites like Twitter, Facebook, Gmail, etc. About 35 % of accounts we experimented were vulnerable to this phenomenon. A survey was conducted targeting online users which showed us that, around 59 % out of 79 % regular internet users still reuse passwords for multiple accounts.

Internet of Vulnerable Things (IoVT): Detecting Vulnerable SOHO Routers

There has been a rampant surge in compromise of consumer grade small scale routers in the last couple of years. Attackers are able to manipulate the Domain Name Space (DNS) settings of these devices hence making them capable of initiating different man-in-the-middle attacks. By this study we aim to explore and comprehend the current state of these attacks. Focusing on the Indian Autonomous System Number (ASN) space, we performed scans over 3 months to successfully find vulnerable routers and extracted the DNS information from these vulnerable routers. In this paper we present the methodology followed for scanning, a detailed analysis report of the information we were able to collect and an insight into the current trends in the attack patterns. We conclude by proposing recommendations for mitigating these attacks.

LSTM Based Self-Defending AI Chatbot Providing Anti-Phishing

Email services have to put through a lot of effort in fighting spam emails. Most of the efforts go in for detecting and filtering spam emails from benign emails. On the other front, people are educated by banks and other organizations on the awareness of such emails. These approaches are essentially passive in nature, in countering spam attacks where the attacker is not directly engaged by the adversary. Despite all these efforts, many innocent people fall for such attacks leading them to share their account details or lose a large sum of money. We propose an AI based system, that is self-aware and self-defending, which sends coherent replies to spammers with the aim of consuming their time. To make it more difficult for spammers we reply from algorithmically generated mail servers. Also, to avoid simple match filtering of mails by spammers, we make the replies different from each other and genuine, by using a language model trained by LSTM to form sentences in natural language depending upon the context of the email.

‘MobAware’-Harnessing Context Awareness, Sensors and Cloud for Spontaneous Personal Safety Emergency Help Requests

Significant increase of crimes against women in recent years and the advent of smart phone and wearable technologies have accelerated the need for personal safety devices and applications. These systems can be used to summon for help during the emergency situations. While several mobile applications that sends emergency help requests are available they need to be manually activated by the victim. In most of the personal emergency situations the victim might not be in a position to reach out for the Smart phone for summoning help. In this research we address this issue by implementing a system that automatically senses certain personal emergency situations, that summons for help with minimal or no user intervention. Summoning of help gets triggered when the smartphone sensors senses an abnormal events such as unusual movement and voice. This system also profiles the spatial information using the crawled web data and provides the contextual information about the risks score of the location. By using sensors and context awareness our system summons for emergency help with minimal/no intervention by the user.

Drive-by-Download Malware Detection in Hosts by Analyzing System Resource Utilization Using One Class Support Vector Machines

Drive-by-Download is an unintentional download of a malware on to a user system. Detection of drive-by-download based malware infection in a host is a challenging task, due to the stealthy nature of this attack. The user of the system is not aware of the malware infection occurred as it happens in the background. The signature based antivirus systems are not able to detect zero-day malware. Most of the detection has been performed either from the signature matching or by reverse engineering the binaries or by running the binaries in a sandbox environment. In this paper, we propose One Class SVM based supervised learning method to detect the drive-by-download infection. The features comprises of system RAM and CPU utilization details. The experimental setup to collect data contains machine specification matching 4 user profiles namely Designer, Gamer, Normal User and Student. The experimental system proposed in this paper was evaluated using precision, recall and F-measure.

Effectiveness of Email Address Obfuscation on Internet

Spammers collect email addresses from internet using automated programs known as bots and send bulk SPAMS to them. Making the email address difficult to recognize for the bots (obfuscate) but easily understandable for human users is one of the effective way to prevent spams. In this paper, we focus on evaluating the effectiveness of different techniques to obfuscate an email address and analyze the frequency at which spam mails arrive for each obfuscation technique. For this we employed multiple web crawlers to harvest both obfuscated and non-obfuscated email addresses. We find that majority of the email addresses are non-obfuscated and only handful are obfuscated. This renders majority of email users fall prey to SPAMS. Based on our findings, we propose a natural language processing (NLP)-based obfuscation technique which we believe to be stronger than the currently used obfuscation techniques. To analyze the frequency of arrival of spam mails in an obfuscated mail, we posted obfuscated email addresses on popular websites (social networking and ecommerce sites) to analyze the number of spams received for each obfuscation technique. We observe that even simple obfuscation techniques prevent spams and obfuscated mails receive less spam mails than the non-obfuscated ones.

Secure Authentication in Multimodal Biometric Systems Using Cryptographic Hash Functions

In this Information Age, security of personal data is one of the biggest issues faced by most of the nations. Biometrics provides substantial help in guarding against attempts to establish fraudulent multiple identities or prevent identity fraud. The greatest advantage that the biometric data of an individual remains constant acts as its biggest liability. Once the attacker gets biometric password of an individual then security of his data becomes a big problem. This paper comes with a unique solution which will allow people to change their biometric password and helps to overcome some of the present issues in biometric systems. The biometric password is created by hashing the biometric data of the user. Merging of biometrics and cryptography proves to be more secure and helps to provide a better authentication system for the society.