Faculty Publications
Permanent URI for this communityhttps://idr.nitk.ac.in/handle/123456789/18736
Publications by NITK Faculty
Browse
72 results
Search Results
Item Empirical study on features recommended by LSVC in classifying unknown Windows malware(Springer Verlag service@springer.de, 2019) Shiva Darshan, S.L.; Jaidhar, C.D.Modern malware has greatly evolved and become sophisticated with the capability to evade existing detection techniques. To defend against an advanced class of malware, behaviour-based malware detection technique has emerged as an essential complement. The major challenging task in this technique is to identify significant features from the original features’ set. The main objective of this work was to explore the effectiveness of the linear support vector classification (LSVC) in choosing prominent features from an original feature set derived from the Cuckoo sandbox generated behaviour reports. In this work, the proposed malware detection system (MDS) utilizes the Cuckoo sandbox to obtain runtime behaviour report of the Windows executable file to be examined. From the report, features are extracted, and then LSVC is applied onto the extracted features to recognize crucial features, which boost the detection ability of the MDS. The efficiency of the proposed MDS was evaluated using real-world malware samples with tenfold cross-validation tests. The experimental results demonstrated that the proposed MDS is proficient in accurately detecting malware and benign executable files by attaining a detection accuracy of 98.429% with the sequential minimal optimization (SMO) classifier. © Springer Nature Singapore Pte Ltd. 2019Item Multimetrics-based objective function for low-power and lossy networks under mobility(Springer Verlag service@springer.de, 2019) Sanshi, S.; Jaidhar, C.D.Due to the popularity of Low-power and Lossy Networks (LLN), numerous low-power device applications are emerging and driving the need for an efficient routing protocol. Recently, the Internet Engineering Task Force (IETF) standardized the IPv6 Routing Protocol for Low-power and Lossy Networks (RPL). To route the packets, the RPL constructed a Directed Acyclic Graph (DAG) rooted towards the DAG root using the Objective Function (OF). However, the OF supported by the standard RPL did not yield better performance, since it used a single metric. Therefore, an OF based on Multimetrics (MMOF), which combines multiple routing metrics for Static Router Nodes (SRNs) and Mobile Nodes (MNs), has been proposed in this work. From the simulation results, it was observed that the proposed MMOF showed better performance compared with other existing OFs of the RPL. © Springer Nature Singapore Pte Ltd. 2019Item Identifying Humans Through Gait Features(Springer Science and Business Media Deutschland GmbH, 2024) Anusha, R.; Jaidhar, C.D.Achieving robust human identification in visual surveillance is an ongoing and open research challenge in biometrics. In recent years, gait has added attention for its unique benefits when matched to other biometrics. Different gait-challenging conditions hinder the performance of gait recognition systems in real-world scenarios. The only solution to solve these challenges is to develop suitable features using available information sources. Enhancing the gait recognition system’s performance is the goal of this research, with a focus on frontal, speed-invariant, and clothing-invariant recognition. The proposed approaches demonstrate their capabilities through experimental results, outperforming existing methods of gait recognition. The solutions proposed in this paper increase gait recognition performance, making it applicable in real-world scenarios. © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2024.Item An Efficient Infectious Disease Detection in Plants Using Deep Learning(Springer Science and Business Media Deutschland GmbH, 2024) Sunil, C.K.; Jaidhar, C.D.Over the past decade, agriculture has suffered reduced productivity from climate change and improper water, fertilizer, and pesticide use, fueling plant diseases. Pathogens pose the main threat, impacting crop yield and quality. Early detection and targeted treatments are crucial to improve both yield and quality. To address this, we have carried out deep learning-based approaches and published ours works in conferences and journSal. Those works are briefly discussed in the paper as follows: (i) Empirical work on different plant datasets is conducted to analyze the hyperparameters of the neural network. (ii) The research minimizes misclassifications by leveraging an ensemble-based strategy with AlexNet, ResNet, and VGGNet across seven plant leaf image datasets. The complexity of plant disease diagnosis in diverse conditions is tackled through a hybrid deep learning strategy, exemplified in the cardamom plant disease detection approach. (iii) An innovative deep learning-based approach is introduced to precise plant disease detection, crucial in the face of similar symptoms and imbalanced data. The proposed Multilevel Feature Fusion Network (MFFN) incorporates adaptive attention mechanisms, enhancing robustness by considering diverse network features. (iv) With cardamom plant disease classification utilizing U2-Net for background removal and EfficientNetV2 for classification, the network excels the performance on images with complex background, with this generated benchmark dataset with a complex background. This research work produced good results by achieving 99% accuracy on the tomato plant and 98.28% accuracy on the cardamom leaf dataset. © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2024.Item An applicability of AODV and OLSR protocols on IEEE 802. 11p for city road in VANET(Springer Verlag service@springer.de, 2015) Jaiswal, R.K.; Jaidhar, C.D.Vehicular Ad-hoc Network (VANET) improves, makes more safe and comfortable road transportation by using vehicular communication and the Internet. VANET is the subset of Mobile Ad-hoc Network (MANET). Thus, due to their similar characteristics, MANET routing protocols may also be applicable into VANET. Hence, the performance of MANET routing protocols should be evaluated only on IEEE 802. 11p communication standard, which is specifically designed for VANET communication, with urban and non-urban vehicular traffic. This work compares the performance of Ad-hoc On-Demand Distance Vector (AODV) routing protocol with Optimized Link State Routing protocol (OLSR) on two different road network scenarios, particularly a complex road network, which represents the city road network, having multiple crossroad and an intersection of two roads. We used two distinct simulators such as Vehicular Ad-hoc Networks Mobility Simulator (VANETMOBISIM), to simulate the city road network and vehicular traffic in an area of 700mx700m and NS-2. 35 network simulator to simulate the communication network. AODV and OLSR performances are assessed on different transmission range, i. e. 250m and 500m with four different data generation rate of 512, 1024, 1536 and 2048 Kbps. The primary goal of this work is to do an assessment to scrutinize the applicability of AODV and OLSR protocols in VANET with different traffic scenario and transmission ranges of IEEE 802. 11p standard. © Springer International Publishing Switzerland 2015.Item Virtual machine introspection based spurious process detection in virtualized cloud computing environment(Institute of Electrical and Electronics Engineers Inc., 2015) M.a, M.A.; Jaidhar, C.D.Virtual Machines are prime target for adversary to take control by exploiting the identified vulnerability present in it. Due to increasing number of Advanced Persistent Attacks such as malware, rootkit, spyware etc., virtual machine protection is highly challenging task. The key element of Advanced Persistent Threat is rootkit that provides stealthy control of underlining Operating System (kernel). Protecting individual guest operating system by using antivirus and commercial security defense mechanism is cost effective and ineffective for virtualized environment. To solve this problem, Virtual Machine Introspection has emerged as one of the promising approaches to secure the state of the virtual machine. Virtual Machine Introspection inspects the state of multiple virtual machines by operating outside the virtual machine i.e. at hypervisor level. In this work, Virtual Machine Introspection based malicious process detection approach is proposed. It extracts the high level information such as system call details, opened known backdoor ports from introspected memory to identify the spurious process. It triggers an alert in response to detected intrusion. © 2015 IEEE.Item Comparative study of Principal Component Analysis based Intrusion Detection approach using machine learning algorithms(Institute of Electrical and Electronics Engineers Inc., 2015) Chabathula, K.J.; Jaidhar, C.D.; M.a, M.A.This paper induces the prominence of variegated machine learning techniques adapted so far for the identifying different network attacks and suggests a preferable Intrusion Detection System (IDS) with the available system resources while optimizing the speed and accuracy. With booming number of intruders and hackers in todays vast and sophisticated computerized world, it is unceasingly challenging to identify unknown attacks in promising time with no false positive and no false negative. Principal Component Analysis (PCA) curtails the amount of data to be compared by reducing their dimensions prior to classification that results in reduction of detection time. In this paper, PCA is adopted to reduce higher dimension dataset to lower dimension dataset. It is accomplished by converting network packet header fields into a vector then PCA applied over high dimensional dataset to reduce the dimension. The reduced dimension dataset is tested with Support Vector Machines (SVM), K-Nearest Neighbors (KNN), J48 Tree algorithm, Random Forest Tree classification algorithm, Adaboost algorihm, Nearest Neighbors generalized Exemplars algorithm, Navebayes probabilistic classifier and Voting Features Interval classification algorithm. Obtained results demonstrates detection accuracy, computational efficiency with minimal false alarms, less system resources utilization. Experimental results are compared with respect to detection rate and detection time and found that TREE classification algorithms achieved superior results over other algorithms. The whole experiment is conducted by using KDD99 data set. © 2015 IEEE.Item Hypervisor and virtual machine dependent Intrusion Detection and Prevention System for virtualized cloud environment(Institute of Electrical and Electronics Engineers Inc., 2015) M.a, M.A.; Jaidhar, C.D.Cloud Computing enabled by virtualization technology exhibits revolutionary change in IT Infrastructure. Hypervisor is a pillar of virtualization and it allows sharing of resources to virtual machines. Vulnerabilities present in virtual machine leveraged by an attacker to launch the advanced persistent attacks such as stealthy rootkit, Trojan, Denial of Service (DoS) and Distributed Denial of Service (DDoS) attack etc. Virtual Machines are prime target for malignant cloud user or an attacker to launch attacks as they are easily available for rent from Cloud Service Provider (CSP). Attacks on virtual machine can disrupt the normal operation of cloud infrastructure. In order to secure the virtual environment, defence mechanism is highly imperative at each virtual machine to identify the attacks occurring at virtual machine in timely manner. This work proposes In-and-Out-of-the-Box Virtual Machine and Hypervisor based Intrusion Detection and Prevention System for virtualized environment to ensure robust state of the virtual machine by detecting followed by eradicating rootkits as well as other attacks. We conducted experiments using popular open source Host based Intrusion Detection System (HIDS) called Open Source SECurity Event Correlator (OSSEC). Both Linux and windows based rootkits, DoS attack, Files integrity verification test are conducted and they are successfully detected by OSSEC. © 2015 IEEE.Item VMI based automated real-time malware detector for virtualized cloud environment(Springer Verlag service@springer.de, 2016) M.a, M.A.; Jaidhar, C.D.The Virtual Machine Introspection (VMI) has evolved as a promising future security solution to performs an indirect investigation of the untrustworthy Guest Virtual Machine (GVM) in real-time by operating at the hypervisor in a virtualized cloud environment. The existing VMI techniques are not intelligent enough to read precisely the manipulated semantic information on their reconstructed high-level semantic view of the live GVM. In this paper, a VMI-based Automated-Internal- External (A-IntExt) system is presented that seamlessly introspects the untrustworthy Windows GVM internal semantic view (i.e. Processes) to detect the hidden, dead, and malicious processes. Further, it checks the detected, hidden as well as running processes (not hidden) as benign or malicious. The prime component of the A-IntExt is the Intelligent Cross- View Analyzer (ICV A), which is responsible for detecting hidden-state information from internally and externally gathered state information of the Monitored Virtual Machine (Med−VM). The A-IntExt is designed, implemented, and evaluated by using publicly available malware and Windows real-world rootkits to measure detection proficiency as well as execution speed. The experimental results demonstrate that A-IntExt is effective in detecting malicious and hidden-state information rapidly with maximum performance overhead of 7.2 %. © Springer International Publishing AG 2016.Item Execution time measurement of virtual machine volatile artifacts analyzers(IEEE Computer Society help@computer.org, 2016) M.a, M.A.A.; Jaidhar, C.D.Due to a rapid revaluation in a virtualization environment, Virtual Machines (VMs) are target point for an attacker to gain privileged access of the virtual infrastructure. The Advanced Persistent Threats (APTs) such as malware, rootkit, spyware, etc. are more potent to bypass the existing defense mechanisms designed for VM. To address this issue, Virtual Machine Introspection (VMI) emerged as a promising approach that monitors run state of the VM externally from hypervisor. However, limitation of VMI lies with semantic gap. An open source tool called LibVMI address the semantic gap. Memory Forensic Analysis (MFA) tool such as Volatility can also be used to address the semantic gap. But, it needs to capture a memory dump (RAM) as input. Memory dump acquires time and its analysis time is highly crucial if Intrusion Detection System IDS (IDS) depends on the data supplied by FAM or VMI tool. In this work, live virtual machine RAM dump acquire time of LibVMI is measured. In addition, captured memory dump analysis time consumed by Volatility is measured and compared with other memory analyzer such as Rekall. It is observed through experimental results that, Rekall takes more execution time as compared to Volatility for most of the plugins. Further, Volatility and Rekall are compared with LibVMI. It is noticed that examining the volatile data through LibVMI is faster as it eliminates memory dump acquire time. © 2015 IEEE.