Ramesh C. Joshi

Network forensic frameworks: Survey and research challenges

Network forensics is the science that deals with capture, recording, and analysis of network traffic for detecting intrusions and investigating them. This paper makes an exhaustive survey of various network forensic frameworks proposed till date. A generic process model for network forensics is proposed which is built on various existing models of digital forensics. Definition, categorization and motivation for network forensics are clearly stated. The functionality of various Network Forensic Analysis Tools (NFATs) and network security monitoring tools, available for forensics examiners is discussed. The specific research gaps existing in implementation frameworks, process models and analysis tools are identified and major challenges are highlighted. The significance of this work is that it presents an overview on network forensics covering tools, process models and framework implementations, which will be very much useful for security practitioners and researchers in exploring this upcoming and young discipline.

Cooperative Caching Strategy in Mobile Ad Hoc Networks Based on Clusters

In this paper, we present a scheme, called Cluster Cooperative (CC) for caching in mobile ad hoc networks. In CC scheme, the network topology is partitioned into non-overlapping clusters based on the physical network proximity. For a local cache miss, each client looks for data item in the cluster. If no client inside the cluster has cached the requested item, the request is forwarded to the next client on the routing path towards server. A cache replacement policy, called Least Utility Value with Migration (LUV-Mi) is developed. The LUV-Mi policy is suitable for cooperation in clustered ad hoc environment because it considers the performance of an entire cluster along with the performance of local client. Simulation experiments show that CC caching mechanism achieves significant improvements in cache hit ratio and average query latency in comparison with other caching strategies.

Cooperative caching in mobile ad hoc networks based on data utility

Cooperative caching, which allows sharing and coordination of cached data among clients, is a potential technique to improve the data access performance and availability in mobile ad hoc networks. However, variable data sizes, frequent data updates, limited client resources, insufficient wireless bandwidth and clients mobility make cache management a challenge. In this paper, we propose a utility based cache replacement policy, least utility value (LUV), to improve the data availability and reduce the local cache miss ratio. LUV considers several factors that affect cache performance, namely access probability, distance between the requester and data source/cache, coherency and data size. A cooperative cache management strategy, Zone Cooperative (ZC), is developed that employs LUV as replacement policy. In ZC one-hop neighbors of a client form a cooperation zone since the cost for communication with them is low both in terms of energy consumption and message exchange. Simulation experiments have been conducted to evaluate the performance of LUV based ZC caching strategy. The simulation results show that, LUV replacement policy substantially outperforms the LRU policy.

Distributed Denial of Service Prevention Techniques

The significance of the DDoS problem and the increased occurrence, sophistication and strength of attacks has led to the dawn of numerous prevention mechanisms. Each proposed prevention mechanism has some unique advantages and disadvantages over the others. In this paper, we present a classification of available mechanisms that are proposed in literature on preventing Internet services from possible DDoS attacks and discuss the strengths and weaknesses of each mechanism. This provides better understanding of the problem and enables a security administrator to effectively equip his arsenal with proper prevention mechanisms for fighting against DDoS threat.

A weighted mean time Min-Min Max-Min selective scheduling strategy for independent tasks on Grid

With the emergence of Grid technologies, the problem of scheduling tasks in heterogeneous systems has been arousing attention. Task scheduling is a NP-complete problem[5] and it is more complicated under the Grid environment. To better use tremendous capabilities of Grid system, effective and efficient scheduling algorithms are needed. In this paper, we are presenting a new heuristic scheduling strategy for Independent tasks. The strategy is based on two traditional scheduling heuristics Min-Min and Max-Min. The strategy also considers the overall performance of machines to decide the scheduling sequence of tasks. We have evaluated our scheduling strategy within a grid simulator known as GridSim. We compared the results given by our strategy with the existing scheduling heuristics Min-Min and Max-Min and the results shows that our strategy outperforms in many cases than the existing ones.

Defending against Distributed Denial of Service Attacks: Issues and Challenges

ABSTRACT Distributed Denial of Service (DDoS) attacks on user machines, organizations, and infrastructures of the Internet have become highly publicized incidents and call for immediate solution. It is a complex and difficult problem characterized by an explicit attempt of the attackers to prevent access to resources by legitimate users for which they have authorization. Several schemes have been proposed on how to defend against these attacks, yet the problem still lacks a complete solution. The main purpose of this paper is therefore twofold. First is to present a comprehensive study of a wide range of DDoS attacks and defense methods proposed to combat them. This provides better understanding of the problem, current solution space, and future research scope to defend against DDoS attacks. Second is to propose an integrated solution for completely defending against flooding DDoS attacks at the Internet Service Provider (ISP) level.

Association Rule for Classification of Type-2 Diabetic Patients

The discovery of knowledge from medical databases is important in order to make effective medical diagnosis. The aim of data mining is extract the information from database and generate clear and understandable description of patterns. In this study we have introduced a new approach to generate association rules on numeric data. We propose a modified equal width binning interval approach to discretizing continuous valued attributes. The approximate width of the desired intervals is chosen based on the opinion of medical expert and is provided as an input parameter to the model. First we have converted numeric attributes into categorical form based on above techniques. Apriori algorithm is usually used for the market basket analysis was used to generate rules on Pima Indian diabetes data. The data set was taken from UCI machine learning repository containing total instances 768 and 8 numeric attributes.We discover that the often neglected pre-processing steps in knowledge discovery are the most critical elements in determining the success of a data mining application. Lastly we have generated the association rules which are useful to identify general associations in the data, to understand the relationship between the measured fields whether the patient goes on to develop diabetes or not. We are presented step-by-step approach to help the health doctors to explore their data and to understand the discovered rules better.

Efficient Cooperative Caching in Ad Hoc Networks

Caching of frequently accessed data in multi-hop ad hoc environment is a potential technique that can improve the data access performance and availability. Cooperative caching, which allows the sharing and coordination of cached data among clients, can further explore the potential of the caching techniques. In this paper, we propose a novel scheme, called zone cooperative (ZC) for caching in mobile ad hoc networks. In ZC scheme, one-hop neighbors of a mobile client form a cooperative cache zone since the cost for communication with them is low both in terms of energy consumption and message exchange. As a part of cache management, cache admission control and VALUE based replacement policy are developed to improve the data accessibility and reduce the local cache miss ratio. An analytical study of ZC based on data popularity, node density and transmission range is also performed. Simulation experiments show that the ZC caching mechanism achieves significant improvements in cache hit ratio and average query latency in comparison with other caching strategies

A genetic: algorithm approach to cost-based multi-QoS job scheduling in cloud computing environment

The complex business strategies of cloud services make Job scheduling a challenging issue. The mapping of user jobs onto a computing resource to achieve maximum benefit, satisfying the varying QoS of users jobs, is the ultimate goal of a cloud provider. As this scheduling problem belongs to the family of combinatorial problems, it cannot be formulated as a linear programming problem and any simple rule or algorithm cannot achieve the optimal solution in finite time. In this paper, a genetic algorithm approach to cost based multi QoS job scheduling has been proposed. A model for cloud computing environment has been also proposed and some popular genetic cross over operators, like PMX, OX, CX and mutation operators, swap and insertion mutation are used to produce a better schedule. The algorithm guarantees the best solution in finite time.

A Comparative Study of Distributed Denial of Service Attacks, Intrusion Tolerance and Mitigation Techniques

Disruption of service caused by distributed denial of services (DDoS) attacks is an increasing problem in the Internet world. At the present time, to attack the victims system, the attacker uses sophisticated automated attacking tools for DDoS attack, but earlier it was performed either by manually or by semi automated attacking tools. These attack tools are used to attack various Internet sites. In this paper, we present a literature on classification of available mechanisms for DDoS defense. These defense mechanisms are used to prevent, detect, response and tolerate the DDoS attacks. It is well known that it is very difficult to stop the DDoS attack, therefore, it would be better to maximize the fault tolerance and quality of services under variety of intrusions and attacks. In our analysis, we will discuss the merits and demerits of each mechanism over others. In addition, this paper provides better understanding of the DDoS attack problem and enables a security administrator to cope up against the DDoS threat.