Faculty Publications

Permanent URI for this communityhttps://idr.nitk.ac.in/handle/123456789/18736

Publications by NITK Faculty

Browse

Filters

2021 - 20244

Settings

Author: search.filters.author.Santhi Thilagam, P.S.Subject: search.filters.subject.Application layers

Search Results

Now showing 1 - 4 of 4
  • No Thumbnail Available
    Item
    Modelling Behavioural Dynamics for Asymmetric Application Layer DDoS Detection
    (Institute of Electrical and Electronics Engineers Inc., 2021) Praseed, A.; Santhi Thilagam, P.S.
    Asymmetric application layer DDoS attacks using computationally intensive HTTP requests are an extremely dangerous class of attacks capable of taking down web servers with relatively few attacking connections. These attacks consume limited network bandwidth and are similar to legitimate traffic, which makes their detection difficult. Existing detection mechanisms for these attacks use indirect representations of actual user behaviour and complex modelling techniques, which leads to a higher false positive rate (FPR) and longer detection time, which makes them unsuitable for real time use. There is a need for simple, efficient and adaptable detection mechanisms for asymmetric DDoS attacks. In this work, an attempt is made to model the actual behavioural dynamics of legitimate users using a simple annotated Probabilistic Timed Automata (PTA) along with a suspicion scoring mechanism for differentiating between legitimate and malicious users. This allows the detection mechanism to be extremely fast and have a low FPR. In addition, the model can incrementally learn from run-time traces, which makes it adaptable and reduces the FPR further. Experiments on public datasets reveal that our proposed approach has a high detection rate and low FPR and adds negligible overhead to the web server, which makes it ideal for real time use. © 2020 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See https://www.ieee.org/publications/rights/index.html for more information.
  • No Thumbnail Available
    Item
    Fuzzy Request Set Modelling for Detecting Multiplexed Asymmetric DDoS Attacks on HTTP/2 servers
    (Elsevier Ltd, 2021) Praseed, A.; Santhi Thilagam, P.S.
    The introduction of HTTP/2 has led to a dramatic change in web traffic. The steady flow of requests in HTTP/1.1 has been replaced by bursts of multiple requests, largely due to the introduction of multiplexing in HTTP/2 which allows users to send multiple requests through a single connection. This feature was introduced in order to reduce the page loading time by multiplexing a web page and its associated resources in a single connection. While this feature has significantly improved user experience, it can be misused to launch sophisticated application layer DDoS attacks against HTTP/2 servers. Instead of the intended use of multiplexing, attackers can force the web server to process multiple random requests simultaneously, leading to increased server usage. The use of computationally intensive requests can further exacerbate the situation. These attacks, called Multiplexed Asymmetric Attacks, pose a dangerous threat to HTTP/2 servers and stem from the lack of verification of the multiplexed requests. In this work, an approach to model an HTTP/2 request set as a fuzzy multiset is presented. The proposed approach uses a combination of relative cardinality and request workload to detect multiplexed AL-DDoS attacks. Experiments on open source datasets demonstrate that the proposed approach is able to detect multiplexed AL-DDoS attacks with an accuracy of around 95%, while maintaining a low False Positive Rate (FPR) of around 3%. © 2021 Elsevier Ltd
  • No Thumbnail Available
    Item
    HTTP request pattern based signatures for early application layer DDoS detection: A firewall agnostic approach
    (Elsevier Ltd, 2022) Praseed, A.; Santhi Thilagam, P.S.
    Application Layer DDoS (AL-DDoS) attacks are an extremely dangerous variety of DDoS attacks that started becoming popular recently. They are executed using very few legitimate requests, making them very difficult to detect. Since they are executed using attack generation tools and botnets, AL-DDoS attacks display similarity within a request stream (temporal similarity) and across request streams (spatial similarity). Once a particular request stream has been detected as malicious by an anomaly detection mechanism (ADM), spatial similarity can help in detecting AL-DDoS attacks much earlier by employing a dynamic signature based approach. In this work, we use HTTP request patterns as signatures to build a firewall agnostic Early Detection Module (EDM) for AL-DDoS attacks. We also propose the use of Sample Entropy instead of the popular Shannon's Entropy to identify AL-DDoS attacks. Sample Entropy is able to model both the frequencies and sequence of data items within a request stream, and is a better indicator of temporal similarity than Shannon's Entropy. In this work, we demonstrate that Sample Entropy can be used effectively to detect AL-DDoS attacks. With a Sample Entropy based anomaly detection mechanism, we demonstrate that the use of EDM significantly reduces the detection latency for AL-DDoS attacks. © 2022 Elsevier Ltd
  • No Thumbnail Available
    Item
    Securing the IoT Application Layer from an MQTT Protocol Perspective: Challenges and Research Prospects
    (Institute of Electrical and Electronics Engineers Inc., 2024) Lakshminarayana, S.; Praseed, A.; Santhi Thilagam, P.S.
    The Internet of Things (IoT) is one of the most promising new millennial technologies, having numerous applications in our surrounding environment. The fundamental goal of an IoT system is to ensure effective communication between users and their devices, which is accomplished through the application layer of IoT. For this reason, the security of protocols employed at the IoT application layer are extremely significant. Message Queuing Telemetry Transport (MQTT) is being widely adopted as the application layer protocol for resource-constrained IoT devices. The reason for the widespread usage of the MQTT protocol in IoT devices is its highly appealing features, such as packet-agnostic communication, high scalability, low power consumption, low implementation cost, fast and reliable message delivery. These capabilities of the MQTT protocol make it a potential and viable target for adversaries. Therefore, we initially emphasize on the emerging MQTT vulnerabilities and provide a classification of identified MQTT vulnerabilities for the IoT paradigm. Then, this paper reviews attacks against the MQTT protocol and the corresponding defense mechanisms for MQTT-based IoT deployments. Furthermore, MQTT attacks are categorized and investigated with reference to crucial characteristics that aid in comprehending how these attacks are carried out. The defense mechanisms are discussed in detail, with a particular focus on techniques for identifying vulnerabilities, detecting and preventing attacks against the MQTT protocol. This work also discloses lessons learned by identifying and providing insightful findings, open challenges, and future research directions. Such a discussion is anticipated to propel more research efforts in this burgeoning area and pave a secure path toward expanding and fully realizing the MQTT protocol in IoT technology. © 2024 IEEE.