Faculty Publications

Permanent URI for this communityhttps://idr.nitk.ac.in/handle/123456789/18736

Publications by NITK Faculty

Browse

Author: search.filters.author.Santhi Thilagam, P.S.Subject: search.filters.subject.Detection

Search Results

Now showing 1 - 4 of 4
  • No Thumbnail Available
    Item
    An effective analysis on intrusion detection systems in wireless mesh networks
    (Institute of Electrical and Electronics Engineers Inc., 2017) Karri, K.G.; Raju, V.P.; Santhi Thilagam, P.S.
    Intrusion Detection Systems(IDSs) are widely used to detect both known attacks and unknown attacks performed by internal and external attackers in wireless networks. However, challenging issues for developing IDSs inWireless Mesh Networks (WMNs) are 1) supporting interoperability and 2) handling volatile parameters. In addition, security standards for WMN are still in draft stage, and to protect the WMN, IDSs of similar wireless networks such as wireless sensor, Ad-Hoc, MANET can be adopted, but the best performance is not guaranteed. In this paper, we have classified the existing IDSs for wireless networks into four categories namely single layer IDS, cross-layer IDS, reputation-based IDS, reputation based cross-layer IDS, and analyzed the performance of these IDSs with core-layer attacks and detection methodology. Based on our analysis, we address the loopholes in existing IDSs and specify research directions for strengthening the existing IDSs and for developing new efficient IDSs with respect to backbone mesh and client mesh networks. © 2017 IEEE.
  • No Thumbnail Available
    Item
    DDoS attacks at the application layer: Challenges and research perspectives for safeguarding web applications
    (Institute of Electrical and Electronics Engineers Inc., 2019) Praseed, A.; Santhi Thilagam, P.S.
    Distributed denial of service (DDoS) attacks are some of the most devastating attacks against Web applications. A large number of these attacks aim to exhaust the network bandwidth of the server, and are called network layer DDoS attacks. They are volumetric attacks and rely on a large volume of network layer packets to throttle the bandwidth. However, as time passed, network infrastructure became more robust and defenses against network layer attacks also became more advanced. Recently, DDoS attacks have started targeting the application layer. Unlike network layer attacks, these attacks can be carried out with a relatively low attack volume. They also utilize legitimate application layer requests, which makes it difficult for existing defense mechanisms to detect them. These attacks target a wide variety of resources at the application layer and can bring a server down much faster, and with much more stealth, than network layer DDoS attacks. Over the past decade, research on application layer DDoS attacks has focused on a few classes of these attacks. This paper attempts to explore the entire spectrum of application layer DDoS attacks using critical features that aid in understanding how these attacks can be executed. defense mechanisms against the different classes of attacks are also discussed with special emphasis on the features that aid in the detection of different classes of attacks. Such a discussion is expected to help researchers understand why a particular group of features are useful in detecting a particular class of attacks. © 2018 IEEE.
  • No Thumbnail Available
    Item
    Fuzzy Request Set Modelling for Detecting Multiplexed Asymmetric DDoS Attacks on HTTP/2 servers
    (Elsevier Ltd, 2021) Praseed, A.; Santhi Thilagam, P.S.
    The introduction of HTTP/2 has led to a dramatic change in web traffic. The steady flow of requests in HTTP/1.1 has been replaced by bursts of multiple requests, largely due to the introduction of multiplexing in HTTP/2 which allows users to send multiple requests through a single connection. This feature was introduced in order to reduce the page loading time by multiplexing a web page and its associated resources in a single connection. While this feature has significantly improved user experience, it can be misused to launch sophisticated application layer DDoS attacks against HTTP/2 servers. Instead of the intended use of multiplexing, attackers can force the web server to process multiple random requests simultaneously, leading to increased server usage. The use of computationally intensive requests can further exacerbate the situation. These attacks, called Multiplexed Asymmetric Attacks, pose a dangerous threat to HTTP/2 servers and stem from the lack of verification of the multiplexed requests. In this work, an approach to model an HTTP/2 request set as a fuzzy multiset is presented. The proposed approach uses a combination of relative cardinality and request workload to detect multiplexed AL-DDoS attacks. Experiments on open source datasets demonstrate that the proposed approach is able to detect multiplexed AL-DDoS attacks with an accuracy of around 95%, while maintaining a low False Positive Rate (FPR) of around 3%. © 2021 Elsevier Ltd
  • No Thumbnail Available
    Item
    Securing the IoT Application Layer from an MQTT Protocol Perspective: Challenges and Research Prospects
    (Institute of Electrical and Electronics Engineers Inc., 2024) Lakshminarayana, S.; Praseed, A.; Santhi Thilagam, P.S.
    The Internet of Things (IoT) is one of the most promising new millennial technologies, having numerous applications in our surrounding environment. The fundamental goal of an IoT system is to ensure effective communication between users and their devices, which is accomplished through the application layer of IoT. For this reason, the security of protocols employed at the IoT application layer are extremely significant. Message Queuing Telemetry Transport (MQTT) is being widely adopted as the application layer protocol for resource-constrained IoT devices. The reason for the widespread usage of the MQTT protocol in IoT devices is its highly appealing features, such as packet-agnostic communication, high scalability, low power consumption, low implementation cost, fast and reliable message delivery. These capabilities of the MQTT protocol make it a potential and viable target for adversaries. Therefore, we initially emphasize on the emerging MQTT vulnerabilities and provide a classification of identified MQTT vulnerabilities for the IoT paradigm. Then, this paper reviews attacks against the MQTT protocol and the corresponding defense mechanisms for MQTT-based IoT deployments. Furthermore, MQTT attacks are categorized and investigated with reference to crucial characteristics that aid in comprehending how these attacks are carried out. The defense mechanisms are discussed in detail, with a particular focus on techniques for identifying vulnerabilities, detecting and preventing attacks against the MQTT protocol. This work also discloses lessons learned by identifying and providing insightful findings, open challenges, and future research directions. Such a discussion is anticipated to propel more research efforts in this burgeoning area and pave a secure path toward expanding and fully realizing the MQTT protocol in IoT technology. © 2024 IEEE.