Chittaranjan Hota

Big Data Analytics framework for Peer-to-Peer Botnet detection using Random Forests

Abstract Network traffic monitoring and analysis-related research has struggled to scale for massive amounts of data in real time. Some of the vertical scaling solutions provide good implementation of signature based detection. Unfortunately these approaches treat network flows across different subnets and cannot apply anomaly-based classification if attacks originate from multiple machines at a lower speed, like the scenario of Peer-to-Peer Botnets. In this paper the authors build up on the progress of open source tools like Hadoop, Hive and Mahout to provide a scalable implementation of quasi-real-time intrusion detection system. The implementation is used to detect Peer-to-Peer Botnet attacks using machine learning approach. The contributions of this paper are as follows: (1) Building a distributed framework using Hive for sniffing and processing network traces enabling extraction of dynamic network features; (2) Using the parallel processing power of Mahout to build Random Forest based Decision Tree model which is applied to the problem of Peer-to-Peer Botnet detection in quasi-real-time. The implementation setup and performance metrics are presented as initial observations and future extensions are proposed.

Secure data access in cloud computing

Data security and access control is one of the most challenging ongoing research work in cloud computing, because of users outsourcing their sensitive data to cloud providers. Existing solutions that use pure cryptographic techniques to mitigate these security and access control problems suffer from heavy computational overhead on the data owner as well as the cloud service provider for key distribution and management. This paper addresses this challenging open problem using capability based access control technique that ensures only valid users will access the outsourced data. This work also proposes a modified Diffie-Hellman key exchange protocol between cloud service provider and the user for secretly sharing a symmetric key for secure data access that alleviates the problem of key distribution and management at cloud service provider. The simulation run and analysis shows that the proposed approach is highly efficient and secure under existing security models.

Restoration of virtual private networks with qos guarantees in the pipe model

We propose heuristic algorithms to compute efficient restorable tunnel paths for IP Virtual Private Networks (IPVPNs). We first propose a Customer Premises Equipment (CPE) based solution to the problem and then optimize it by activating selectively few core ISP routers. We consider link cost as a function of bandwidth and loss over the link. The VPN tunnel paths are computed taking into account two parameters, the link cost and the cost of core routers that serve as end points of the tunnel. These paths we then call as Active Paths. Reliability of a VPN depends on the reliability of links in the Active path. To guarantee service quality and VPN availability to the Corporate users, seamless recovery from failures is mandatory. For the sake of survivability we propose heuristics for computing optimal backup path. We assume that the residual capacity available over the links for the VPN is sufficient to satisfy the Service Level Agreement (SLA). The problem of finding optimal paths for both Active and Backup is similar to constructing a directed steiner tree routed at source and spanning all the destinations which is NP-hard. Our heuristic algorithms provide an efficient solution to this problem with polynomial computation time.

Advances in secure knowledge management in the big data era

Information is increasingly becoming important in our daily lives. We have become information dependents of the twenty-first century, living in an on-command, on-demand Big data world. In this era, more information is being created by individuals than by business houses. In the past, we had to stand in a queue at a railway reservation counter to book our tickets, had to visit a cash counter in a bank to do our transactions, had to arrange a get together at a physical location within our town to meet and socialize with our friends, had to visit a theater to watch a movie, and so on. We now have Information and Communication Technology (ICT) to help us do all these by sitting in front of a computer and with a few mouse clicks. Also, all these advancements are possible because we are drenched in a flood of data today. It is important to distinguish between data, information and knowledge. Data is a set of facts about events.

Energy-aware routing in Mobile Ad-Hoc Networks

The next generation communication systems will provide high quality multimedia services in a flexible and efficient manner. As an extension of next generation networks, Mobile Ad Hoc Networks (MANETs) have attracted significant attention amongst researchers. Nodes in a MANET have limited battery power. Hence, ad hoc routing protocols ought to be energy conservative to support real-time multimedia services. In this paper, we propose a proactive routing protocol which gives better performance and satisfies the basic power aware parameters like minimum energy consumption per packet, maximum network lifetime, and minimum variance in the node power levels. We use breadth first search to gather the network topology.. From this global information, a least cost path is generated using Dijkstras shortest path algorithm. This least cost path has better battery resources and is refreshed after some fixed intervals of data packet delivery to keep the variance in residual battery power to minimum. Our simulation results show that the proposed protocol provides good service to different types of media while conserving energy.

Safeguarding Against Sybil Attacks via Social Networks and Multipath Routing

Peer-to-peer (P2P) overlay networks are currently being used to build large scale distributed systems running various decentralized applications like distributed storage, content distribution, collaborative scheduling, and leader election. Although we have protocols like Byzantine agreement, voting schemes etc. for building resilient distributed applications; we have very few solutions available for safeguarding these distributed protocols from Sybil attacks. In a Sybil attack, an adversary could forge multiple identities and create multiple, distinct nodes in the system hence overthrowing any upper bound on number of malicious nodes in these protocols. In this paper, we present a multipath routing protocol using graph theoretic approach to group the Sybil nodes first and then to poll them using host identity protocol (HIP) to decide upon whether they really belong to a Sybil group. HIP clearly separates participating users from overlay nodes. It overcomes P2P network challenges like stability over time and identity differentiation. We also use a social network where the attack edges are minimum. An attack edge between a malicious user and an honest user indicates that the malicious user is able to establish a trust relationship with the honest user by some means. We perform simulations to show the feasibility of our distributed protocol.

P2P traffic classification using ensemble learning

Early Peer-to-Peer overlay network traffic classification schemes were based on port-based and payload based inspection. In recent years researchers have focused on alternate machine learning approaches. This paper presents ensemble learning which combines multiple models to improve prediction accuracy over a single classifier or semi-supervised learning techniques. In this paper, statistical characteristics of TCP and UDP flows are extracted from the network traces to construct a feature set first. We then apply feature selection techniques to reduce the number of features required to train the model, hence reducing the build time. We used Stacking and Voting ensemble learning techniques to improve prediction accuracy with base classifiers modelled using Machine Learning (ML) algorithms: Naïve Bayes classifier, Bayesian Network, Decision trees. We used meta classifiers to further improve classification accuracy to 99.9%. Our experimental results show that Stacking perform better over Voting in identifying P2P traffic.

Adaptive lookup for unstructured peer-to-peer overlays

Scalability and efficient global search in unstructured peer-to-peer overlays have been extensively studied in the literature. The global search comes at the expense of local interactions between peers. Most of the unstructured peer-to-peer overlays do not provide any performance guarantee. In this work we propose a novel Quality of Service enabled lookup for unstructured peer-to-peer overlays that will allow the userpsilas query to traverse only those overlay links which satisfy the given constraints. Additionally, it also improves the scalability by judiciously using the overlay resources. Our approach selectively forwards the queries using QoS metrics like latency, bandwidth, and overlay link status so as to ensure improved performance in a scenario where the degree of peer joins and leaves are high. User is given only those results which can be downloaded with the given constraints. Also, the protocol aims at minimizing the message overhead over the overlay network.

Game-theoretic strategies for IDS deployment in peer-to-peer networks

This work studies the problem of optimal positioning of Intrusion Detection Systems (IDSs) in a Peer-to-Peer (P2P) environment involving a number of peers and super-peers. This scenario applies to network architectures like that of Gnutella, Skype or Tor, which involve a huge number of leaf-peers and a selected number of super-peers who have higher responsibilities in the network. A malicious entity may become part of the P2P network by joining from any part of the network. It can attack a super-peer and thus disrupt the functioning of the P2P network. Peers may try to secure the network by running IDSs at certain strategically-chosen locations in the network. But a deterministic schedule of running and positioning the IDSs can be observed and thwarted by an adversary. In this paper, we explore the problem of strategically positioning IDSs in a P2P network with a randomized, game-theoretic approach. Our approach distributes the responsibility of running the IDSs between the peers in a randomized fashion and minimizes the probability of a successful attack.

An efficient on-demand routing protocol for MANETs using Bayesian approach

Ad-hoc wireless networks consist of mobile nodes interconnected by multihop-communication paths with no fixed network infrastructure or administrative support. One of the typical routing methods in mobile ad-hoc networks use on-demand distance vector, e.g. Ad-hoc On-demand Distance Vector (AODV). The major issue in such a protocol is the route establishment cost. In this paper, we are suggesting an efficient routing algorithm for mobile ad-hoc networks with a route establishment technique using Bayesian approach. The initial results show that there is significant improvement in delivery ratio, control packets overhead w.r.t. mobility and control packet overhead w.r.t. network size.