R. Vinayakumar

Microwave-assisted synthesis and antimicrobial activity of some imidazo[2,1-b][1,3,4]thiadiazole derivatives

A simple and efficient method was developed for the synthesis of 2,6-disubstituted-imidazo[2,1-b][1,3,4]thiadiazoles under microwave (MW) activation using 2-amino-5-substituted-1,3,4-thiadiazoles and appropriate bromo ketones as materials. All reactions demonstrated the benefits of MW reactions: convenient operation, short reaction time, and good yields. All derivatives were characterized by IR, NMR, and Mass spectroscopy. Antibacterial and antifungal activity was performed using cup plate method against Staphylococcus aureus, Klebsiella, and Candida albicans microorganisms. 2-(4-nitro benzyl)-6-(4-bromo phenyl)imidazo[2,1-b][1,3,4]thiadiazole (4Ce) was the only derivative which showed activity against Klebsiella at low micromolar concentration (5xa0μg/ml) with moderate zone of inhibition. And 2-(4-nitro benzyl)-6-(4-fluoro phenyl)imidazo[2,1-b][1,3,4]thiadiazole (4Cf) as the most potent antifungal active derivative at 50xa0μg/ml against C. albicans on comparison to standard fluconazole.

Evaluating shallow and deep networks for ransomware detection and classification

Ransomware is one type of malware that covertly installs and executes a cryptovirology attack on a victims computer to demand a ransom payment for restoration of the infected resources. This kind of malware has been growing largely in recent days and causes tens of millions of dollars losses to consumers. In this paper, we evaluate shallow and deep networks for the detection and classification of ransomware. To characterize and distinguish ransomware over benign and various other families of ransomwares, we leverage the dominance of application programming interface (API) invocations. To select a best architecture for the multi-layer perceptron (MLP), we done various experiments related to network parameters and structures. All the experiments are run up to 500 epochs with a learning rate in the range [0.01-0.5]. Result obtained on our data set is more promising to distinguish ransomware not only from benign from its families too. On distinguishing the .EXE as either benign or ransomware, MLP has attained highest accuracy 1.0 and classifying the ransomware to their categories obtained highest accuracy 0.98. Moreover, MLP has performed well in detecting and classifying ransomwares in comparison to the other classical machine learning classifiers.

Evaluating shallow and deep networks for secure shell (ssh)traffic analysis

The family of recurrent neural network (RNN) mechanisms are largely used for the various tasks in natural language processing, speech recognition, image processing and many others due to they established as a powerful mechanism to capture dynamic temporal behaviors in arbitrary length of large-scale sequence data. This paper attempts to know the effectiveness of various RNN mechanisms on the traffic classification specifically for Secure Shell (SSH) protocol by modeling the feature sets of statistical flows as time-series obtained from various public and private traces. These traces are from NIMS (Network Information Management and Security Group), DARPA (Defense Advanced Research Projects Agency) 1999 Week1, DARPA 1999 Week3, MAWI (Measurement and Analysis on the WIDE Internet), and NLANR (National Laboratory for Applied Network Research) Active Measurement Project (AMP). A various configurations of network topologies, network parameters and network structures are used for family of RNN architectures to identify an optimal architecture. The experiments are run up to 1000 epochs with learning rate in the range [0.01-05] on both the binary and multiclass classification settings. RNN mechanisms have performed well in comparison to the other classical machine learning algorithms. Moreover, long short-term memory (LSTM) mechanism is a modified RNN, as achieved highest accuracy in cross-validation and testing of binary and multi-class classification cases. The background reason to that is, RNN mechanisms have capability to capture the dynamic temporal dependencies by storing information and updating them, when it is necessary across time-steps.

Applying convolutional neural network for network intrusion detection

Recently, Convolutional neural network (CNN) architectures in deep learning have achieved significant results in the field of computer vision. To transform this performance toward the task of intrusion detection (ID) in cyber security, this paper models network traffic as time-series, particularly transmission control protocol / internet protocol (TCP/IP) packets in a predefined time range with supervised learning methods such as multi-layer perceptron (MLP), CNN, CNN-recurrent neural network (CNN-RNN), CNN-long short-term memory (CNN-LSTM) and CNN-gated recurrent unit (GRU), using millions of known good and bad network connections. To measure the efficacy of these approaches we evaluate on the most important synthetic ID data set such as KDDCup 99. To select the optimal network architecture, comprehensive analysis of various MLP, CNN, CNN-RNN, CNN-LSTM and CNN-GRU with its topologies, network parameters and network structures is used. The models in each experiment are run up to 1000 epochs with learning rate in the range [0.01-05]. CNN and its variant architectures have significantly performed well in comparison to the classical machine learning classifiers. This is mainly due to the reason that CNN have capability to extract high level feature representations that represents the abstract form of low level feature sets of network traffic connections.

Evaluating effectiveness of shallow and deep networks to intrusion detection system

Network intrusion detection system (NIDS) is a tool used to detect and classify the network breaches dynamically in information and communication technologies (ICT) systems in both academia and industries. Adopting a new and existing machine learning classifiers to NIDS has been a significant area in security research due to the fact that the enhancement in detection rate and accuracy is of important in large volume of security audit data including diverse and dynamic characteristics of attacks. This paper evaluates the effectiveness of various shallow and deep networks to NIDS. The shallow and deep networks are trained and evaluated on the KDDCup ‘99’ and NSL-KDD data sets in both binary and multi-class classification settings. The deep networks are performed well in comparison to the shallow networks in most of the experiment configurations. The main reason to this might be a deep network passes information through several layers to learn the underlying hidden patterns of normal and attack network connection records and finally aggregates these learned features of each layer together to effectively distinguish the normal and various attacks of network connection records. Additionally, deep networks have not only performed well in detecting and classifying the known attacks additionally in unknown attacks too. To achieve an acceptable detection rate, we used various configurations of network settings and its parameters in deep networks. All the various configurations of deep network are run up to 1000 epochs in training with a learning rate in the range [0.01-0.5] to effectively capture the time varying patterns of normal and various attacks.

Secure shell (ssh) traffic analysis with flow based features using shallow and deep networks

The primary objective of this work is to evaluate the effectiveness of various shallow and deep networks for characterizing and classifying the encrypted traffic such as secure shell (SSH). The SSH traffic statistical feature sets are estimated from various private and public traces. Private trace is NIMS (Network Information Management and Security Group) and public traces are MAWI (Measurement and Analysis on the WIDE Internet), NLANRs (National Laboratory for Applied Network Research) Active Measurement Project (AMP). To select optimal deep networks, experiments are done for various network parameters, network structures and network topologies. All the experiments are run up to 1000 epochs with learning rate in the range [0.01-0.5]. The various shallow and deep networks are trained using public traces and evaluated on the private trace and vice-versa. Results indicate that there is a possibility to detect SSH traffic with acceptable detection rate. The deep network has performed well in comparison to the shallow networks. Moreover, the performance of various shallow networks is comparable.

Applying deep learning approaches for network traffic prediction

Network traffic prediction aims at predicting the subsequent network traffic by using the previous network traffic data. This can serve as a proactive approach for network management and planning tasks. The family of recurrent neural network (RNN) approaches is known for time series data modeling which aims to predict the future time series based on the past information with long time lags of unrevealed size. RNN contains different network architectures like simple RNN, long short term memory (LSTM), gated recurrent unit (GRU), identity recurrent unit (IRNN) which is capable to learn the temporal patterns and long range dependencies in large sequences of arbitrary length. To leverage the efficacy of RNN approaches towards traffic matrix estimation in large networks, we use various RNN networks. The performance of various RNN networks is evaluated on the real data from GÉANT backbone networks. To identify the optimal network parameters and network structure of RNN, various experiments are done. All experiments are run up to 200 epochs with learning rate in the range [0.01-0.5]. LSTM has performed well in comparison to the other RNN and classical methods. Moreover, the performance of various RNN methods is comparable to LSTM.

Deep android malware detection and classification

Long short-term memory recurrent neural network (LSTM-RNN) have witnessed as a powerful approach for capturing long-range temporal dependencies in sequences of arbitrary length. This paper seeks to model a large set of Android permissions particularly the permissions from Normal, Dangerous, Signature and Signature Or System categories within a large number of Android application package (APK) files of Cyber Security Data Mining Competition (CDMC 2016), Android malware classification challenge. The sequences of Android permissions are transformed into features by using recurrent LSTM layer with bag-of-words embedding and the extracted features are fed into dense and activation layer with non-linear activation function such as sigmoid for classification. Furthermore, to selectively find out the optimal paramaters and network structure, we have done various experimens with different network parameters and network structures. All experiments are run up to 1000 epochs with a learning rate in the range [0.01-0.5]. All LSTM network configurations have substantially performed well in classification settings of 5-fold cross validation in comparison to the recurrent neural network (RNN). Most importantly, LSTM has achieved the highest accuracy as 0.897 on the real-world Android malware test data set, provided by CDMC2016. This is primarily due to fact that the LSTM houses a complex memory processing unit that facilitates to learn the temporal behaviors quickly with sparse representations of Android permissions sequences. Thus, we claim that applying LSTM network to permission based Android malware classification is more appropriate.

Deep encrypted text categorization

Long short-term memory (LSTM) is a significant approach to capture the long-range temporal context in sequences of arbitrary length. This had shown astonishing performance in sentence and document modeling. To leverage this, we use LSTM network to the encrypted text categorization at character and word level of texts. These texts are transformed in to dense word-vectors by using bag-of-words embedding. Dense word vectors are fed in to recurrent layers to capture the contextual information and followed by dense and activation layer with nonlinear activation function such as softmax for classification. The optimal network architecture has found by conducting various experiments with varying network parameters and network structures. All the experiments are run up to 1000 epochs with learning rate in the range [0.01-0.5]. Most of the LSTM network structures substantially performed well in 5-fold cross-validation. Based on the 5-fold cross-validation results, we claim that the character level inputs are more efficient in dealing with the encrypted texts in comparison to word level, due to the fact that character level input keeps more information from low-level textual representations. Character level based LSTM models achieved highest accuracy as 0.99 and the word level achieved highest accuracy as 0.94 in the classification settings of 5-fold cross validation using LSTM networks. On the real-world test data of CDMC 2016 e-News categorization task, word level LSTM models attained its highest accuracy as 0.43.

Long short-term memory based operation log anomaly detection

Long short-term memory (LSTM) architecture is an important approach for capturing long-range temporal dependencies in sequences of arbitrary length. Moreover, stacked-LSTM (S-LSTM: formed by adding recurrent LSTM layer to the existing LSTM network in hidden layer) has capability to learn temporal behaviors quickly with sparse representations. To apply this to anomaly detection, we model the operation log samples of normal and anomalous events occurred in 1 minute time interval as time-series with the aim to detect and classify the events as either normal or anomalous. To select an appropriate LSTM network, experiments are conducted for various network parameters and network structures with the dataset provided by Cyber Security Data Mining Competition (CDMC2016). The experiments are run up to 1000 epochs with learning rate in the range [0.01-05]. S-LSTM network architecture has showed its strength by achieving the highest accuracy 0.996 with false positive rate 0.02 on the provided real-world test data by CDMC2016.