Faculty Publications

Permanent URI for this communityhttps://idr.nitk.ac.in/handle/123456789/18736

Publications by NITK Faculty

Browse

Author: search.filters.author.Jaidhar, C.D.Subject: search.filters.subject.Learning systems

Search Results

Now showing 1 - 8 of 8
  • No Thumbnail Available
    Item
    Leveraging virtual machine introspection with memory forensics to detect and characterize unknown malware using machine learning techniques at hypervisor
    (Elsevier Ltd, 2017) M.a, M.A.; Jaidhar, C.D.
    The Virtual Machine Introspection (VMI) has emerged as a fine-grained, out-of-VM security solution that detects malware by introspecting and reconstructing the volatile memory state of the live guest Operating System (OS). Specifically, it functions by the Virtual Machine Monitor (VMM), or hypervisor. The reconstructed semantic details obtained by the VMI are available in a combination of benign and malicious states at the hypervisor. In order to distinguish between these two states, the existing out-of-VM security solutions require extensive manual analysis. In this paper, we propose an advanced VMM-based, guest-assisted Automated Internal-and-External (A-IntExt) introspection system by leveraging VMI, Memory Forensics Analysis (MFA), and machine learning techniques at the hypervisor. Further, we use the VMI-based technique to introspect digital artifacts of the live guest OS to obtain a semantic view of the processes details. We implemented an Intelligent Cross View Analyzer (ICVA) and implanted it into our proposed A-IntExt system, which examines the data supplied by the VMI to detect hidden, dead, and dubious processes, while also predicting early symptoms of malware execution on the introspected guest OS in a timely manner. Machine learning techniques are used to analyze the executables that are mined and extracted using MFA-based techniques and ascertain the malicious executables. The practicality of the A-IntExt system is evaluated by executing large real-world malware and benign executables onto the live guest OSs. The evaluation results achieved 99.55% accuracy and 0.004 False Positive Rate (FPR) on the 10-fold cross-validation to detect unknown malware on the generated dataset. Additionally, the proposed system was validated against other benchmarked malware datasets and the A-IntExt system outperforms the detection of real-world malware at the VMM with performance exceeding 6.3%. © 2017 Elsevier Ltd
  • No Thumbnail Available
    Item
    Automated multi-level malware detection system based on reconstructed semantic view of executables using machine learning techniques at VMM
    (Elsevier B.V., 2018) M.a, A.K.; Jaidhar, C.D.
    In order to fulfill the requirements like stringent timing restraints and demand on resources, Cyber–Physical System (CPS) must deploy on the virtualized environment such as cloud computing. To protect Virtual Machines (VMs) in which CPSs are functioning against malware-based attacks, malware detection and mitigation technique is emerging as a highly crucial concern. The traditional VM-based anti-malware software themselves a potential target for malware-based attack since they are easily subverted by sophisticated malware. Thus, a reliable and robust malware monitoring and detection systems are needed to detect and mitigate rapidly the malware based cyber-attacks in real time particularly for virtualized environment. The Virtual Machine Introspection (VMI) has emerged as a fine-grained out-of-VM security solution to detect malware by introspecting and reconstructing the volatile memory state of the live guest Operating System (OS) by functioning at the Virtual Machine Monitor (VMM) or hypervisor. However, the reconstructed semantic details by the VMI are available in a combination of benign and malicious states at the hypervisor. In order to distinguish between these two states, extensive manual analysis is required by the existing out-of-VM security solutions. To address the foremost issue, in this paper, we propose an advanced VMM-based guest-assisted Automated Multilevel Malware Detection System (AMMDS) that leverages both VMI and Memory Forensic Analysis (MFA) techniques to predict early symptoms of malware execution by detecting stealthy hidden processes on a live guest OS. More specifically, the AMMDS system detects and classifies the actual running malicious executables from the semantically reconstructed process view of the guest OS. The two sub-components of the AMMDS are: Online Malware Detector (OMD) and Offline Malware Classifier (OFMC). The OMD recognizes whether the running processes are benign or malicious using its Local Malware Signature Database (LMSD) and online malware scanner and the OFMC classify unknown malware by adopting machine learning techniques at the hypervisor. The AMMDS has been evaluated by executing large real-world malware and benign executables on to the live guest OSs. The evaluation results achieved 100% of accuracy and zero False Positive Rate (FPR) on the 10-fold cross-validation in classifying unknown malware with maximum performance overhead of 5.8%. © 2017 Elsevier B.V.
  • No Thumbnail Available
    Item
    An empirical study to estimate the stability of random forest classifier on the hybrid features recommended by filter based feature selection technique
    (Springer, 2020) Shiva Darshan, S.L.S.; Jaidhar, C.D.
    The emergence of advanced malware is a serious threat to information security. A prominent technique that identifies sophisticated malware should consider the runtime behaviour of the source file to detect malicious intent. Although the behaviour-based malware detection technique is a substantial improvement over the traditional signature-based detection technique, current malware employs code obfuscation techniques to elude detection. This paper presents the Hybrid Features-based malware detection system (HFMDS) that integrates static and dynamic features of the portable executable (PE) files to discern malware. The HFMDS is trained with prominent features advised by the filter-based feature selection technique (FST). The detection ability of the proposed HFMDS has evaluated with the random forest (RF) classifier by considering two different datasets that consist of real-world Windows malware samples. In-depth analysis is carried out to determine the optimal number of decision trees (DTs) required by the RF classifier to achieve consistent accuracy. Besides, four popular FSTs performance is also analyzed to determine which FST recommends the best features. From the experimental analysis, we can infer that increasing the number of DTs after 160 within the RF classifier does not make a significant difference in attaining better detection accuracy. © 2019, Springer-Verlag GmbH Germany, part of Springer Nature.
  • No Thumbnail Available
    Item
    Applicability of machine learning in spam and phishing email filtering: review and approaches
    (Springer Science+Business Media B.V. editorial@springerplus.com, 2020) Gangavarapu, T.; Jaidhar, C.D.; Chanduka, B.
    With the influx of technological advancements and the increased simplicity in communication, especially through emails, the upsurge in the volume of unsolicited bulk emails (UBEs) has become a severe threat to global security and economy. Spam emails not only waste users’ time, but also consume a lot of network bandwidth, and may also include malware as executable files. Alternatively, phishing emails falsely claim users’ personal information to facilitate identity theft and are comparatively more dangerous. Thus, there is an intrinsic need for the development of more robust and dependable UBE filters that facilitate automatic detection of such emails. There are several countermeasures to spam and phishing, including blacklisting and content-based filtering. However, in addition to content-based features, behavior-based features are well-suited in the detection of UBEs. Machine learning models are being extensively used by leading internet service providers like Yahoo, Gmail, and Outlook, to filter and classify UBEs successfully. There are far too many options to consider, owing to the need to facilitate UBE detection and the recent advances in this domain. In this paper, we aim at elucidating on the way of extracting email content and behavior-based features, what features are appropriate in the detection of UBEs, and the selection of the most discriminating feature set. Furthermore, to accurately handle the menace of UBEs, we facilitate an exhaustive comparative study using several state-of-the-art machine learning algorithms. Our proposed models resulted in an overall accuracy of 99% in the classification of UBEs. The text is accompanied by snippets of Python code, to enable the reader to implement the approaches elucidated in this paper. © 2020, Springer Nature B.V.
  • No Thumbnail Available
    Item
    Windows malware detector using convolutional neural network based on visualization images
    (IEEE Computer Society, 2021) Shiva Darshan, S.L.; Jaidhar, C.D.
    The evolution of malware is continuing at an alarming rate, despite the efforts made towards detecting and mitigating them. Malware analysis is needed to defend against its sophisticated behaviour. However, the manual heuristic inspection is no longer effective or efficient. To cope with these critical issues, behaviour-based malware detection approaches with machine learning techniques have been widely adopted as a solution. It involves supervised classifiers to appraise their predictive performance on gaining the most relevant features from the original features' set and the trade-off between high detection rate and low computation overhead. Though machine learning-based malware detection techniques have exhibited success in detecting malware, their shallow learning architecture is still deficient in identifying sophisticated malware. Therefore, in this paper, a Convolutional Neural Network (CNN) based Windows malware detector has been proposed that uses the execution time behavioural features of the Portable Executable (PE) files to detect and classify obscure malware. The 10-fold cross-validation tests were conducted to assess the proficiency of the proposed approach. The experimental results showed that the proposed approach was effective in uncovering malware PE files by utilizing significant behavioural features suggested by the Relief Feature Selection Technique. It attained detection accuracy of 97.968 percent. © 2013 IEEE.
  • No Thumbnail Available
    Item
    Systematic study on deep learning-based plant disease detection or classification
    (Springer Nature, 2023) Sunil, C.K.; Jaidhar, C.D.; Patil, N.
    Plant diseases impact extensively on agricultural production growth. It results in a price hike on food grains and vegetables. To reduce economic loss and to predict yield loss, early detection of plant disease is highly essential. Current plant disease detection involves the physical presence of domain experts to ascertain the disease; this approach has significant limitations, namely: domain experts need to move from one place to another place which involves transportation cost as well as travel time; heavy transportation charge makes the domain expert not travel a long distance, and domain experts may not be available all the time, and though the domain experts are available, the domain expert(s) may charge high consultation charge which may not be feasible for many farmers. Thus, there is a need for a cost-effective, robust automated plant disease detection or classification approach. In this line, various plant disease detection approaches are proposed in the literature. This systematic study provides various Deep Learning-based and Machine Learning-based plant disease detection or classification approaches; 160 diverse research works are considered in this study, which comprises single network models, hybrid models, and also real-time detection approaches. Around 57 studies considered multiple plants, and 103 works considered a single plant. 50 different plant leaf disease datasets are discussed, which include publicly available and publicly unavailable datasets. This study also discusses the various challenges and research gaps in plant disease detection. This study also highlighted the importance of hyperparameters in deep learning. © 2023, The Author(s), under exclusive licence to Springer Nature B.V.
  • No Thumbnail Available
    Item
    Canopy centre-based fuzzy-C-means clustering for enhancement of soil fertility prediction
    (Inderscience Publishers, 2024) Sujatha, M.; Jaidhar, C.D.
    For plants to develop, fertile soil is necessary. Estimating soil parameters based on time change is crucial for enhancing soil fertility. Sentinel-2’s remote sensing technology produces images that can be used to gauge soil parameters. In this study, values for soil parameters such as electrical conductivity, pH, organic carbon, and nitrogen are derived using Sentinel-2 data. In order to increase the clustering accuracy, this study suggests using Canopy centre-based fuzzy-C-means clustering and comparing it to manual labelling and other clustering techniques such as Canopy, density-based, expectation-maximisation, farthest-first, k-means, and fuzzy-C-means clustering, its usefulness is demonstrated. The proposed clustering achieved the highest clustering accuracy of 78.42%. Machine learning-based classifiers were applied to classify soil fertility, including Naive Bayes, support vector machine, decision trees, and random forest (RF). Dataset labelled with the proposed RF clustering classifier achieves a high classification accuracy of 99.69% with ten-fold cross-validation. © 2024 Inderscience Enterprises Ltd.. All rights reserved.
  • No Thumbnail Available
    Item
    Data-driven models for electricity theft and anomalous power consumption detection: a systematic review
    (Springer, 2025) Nayak, R.; Jaidhar, C.D.
    To maintain the effectiveness, dependability, and security of modern energy systems, analyzing and detecting anomalies in energy usage, such as electricity theft and unusual power consumption, is crucial as Smart Grid (SG) technologies become increasingly common. This survey paper comprehensively reviews the literature on energy consumption analysis and detection, focusing on detecting electricity theft and anomalous power consumption. The works that are considered in this paper are classified based on Machine Learning (ML), Deep Learning (DL), and hybrid models, to identify electricity theft and unusual power usage. Privacy preservation-based methodologies in the context of energy consumption research and summarize the survey articles. Furthermore, datasets used in electricity theft and anomalous power consumption detection, applications, challenges, and limitations related to detecting abnormal power usage and electricity theft are also discussed, and suggested future research paths to push the boundaries of this field of work. This survey study offers a thorough overview of current research trends and directions in energy consumption analysis and detection by synthesizing ideas from various studies. It benefits researchers, practitioners, and policymakers in the energy sector. © The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2025.