Faculty Publications

Permanent URI for this communityhttps://idr.nitk.ac.in/handle/123456789/18736

Publications by NITK Faculty

Browse

Author: search.filters.author.Praseed, A.

Search Results

Now showing 1 - 10 of 10
  • No Thumbnail Available
    Item
    Efficient privacy preserving ranked search over encrypted data
    (Institute of Electrical and Electronics Engineers Inc., 2016) Praseed, A.; Sudheesh, R.K.; Chandrasekaran, K.
    Cloud computing and its ever so increasing prominence has rendered it as an unavoidable component for data storage and other data services. The security challenges of storing sensitive data on the cloud is reduced to an extent by the Encryption of data, though in the process of encrypted data search, efficiency is compromised. The encrypted data on the cloud can be retrieved using Searchable Symmetric Encryption (SSE). The current work uses multi-keyword searchable encryption scheme with top-k retrieval to avoid compromises on data privacy occurred by using Order Preserving Encryption schemes. The encryption scheme uses homomorphic encryption and vector space model. The vector space model provides the required search accuracy. The homomorphic encryption allows majority of the computation to be done at the server side while concealing the sensitive data. The user alone can identify the final result of the relevance calculation and request for the actual file. In this paper, phrase searching is included to improve the search results on the encrypted data. To accomplish this we maintain a list of the keyword locations in the encrypted file index. The cloud server, which we assume to be honest-but-curious, operates on these encrypted values and identifies if the words occur in close proximity without knowing the actual locations of these words and the words itself. © 2015 IEEE.
  • No Thumbnail Available
    Item
    DDoS attacks at the application layer: Challenges and research perspectives for safeguarding web applications
    (Institute of Electrical and Electronics Engineers Inc., 2019) Praseed, A.; Santhi Thilagam, P.S.
    Distributed denial of service (DDoS) attacks are some of the most devastating attacks against Web applications. A large number of these attacks aim to exhaust the network bandwidth of the server, and are called network layer DDoS attacks. They are volumetric attacks and rely on a large volume of network layer packets to throttle the bandwidth. However, as time passed, network infrastructure became more robust and defenses against network layer attacks also became more advanced. Recently, DDoS attacks have started targeting the application layer. Unlike network layer attacks, these attacks can be carried out with a relatively low attack volume. They also utilize legitimate application layer requests, which makes it difficult for existing defense mechanisms to detect them. These attacks target a wide variety of resources at the application layer and can bring a server down much faster, and with much more stealth, than network layer DDoS attacks. Over the past decade, research on application layer DDoS attacks has focused on a few classes of these attacks. This paper attempts to explore the entire spectrum of application layer DDoS attacks using critical features that aid in understanding how these attacks can be executed. defense mechanisms against the different classes of attacks are also discussed with special emphasis on the features that aid in the detection of different classes of attacks. Such a discussion is expected to help researchers understand why a particular group of features are useful in detecting a particular class of attacks. © 2018 IEEE.
  • No Thumbnail Available
    Item
    Black-box detection of XQuery injection and parameter tampering vulnerabilities in web applications
    (Springer Verlag service@springer.de, 2018) Deepa, G.; Santhi Thilagam, P.S.; Ahmed Khan, F.A.; Praseed, A.; Pais, A.R.; Palsetia, N.
    As web applications become the most popular way to deliver essential services to customers, they also become attractive targets for attackers. The attackers craft injection attacks in database-driven applications through the user-input fields intended for interacting with the applications. Even though precautionary measures such as user-input sanitization is employed at the client side of the application, the attackers can disable the JavaScript at client side and still inject attacks through HTTP parameters. The injected parameters result in attacks due to improper server-side validation of user input. The injected parameters may either contain malicious SQL/XML commands leading to SQL/XPath/XQuery injection or be invalid input that intend to violate the expected behavior of the web application. The former is known as an injection attack, while the latter is called a parameter tampering attack. While SQL injection has been intensively examined by the research community, limited work has been done so far for identifying XML injection and parameter tampering vulnerabilities. Database-driven web applications today rely on XML databases, as XML has gained rapid acceptance due to the fact that it favors integration of data with other applications and handles diverse information. Hence, this work proposes a black-box fuzzing approach to detect XQuery injection and parameter tampering vulnerabilities in web applications driven by native XML databases. A prototype XiParam is developed and tested on vulnerable applications developed with a native XML database, BaseX, as the backend. The experimental evaluation clearly demonstrates that the prototype is effective against detection of both XQuery injection and parameter tampering vulnerabilities. © 2017, Springer-Verlag Berlin Heidelberg.
  • No Thumbnail Available
    Item
    DetLogic: A black-box approach for detecting logic vulnerabilities in web applications
    (Academic Press, 2018) Deepa, G.; Santhi Thilagam, P.S.; Praseed, A.; Pais, A.R.
    Web applications are subject to attacks by malicious users owing to the fact that the applications are implemented by software developers with insufficient knowledge about secure programming. The implementation flaws arising due to insecure coding practices allow attackers to exploit the application in order to perform adverse actions leading to undesirable consequences. These flaws can be categorized into injection and logic flaws. As large number of tools and solutions are available for addressing injection flaws, the focus of the attackers is shifting towards exploitation of logic flaws. The logic flaws allow attackers to compromise the application-specific functionality against the expectations of the stakeholders, and hence it is important to identify these flaws in order to avoid exploitation. Therefore, a prototype called DetLogic is developed for detecting different types of logic vulnerabilities such as parameter manipulation, access-control, and workflow bypass vulnerabilities in web applications. DetLogic employs black-box approach, and models the intended behavior of the application as an annotated finite state machine, which is subsequently used for deriving constraints related to input parameters, access-control, and workflows. The derived constraints are violated for simulating attack vectors to identify the vulnerabilities. DetLogic is evaluated against benchmark applications and is found to work effectively. © 2018 Elsevier Ltd
  • No Thumbnail Available
    Item
    Multiplexed Asymmetric Attacks: Next-Generation DDoS on HTTP/2 Servers
    (Institute of Electrical and Electronics Engineers Inc., 2020) Praseed, A.; Santhi Thilagam, P.
    Distributed Denial of Service (DDoS) attacks using the HTTP protocol have started gaining popularity in recent years. A recent trend in this direction has been the use of computationally expensive requests to launch attacks. These attacks, called Asymmetric Workload attacks can bring down servers using limited resources, and are extremely difficult to detect. The introduction of HTTP/2 has been welcomed by developers because it improves user experience and efficiency. This was made possible by the ability to transport HTTP requests and their associated inline resources simultaneously by using Multiplexing and Server Push. However multiplexing has made request traffic bursty and rendered DDoS detection mechanisms based on connection limiting obsolete. Contrary to its intention, multiplexing can also be misused to launch sophisticated DDoS attacks using multiple high workload requests in a single TCP connection. However, sufficient research has not been done in this area. Existing research demonstrates that the HTTP/2 protocol allows users to launch DDoS attacks easily, but does not focus on whether an HTTP/2 server can handle DDoS attacks more efficiently or not. Also, sufficient research has not been done on the possibility of Multiplexing and Server Push being misused. In this work, we analyse the performance of an HTTP/2 server compared to an HTTP/1.1 server under an Asymmetric DDoS attack for the same load. We propose a new DDoS attack vector called a Multiplexed Asymmetric DDoS attack, which uses multiplexing in a different way than intended. We show that such an attack can bring down a server with just a few attacking clients. We also show that a Multiplexed Asymmetric Attack on a server with Server Push enabled can trigger an egress network layer flood in addition to an application layer attack. © 2005-2012 IEEE.
  • No Thumbnail Available
    Item
    Modelling Behavioural Dynamics for Asymmetric Application Layer DDoS Detection
    (Institute of Electrical and Electronics Engineers Inc., 2021) Praseed, A.; Santhi Thilagam, P.S.
    Asymmetric application layer DDoS attacks using computationally intensive HTTP requests are an extremely dangerous class of attacks capable of taking down web servers with relatively few attacking connections. These attacks consume limited network bandwidth and are similar to legitimate traffic, which makes their detection difficult. Existing detection mechanisms for these attacks use indirect representations of actual user behaviour and complex modelling techniques, which leads to a higher false positive rate (FPR) and longer detection time, which makes them unsuitable for real time use. There is a need for simple, efficient and adaptable detection mechanisms for asymmetric DDoS attacks. In this work, an attempt is made to model the actual behavioural dynamics of legitimate users using a simple annotated Probabilistic Timed Automata (PTA) along with a suspicion scoring mechanism for differentiating between legitimate and malicious users. This allows the detection mechanism to be extremely fast and have a low FPR. In addition, the model can incrementally learn from run-time traces, which makes it adaptable and reduces the FPR further. Experiments on public datasets reveal that our proposed approach has a high detection rate and low FPR and adds negligible overhead to the web server, which makes it ideal for real time use. © 2020 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See https://www.ieee.org/publications/rights/index.html for more information.
  • No Thumbnail Available
    Item
    Fuzzy Request Set Modelling for Detecting Multiplexed Asymmetric DDoS Attacks on HTTP/2 servers
    (Elsevier Ltd, 2021) Praseed, A.; Santhi Thilagam, P.S.
    The introduction of HTTP/2 has led to a dramatic change in web traffic. The steady flow of requests in HTTP/1.1 has been replaced by bursts of multiple requests, largely due to the introduction of multiplexing in HTTP/2 which allows users to send multiple requests through a single connection. This feature was introduced in order to reduce the page loading time by multiplexing a web page and its associated resources in a single connection. While this feature has significantly improved user experience, it can be misused to launch sophisticated application layer DDoS attacks against HTTP/2 servers. Instead of the intended use of multiplexing, attackers can force the web server to process multiple random requests simultaneously, leading to increased server usage. The use of computationally intensive requests can further exacerbate the situation. These attacks, called Multiplexed Asymmetric Attacks, pose a dangerous threat to HTTP/2 servers and stem from the lack of verification of the multiplexed requests. In this work, an approach to model an HTTP/2 request set as a fuzzy multiset is presented. The proposed approach uses a combination of relative cardinality and request workload to detect multiplexed AL-DDoS attacks. Experiments on open source datasets demonstrate that the proposed approach is able to detect multiplexed AL-DDoS attacks with an accuracy of around 95%, while maintaining a low False Positive Rate (FPR) of around 3%. © 2021 Elsevier Ltd
  • No Thumbnail Available
    Item
    HTTP request pattern based signatures for early application layer DDoS detection: A firewall agnostic approach
    (Elsevier Ltd, 2022) Praseed, A.; Santhi Thilagam, P.S.
    Application Layer DDoS (AL-DDoS) attacks are an extremely dangerous variety of DDoS attacks that started becoming popular recently. They are executed using very few legitimate requests, making them very difficult to detect. Since they are executed using attack generation tools and botnets, AL-DDoS attacks display similarity within a request stream (temporal similarity) and across request streams (spatial similarity). Once a particular request stream has been detected as malicious by an anomaly detection mechanism (ADM), spatial similarity can help in detecting AL-DDoS attacks much earlier by employing a dynamic signature based approach. In this work, we use HTTP request patterns as signatures to build a firewall agnostic Early Detection Module (EDM) for AL-DDoS attacks. We also propose the use of Sample Entropy instead of the popular Shannon's Entropy to identify AL-DDoS attacks. Sample Entropy is able to model both the frequencies and sequence of data items within a request stream, and is a better indicator of temporal similarity than Shannon's Entropy. In this work, we demonstrate that Sample Entropy can be used effectively to detect AL-DDoS attacks. With a Sample Entropy based anomaly detection mechanism, we demonstrate that the use of EDM significantly reduces the detection latency for AL-DDoS attacks. © 2022 Elsevier Ltd
  • No Thumbnail Available
    Item
    Hindi fake news detection using transformer ensembles
    (Elsevier Ltd, 2023) Praseed, A.; Rodrigues, J.; Santhi Thilagam, P.S.
    In the past few decades, due to the growth of social networking sites such as Whatsapp and Facebook, information distribution has been at a level never seen before. Knowing the integrity of information has been a long-standing problem, even more so for the regional languages. Regional languages, such as Hindi, raise challenging problems for fake news detection as they tend to be resource constrained. This limits the amount of data available to efficiently train models for these languages. Most of the existing techniques to detect fake news is targeted towards the English language or involves the manual translation of the language to the English language and then proceeding with Deep Learning methods. Pre-trained transformer based models such as BERT are fine-tuned for the task of fake news detection and are commonly employed for detecting fake news. Other pre-trained transformer models, such as ELECTRA and RoBERTa have also been shown to be able to detect fake news in multiple languages after suitable fine-tuning. In this work, we propose a method for detecting fake news in resource constrained languages such as Hindi more efficiently by using an ensemble of pre-trained transformer models, all of which are individually fine-tuned for the task of fake news detection. We demonstrate that the use of such a transformer ensemble consisting of XLM-RoBERTa, mBERT and ELECTRA is able to improve the efficiency of fake news detection in Hindi by overcoming the drawbacks of individual transformer models. © 2022 Elsevier Ltd
  • No Thumbnail Available
    Item
    Securing the IoT Application Layer from an MQTT Protocol Perspective: Challenges and Research Prospects
    (Institute of Electrical and Electronics Engineers Inc., 2024) Lakshminarayana, S.; Praseed, A.; Santhi Thilagam, P.S.
    The Internet of Things (IoT) is one of the most promising new millennial technologies, having numerous applications in our surrounding environment. The fundamental goal of an IoT system is to ensure effective communication between users and their devices, which is accomplished through the application layer of IoT. For this reason, the security of protocols employed at the IoT application layer are extremely significant. Message Queuing Telemetry Transport (MQTT) is being widely adopted as the application layer protocol for resource-constrained IoT devices. The reason for the widespread usage of the MQTT protocol in IoT devices is its highly appealing features, such as packet-agnostic communication, high scalability, low power consumption, low implementation cost, fast and reliable message delivery. These capabilities of the MQTT protocol make it a potential and viable target for adversaries. Therefore, we initially emphasize on the emerging MQTT vulnerabilities and provide a classification of identified MQTT vulnerabilities for the IoT paradigm. Then, this paper reviews attacks against the MQTT protocol and the corresponding defense mechanisms for MQTT-based IoT deployments. Furthermore, MQTT attacks are categorized and investigated with reference to crucial characteristics that aid in comprehending how these attacks are carried out. The defense mechanisms are discussed in detail, with a particular focus on techniques for identifying vulnerabilities, detecting and preventing attacks against the MQTT protocol. This work also discloses lessons learned by identifying and providing insightful findings, open challenges, and future research directions. Such a discussion is anticipated to propel more research efforts in this burgeoning area and pave a secure path toward expanding and fully realizing the MQTT protocol in IoT technology. © 2024 IEEE.