-
Shesha: Multi-head Microarchitectural Leakage Discovery in new-generation Intel Processors
Authors:
Anirban Chakraborty,
Nimish Mishra,
Debdeep Mukhopadhyay
Abstract:
Transient execution attacks have been one of the widely explored microarchitectural side channels since the discovery of Spectre and Meltdown. However, much of the research has been driven by manual discovery of new transient paths through well-known speculative events. Although a few attempts exist in literature on automating transient leakage discovery, such tools focus on finding variants of kn…
▽ More
Transient execution attacks have been one of the widely explored microarchitectural side channels since the discovery of Spectre and Meltdown. However, much of the research has been driven by manual discovery of new transient paths through well-known speculative events. Although a few attempts exist in literature on automating transient leakage discovery, such tools focus on finding variants of known transient attacks and explore a small subset of instruction set. Further, they take a random fuzzing approach that does not scale as the complexity of search space increases. In this work, we identify that the search space of bad speculation is disjointedly fragmented into equivalence classes, and then use this observation to develop a framework named Shesha, inspired by Particle Swarm Optimization, which exhibits faster convergence rates than state-of-the-art fuzzing techniques for automatic discovery of transient execution attacks. We then use Shesha to explore the vast search space of extensions to the x86 Instruction Set Architecture (ISAs), thereby focusing on previously unexplored avenues of bad speculation. As such, we report five previously unreported transient execution paths in Instruction Set Extensions (ISEs) on new generation of Intel processors. We then perform extensive reverse engineering of each of the transient execution paths and provide root-cause analysis. Using the discovered transient execution paths, we develop attack building blocks to exhibit exploitable transient windows. Finally, we demonstrate data leakage from Fused Multiply-Add instructions through SIMD buffer and extract victim data from various cryptographic implementations.
△ Less
Submitted 14 June, 2024; v1 submitted 10 June, 2024;
originally announced June 2024.
-
Stealing the Invisible: Unveiling Pre-Trained CNN Models through Adversarial Examples and Timing Side-Channels
Authors:
Shubhi Shukla,
Manaar Alam,
Pabitra Mitra,
Debdeep Mukhopadhyay
Abstract:
Machine learning, with its myriad applications, has become an integral component of numerous technological systems. A common practice in this domain is the use of transfer learning, where a pre-trained model's architecture, readily available to the public, is fine-tuned to suit specific tasks. As Machine Learning as a Service (MLaaS) platforms increasingly use pre-trained models in their backends,…
▽ More
Machine learning, with its myriad applications, has become an integral component of numerous technological systems. A common practice in this domain is the use of transfer learning, where a pre-trained model's architecture, readily available to the public, is fine-tuned to suit specific tasks. As Machine Learning as a Service (MLaaS) platforms increasingly use pre-trained models in their backends, it's crucial to safeguard these architectures and understand their vulnerabilities. In this work, we present an approach based on the observation that the classification patterns of adversarial images can be used as a means to steal the models. Furthermore, the adversarial image classifications in conjunction with timing side channels can lead to a model stealing method. Our approach, designed for typical user-level access in remote MLaaS environments exploits varying misclassifications of adversarial images across different models to fingerprint several renowned Convolutional Neural Network (CNN) and Vision Transformer (ViT) architectures. We utilize the profiling of remote model inference times to reduce the necessary adversarial images, subsequently decreasing the number of queries required. We have presented our results over 27 pre-trained models of different CNN and ViT architectures using CIFAR-10 dataset and demonstrate a high accuracy of 88.8% while keeping the query budget under 20.
△ Less
Submitted 19 February, 2024;
originally announced February 2024.
-
Carry Your Fault: A Fault Propagation Attack on Side-Channel Protected LWE-based KEM
Authors:
Suparna Kundu,
Siddhartha Chowdhury,
Sayandeep Saha,
Angshuman Karmakar,
Debdeep Mukhopadhyay,
Ingrid Verbauwhede
Abstract:
Post-quantum cryptographic (PQC) algorithms, especially those based on the learning with errors (LWE) problem, have been subjected to several physical attacks in the recent past. Although the attacks broadly belong to two classes - passive side-channel attacks and active fault attacks, the attack strategies vary significantly due to the inherent complexities of such algorithms. Exploring further a…
▽ More
Post-quantum cryptographic (PQC) algorithms, especially those based on the learning with errors (LWE) problem, have been subjected to several physical attacks in the recent past. Although the attacks broadly belong to two classes - passive side-channel attacks and active fault attacks, the attack strategies vary significantly due to the inherent complexities of such algorithms. Exploring further attack surfaces is, therefore, an important step for eventually securing the deployment of these algorithms. Also, it is important to test the robustness of the already proposed countermeasures in this regard. In this work, we propose a new fault attack on side-channel secure masked implementation of LWE-based key-encapsulation mechanisms (KEMs) exploiting fault propagation. The attack typically originates due to an algorithmic modification widely used to enable masking, namely the Arithmetic-to-Boolean (A2B) conversion. We exploit the data dependency of the adder carry chain in A2B and extract sensitive information, albeit masking (of arbitrary order) being present. As a practical demonstration of the exploitability of this information leakage, we show key recovery attacks of Kyber, although the leakage also exists for other schemes like Saber. The attack on Kyber targets the decapsulation module and utilizes Belief Propagation (BP) for key recovery. To the best of our knowledge, it is the first attack exploiting an algorithmic component introduced to ease masking rather than only exploiting the randomness introduced by masking to obtain desired faults (as done by Delvaux). Finally, we performed both simulated and electromagnetic (EM) fault-based practical validation of the attack for an open-source first-order secure Kyber implementation running on an STM32 platform.
△ Less
Submitted 25 January, 2024;
originally announced January 2024.
-
On the Amplification of Cache Occupancy Attacks in Randomized Cache Architectures
Authors:
Anirban Chakraborty,
Nimish Mishra,
Sayandeep Saha,
Sarani Bhattacharya,
Debdeep Mukhopadhyay
Abstract:
In this work, we explore the applicability of cache occupancy attacks and the implications of secured cache design rationales on such attacks. In particular, we show that one of the well-known cache randomization schemes, MIRAGE, touted to be resilient against eviction-based attacks, amplifies the chances of cache occupancy attack, making it more vulnerable compared to contemporary designs. We lev…
▽ More
In this work, we explore the applicability of cache occupancy attacks and the implications of secured cache design rationales on such attacks. In particular, we show that one of the well-known cache randomization schemes, MIRAGE, touted to be resilient against eviction-based attacks, amplifies the chances of cache occupancy attack, making it more vulnerable compared to contemporary designs. We leverage MIRAGE's global eviction property to demonstrate covert channel with byte-level granularity, with far less cache occupancy requirement (just $10\%$ of LLC) than other schemes. For instance, ScatterCache (a randomisation scheme with lesser security guarantees than MIRAGE) and generic set-associative caches require $40\%$ and $30\%$ cache occupancy, respectively, to exhibit covert communication. Furthermore, we extend our attack vectors to include side-channel, template-based fingerprinting of workloads in a cross-core setting. We demonstrate the potency of such fingerprinting on both inhouse LLC simulator as well as on SPEC2017 workloads on gem5. Finally, we pinpoint implementation inconsistencies in MIRAGE's publicly available gem5 artifact which motivates a re-evaluation of the performance statistics of MIRAGE with respect to ScatterCache and baseline set-associative cache. We find MIRAGE, in reality, performs worse than what is previously reported in literature, a concern that should be addressed in successor generations of secured caches.
△ Less
Submitted 8 October, 2023;
originally announced October 2023.
-
A short note on the paper `Are Randomized Caches Really Random?'
Authors:
Anirban Chakraborty,
Sarani Bhattacharya,
Sayandeep Saha,
Debdeep Mukhopadhyay
Abstract:
In this paper, we analyse the results and claims presented in the paper \emph{`Are Randomized Caches Truly Random? Formal Analysis of Randomized Partitioned Caches'}, presented at HPCA conference 2023. In addition, we also analyse the applicability of `Bucket and Ball' analytical model presented in MIRAGE (Usenix Security 2021) for its security estimation. We put forth the fallacies in the origina…
▽ More
In this paper, we analyse the results and claims presented in the paper \emph{`Are Randomized Caches Truly Random? Formal Analysis of Randomized Partitioned Caches'}, presented at HPCA conference 2023. In addition, we also analyse the applicability of `Bucket and Ball' analytical model presented in MIRAGE (Usenix Security 2021) for its security estimation. We put forth the fallacies in the original bucket and ball model and discuss its implications. Finally, we demonstrate a cache occupancy attack on MIRAGE with just $10\%$ of total cache capacity and extend the framework to establish a covert channel and a template-based fingerprinting attack.
△ Less
Submitted 3 April, 2023;
originally announced April 2023.
-
Resisting Adversarial Attacks in Deep Neural Networks using Diverse Decision Boundaries
Authors:
Manaar Alam,
Shubhajit Datta,
Debdeep Mukhopadhyay,
Arijit Mondal,
Partha Pratim Chakrabarti
Abstract:
The security of deep learning (DL) systems is an extremely important field of study as they are being deployed in several applications due to their ever-improving performance to solve challenging tasks. Despite overwhelming promises, the deep learning systems are vulnerable to crafted adversarial examples, which may be imperceptible to the human eye, but can lead the model to misclassify. Protecti…
▽ More
The security of deep learning (DL) systems is an extremely important field of study as they are being deployed in several applications due to their ever-improving performance to solve challenging tasks. Despite overwhelming promises, the deep learning systems are vulnerable to crafted adversarial examples, which may be imperceptible to the human eye, but can lead the model to misclassify. Protections against adversarial perturbations on ensemble-based techniques have either been shown to be vulnerable to stronger adversaries or shown to lack an end-to-end evaluation. In this paper, we attempt to develop a new ensemble-based solution that constructs defender models with diverse decision boundaries with respect to the original model. The ensemble of classifiers constructed by (1) transformation of the input by a method called Split-and-Shuffle, and (2) restricting the significant features by a method called Contrast-Significant-Features are shown to result in diverse gradients with respect to adversarial attacks, which reduces the chance of transferring adversarial examples from the original to the defender model targeting the same class. We present extensive experimentations using standard image classification datasets, namely MNIST, CIFAR-10 and CIFAR-100 against state-of-the-art adversarial attacks to demonstrate the robustness of the proposed ensemble-based defense. We also evaluate the robustness in the presence of a stronger adversary targeting all the models within the ensemble simultaneously. Results for the overall false positives and false negatives have been furnished to estimate the overall performance of the proposed methodology.
△ Less
Submitted 18 August, 2022;
originally announced August 2022.
-
On the Evaluation of User Privacy in Deep Neural Networks using Timing Side Channel
Authors:
Shubhi Shukla,
Manaar Alam,
Sarani Bhattacharya,
Debdeep Mukhopadhyay,
Pabitra Mitra
Abstract:
Recent Deep Learning (DL) advancements in solving complex real-world tasks have led to its widespread adoption in practical applications. However, this opportunity comes with significant underlying risks, as many of these models rely on privacy-sensitive data for training in a variety of applications, making them an overly-exposed threat surface for privacy violations. Furthermore, the widespread…
▽ More
Recent Deep Learning (DL) advancements in solving complex real-world tasks have led to its widespread adoption in practical applications. However, this opportunity comes with significant underlying risks, as many of these models rely on privacy-sensitive data for training in a variety of applications, making them an overly-exposed threat surface for privacy violations. Furthermore, the widespread use of cloud-based Machine-Learning-as-a-Service (MLaaS) for its robust infrastructure support has broadened the threat surface to include a variety of remote side-channel attacks. In this paper, we first identify and report a novel data-dependent timing side-channel leakage (termed Class Leakage) in DL implementations originating from non-constant time branching operation in a widely used DL framework PyTorch. We further demonstrate a practical inference-time attack where an adversary with user privilege and hard-label black-box access to an MLaaS can exploit Class Leakage to compromise the privacy of MLaaS users. DL models are vulnerable to Membership Inference Attack (MIA), where an adversary's objective is to deduce whether any particular data has been used while training the model. In this paper, as a separate case study, we demonstrate that a DL model secured with differential privacy (a popular countermeasure against MIA) is still vulnerable to MIA against an adversary exploiting Class Leakage. We develop an easy-to-implement countermeasure by making a constant-time branching operation that alleviates the Class Leakage and also aids in mitigating MIA. We have chosen two standard benchmarking image classification datasets, CIFAR-10 and CIFAR-100 to train five state-of-the-art pre-trained DL models, over two different computing environments having Intel Xeon and Intel i7 processors to validate our approach.
△ Less
Submitted 17 February, 2024; v1 submitted 1 August, 2022;
originally announced August 2022.
-
HENRI: High Efficiency Negotiation-based Robust Interface for Multi-party Multi-issue Negotiation over the Internet
Authors:
Saurabh Deochake,
Shashank Kanth,
Subhadip Chakraborty,
Suresh Sarode,
Vidyasagar Potdar,
Debajyoti Mukhopadhyay
Abstract:
This paper proposes a framework for a full fledged negotiation system that allows multi party multi issue negotiation. It focuses on the negotiation protocol to be observed and provides a platform for concurrent and independent negotiation on individual issues using the concept of multi threading. It depicts the architecture of an agent detailing its components. The paper sets forth a hierarchical…
▽ More
This paper proposes a framework for a full fledged negotiation system that allows multi party multi issue negotiation. It focuses on the negotiation protocol to be observed and provides a platform for concurrent and independent negotiation on individual issues using the concept of multi threading. It depicts the architecture of an agent detailing its components. The paper sets forth a hierarchical pattern for the multiple issues concerning every party. The system also provides enhancements such as the time-to-live counters for every advertisement, refinement of utility considering non-functional attributes, prioritization of issues, by assigning weights to issues.
△ Less
Submitted 4 February, 2022;
originally announced February 2022.
-
A Class of $(n, k, r, t)_i$ LRCs Via Parity Check Matrix
Authors:
Deep Mukhopadhyay,
Sanjit Bhowmick,
Kalyan Hansda,
Satya Bagchi
Abstract:
A code is called $(n, k, r, t)$ information symbol locally repairable code \big($(n, k, r, t)_i$ LRC\big) if each information coordinate can be achieved by at least $t$ disjoint repair sets, containing at most $r$ other coordinates. This paper considers a class of $(n, k, r, t)_i$ LRCs, where each repair set contains exactly one parity coordinate. We explore the systematic code in terms of the sta…
▽ More
A code is called $(n, k, r, t)$ information symbol locally repairable code \big($(n, k, r, t)_i$ LRC\big) if each information coordinate can be achieved by at least $t$ disjoint repair sets, containing at most $r$ other coordinates. This paper considers a class of $(n, k, r, t)_i$ LRCs, where each repair set contains exactly one parity coordinate. We explore the systematic code in terms of the standard parity check matrix. First, some structural features of the parity check matrix are proposed by showing some connections with the membership matrix and the minimum distance optimality of the code. Next to that, parity check matrix based proofs of various bounds associated with the code are placed. In addition to this, we provide several constructions of optimal $(n, k, r, t)_i$ LRCs, with the help of two Cayley tables of a finite field. Finally, we generalize a result of $q$-ary $(n, k, r)$ LRCs to $q$-ary $(n, k, r, t)$ LRCs.
△ Less
Submitted 24 August, 2022; v1 submitted 10 December, 2021;
originally announced December 2021.
-
PARL: Enhancing Diversity of Ensemble Networks to Resist Adversarial Attacks via Pairwise Adversarially Robust Loss Function
Authors:
Manaar Alam,
Shubhajit Datta,
Debdeep Mukhopadhyay,
Arijit Mondal,
Partha Pratim Chakrabarti
Abstract:
The security of Deep Learning classifiers is a critical field of study because of the existence of adversarial attacks. Such attacks usually rely on the principle of transferability, where an adversarial example crafted on a surrogate classifier tends to mislead the target classifier trained on the same dataset even if both classifiers have quite different architecture. Ensemble methods against ad…
▽ More
The security of Deep Learning classifiers is a critical field of study because of the existence of adversarial attacks. Such attacks usually rely on the principle of transferability, where an adversarial example crafted on a surrogate classifier tends to mislead the target classifier trained on the same dataset even if both classifiers have quite different architecture. Ensemble methods against adversarial attacks demonstrate that an adversarial example is less likely to mislead multiple classifiers in an ensemble having diverse decision boundaries. However, recent ensemble methods have either been shown to be vulnerable to stronger adversaries or shown to lack an end-to-end evaluation. This paper attempts to develop a new ensemble methodology that constructs multiple diverse classifiers using a Pairwise Adversarially Robust Loss (PARL) function during the training procedure. PARL utilizes gradients of each layer with respect to input in every classifier within the ensemble simultaneously. The proposed training procedure enables PARL to achieve higher robustness against black-box transfer attacks compared to previous ensemble methods without adversely affecting the accuracy of clean examples. We also evaluate the robustness in the presence of white-box attacks, where adversarial examples are crafted using parameters of the target classifier. We present extensive experiments using standard image classification datasets like CIFAR-10 and CIFAR-100 trained using standard ResNet20 classifier against state-of-the-art adversarial attacks to demonstrate the robustness of the proposed ensemble methodology.
△ Less
Submitted 9 December, 2021;
originally announced December 2021.
-
Abductive Inference and C. S. Peirce: 150 Years Later
Authors:
Deep Mukhopadhyay
Abstract:
This paper is about two things: (i) Charles Sanders Peirce (1837-1914) -- an iconoclastic philosopher and polymath who is among the greatest of American minds. (ii) Abductive inference -- a term coined by C. S. Peirce, which he defined as "the process of forming explanatory hypotheses. It is the only logical operation which introduces any new idea."
Abductive inference and quantitative economics…
▽ More
This paper is about two things: (i) Charles Sanders Peirce (1837-1914) -- an iconoclastic philosopher and polymath who is among the greatest of American minds. (ii) Abductive inference -- a term coined by C. S. Peirce, which he defined as "the process of forming explanatory hypotheses. It is the only logical operation which introduces any new idea."
Abductive inference and quantitative economics: Abductive inference plays a fundamental role in empirical scientific research as a tool for discovery and data analysis. Heckman and Singer (2017) strongly advocated "Economists should abduct." Arnold Zellner (2007) stressed that "much greater emphasis on reductive [abductive] inference in teaching econometrics, statistics, and economics would be desirable." But currently, there are no established theory or practical tools that can allow an empirical analyst to abduct. This paper attempts to fill this gap by introducing new principles and concrete procedures to the Economics and Statistics community. I termed the proposed approach as Abductive Inference Machine (AIM).
The historical Peirce's experiment: In 1872, Peirce conducted a series of experiments to determine the distribution of response times to an auditory stimulus, which is widely regarded as one of the most significant statistical investigations in the history of nineteenth-century American mathematical research (Stigler, 1978). On the 150th anniversary of this historical experiment, we look back at the Peircean-style abductive inference through a modern statistical lens. Using Peirce's data, it is shown how empirical analysts can abduct in a systematic and automated manner using AIM.
△ Less
Submitted 2 February, 2023; v1 submitted 15 November, 2021;
originally announced November 2021.
-
Permutation Invariance of Deep Neural Networks with ReLUs
Authors:
Diganta Mukhopadhyay,
Kumar Madhukar,
Mandayam Srivas
Abstract:
Consider a deep neural network (DNN) that is being used to suggest the direction in which an aircraft must turn to avoid a possible collision with an intruder aircraft. Informally, such a network is well-behaved if it asks the own ship to turn right (left) when an intruder approaches from the left (right). Consider another network that takes four inputs -- the cards dealt to the players in a game…
▽ More
Consider a deep neural network (DNN) that is being used to suggest the direction in which an aircraft must turn to avoid a possible collision with an intruder aircraft. Informally, such a network is well-behaved if it asks the own ship to turn right (left) when an intruder approaches from the left (right). Consider another network that takes four inputs -- the cards dealt to the players in a game of contract bridge -- and decides which team can bid game. Loosely speaking, if you exchange the hands of partners (north and south, or east and west), the decision would not change. However, it will change if, say, you exchange north's hand with east. This permutation invariance property, for certain permutations at input and output layers, is central to the correctness and robustness of these networks.
This paper proposes a sound, abstraction-based technique to establish permutation invariance in DNNs with ReLU as the activation function. The technique computes an over-approximation of the reachable states, and an under-approximation of the safe states, and propagates this information across the layers, both forward and backward. The novelty of our approach lies in a useful tie-class analysis, that we introduce for forward propagation, and a scalable 2-polytope under-approximation method that escapes the exponential blow-up in the number of regions during backward propagation.
An experimental comparison shows the efficiency of our algorithm over that of verifying permutation invariance as a two-safety property (using FFNN verification over two copies of the network).
△ Less
Submitted 18 October, 2021;
originally announced October 2021.
-
Deep-Lock: Secure Authorization for Deep Neural Networks
Authors:
Manaar Alam,
Sayandeep Saha,
Debdeep Mukhopadhyay,
Sandip Kundu
Abstract:
Trained Deep Neural Network (DNN) models are considered valuable Intellectual Properties (IP) in several business models. Prevention of IP theft and unauthorized usage of such DNN models has been raised as of significant concern by industry. In this paper, we address the problem of preventing unauthorized usage of DNN models by proposing a generic and lightweight key-based model-locking scheme, wh…
▽ More
Trained Deep Neural Network (DNN) models are considered valuable Intellectual Properties (IP) in several business models. Prevention of IP theft and unauthorized usage of such DNN models has been raised as of significant concern by industry. In this paper, we address the problem of preventing unauthorized usage of DNN models by proposing a generic and lightweight key-based model-locking scheme, which ensures that a locked model functions correctly only upon applying the correct secret key. The proposed scheme, known as Deep-Lock, utilizes S-Boxes with good security properties to encrypt each parameter of a trained DNN model with secret keys generated from a master key via a key scheduling algorithm. The resulting dense network of encrypted weights is found robust against model fine-tuning attacks. Finally, Deep-Lock does not require any intervention in the structure and training of the DNN models, making it applicable for all existing software and hardware implementations of DNN.
△ Less
Submitted 18 February, 2024; v1 submitted 13 August, 2020;
originally announced August 2020.
-
Skip to Secure: Securing Cyber-physical Control Loops with Intentionally Skipped Executions
Authors:
Sunandan Adhikary,
Ipsita Koley,
Sumana Ghosh,
Saurav Kumar Ghosh,
Soumyajit Dey,
Debdeep Mukhopadhyay
Abstract:
We consider the problem of provably securing a given control loop implementation in the presence of adversarial interventions on data exchange between plant and controller. Such interventions can be thwarted using continuously operating monitoring systems and also cryptographic techniques, both of which consume network and computational resources. We provide a principled approach for intentional s…
▽ More
We consider the problem of provably securing a given control loop implementation in the presence of adversarial interventions on data exchange between plant and controller. Such interventions can be thwarted using continuously operating monitoring systems and also cryptographic techniques, both of which consume network and computational resources. We provide a principled approach for intentional skipping of control loop executions which may qualify as a useful control theoretic countermeasure against stealthy attacks which violate message integrity and authenticity. As is evident from our experiments, such a control theoretic counter-measure helps in lowering the cryptographic security measure overhead and resulting resource consumption in Control Area Network (CAN) based automotive CPS without compromising performance and safety.
△ Less
Submitted 16 July, 2020;
originally announced July 2020.
-
An Agent-based Cloud Service Negotiation in Hybrid Cloud Computing
Authors:
Saurabh Deochake,
Debajyoti Mukhopadhyay
Abstract:
With the advent of evolution of cloud computing, large organizations have been scaling the on-premise IT infrastructure to the cloud. Although this being a popular practice, it lacks comprehensive efforts to study the aspects of automated negotiation of resources among cloud customers and providers. This paper proposes a full-fledged framework for the multi-party, multi-issue negotiation system fo…
▽ More
With the advent of evolution of cloud computing, large organizations have been scaling the on-premise IT infrastructure to the cloud. Although this being a popular practice, it lacks comprehensive efforts to study the aspects of automated negotiation of resources among cloud customers and providers. This paper proposes a full-fledged framework for the multi-party, multi-issue negotiation system for cloud resources. It introduces a robust cloud marketplace system to buy and sell cloud resources. The Belief-Desire-Intention (BDI) model-based cloud customer and provider agents concurrently negotiate on multiple issues, pursuing a hybrid tactic of time and resource-based dynamic deadline algorithms to generate offers and counter-offers. The cloud marketplace-based system is further augmented with the assignment of behavior norm score and reputation index to the agents to establish trust among them.
△ Less
Submitted 16 June, 2020;
originally announced June 2020.
-
RAPPER: Ransomware Prevention via Performance Counters
Authors:
Manaar Alam,
Sayan Sinha,
Sarani Bhattacharya,
Swastika Dutta,
Debdeep Mukhopadhyay,
Anupam Chattopadhyay
Abstract:
Ransomware can produce direct and controllable economic loss, which makes it one of the most prominent threats in cyber security. As per the latest statistics, more than half of malwares reported in Q1 of 2017 are ransomwares and there is a potent threat of a novice cybercriminals accessing ransomware-as-a-service. The concept of public-key based data kidnapping and subsequent extortion was introd…
▽ More
Ransomware can produce direct and controllable economic loss, which makes it one of the most prominent threats in cyber security. As per the latest statistics, more than half of malwares reported in Q1 of 2017 are ransomwares and there is a potent threat of a novice cybercriminals accessing ransomware-as-a-service. The concept of public-key based data kidnapping and subsequent extortion was introduced in 1996. Since then, variants of ransomware emerged with different cryptosystems and larger key sizes, the underlying techniques remained same. Though there are works in literature which proposes a generic framework to detect the crypto ransomwares, we present a two step unsupervised detection tool which when suspects a process activity to be malicious, issues an alarm for further analysis to be carried in the second step and detects it with minimal traces. The two step detection framework- RAPPER uses Artificial Neural Network and Fast Fourier Transformation to develop a highly accurate, fast and reliable solution to ransomware detection using minimal trace points. We also introduce a special detection module for successful identification of disk encryption processes from potential ransomware operations, both having similar characteristics but with different objective. We provide a comprehensive solution to tackle almost all scenarios (standard benchmark, disk encryption and regular high computational processes) pertaining to the crypto ransomwares in light of software security.
△ Less
Submitted 3 April, 2020;
originally announced April 2020.
-
Formal Synthesis of Monitoring and Detection Systems for Secure CPS Implementations
Authors:
Ipsita Koley,
Saurav Kumar Ghosh,
Soumyajit Dey,
Debdeep Mukhopadhyay,
Amogh Kashyap K N,
Sachin Kumar Singh,
Lavanya Lokesh,
Jithin Nalu Purakkal,
Nishant Sinha
Abstract:
We consider the problem of securing a given control loop implementation of a cyber-physical system (CPS) in the presence of Man-in-the-Middle attacks on data exchange between plant and controller over a compromised network. To this end, there exist various detection schemes that provide mathematical guarantees against such attacks for the theoretical control model. However, such guarantees may not…
▽ More
We consider the problem of securing a given control loop implementation of a cyber-physical system (CPS) in the presence of Man-in-the-Middle attacks on data exchange between plant and controller over a compromised network. To this end, there exist various detection schemes that provide mathematical guarantees against such attacks for the theoretical control model. However, such guarantees may not hold for the actual control software implementation. In this article, we propose a formal approach towards synthesizing attack detectors with varying thresholds which can prevent performance degrading stealthy attacks while minimizing false alarms.
△ Less
Submitted 27 February, 2020;
originally announced February 2020.
-
Towards Secure Composition of Integrated Circuits and Electronic Systems: On the Role of EDA
Authors:
Johann Knechtel,
Elif Bilge Kavun,
Francesco Regazzoni,
Annelie Heuser,
Anupam Chattopadhyay,
Debdeep Mukhopadhyay,
Soumyajit Dey,
Yunsi Fei,
Yaacov Belenky,
Itamar Levi,
Tim Güneysu,
Patrick Schaumont,
Ilia Polian
Abstract:
Modern electronic systems become evermore complex, yet remain modular, with integrated circuits (ICs) acting as versatile hardware components at their heart. Electronic design automation (EDA) for ICs has focused traditionally on power, performance, and area. However, given the rise of hardware-centric security threats, we believe that EDA must also adopt related notions like secure by design and…
▽ More
Modern electronic systems become evermore complex, yet remain modular, with integrated circuits (ICs) acting as versatile hardware components at their heart. Electronic design automation (EDA) for ICs has focused traditionally on power, performance, and area. However, given the rise of hardware-centric security threats, we believe that EDA must also adopt related notions like secure by design and secure composition of hardware. Despite various promising studies, we argue that some aspects still require more efforts, for example: effective means for compilation of assumptions and constraints for security schemes, all the way from the system level down to the "bare metal"; modeling, evaluation, and consideration of security-relevant metrics; or automated and holistic synthesis of various countermeasures, without inducing negative cross-effects. In this paper, we first introduce hardware security for the EDA community. Next we review prior (academic) art for EDA-driven security evaluation and implementation of countermeasures. We then discuss strategies and challenges for advancing research and development toward secure composition of circuits and systems.
△ Less
Submitted 27 January, 2020;
originally announced January 2020.
-
ExplFrame: Exploiting Page Frame Cache for Fault Analysis of Block Ciphers
Authors:
Anirban Chakraborty,
Sarani Bhattacharya,
Sayandeep Saha,
Debdeep Mukhopadhyay
Abstract:
Page Frame Cache (PFC) is a purely software cache, present in modern Linux based operating systems (OS), which stores the page frames that are recently being released by the processes running on a particular CPU. In this paper, we show that the page frame cache can be maliciously exploited by an adversary to steer the pages of a victim process to some pre-decided attacker-chosen locations in the m…
▽ More
Page Frame Cache (PFC) is a purely software cache, present in modern Linux based operating systems (OS), which stores the page frames that are recently being released by the processes running on a particular CPU. In this paper, we show that the page frame cache can be maliciously exploited by an adversary to steer the pages of a victim process to some pre-decided attacker-chosen locations in the memory. We practically demonstrate an end-to-end attack, ExplFrame, where an attacker having only user-level privilege is able to force a victim process's memory pages to vulnerable locations in DRAM and deterministically conduct Rowhammer to induce faults. We further show that these faults can be exploited for extracting the secret key of table-based block cipher implementations. As a case study, we perform a full-key recovery on OpenSSL AES by Rowhammer-induced single bit faults in the T-tables. We propose an improvised fault analysis technique which can exploit any Rowhammer-induced bit-flips in the AES T-tables.
△ Less
Submitted 12 February, 2020; v1 submitted 30 May, 2019;
originally announced May 2019.
-
Enhancing Fault Tolerance of Neural Networks for Security-Critical Applications
Authors:
Manaar Alam,
Arnab Bag,
Debapriya Basu Roy,
Dirmanto Jap,
Jakub Breier,
Shivam Bhasin,
Debdeep Mukhopadhyay
Abstract:
Neural Networks (NN) have recently emerged as backbone of several sensitive applications like automobile, medical image, security, etc. NNs inherently offer Partial Fault Tolerance (PFT) in their architecture; however, the biased PFT of NNs can lead to severe consequences in applications like cryptography and security critical scenarios. In this paper, we propose a revised implementation which enh…
▽ More
Neural Networks (NN) have recently emerged as backbone of several sensitive applications like automobile, medical image, security, etc. NNs inherently offer Partial Fault Tolerance (PFT) in their architecture; however, the biased PFT of NNs can lead to severe consequences in applications like cryptography and security critical scenarios. In this paper, we propose a revised implementation which enhances the PFT property of NN significantly with detailed mathematical analysis. We evaluated the performance of revised NN considering both software and FPGA implementation for a cryptographic primitive like AES SBox. The results show that the PFT of NNs can be significantly increased with the proposed methodology.
△ Less
Submitted 5 February, 2019;
originally announced February 2019.
-
A 0.16pJ/bit Recurrent Neural Network Based PUF for Enhanced Machine Learning Atack Resistance
Authors:
Nimesh Shah,
Manaar Alam,
Durga Prasad Sahoo,
Debdeep Mukhopadhyay,
Arindam Basu
Abstract:
Physically Unclonable Function (PUF) circuits are finding widespread use due to increasing adoption of IoT devices. However, the existing strong PUFs such as Arbiter PUFs (APUF) and its compositions are susceptible to machine learning (ML) attacks because the challenge-response pairs have a linear relationship. In this paper, we present a Recurrent-Neural-Network PUF (RNN-PUF) which uses a combina…
▽ More
Physically Unclonable Function (PUF) circuits are finding widespread use due to increasing adoption of IoT devices. However, the existing strong PUFs such as Arbiter PUFs (APUF) and its compositions are susceptible to machine learning (ML) attacks because the challenge-response pairs have a linear relationship. In this paper, we present a Recurrent-Neural-Network PUF (RNN-PUF) which uses a combination of feedback and XOR function to significantly improve resistance to ML attack, without significant reduction in the reliability. ML attack is also partly reduced by using a shared comparator with offset-cancellation to remove bias and save power. From simulation results, we obtain ML attack accuracy of 62% for different ML algorithms, while reliability stays above 93%. This represents a 33.5% improvement in our Figure-of-Merit. Power consumption is estimated to be 12.3uW with energy/bit of ~ 0.16pJ.
△ Less
Submitted 13 December, 2018;
originally announced December 2018.
-
How Secure are Deep Learning Algorithms from Side-Channel based Reverse Engineering?
Authors:
Manaar Alam,
Debdeep Mukhopadhyay
Abstract:
Deep Learning algorithms have recently become the de-facto paradigm for various prediction problems, which include many privacy-preserving applications like online medical image analysis. Presumably, the privacy of data in a deep learning system is a serious concern. There have been several efforts to analyze and exploit the information leakages from deep learning architectures to compromise data…
▽ More
Deep Learning algorithms have recently become the de-facto paradigm for various prediction problems, which include many privacy-preserving applications like online medical image analysis. Presumably, the privacy of data in a deep learning system is a serious concern. There have been several efforts to analyze and exploit the information leakages from deep learning architectures to compromise data privacy. In this paper, however, we attempt to provide an evaluation strategy for such information leakages through deep neural network architectures by considering a case study on Convolutional Neural Network (CNN) based image classifier. The approach takes the aid of low-level hardware information, provided by Hardware Performance Counters (HPCs), during the execution of a CNN classifier and a simple hypothesis testing in order to produce an alarm if there exists any information leakage on the actual input.
△ Less
Submitted 13 November, 2018;
originally announced November 2018.
-
Testability Analysis of PUFs Leveraging Correlation-Spectra in Boolean Functions
Authors:
Durba Chatterjee,
Aritra Hazra,
Debdeep Mukhopadhyay
Abstract:
Testability of digital ICs rely on the principle of controllability and observability. Adopting conventional techniques like scan-chains open up avenues for attacks, and hence cannot be adopted in a straight-forward manner for security chips. Furthermore, testing becomes incredibly challenging for the promising class of hardware security primitives, called PUFs, which offer unique properties like…
▽ More
Testability of digital ICs rely on the principle of controllability and observability. Adopting conventional techniques like scan-chains open up avenues for attacks, and hence cannot be adopted in a straight-forward manner for security chips. Furthermore, testing becomes incredibly challenging for the promising class of hardware security primitives, called PUFs, which offer unique properties like unclonability, unpredictibility, uniformity, uniqueness, and yet easily computable. However, the definition of PUF itself poses a challenge on test engineers, simply because it has no golden response for a given input, often called challenge. In this paper, we develop a novel test strategy considering that the fabrication of a batch of $N>1$ PUFs is equivalent to drawing random instances of Boolean mappings. We hence model the PUFs as black-box Boolean functions of dimension $m\times1$, and show combinatorially that random designs of such functions exhibit correlation-spectra which can be used to characterize random and thus {\em good} designs of PUFs. We first develop theoretical results to quantize the correlation values, and subsequently the expected number of pairs of such Boolean functions which should belong to a given spectra. In addition to this, we show through extensive experimental results that a randomly chosen sample of such PUFs also resemble the correlation-spectra property of the overall PUF population. Interestingly, we show through experimental results on $50$ FPGAs that when the PUFs are infected by faults the usual randomness tests for the PUF outputs such as uniformity, fail to detect any aberration. However, the spectral-pattern is clearly shown to get affected, which we demonstrate by standard statistical tools. We finally propose a systematic testing framework for the evaluation of PUFs by observing the correlation-spectra of the PUF instances under test.
△ Less
Submitted 20 October, 2018;
originally announced October 2018.
-
Adversarial Attacks and Defences: A Survey
Authors:
Anirban Chakraborty,
Manaar Alam,
Vishal Dey,
Anupam Chattopadhyay,
Debdeep Mukhopadhyay
Abstract:
Deep learning has emerged as a strong and efficient framework that can be applied to a broad spectrum of complex learning problems which were difficult to solve using the traditional machine learning techniques in the past. In the last few years, deep learning has advanced radically in such a way that it can surpass human-level performance on a number of tasks. As a consequence, deep learning is b…
▽ More
Deep learning has emerged as a strong and efficient framework that can be applied to a broad spectrum of complex learning problems which were difficult to solve using the traditional machine learning techniques in the past. In the last few years, deep learning has advanced radically in such a way that it can surpass human-level performance on a number of tasks. As a consequence, deep learning is being extensively used in most of the recent day-to-day applications. However, security of deep learning systems are vulnerable to crafted adversarial examples, which may be imperceptible to the human eye, but can lead the model to misclassify the output. In recent times, different types of adversaries based on their threat model leverage these vulnerabilities to compromise a deep learning system where adversaries have high incentives. Hence, it is extremely important to provide robustness to deep learning algorithms against these adversaries. However, there are only a few strong countermeasures which can be used in all types of attack scenarios to design a robust deep learning system. In this paper, we attempt to provide a detailed discussion on different types of adversarial attacks with various threat models and also elaborate the efficiency and challenges of recent countermeasures against them.
△ Less
Submitted 28 September, 2018;
originally announced October 2018.
-
Cryptographically Secure Multi-Tenant Provisioning of FPGAs
Authors:
Arnab Bag,
Sikhar Patranabis,
Debapriya Basu Roy,
Debdeep Mukhopadhyay
Abstract:
FPGAs (Field Programmable Gate arrays) have gained massive popularity today as accelerators for a variety of workloads, including big data analytics, and parallel and distributed computing. This has fueled the study of mechanisms to provision FPGAs among multiple tenants as general purpose computing resources on the cloud. Such mechanisms offer new challenges, such as ensuring IP protection and bi…
▽ More
FPGAs (Field Programmable Gate arrays) have gained massive popularity today as accelerators for a variety of workloads, including big data analytics, and parallel and distributed computing. This has fueled the study of mechanisms to provision FPGAs among multiple tenants as general purpose computing resources on the cloud. Such mechanisms offer new challenges, such as ensuring IP protection and bitstream confidentiality for mutually distrusting clients sharing the same FPGA. A direct adoption of existing IP protection techniques from the single tenancy setting do not completely address these challenges, and are also not scalable enough for practical deployment. In this paper, we propose a dedicated and scalable framework for secure multi-tenant FPGA provisioning that can be easily integrated into existing cloud-based infrastructures such as OpenStack. Our technique has constant resource/memory overhead irrespective of the number of tenants sharing a given FPGA, and is provably secure under well-studied cryptographic assumptions. A prototype implementation of our proposition on Xilinx Virtex-7 UltraScale FPGAs is presented to validate its overheads and scalability when supporting multiple tenants and workloads. To the best of our knowledge, this is the first FPGA provisioning framework to be prototyped that achieves a desirable balance between security and scalability in the multi-tenancy setting.
△ Less
Submitted 22 February, 2018; v1 submitted 12 February, 2018;
originally announced February 2018.
-
RAPPER: Ransomware Prevention via Performance Counters
Authors:
Manaar Alam,
Sarani Bhattacharya,
Debdeep Mukhopadhyay,
Anupam Chattopadhyay
Abstract:
Ransomware can produce direct and controllable economic loss, which makes it one of the most prominent threats in cyber security. As per the latest statistics, more than half of malwares reported in Q1 of 2017 are ransomware and there is a potent threat of a novice cybercriminals accessing rasomware-as-a-service. The concept of public-key based data kidnapping and subsequent extortion was introduc…
▽ More
Ransomware can produce direct and controllable economic loss, which makes it one of the most prominent threats in cyber security. As per the latest statistics, more than half of malwares reported in Q1 of 2017 are ransomware and there is a potent threat of a novice cybercriminals accessing rasomware-as-a-service. The concept of public-key based data kidnapping and subsequent extortion was introduced in 1996. Since then, variants of ransomware emerged with different cryptosystems and larger key sizes though, the underlying techniques remained same. Though there are works in literature which proposes a generic framework to detect the crypto ransomwares, we present a two step unsupervised detection tool which when suspects a process activity to be malicious, issues an alarm for further analysis to be carried in the second step and detects it with minimal traces. The two step detection framework- RAPPER uses Artificial Neural Network and Fast Fourier Transformation to develop a highly accurate, fast and reliable solution to ransomware detection using minimal trace points.
△ Less
Submitted 12 February, 2018;
originally announced February 2018.
-
A Survey of Classification Techniques in the Area of Big Data
Authors:
Praful Koturwar,
Sheetal Girase,
Debajyoti Mukhopadhyay
Abstract:
Big Data concern large-volume, growing data sets that are complex and have multiple autonomous sources. Earlier technologies were not able to handle storage and processing of huge data thus Big Data concept comes into existence. This is a tedious job for users unstructured data. So, there should be some mechanism which classify unstructured data into organized form which helps user to easily acces…
▽ More
Big Data concern large-volume, growing data sets that are complex and have multiple autonomous sources. Earlier technologies were not able to handle storage and processing of huge data thus Big Data concept comes into existence. This is a tedious job for users unstructured data. So, there should be some mechanism which classify unstructured data into organized form which helps user to easily access required data. Classification techniques over big transactional database provide required data to the users from large datasets more simple way. There are two main classification techniques, supervised and unsupervised. In this paper we focused on to study of different supervised classification techniques. Further this paper shows a advantages and limitations.
△ Less
Submitted 25 March, 2015;
originally announced March 2015.
-
Role of Matrix Factorization Model in Collaborative Filtering Algorithm: A Survey
Authors:
Dheeraj kumar Bokde,
Sheetal Girase,
Debajyoti Mukhopadhyay
Abstract:
Recommendation Systems apply Information Retrieval techniques to select the online information relevant to a given user. Collaborative Filtering is currently most widely used approach to build Recommendation System. CF techniques uses the user behavior in form of user item ratings as their information source for prediction. There are major challenges like sparsity of rating matrix and growing natu…
▽ More
Recommendation Systems apply Information Retrieval techniques to select the online information relevant to a given user. Collaborative Filtering is currently most widely used approach to build Recommendation System. CF techniques uses the user behavior in form of user item ratings as their information source for prediction. There are major challenges like sparsity of rating matrix and growing nature of data which is faced by CF algorithms. These challenges are been well taken care by Matrix Factorization. In this paper we attempt to present an overview on the role of different MF model to address the challenges of CF algorithms, which can be served as a roadmap for research in this area.
△ Less
Submitted 25 March, 2015;
originally announced March 2015.
-
User Profiling Trends, Techniques and Applications
Authors:
Sumitkumar Kanoje,
Sheetal Girase,
Debajyoti Mukhopadhyay
Abstract:
The Personalization of information has taken recommender systems at a very high level. With personalization these systems can generate user specific recommendations accurately and efficiently. User profiling helps personalization, where information retrieval is done to personalize a scenario which maintains a separate user profile for individual user. The main objective of this paper is to explore…
▽ More
The Personalization of information has taken recommender systems at a very high level. With personalization these systems can generate user specific recommendations accurately and efficiently. User profiling helps personalization, where information retrieval is done to personalize a scenario which maintains a separate user profile for individual user. The main objective of this paper is to explore this field of personalization in context of user profiling, to help researchers make aware of the user profiling. Various trends, techniques and Applications have been discussed in paper which will fulfill this motto.
△ Less
Submitted 25 March, 2015;
originally announced March 2015.
-
A Survey on Backup of Data on Remote Server
Authors:
Manali Raje,
Debajyoti Mukhopadhyay
Abstract:
Large amount of electronic data is generated in Cloud computing every day. Efficient maintenance of this data requires proper services. Hence a method to collect data securely, by protecting and developing backups is mentioned. The Objective is to provide Auto Response Server, better solutions for data backup and restoring using Cloud. Data can be collected and sent to a centralized repository in…
▽ More
Large amount of electronic data is generated in Cloud computing every day. Efficient maintenance of this data requires proper services. Hence a method to collect data securely, by protecting and developing backups is mentioned. The Objective is to provide Auto Response Server, better solutions for data backup and restoring using Cloud. Data can be collected and sent to a centralized repository in a platform independent format without any network consideration. This data can then be used according to the requirement. The purpose of this particular Remote Backup Server is to collect information from any remote location even if network connectivity is not available at that point of time and provide proper services as well as to recover data in case of loss.
△ Less
Submitted 25 March, 2015;
originally announced March 2015.
-
An Item-Based Collaborative Filtering using Dimensionality Reduction Techniques on Mahout Framework
Authors:
Dheeraj kumar Bokde,
Sheetal Girase,
Debajyoti Mukhopadhyay
Abstract:
Collaborative Filtering is the most widely used prediction technique in Recommendation System. Most of the current CF recommender systems maintains single criteria user rating in user item matrix. However, recent studies indicate that recommender system depending on multi criteria can improve prediction and accuracy levels of recommendation by considering the user preferences in multi aspects of i…
▽ More
Collaborative Filtering is the most widely used prediction technique in Recommendation System. Most of the current CF recommender systems maintains single criteria user rating in user item matrix. However, recent studies indicate that recommender system depending on multi criteria can improve prediction and accuracy levels of recommendation by considering the user preferences in multi aspects of items. This gives birth to Multi Criteria Collaborative Filtering. In MC CF users provide the rating on multiple aspects of an item in new dimensions,thereby increasing the size of rating matrix, sparsity and scalability problem. Appropriate dimensionality reduction techniques are thus needed to take care of these challenges to reduce the dimension of user item rating matrix to improve the prediction accuracy and efficiency of CF recommender system. The process of dimensionality reduction maps the high dimensional input space into lower dimensional space. Thus, the objective of this paper is to propose an efficient MC CF algorithm using dimensionality reduction technique to improve the recommendation quality and prediction accuracy. Dimensionality reduction techniques such as Singular Value Decomposition and Principal Component Analysis are used to solve the scalability and alleviate the sparsity problems in overall rating. The proposed MC CF approach will be implemented using Apache Mahout, which allows processing of massive dataset stored in distributed/non-distributed file system.
△ Less
Submitted 23 March, 2015;
originally announced March 2015.
-
Algorithm for Back-up and Authentication of Data Stored on Cloud
Authors:
Manali Raje,
Debajyoti Mukhopadhyay
Abstract:
Everyday a huge amount of data is generated in Cloud Computing. The maintenance of this electronic data needs some extremely efficient services. There is a need to properly collect this data, check for its authenticity and develop proper backups is needed. The Objective of this paper is to provide Response Server, some solution for the backup of data and its restoration, using the Cloud. Thecollec…
▽ More
Everyday a huge amount of data is generated in Cloud Computing. The maintenance of this electronic data needs some extremely efficient services. There is a need to properly collect this data, check for its authenticity and develop proper backups is needed. The Objective of this paper is to provide Response Server, some solution for the backup of data and its restoration, using the Cloud. Thecollection of the data is to be done from the client and then the data should be sent to a central location. This process is a platform independent one. The data can then be used as required. The Remote Backup Server facilitates the collection of information from any remote location and provides services to recover the data in case of loss. The authentication of the user is done by using the Asymmetric key algorithm which will in turn leads to the authentication of the data.
△ Less
Submitted 23 March, 2015;
originally announced March 2015.
-
User Profiling for Recommendation System
Authors:
Sumitkumar Kanoje,
Sheetal Girase,
Debajyoti Mukhopadhyay
Abstract:
Recommendation system is a type of information filtering systems that recommend various objects from a vast variety and quantity of items which are of the user interest. This results in guiding an individual in personalized way to interesting or useful objects in a large space of possible options. Such systems also help many businesses to achieve more profits to sustain in their filed against thei…
▽ More
Recommendation system is a type of information filtering systems that recommend various objects from a vast variety and quantity of items which are of the user interest. This results in guiding an individual in personalized way to interesting or useful objects in a large space of possible options. Such systems also help many businesses to achieve more profits to sustain in their filed against their rivals. But looking at the amount of information which a business holds it becomes difficult to identify the items of user interest. Therefore personalization or user profiling is one of the challenging tasks that give access to user relevant information which can be used in solving the difficult task of classification and ranking items according to an individuals interest. Profiling can be done in various ways such assupervised or unsupervised, individual or group profiling, distributive or and non distributive profiling. Our focus in this paper will be on the dataset which we will use, we identify some interesting facts by using Weka Tool that can be used for recommending the items from dataset. Our aim is to present a novel technique to achieve user profiling in recommendation system.
△ Less
Submitted 23 March, 2015;
originally announced March 2015.
-
Using MongoDB for Social Networking Website
Authors:
Sumitkumar Kanoje,
Varsha Powar,
Debajyoti Mukhopadhyay
Abstract:
Social media is a biggest successful buzzword used in the recent time. Its success opened various opportunities for the developers. Developing any application requires storage of large data into databases. Many databases are available for the developers, Choosing the right one make development easier. MongoDB is a cross platform document oriented, schema-less database eschewed the traditional tabl…
▽ More
Social media is a biggest successful buzzword used in the recent time. Its success opened various opportunities for the developers. Developing any application requires storage of large data into databases. Many databases are available for the developers, Choosing the right one make development easier. MongoDB is a cross platform document oriented, schema-less database eschewed the traditional table based relational database structure in favor of JSON like documents. This article discusses various pros and cons encountered with the use of the MongoDB so that developers would be helped while choosing it wisely.
△ Less
Submitted 23 March, 2015;
originally announced March 2015.
-
Analyzing Web Application Log Files to Find Hit Count Through the Utilization of Hadoop MapReduce in Cloud Computing Environment
Authors:
Sayalee Narkhede,
Trupti Baraskar,
Debajyoti Mukhopadhyay
Abstract:
MapReduce has been widely applied in various fields of data and compute intensive applications and also it is important programming model for cloud computing. Hadoop is an open-source implementation of MapReduce which operates on terabytes of data using commodity hardware. We have applied this Hadoop MapReduce programming model for analyzing web log files so that we could get hit count of specific…
▽ More
MapReduce has been widely applied in various fields of data and compute intensive applications and also it is important programming model for cloud computing. Hadoop is an open-source implementation of MapReduce which operates on terabytes of data using commodity hardware. We have applied this Hadoop MapReduce programming model for analyzing web log files so that we could get hit count of specific web application. This system uses Hadoop file system to store log file and results are evaluated using Map and Reduce function. Experimental results show hit count for each field in log file. Also due to MapReduce runtime parallelization response time is reduced.
△ Less
Submitted 27 November, 2014;
originally announced November 2014.
-
Modified Apriori Approach for Evade Network Intrusion Detection System
Authors:
Laxmi Lahoti,
Chaitali Chandankhede,
Debajyoti Mukhopadhyay
Abstract:
Intrusion Detection System or IDS is a software or hardware tool that repeatedly scans and monitors events that took place in a computer or a network. A set of rules are used by Signature based Network Intrusion Detection Systems or NIDS to detect hostile traffic in network segments or packets, which are so important in detecting malicious and anomalous behaviour over the network like known attack…
▽ More
Intrusion Detection System or IDS is a software or hardware tool that repeatedly scans and monitors events that took place in a computer or a network. A set of rules are used by Signature based Network Intrusion Detection Systems or NIDS to detect hostile traffic in network segments or packets, which are so important in detecting malicious and anomalous behaviour over the network like known attacks that hackers look for new techniques to go unseen. Sometime, a single failure at any layer will cause the NIDS to miss that attack. To overcome this problem, a technique is used that will trigger a failure in that layer. Such technique is known as Evasive technique. An Evasion can be defined as any technique that modifies a visible attack into any other form in order to stay away from being detect. The proposed system is used for detecting attacks which are going on the network and also gives actual categorization of attacks. The proposed system has advantage of getting low false alarm rate and high detection rate. So that leads into decrease in complexity and overhead on the system. The paper presents the Evasion technique for customized apriori algorithm. The paper aims to make a new functional structure to evade NIDS. This framework can be used to audit NIDS. This framework shows that a proof of concept showing how to evade a self built NIDS considering two publicly available datasets.
△ Less
Submitted 25 November, 2014;
originally announced November 2014.
-
Addressing NameNode Scalability Issue in Hadoop Distributed File System using Cache Approach
Authors:
Debajyoti Mukhopadhyay,
Chetan Agrawal,
Devesh Maru,
Pooja Yedale,
Pranav Gadekar
Abstract:
Hadoop is a distributed batch processing infrastructure which is currently being used for big data management. The foundation of Hadoop consists of Hadoop Distributed File System or HDFS. HDFS presents a client server architecture comprised of a NameNode and many DataNodes. The NameNode stores the metadata for the DataNodes and DataNode stores application data. The NameNode holds file system metad…
▽ More
Hadoop is a distributed batch processing infrastructure which is currently being used for big data management. The foundation of Hadoop consists of Hadoop Distributed File System or HDFS. HDFS presents a client server architecture comprised of a NameNode and many DataNodes. The NameNode stores the metadata for the DataNodes and DataNode stores application data. The NameNode holds file system metadata in memory, and thus the limit to the number of files in a file system is governed by the amount of memory on the NameNode. Thus when the memory on NameNode is full there is no further chance of increasing the cluster capacity. In this paper we have used the concept of cache memory for handling the issue of NameNode scalability. The focus of this paper is to highlight our approach that tries to enhance the current architecture and ensure that NameNode does not reach its threshold value soon.
△ Less
Submitted 25 November, 2014;
originally announced November 2014.
-
Efficient Fuzzy Search Engine with B-Tree Search Mechanism
Authors:
Simran Bijral,
Debajyoti Mukhopadhyay
Abstract:
Search engines play a vital role in day to day life on internet. People use search engines to find content on internet. Cloud computing is the computing concept in which data is stored and accessed with the help of a third party server called as cloud. Data is not stored locally on our machines and the softwares and information are provided to user if user demands for it. Search queries are the mo…
▽ More
Search engines play a vital role in day to day life on internet. People use search engines to find content on internet. Cloud computing is the computing concept in which data is stored and accessed with the help of a third party server called as cloud. Data is not stored locally on our machines and the softwares and information are provided to user if user demands for it. Search queries are the most important part in searching data on internet. A search query consists of one or more than one keywords. A search query is searched from the database for exact match, and the traditional searchable schemes do not tolerate minor typos and format inconsistencies, which happen quite frequently. This drawback makes the existing techniques unsuitable and they offer very low efficiency. In this paper, we will for the first time formulate the problem of effective fuzzy search by introducing tree search methodologies. We will explore the benefits of B trees in search mechanism and use them to have an efficient keyword search. We have taken into consideration the security analysis strictly so as to get a secure and privacy-preserving system.
△ Less
Submitted 25 November, 2014;
originally announced November 2014.
-
Securing the Data in Clouds with Hyperelliptic Curve Cryptography
Authors:
Debajyoti Mukhopadhyay,
Ashay Shirwadkar,
Pratik Gaikar,
Tanmay Agrawal
Abstract:
In todays world, Cloud computing has attracted research communities as it provides services in reduced cost due to virtualizing all the necessary resources. Even modern business architecture depends upon Cloud computing .As it is a internet based utility, which provides various services over a network, it is prone to network based attacks. Hence security in clouds is the most important in case of…
▽ More
In todays world, Cloud computing has attracted research communities as it provides services in reduced cost due to virtualizing all the necessary resources. Even modern business architecture depends upon Cloud computing .As it is a internet based utility, which provides various services over a network, it is prone to network based attacks. Hence security in clouds is the most important in case of cloud computing. Cloud Security concerns the customer to fully rely on storing data on clouds. That is why Cloud security has attracted attention of the research community. This paper will discuss securing the data in clouds by implementing key agreement, encryption and signature verification/generation with hyperelliptic curve cryptography.
△ Less
Submitted 25 November, 2014;
originally announced November 2014.
-
Mobile Agent based Market Basket Analysis on Cloud
Authors:
Vijayata Waghmare,
Debajyoti Mukhopadhyay
Abstract:
This paper describes the design and development of a location-based mobile shopping application for bakery product shops. Whole application is deployed on cloud. The three-tier architecture consists of, front-end, middle-ware and back-end. The front-end level is a location-based mobile shopping application for android mobile devices, for purchasing bakery products of nearby places. Front-end level…
▽ More
This paper describes the design and development of a location-based mobile shopping application for bakery product shops. Whole application is deployed on cloud. The three-tier architecture consists of, front-end, middle-ware and back-end. The front-end level is a location-based mobile shopping application for android mobile devices, for purchasing bakery products of nearby places. Front-end level also displays association among the purchased products. The middle-ware level provides a web service to generate JSON (JavaScript Object Notation) output from the relational database. It exchanges information and data between mobile application and servers in cloud. The back-end level provides the Apache Tomcat Web server and MySQL database. The application also uses the Google Cloud Messaging for generating and sending notification of orders to shopkeeper.
△ Less
Submitted 25 November, 2014;
originally announced November 2014.
-
A Tool to Automate the Sizing of Application Process for SOA based Platform
Authors:
Debajyoti Mukhopadhyay,
Juhi Jariwala,
Payal Innani,
Sheetal Bablani,
Sushama Kothawale
Abstract:
Service Oriented Architecture is a loosely coupled architecture designed to tackle the problem of Business Infrastructure alignment to meet the needs of an organization. A SOA based platform enables the enterprises to develop applications in the form of independent services. To provide scalable service interactions, there is a need to maintain services performance and have a good sizing guideline…
▽ More
Service Oriented Architecture is a loosely coupled architecture designed to tackle the problem of Business Infrastructure alignment to meet the needs of an organization. A SOA based platform enables the enterprises to develop applications in the form of independent services. To provide scalable service interactions, there is a need to maintain services performance and have a good sizing guideline of the underlying software platform. Sizing aids in finding the optimum resources required to configure and implement a system that would satisfy the requirements of Business Process Integration being planned. A web based Sizing Tool prototype is developed using Java Application Programming Interfaces to automate the process of sizing the applications deployed on SOA platform that not only scales the performance of the system but also predicts its business growth in the future.
△ Less
Submitted 25 November, 2014;
originally announced November 2014.
-
An Alternate Approach for Designing a Domain Specific Image Search Prototype Using Histogram
Authors:
Sukanta Sinha,
Rana Dattagupta,
Debajyoti Mukhopadhyay
Abstract:
Everyone knows that thousand of words are represented by a single image. As a result image search has become a very popular mechanism for the Web searchers. Image search means, the search results are produced by the search engine should be a set of images along with their Web page Unified Resource Locator. Now Web searcher can perform two types of image search, they are Text to Image and Image to…
▽ More
Everyone knows that thousand of words are represented by a single image. As a result image search has become a very popular mechanism for the Web searchers. Image search means, the search results are produced by the search engine should be a set of images along with their Web page Unified Resource Locator. Now Web searcher can perform two types of image search, they are Text to Image and Image to Image search. In Text to Image search, search query should be a text. Based on the input text data system will generate a set of images along with their Web page URL as an output. On the other hand, in Image to Image search, search query should be an image and based on this image system will generate a set of images along with their Web page URL as an output. According to the current scenarios, Text to Image search mechanism always not returns perfect result. It matches the text data and then displays the corresponding images as an output, which is not always perfect. To resolve this problem, Web researchers have introduced the Image to Image search mechanism. In this paper, we have also proposed an alternate approach of Image to Image search mechanism using Histogram.
△ Less
Submitted 28 November, 2013;
originally announced January 2014.
-
A Proposal for the Characterization of Multi-Dimensional Inter-relationships of RDF Graphs Based on Set Theoretic Approach
Authors:
Ayan Chakraborty,
Shiladitya Munshi,
Debajyoti Mukhopadhyay
Abstract:
In this paper a Set Theoretic approach has been reported for analyzing inter-relationship between any numbers of RDF Graphs. An RDF Graph represents triples in Resource Description Format of semantic web. So the identification and characterization of criteria for inter-relationship of RDF Graphs shows a new road in semantic search. Using set theoretic approach, a sound framing criteria can be desi…
▽ More
In this paper a Set Theoretic approach has been reported for analyzing inter-relationship between any numbers of RDF Graphs. An RDF Graph represents triples in Resource Description Format of semantic web. So the identification and characterization of criteria for inter-relationship of RDF Graphs shows a new road in semantic search. Using set theoretic approach, a sound framing criteria can be designed that examine whether two RDF Graphs are related and if yes, how these relationships could be described with formal set theory. Along with this, by introducing RDF Schema, the inter-relationship status is refined into n-dimensional induced relationships.
△ Less
Submitted 27 November, 2013;
originally announced December 2013.
-
QoS Based Framework for Effective Web Services in Cloud Computing
Authors:
Debajyoti Mukhopadhyay,
Falguni J. Chathly,
Nagesh N. Jadhav
Abstract:
Enhancements in technology always follow Consumer requirements. Consumer requires best of service with least possible mismatch and on time. Numerous applications available today are based on Web Services and Cloud Computing. Recently, there exist many Web Services with similar functional characteristics. Choosing a right Service from group of similar Web Service is a complicated task for Service C…
▽ More
Enhancements in technology always follow Consumer requirements. Consumer requires best of service with least possible mismatch and on time. Numerous applications available today are based on Web Services and Cloud Computing. Recently, there exist many Web Services with similar functional characteristics. Choosing a right Service from group of similar Web Service is a complicated task for Service Consumer. In that case, Service Consumer can discover the required Web Service using non functional attributes of the Web Services such as QoS. Proposed layered architecture and Web Service Cloud i.e.WS Cloud computing Framework synthesizes the Non functional attributes that includes reliability, availability, response time, latency etc. The Service Consumer is projected to provide the QoS requirements as part of Service discovery query. This framework will discover and filter the Web Services form the cloud and rank them according to Service Consumer preferences to facilitate Service on time.
△ Less
Submitted 28 November, 2013;
originally announced November 2013.
-
A Hybrid Web Recommendation System based on the Improved Association Rule Mining Algorithm
Authors:
Ujwala Wanaskar,
Sheetal Vij,
Debajyoti Mukhopadhyay
Abstract:
As the growing interest of web recommendation systems those are applied to deliver customized data for their users, we started working on this system. Generally the recommendation systems are divided into two major categories such as collaborative recommendation system and content based recommendation system. In case of collaborative recommen-dation systems, these try to seek out users who share s…
▽ More
As the growing interest of web recommendation systems those are applied to deliver customized data for their users, we started working on this system. Generally the recommendation systems are divided into two major categories such as collaborative recommendation system and content based recommendation system. In case of collaborative recommen-dation systems, these try to seek out users who share same tastes that of given user as well as recommends the websites according to the liking given user. Whereas the content based recommendation systems tries to recommend web sites similar to those web sites the user has liked. In the recent research we found that the efficient technique based on asso-ciation rule mining algorithm is proposed in order to solve the problem of web page recommendation. Major problem of the same is that the web pages are given equal importance. Here the importance of pages changes according to the fre-quency of visiting the web page as well as amount of time user spends on that page. Also recommendation of newly added web pages or the pages those are not yet visited by users are not included in the recommendation set. To over-come this problem, we have used the web usage log in the adaptive association rule based web mining where the asso-ciation rules were applied to personalization. This algorithm was purely based on the Apriori data mining algorithm in order to generate the association rules. However this method also suffers from some unavoidable drawbacks. In this paper we are presenting and investigating the new approach based on weighted Association Rule Mining Algorithm and text mining. This is improved algorithm which adds semantic knowledge to the results, has more efficiency and hence gives better quality and performances as compared to existing approaches.
△ Less
Submitted 27 November, 2013;
originally announced November 2013.
-
Integrating RDF into Hypergraph-Graph (HG(2)) Data Structure
Authors:
Shiladitya Munshi,
Ayan Chakraborty,
Debajyoti Mukhopadhyay
Abstract:
Current paper discusses the methodologies involved in integrating Resource Description Framework into a HyperGraph Graph HG 2 data structure in order to preserve the semantics of the information contained in RDF document for dealing future cross platform information portability issues. The entire semantic web is mostly dominated by few information frameworks like RDF, Topic Map, OWL etc. Hence sem…
▽ More
Current paper discusses the methodologies involved in integrating Resource Description Framework into a HyperGraph Graph HG 2 data structure in order to preserve the semantics of the information contained in RDF document for dealing future cross platform information portability issues. The entire semantic web is mostly dominated by few information frameworks like RDF, Topic Map, OWL etc. Hence semantic web currently faces the problem of non existence of common information meta-model which can integrate them all for ex-panded semantic search. On the background of development of Hyper Graph Graph HG 2 data structure, an RDF document if integrated to it, maintains the original semantics and exposes some critical semantic and object mapping lift as well which could further be exploited for semantic search and information transitional problems. The focus of the paper is to present the mapping constructs between RDF elements and HyperGraph Graph HG 2 elements.
△ Less
Submitted 27 November, 2013;
originally announced November 2013.
-
Theories of Hypergraph-Graph (HG(2)) Data Structure
Authors:
Shiladitya Munshi,
Ayan Chakraborty,
Debajyoti Mukhopadhyay
Abstract:
Current paper introduces a Hypergraph Graph model of data storage which can be represented as a hybrid data structure based on Hypergraph and Graph. The pro-posed data structure is claimed to realize complex combinatorial structures. The formal definition of the data structure is presented along with the proper justification from real world scenarios. The paper reports some elementary concepts of…
▽ More
Current paper introduces a Hypergraph Graph model of data storage which can be represented as a hybrid data structure based on Hypergraph and Graph. The pro-posed data structure is claimed to realize complex combinatorial structures. The formal definition of the data structure is presented along with the proper justification from real world scenarios. The paper reports some elementary concepts of Hypergraph and presents theoretical aspects of the proposed data structure including the concepts of Path, Cycle etc. The detailed analysis of weighted HG 2 is presented along with discussions on Cost involved with HG 2 paths.
△ Less
Submitted 27 November, 2013;
originally announced November 2013.
-
Searching and Establishment of S-P-O Relationships for Linked RDF Graphs : An Adaptive Approach
Authors:
Ayan Chakraborty,
Shiladitya Munshi,
Debajyoti Mukhopadhyay
Abstract:
In the coming era of semantic web linked data analysis is a very burning issue for efficient searching and retrieval of information. One way of establishing this link is to implement subject predicate object relationship through Set Theory approach which is already done in our previous work. For analyzing inter relationship between two RDF Graphs, RDF- Schema (RDFS) should also be taken care of. I…
▽ More
In the coming era of semantic web linked data analysis is a very burning issue for efficient searching and retrieval of information. One way of establishing this link is to implement subject predicate object relationship through Set Theory approach which is already done in our previous work. For analyzing inter relationship between two RDF Graphs, RDF- Schema (RDFS) should also be taken care of. In the present paper, an adaptive combination rule based framework has been proposed for establishment of S P O relationship and RDF Graph searching is reported. Hence the identification of criteria for inter-relationship of RDF Graphs opens up new road in semantic search.
△ Less
Submitted 27 November, 2013;
originally announced November 2013.
-
A Framework for Semi-automated Web Service Composition in Semantic Web
Authors:
Debajyoti Mukhopadhyay,
Archana Chougule
Abstract:
Number of web services available on Internet and its usage are increasing very fast. In many cases, one service is not enough to complete the business requirement; composition of web services is carried out. Autonomous composition of web services to achieve new functionality is generating considerable attention in semantic web domain. Development time and effort for new applications can be reduced…
▽ More
Number of web services available on Internet and its usage are increasing very fast. In many cases, one service is not enough to complete the business requirement; composition of web services is carried out. Autonomous composition of web services to achieve new functionality is generating considerable attention in semantic web domain. Development time and effort for new applications can be reduced with service composition. Various approaches to carry out automated composition of web services are discussed in literature. Web service composition using ontologies is one of the effective approaches. In this paper we demonstrate how the ontology based composition can be made faster for each customer. We propose a framework to provide precomposed web services to fulfil user requirements. We detail how ontology merging can be used for composition which expedites the whole process. We discuss how framework provides customer specific ontology merging and repository. We also elaborate on how merging of ontologies is carried out.
△ Less
Submitted 26 November, 2013;
originally announced November 2013.
-
Reverse Proxy Framework using Sanitization Technique for Intrusion Prevention in Database
Authors:
Vrushali Randhe,
Archana Chougule,
Debajyoti Mukhopadhyay
Abstract:
With the increasing importance of the internet in our day to day life, data security in web application has become very crucial. Ever increasing on line and real time transaction services have led to manifold rise in the problems associated with the database security. Attacker uses illegal and unauthorized approaches to hijack the confidential information like username, password and other vital de…
▽ More
With the increasing importance of the internet in our day to day life, data security in web application has become very crucial. Ever increasing on line and real time transaction services have led to manifold rise in the problems associated with the database security. Attacker uses illegal and unauthorized approaches to hijack the confidential information like username, password and other vital details. Hence the real time transaction requires security against web based attacks. SQL injection and cross site scripting attack are the most common application layer attack. The SQL injection attacker pass SQL statement through a web applications input fields, URL or hidden parameters and get access to the database or update it. The attacker take a benefit from user provided data in such a way that the users input is handled as a SQL code. Using this vulnerability an attacker can execute SQL commands directly on the database. SQL injection attacks are most serious threats which take users input and integrate it into SQL query. Reverse Proxy is a technique which is used to sanitize the users inputs that may transform into a database attack. In this technique a data redirector program redirects the users input to the proxy server before it is sent to the application server. At the proxy server, data cleaning algorithm is triggered using a sanitizing application. In this framework we include detection and sanitization of the tainted information being sent to the database and innovate a new prototype.
△ Less
Submitted 26 November, 2013;
originally announced November 2013.