Dr. Priyadarsi Nanda is a Senior Lecturer at the University of Technology Sydney (UTS) with more than 27 years of experience specialising in research and development of Cybersecurity, IoT security, Internet Traffic Engineering, wireless sensor network security and many more related areas. His most significant work has been in the area of Intrusion detection and prevention systems (IDS/IPS) using image processing techniques, Sybil attack detection in IoT based applications, intelligent firewall design. In Cybersecurity research, he has published over 80 high quality refereed research papers including Transactions in Computers, Transactions in Parallel Processing and Distributed Systems (TPDS), Future Generations of Computer Systems (FGCS) as well as many ERA Tier A/A* conference articles. In 2017, his work in cyber security research has earned him and his team the prestigeous Oman research council’s national award for best research. Dr. Nanda has successfully supervised 8 HDR at UTS (5 PhD + 3 Masters), and currently, supervising 8 PhD students.
Recent media articles:
1. Senior Member, IEEE
2. Managing Editor, Special issue on Security, Trust and Privacy, STP: Cyber, Future Generation of Computer Systems (FGCS), IF: 3.997
3. Managing Editor of Special issue on Security, Journal of Concurrency and Computation, Practice and Experience (CCPE), IF: 1.133
4. Program Chair (PC), Trustcom-2017, Sydney, Australia
5. Keynote Speaker, SIN 2017, Jaipur, India
6. Reviewer, PC member and other associated activities in many reputed conferences and journals
Prior to joining UTS, Dr. Nanda served as an academic staff at the University of New South Wales (UNSW), School of Computer Science and Engineering (September 1999 – January 2001) and National Institute of Technology (NIT), Rourkela, India in the Department of Computer Science and Engineering (September 1991 – September 1999).
In the past Dr. Nanda held several Visiting Professor and Research Visitor positions at:
- University of California, Davis, USA (March 2015 – May 2015)
- University of Plymoth, UK, (June 2015 – July 2015)
- INRIA-Nancy, France, July 2011 – December 2011
- University of Auckland, April 2008 – June 2008
- University of Minnesota (UoM), Minneapolis, USA, January 2004 – June 2004
Can supervise: YES
- Cyber Security
- IoT Security
- Cloud Security
- Wireless Sensor Networks
- Internet QoS
- Health Informatics
Current Teaching areas:
- Cyber Security
- Computer Networks
- Digital Forensics
- Internet QoS
- Network Management
- Network Design
Past Teaching areas:
- Computer Architecture
- Microprocessor based design
- Information theory and coding
- Computer Networks
© 2018 Elsevier B.V. Mobile Adhoc NETworks (MANETs) are valuable for various applications due to an efficient, flexible, low-cost and dynamic infrastructure. In these networks, proper utilization of network resources is desirable to maintain Quality of Service (QoS). In multi-hop end-to-end communication, intermediate nodes may eavesdrop on data in transit. As a result, a secured and reliable data delivery from source to destination is required. In this paper, we propose a novel scheme, known as QASEC, to achieve better throughput by securing end-to-end communication in MANETs. The QoS is maintained through an optimal link selection from a queue of available transmission links. The end-to-end communication is secured by authentication. A simple secret-key based symmetric encryption is deployed for interacting nodes. Our proposed QASEC scheme prevents the malicious nodes from data exchange with legitimate intermediate nodes on any established path between the source and the destination. Experimental results show that QASEC performs better in terms of packet-loss rate, jitter and end-to-end delay. Furthermore, QASEC is efficient against various attacks and has a much better performance in terms of associated costs, such as key generation, encryption, and storage and communication.
Nanda, A, Nanda, P, He, X, Jamdagni, A & Puthal, D 2019, 'A hybrid encryption technique for Secure-GLOR: The adaptive secure routing protocol for dynamic wireless mesh networks', Future Generation Computer Systems.View/Download from: UTS OPUS or Publisher's site
As we progress in into a digital era where most aspects of our life depend upon a network of computers,it is essential to focus on digital security. Each component of a network, be it a physical network, virtualnetwork or social network requires security when transmitting data. Hence the dynamic wireless meshnetwork must also deploy high levels of security as found in current legacy networks. This paper presentsa secure Geo-Location Oriented Routing (Secure-GLOR) protocol for wireless mesh networks, whichincorporates a hybrid encryption scheme for its multilevel security framework. The hybrid encryptiontechnique improves the network's overall performance compared to the basic encryption by using acombination of symmetric key as well as asymmetric key encryption. Using the combination of the twoencryption schemes, the performance of the network can be improved by reducing the transmitted datasize, reduced computational overhead and faster encryption–decryption cycles. In this paper discussedmultiple encryption schemes for both symmetric and asymmetric encryption, compare their performancein various experimental scenarios. Proposed security scheme achieves better performance based on theresults obtained with most viable options for our network model.
Roselin, AG, Nanda, P, Nepal, S & He, X 2019, 'Testbed Evaluation of Lightweight Authentication Protocol(LAUP) fo r6LoWPAN wireless sensor networks', Concurrency and Computation: Practice and Experience.View/Download from: UTS OPUS or Publisher's site
Puthal, D, Ranjan, R, Nanda, A, Nanda, P, Jayaraman, PP & Zomaya, AY 2019, 'Secure authentication and load balancing of distributed edge datacenters', JOURNAL OF PARALLEL AND DISTRIBUTED COMPUTING, vol. 124, pp. 60-69.View/Download from: UTS OPUS or Publisher's site
Liu, M, Luo, Y, Nanda, P, Yu, S & Zhang, J 2019, 'Efficient solution to the millionaires' problem based on asymmetric commutative encryption scheme', Computational Intelligence.View/Download from: UTS OPUS or Publisher's site
© 2019 Wiley Periodicals, Inc. Secure multiparty computation is an important scheme in cryptography and can be applied in various real-life problems. The first secure multiparty computation problem is the millionaires' problem, and its protocol is an important building block. Because of the less efficiency of public key encryption scheme, most existing solutions based on public key cryptography to this problem are inefficient. Thus, a solution based on the symmetric encryption scheme has been proposed. In this paper, we formally analyse the vulnerability of this solution, and propose a new scheme based on the decisional Diffie-Hellman assumption. Our solution also uses 0-encoding and 1-encoding generated by our modified encoding method to reduce the computation cost. We implement the solution based on symmetric encryption scheme and our protocol. Extensive experiments are conducted to evaluate the efficiency of our solution, and the experimental results show that our solution can be much more efficient and be approximately 8000 times faster than the solution based on symmetric encryption scheme for a 32-bit input and short-term security. Moreover, our solution is also more efficient than the state-of-the-art solution without precomputation and can also compare well with the state-of-the-art protocol while the bit length of private inputs is large enough.
Fan, Y, Lin, X, Liang, W, Tan, G & Nanda, P 2019, 'A secure privacy preserving deduplication scheme for cloud computing', Future Generation Computer Systems, vol. 101, pp. 127-135.View/Download from: UTS OPUS or Publisher's site
Nanda, P, Puthal, D & Mohanty, SP 2019, 'Editorial to the Special Issue on Recent Advances on Trust, Security and Privacy in Computing and Communications', CONCURRENCY AND COMPUTATION-PRACTICE & EXPERIENCE.View/Download from: Publisher's site
Traditional firewalls employ listed rules in both configuration and process phases to regulate network traffic. However, configuring a firewall with listed rules may create rule conflicts, and slows down the firewall. To overcome this problem, we have proposed a Tree-rule firewall in our previous study. Although the Tree-rule firewall guarantees no conflicts within its rule set and operates faster than traditional firewalls, keeping track of the state of network connections using hashing functions incurs extra computational overhead. In order to reduce this overhead, we propose a hybrid Tree-rule firewall in this paper. This hybrid scheme takes advantages of both Tree-rule firewalls and traditional listed-rule firewalls. The GUIs of our Tree-rule firewalls are utilized to provide a means for users to create conflict-free firewall rules, which are organized in a tree structure and called 'tree rules'. These tree rules are later converted into listed rules that share the merit of being conflict-free. Finally, in decision making, the listed rules are used to verify against packet header information. The rules which have matched with most packets are moved up to the top positions by the core firewall. The mechanism applied in this hybrid scheme can significantly improve the functional speed of a firewall.
Jan, MA, Nanda, He, XS & Liu, RP 2018, 'A Sybil Attack Detection Scheme for a Forest Wildfire Monitoring Application', Future Generation Computer Systems: the international journal of grid computing: theory, methods and applications, vol. 80, pp. 613-626.View/Download from: UTS OPUS or Publisher's site
Wireless Sensor Networks (WSNs) have experienced phenomenal growth over the past decade. They are typically deployed in human-inaccessible terrains to monitor and collect time-critical and delay-sensitive events. There have been several studies on the use of WSN in different applications. All such studies have mainly focused on Quality of Service (QoS) parameters such as delay, loss, jitter, etc. of the sensed data. Security provisioning is also an important and challenging task lacking in all previous studies. In this paper, we propose a Sybil attack detection scheme for a cluster-based hierarchical network mainly deployed to monitor forest wildfire. We propose a two-tier detection scheme. Initially, Sybil nodes and their forged identities are detected by high-energy nodes. However, if one or more identities of a Sybil node sneak through the detection process, they are ultimately detected by the two base stations. After Sybil attack detection, an optimal percentage of cluster heads are elected and each one is informed using nomination packets. Each nomination packet contains the identity of an elected cluster head and an end user's specific query for data collection within a cluster. These queries are user-centric, on-demand and adaptive to an end user requirement. The undetected identities of Sybil nodes reside in one or more clusters. Their goal is to transmit high false-negative alerts to an end user for diverting attention to those geographical regions which are less vulnerable to a wildfire. Our proposed approach has better network lifetime due to efficient sleep–awake scheduling, higher detection rate and low false-negative rate.
Puthal, D, Obaidat, MS, Nanda, P, Prasad, M, Mohanty, SP & Zomaya, AY 2018, 'Secure and Sustainable Load Balancing of Edge Data Centers in Fog Computing', IEEE Communications Magazine, vol. 56, no. 5, pp. 60-65.View/Download from: UTS OPUS or Publisher's site
Fog computing is a recent research trend to bring cloud computing services to network edges. EDCs are deployed to decrease the latency and network congestion by processing data streams and user requests in near real time. EDC deployment is distributed in nature and positioned between cloud data centers and data sources. Load balancing is the process of redistributing the work load among EDCs to improve both resource utilization and job response time. Load balancing also avoids a situation where some EDCs are heavily loaded while others are in idle state or doing little data processing. In such scenarios, load balancing between the EDCs plays a vital role for user response and real-time event detection. As the EDCs are deployed in an unattended environment, secure authentication of EDCs is an important issue to address before performing load balancing. This article proposes a novel load balancing technique to authenticate the EDCs and find less loaded EDCs for task allocation. The proposed load balancing technique is more efficient than other existing approaches in finding less loaded EDCs for task allocation. The proposed approach not only improves efficiency of load balancing; it also strengthens the security by authenticating the destination EDCs.
Yang, N, Fan, X, Puthal, D, He, X, Nanda, P & Guo, S 2018, 'A Novel Collaborative Task Offloading Scheme for Secure and Sustainable Mobile Cloudlet Networks', IEEE Access, vol. 6.View/Download from: UTS OPUS or Publisher's site
OAPA With the advancement of wireless networking technologies and communication infrastructures, mobile cloud computing has emerged as a pervasive paradigm to execute computing tasks for capacity-limited mobile devices. More specifically, at the network edge, the resource-rich and trusted cloudlet system can provide in-proximity computing services by executing the workloads for nearby devices. Nevertheless, there are chances for malicious users to generate DDoS (Distributed Denial-of-Service) flooding tasks to overwhelm cloudlet servers and block computing services from legitimate users. Load balancing is one of the most effective methods to solve DDoS attacks in distributed networks. However, existing solutions require overall load information to achieve load balancing in cloudlet networks, making it costly in both communication and computation. To achieve more efficient and low-cost load balancing, we propose CTOM, a novel Collaborative Task Offloading scheMe to avoid DDoS attacks for secure and sustainable mobile cloudlet networks. The proposed solution is based on the balls-and-bins theory and it can balance the task loads with extremely limited information. The CTOM reduces the number of overloaded cloudlets smoothly, thus handling the potential DDoS attacks in mobile cloudlet networks. Extensive simulations and evaluation demonstrate that, the proposed CTOM outperforms the conventional random and proportional allocation schemes in reducing the task gaps between maximum load and minimum load among mobile cloudlets by 65% and 55%, respectively.
Fan, X, He, X, Xiang, C, Puthal, D, Gong, L, Nanda, P & Fang, G 2018, 'Towards System Implementation and Data Analysis for Crowdsensing BasedOutdoor RSS Maps', IEEE Access, vol. 6.View/Download from: UTS OPUS or Publisher's site
With the explosive usage of smart mobile devices, sustainable access to wireless networks (e.g., WiFi) has become a pervasive demand. Most mobile users expect seamless network connection with low cost. Indeed,
this can be achieved by using an accurate received signal strength (RSS) map of wireless access points. While existing methods are either costly or unscalable, the recently emerged mobile crowdsensing (MCS)
paradigm is a promising technique for building RSS maps. MCS applications leverage pervasive mobile devices to collaboratively collect data. However, the heterogeneity of devices and the mobility of users
could cause inherent noises and blank spots in collected dataset. In this paper, we study (1) how to tame the sensing noises from heterogenous mobile devices, and (2) how to construct accurate and complete RSS
maps with random mobility of crowdsensing participants. First, we build a mobile crowdsensing system called iMap to collect RSS measurements with heterogeneous mobile devices. Second, through observing
experimental results, we build statistical models of sensing noises and derive different parameters for each kind of mobile device. Third, we present the signal transmission model with measurement error model, and we propose a novel signal recovery scheme to construct accurate and complete RSS maps. The evaluation results show that the proposed method can achieve 90% and 95% recovery rate in geographic coordinate
system and polar coordinate system, respectively.
Jan, M, Nanda, P, Usman, M & He, X 2017, 'PAWN: A Payload-based mutual Authentication scheme for Wireless Sensor Networks', Concurrency and Computation: Practice and Experience, vol. 29, no. 17.View/Download from: UTS OPUS or Publisher's site
Wireless sensor networks (WSNs) consist of resource‐starving miniature sensor nodes deployed in a remote and hostile environment. These networks operate on small batteries for days, months, and even years depending on the requirements of monitored applications. The battery‐powered operation and inaccessible human terrains make it practically infeasible to recharge the nodes unless some energy‐scavenging techniques are used. These networks experience threats at various layers and, as such, are vulnerable to a wide range of attacks. The resource‐constrained nature of sensor nodes, inaccessible human terrains, and error‐prone communication links make it obligatory to design lightweight but robust and secured schemes for these networks. In view of these limitations, we aim to design an extremely lightweight payload‐based mutual authentication scheme for a cluster‐based hierarchical WSN. The proposed scheme, also known as payload‐based mutual authentication for WSNs, operates in 2 steps. First, an optimal percentage of cluster heads is elected, authenticated, and allowed to communicate with neighboring nodes. Second, each cluster head, in a role of server, authenticates the nearby nodes for cluster formation. We validate our proposed scheme using various simulation metrics that outperform the existing schemes.
Nanda, P, Puthal, D, Mohanty, S & Choppali 2017, 'Building Security Perimeters to Protect Network Systems Against Cyberthreats', IEEE Consumer Electronics Magazine.View/Download from: UTS OPUS or Publisher's site
Due to the wide variety of devices
used in computer network
systems, cybersecurity plays a
major role in securing and
improving the performance of the network
or system. Although cybersecurity
has received a large amount of global
interest in recent years, it remains an
open research space. Current security
solutions in network-based cyberspace
provide an open door to attackers by
communicating first before authentication,
thereby leaving a black hole for an
attacker to enter the system before
authentication. This article provides an
overview of cyberthreats, traditional
security solutions, and the advanced
security model to overcome current
Ambusaidi, M, He, X, Nanda, P & Tan, Z 2016, 'Building an intrusion detection system using a filter-based feature selection algorithm', IEEE Transactions on Computers, vol. 65, no. 10, pp. 2986-2998.View/Download from: UTS OPUS or Publisher's site
Redundant and irrelevant features in data have caused a long-term problem in network traffic classification. These features not only slow down the process of classification but also prevent a classifier from making accurate decisions, especially when coping with big data. In this paper, we propose a mutual information based algorithm that analytically selects the optimal feature for classification. This mutual information based feature selection algorithm can handle linearly and nonlinearly dependent data features. Its effectiveness is evaluated in the cases of network intrusion detection. An Intrusion Detection System (IDS), named Least Square Support Vector Machine based IDS (LSSVM-IDS), is built using the features selected by our proposed feature selection algorithm. The performance of LSSVM-IDS is evaluated using three intrusion detection evaluation datasets, namely KDD Cup 99, NSL-KDD and Kyoto 2006+ dataset. The evaluation results show that our feature selection algorithm contributes more critical features for LSSVM-IDS to achieve better accuracy and lower computational cost compared with the state-of-the-art methods.
Tan, Z, Jamdagni, A, He, X, Nanda, P, Liu, RP & Hu, J 2015, 'Detection of Denial-of-Service Attacks Based on Computer Vision Techniques', IEEE Transactions on Computers, vol. 64, no. 9, pp. 2519-2533.View/Download from: UTS OPUS or Publisher's site
Jan, MA, Nanda, P, He, X & Liu, RP 2014, 'PASCCC: Priority-based application-specific congestion control clustering protocol', Computer Networks, vol. 74, no. B, pp. 92-102.View/Download from: UTS OPUS or Publisher's site
Wireless sensor networks comprise resource-starved sensor nodes, which are deployed to sense the environment, gather data, and transmit it to a base station (BS) for further processing. Cluster-based hierarchical-routing protocols are used to efficiently utilize the limited energy of the nodes by organizing them into clusters. Only cluster head (CH) nodes are eligible for gathering data in each cluster and transmitting it to a BS. Unbalanced clusters result in network congestion, thereby causing delay, packet loss, and degradation of Quality of Service (QoS) metrics. In this study, we propose a priority-based application-specific congestion control clustering (PASCCC) protocol, which integrates the mobility and heterogeneity of the nodes to detect congestion in a network. PASCCC decreases the duty cycle of each node by maintaining threshold levels for various applications. The transmitter of a sensor node is triggered when the reading of a specific captured event exceeds a specific threshold level. Time-critical packets are prioritized during congestion in order to maintain their timeliness requirements. In our proposed approach, CHs ensure coverage fidelity by prioritizing the packets of distant nodes over those of nearby nodes. A novel queue scheduling mechanism is proposed for CHs to achieve coverage fidelity, which ensures that the extra resources consumed by distant nodes are utilized effectively. The effectiveness of PASCCC was evaluated based on comparisons with existing clustering protocols. The experimental results demonstrated that PASCCC achieved better performance in terms of the network lifetime, energy consumption, data transmission, and other QoS metrics compared with existing approaches.
Ambusaidi, MA, Tan, Z, He, X, Nanda, P, Lu, LF & Jamdagni, A 2014, 'Intrusion detection method based on nonlinear correlation measure', International Journal of Internet Protocol Technology, vol. 8, no. 2/3, pp. 77-86.View/Download from: UTS OPUS or Publisher's site
Cyber crimes and malicious network activities have posed serious threats to the entire internet and its users. This issue is becoming more critical, as network-based services, are more widespread and closely related to our daily life. Thus, it has raised a serious concern in individual internet users, industry and research community. A significant amount of work has been conducted to develop intelligent anomaly-based intrusion detection systems (IDSs) to address this issue. However, one technical challenge, namely reducing false alarm, has been along with the development of anomaly-based IDSs since 1990s. In this paper, we provide a solution to this challenge. A nonlinear correlation coefficient-based (NCC) similarity measure is proposed to help extract both linear and nonlinear correlations between network traffic records. This extracted correlative information is used in our proposed IDS to detect malicious network behaviours. The effectiveness of the proposed NCC-based measure and the proposed IDS are evaluated using NSL-KDD dataset. The evaluation results demonstrate that the proposed NCC-based measure not only helps reduce false alarm rate, but also helps discriminate normal and abnormal behaviours efficiently.
As an asset of Cloud computing, big data is now changing our business models and applications. Rich information residing in big data is driving business decision making to be a data-driven process. Its security and privacy, however, have always been a concern of the owners of the data. The security and privacy could be strengthened via securing Cloud computing environments. This requires a comprehensive security solution from attack prevention to attack detection. Intrusion Detection Systems (IDSs) are playing an increasingly important role within the realm of a set of network security schemes. In this article, we study the vulnerabilities in Cloud computing and propose a collaborative IDS framework to enhance the security and privacy of big data.
He, X, Chomsiri, T, Nanda, P & Tan, Z 2014, 'Improving Cloud Network Security using the Tree-Rule Firewall', Future Generation Computer Systems, vol. 30, pp. 116-126.View/Download from: UTS OPUS or Publisher's site
Tan, Z, Jamdagni, A, He, X, Nanda, P & Liu, RP 2014, 'A System for Denial-of-Service Attack Detection Based on Multivariate Correlation Analysis', IEEE Transactions on Parallel and Distributed Systems, vol. 25, no. 2, pp. 447-456.View/Download from: UTS OPUS or Publisher's site
Interconnected systems, such as Web servers, database servers, cloud computing servers and so on, are now under threads from network attackers. As one of most common and aggressive means, denial-of-service (DoS) attacks cause serious impact on these computing systems. In this paper, we present a DoS attack detection system that uses multivariate correlation analysis (MCA) for accurate network traffic characterization by extracting the geometrical correlations between network traffic features. Our MCA-based DoS attack detection system employs the principle of anomaly based detection in attack recognition. This makes our solution capable of detecting known and unknown DoS attacks effectively by learning the patterns of legitimate network traffic only. Furthermore, a triangle-area-based technique is proposed to enhance and to speed up the process of MCA. The effectiveness of our proposed detection system is evaluated using KDD Cup 99 data set, and the influences of both non-normalized data and normalized data on the performance of the proposed detection system are examined. The results show that our system outperforms two other previously developed state-of-the-art approaches in terms of detection accuracy.
Yu, D, Nanda, P, Cao, L & He, S 2013, 'TCTM: an evaluation framework for architecture design on wireless sensor networks', International Journal of Sensor Networks, vol. 14, no. 3, pp. 168-177.View/Download from: UTS OPUS or Publisher's site
This paper presents an evaluation framework for architecture designs on wireless sensor networks (WSNs). We introduce a simple evaluation model: triangular constraint tradeoffs model (TCTM) to grasp the essence of the architecture design consideration under transient wireless media characteristic and stringent limitation on energy and computing resource of WSNs. Based on this evaluation framework, we investigate the existing architectures proposed in literature from three main competing constraint aspects, namely generality, cost, and performance. Two important concepts: performance efficiency and deployment efficiency are identified and distinguished in overall architecture efficiency. With this powerful abstract and simple model, we describe the motivations of major body of WSNs architectures proposed in current literature. We also analyse the fundamental advantage and limitations of each class of architectures from TCTM perspective. We foresee the influence of evolving technology to futuristic architecture design. We believe our efforts will serve as a reference to orient researchers and system designers in this area
Yu, D, Nanda, P & He, XS 2013, 'Wireless Sensor Network (WSN) Energy Efficiency Challenge from Implementation Perspectives', Advanced Science Letters, vol. 19, no. 2, pp. 642-645.View/Download from: UTS OPUS or Publisher's site
Through review of current Wireless Sensor Network (WSN) energy preserving techniques used in industry and academic research, we recognize that the integration of various techniques through implementation is a challenging task due to application specific nature of system integration. On one hand, most researches on energy efficiency focus on one single layer with perfect assumptions about other layers and environment parameters. While this methodology will simplify the design process and provide valuable insight into single layer solution, such approach cannot provide information on layer incompatibilities between different sets of protocols, nor will give information on the overall performance of a network based on the protocols under test. Further more, under various non-standard assumptions, the real contribution of these proposed optimization methods are difficult to be achieved if not impossible. Hence industry professionals become very cautious to integrate diverse and advance ad hoc solutions into their products and standards. To show credibility of the ad hoc solutions and their implications on industry applications, researchers have to evaluate their solutions under a generic architecture which can test different scenarios and evaluate performance based on a wide range of metrics.
Jamdagni, A, Tan, T, He, S, Nanda, P & Liu, R 2013, 'RePIDS: A multi tier Real-time Payload-based Intrusion Detection System', Computer Networks, vol. 57, no. 3, pp. 811-824.View/Download from: UTS OPUS or Publisher's site
Intrusion Detection System (IDS) deals with huge amount of network traffic and uses large feature set to discriminate normal pattern and intrusive pattern. However, most of existing systems lack the ability to process data for real-time anomaly detection. In this paper, we propose a 3-Tier Iterative Feature Selection Engine (IFSEng) for feature subspace selection. Principal Component Analysis (PCA) technique is used for the pre-processing of data. Mahalanobis Distance Map (MDM) is used to discover hidden correlations between the features and between the packets. We also propose a novel Real-time Payload-based Intrusion Detection System (RePIDS) that integrates a 3-Tier IFSEng and the MDM approach. Mahalanobis Distance (MD) dissimilarity criterion is used to classify each packet as either a normal or an attack packet. The effectiveness of the proposed RePIDS is evaluated using DARPA 99 dataset and Georgia Institute of Technology attack dataset. The traffic for Web-based application is considered for validating our model. F-value, a criterion, is used to evaluate the detection performance of RePIDS. Experimental results show that RePIDS achieves better performance (high F-values, 0.9958 for DARPA 99 dataset and 0.976 for Georgia Institute of Technology attack dataset respectively, with only 0.85% false alarm rate) and lower computational complexity when compared against two state-of-the-art payload-based intrusion detection systems. Additionally, it has 1.3 time higher throughput in comparison with real scenario of medium sized enterprise network.
Jamdagni, A, Tan, T, Nanda, P, He, S & Liu, R 2011, 'Mahalanobis Distance Map Approach for Anomaly Detection of Web-Based Attacks', Journal of Network Forensics, vol. 2, no. 2, pp. 25-39.View/Download from: UTS OPUS
Web serverss and web-based applications are commonly used attack targets. The main issue are how to prevent unauthorized access and to protect web server from the attack. Intrusion Detection Systems and networks. This paper focuses on the detection of various web-based attacks using Geometrical Structure Anomaly Detectin (GSAD) model. Further, a novel algorithm is proposed using Linear Discriminant Analysis (LDA) for the selection of most discriminating features to reduce the computational complexity of payload-based GSAD model. GSAD model is based on a pattern recognition technique used in image payload features to calculate the difference between normal and abnormal network traffice. GSAD model is evaluated experimentally on the real attacks (GATECH) dataset and on the DARPA 1999 dataset.
Pathak, N, Nanda, P & Mahanti, GK 2009, 'Synthesis of thinned multiple concentric circular ring array antennas using particle swarm optimization', Journal of Infrared, Millimeter, and Terahertz Waves, vol. 30, no. 7, pp. 709-716.View/Download from: Publisher's site
In this paper, we propose an optimization method based on Particle Swarm Optimization (PSO) algorithm for thinning a large multiple concentric circular ring array of uniformly excited isotropic antennas and generate a pencil beam in the vertical plane with minimum relative side lobe level (SLL). The half-power beam width of the pattern is attempted to make equal to that of a fully populated array of same size and shape. The synthesis is performed with a standard particle swarm optimization technique as well as with an improved version of standard PSO. Simulation results of the proposed thinned array are compared with a fully populated array to illustrate the effectiveness of our proposed method. © 2009 Springer Science+Business Media, LLC.
Pathak, N, Nanda, P & Mahanti, GK 2009, 'Synthesis of Thinned Multiple Concentric Circular Ring Array Antennas using Particle Swarm Optimization', Journal of Infrared, Millimeter and Terahertz Waves, vol. 30, no. 7, pp. 709-716.View/Download from: UTS OPUS or Publisher's site
Abstract: In this paper, we propose an optimization method based on Particle Swarm Optimization (PSO) algorithm for thinning a large multiple concentric circular ring array of uniformly excited isotropic antennas and generate a pencil beam in the vertical plane with minimum relative side lobe level (SLL). The half-power beam width of the pattern is attempted to make equal to that of a fully populated array of same size and shape. The synthesis is performed with a standard particle swarm optimization technique as well as with an improved version of standard PSO. Simulation results of the proposed thinned array are compared with a fully populated array to illustrate the effectiveness of our proposed method.
Nanda, P & Simmonds, AJ 2009, 'A Scalable Architecture Supporting QoS Guarantees Using Traffic Engineering and Policy Based Routing in the Internet', International Journal of Communications, Network and System Sciences, vol. 2, no. 7, pp. 583-591.View/Download from: UTS OPUS
The study of Quality of Service (QoS) has become of great importance since the Internet is used to support a wide variety of new services and applications with its legacy structure. Current Internet architecture is based on the Best Effort (BE) model, which attempts to deliver all traffic as soon as possible within the limits of its abilities, but without any guarantee about throughput, delay, packet loss, etc. We develop a three-layer policy based architecture which can be deployed to control network resources intelligently and support QoS sensi-tive applications such as real-time voice and video streams along with standard applications in the Internet. In order to achieve selected QoS parameter values (e.g. loss, delay and PDV) within the bounds set through SLAs for high priority voice traffic in the Internet, we used traffic engineering techniques and policy based routing supported by Border Gateway Protocol (BGP). Use of prototype and simulations validates function-ality of our architecture
Dang, D, Hoang, DB & Nanda, P 2017, 'Data Protection and Mobility Management for Cloud' in Kumar, V, Ko, R & Chaisiri, S (eds), Data Security in Cloud Computing, The Institution of Engineering and Technology, USA, pp. 117-150.View/Download from: UTS OPUS
Cloud computing has become an alternative IT infrastructure where users, infrastructure providers, and service providers all share and deploy resources for their business processes and applications. In order to deliver cloud services cost-effectively, users' data is stored in a cloud where applications are able to perform requests from clients efficiently. As data is transferred to the cloud, data owners are concerned about the loss of control of their data and cloud service providers are concerned about their ability to protect data when it is moved about both within and out of its own environment. Many security and protection mechanisms have been proposed to protect cloud data by employing various policies, encryption techniques, and monitoring and auditing approaches. However, data is still exposed to potential disclosures and attacks if it is moved and located at another cloud where there is no equivalence security measure at visited sites.
In a realistic cloud scenario with hierarchical service chain, the handling of data in a cloud can be delegated by a cloud service provider (CSP) to a subprovider to another. However, CSPs do not often deploy the same protection schemes. Movement of user's data is an important issue in Cloud and it has to be addressed to ensure the data is protected in an integrated manner regardless of its location in the environment. The user is concerned whether its data is located in locations covered by the service level agreement (SLA) and data operations are protected from unauthorized users. When user's data is moved to data centres located at locations different from its home, it is necessary to keep track of its locations and data operations. This chapter discusses data protection and mobility management issues in cloud environment and in particular the implementation of a trust-oriented data protection framework.
Nanda, P & He, S 2010, 'Scalable Internet Architecture Supporting Quality of Service (QoS)' in etal, KCL (ed), The Handbook of Research on Scalable Computing Technologies, IGI Global, USA, pp. 339-357.View/Download from: UTS OPUS or Publisher's site
The evolution of Internet and its successful technologies has brought a tremendous growth in business, education, research etc. over the last four decades. With the dramatic advances in multimedia technologies and the increasing popularity of real-time applications, recently Quality of Service (QoS) support in the Internet has been in great demand. Deployment of such applications over the Internet in recent years, and the trend to manage them efficiently with a desired QoS in mind, researchers have been trying for a major shift from its Best Effort (BE) model to a service oriented model. Such efforts have resulted in Integrated Services (Intserv), Differentiated Services (Diffserv), Multi Protocol Label Switching (MPLS), Policy Based Networking (PBN) and many more technologies. But the reality is that such models have been implemented only in certain areas in the Internet not everywhere and many of them also faces scalability problem while dealing with huge number of traffic flows with varied priority levels in the Internet. As a result, an architecture addressing scalability problem and satisfying end-to-end QoS still remains a big issue in the Internet. In this chapter the authors propose a policy based architecture which they believe can achieve scalability while offering end to end QoS in the Internet.
Puthal, D, Mohanty, SP, Nanda, P, Kougianos, E & Das, G 2019, 'Proof-of-Authentication for Scalable Blockchain in Resource-Constrained Distributed Systems', 2019 IEEE INTERNATIONAL CONFERENCE ON CONSUMER ELECTRONICS (ICCE), IEEE International Conference on Consumer Electronics (ICCE), IEEE, Las Vegas, NV.View/Download from: UTS OPUS or Publisher's site
Nanda, A, Nanda, P, He, X, Puthal, D & Jamdagni, A 2018, 'A Novel Hybrid Authentication Model for Geo Location Oriented Routing in Dynamic Wireless Mesh Networks', Proceedings of the 51st Hawaii International Conference on System Sciences 2018, International Conference on System Sciences, Hawaii, USA, pp. 5532-5541.View/Download from: UTS OPUS
Authentication is an essential part of any network and plays a pivotal role in ensuring the security of a network by preventing unauthorised devices/users access to the network. As dynamic wireless mesh networks are evolving and being accepted in various fields, there is a strong need to improve the security of the network. It's features like self-organizing and self-healing make it great but get undermined when rigid authentication schemes are used. We propose a hybrid authentication scheme for such dynamic mesh networks under three specified scenarios; full authentication, quick authentication and new node authentication. The proposed schemes are applied on our previous works on dynamic mesh routing protocol, Geo location Oriented Routing Protocol (GLOR Simulation results show our proposed scheme is efficient in terms of resource utilization as well as defending against security threats.
Fan, X, He, X, Puthal, D, Chen, S, Xiang, C, Nanda, P & Rao, X 2018, 'CTOM: Collaborative Task Offloading Mechanism for Mobile Cloudlet Networks', International Conference on Communications, IEEE, Kansas City, MO, USA.View/Download from: UTS OPUS
Malik, N, Nanda, P, Arora, A, He, X & Puthal, D 2018, 'Blockchain Based Secured Identity Authentication and Expeditious Revocation Framework for vehicular Networks', IEEE Computer Society, IEEE International Conference On Trust, Security And Privacy In Computing And Communications, IEEE, New York.View/Download from: UTS OPUS or Publisher's site
Authentication and revocation of users in Vehicular Adhoc Networks (VANETS) are two vital security aspects. It is extremely important to perform these actions promptly and efficiently. The past works addressing these issues lack in mitigating the reliance on the centralized trusted authority and therefore do not provide distributed and decentralized security. This paper proposes a blockchain based authentication and revocation framework for vehicular networks, which not only reduces the computation and communication overhead by mitigating dependency on a trusted authority for identity verification, but also speedily updates the status of revocated vehicles in the shared blockchain ledger. In the proposed framework, vehicles obtain their Pseudo IDs from the Certificate Authority (CA), which are stored along with their certificate in the immutable authentication blockchain and the pointer corresponding to the entry in blockchain, enables the Road Side Units (RSUs) to verify the identity of a vehicle on road. The efficiency and performance of the framework has been validated using the Omnet++ simulation environment.
Liu, M, Nanda, P, Zhang, X, Yang, C, Yu, S & Li, J 2018, 'Asymmetric Commutative Encryption Scheme Based Efficient Solution to the Millionaires' Problem', IEEE Computer Society, IEEE International Conference On Trust, Security And Privacy In Computing And Communications, IEEE, New York, NY, USA.View/Download from: UTS OPUS or Publisher's site
Secure multiparty computation (SMC) is an important scheme in cryptography and can be applied in various real-life problems. The first SMC problem is the millionaires' problem which involves two-party secure computation. Because the efficiency of public key encryption scheme appears less than symmetric encryption scheme, most existing solutions based on public key cryptography to this problem is inefficient. Thus, a solution based on the symmetric encryption scheme has been proposed. Although it is claimed that this approach can be efficient and practical, we discover that there exist several severe security flaws in this solution. In this paper, we analyze the vulnerability of existing solutions, and propose a new scheme based on the Decisional Diffie-Hellman hypothesis (DDH). Our solution also uses two special encodings (0-encoding and 1-encoding) generated by our modified encoding method to reduce the computation cost of modular multiplications. Extensive experiments are conducted to evaluate the efficiency of our solution, and the experimental results show that our solution can be much more efficient and be approximately 8000 times faster than the solution based on symmetric encryption scheme for a 32-bit input and short-term security. Moreover, our solution is also more efficient than the state-of-the-art solution.
Umair, A, Nanda, P, He, X & Choo, K-KR 2018, 'User Relationship Classification of Facebook Messenger Mobile Data using WEKA', Springer, Lecture Notes in Computer Science, 12th International Conference on Network and System Security, Hong Kong.View/Download from: UTS OPUS or Publisher's site
Mobile devices are a wealth of information about its user and
their digital and physical activities (e.g. online browsing and physical
location). Therefore, in any crime investigation artifacts obtained from
a mobile device can be extremely crucial. However, the variety of mobile
platforms, applications (apps) and the significant size of data compound
existing challenges in forensic investigations. In this paper, we explore the
potential of machine learning in mobile forensics, and specifically in the
context of Facebook messenger artifact acquisition and analysis. Using
Quick and Choo (2017)'s Digital Forensic Intelligence Analysis Cycle
(DFIAC) as the guiding framework, we demonstrate how one can acquire
Facebook messenger app artifacts from an Android device and an iOS
device (the latter is , using existing forensic tools. Based on the acquired
evidence, we create 199 data-instances to train WEKA classifiers (i.e.
ZeroR, J48 and Random tree) with the aim of classifying the device
owner's contacts and determine their mutual relationship strength.
Nanda, A, Nanda, P, He, X, Jamdagni, A & Puthal, D 2017, 'Secure-GLOR: An Adaptive Secure Routing Protocol for Dynamic Wireless Mesh Networks', 2017 IEEE Trustcom/BigDataSE/ICESS, 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, IEEE Computer Society, Sydney, Australia, pp. 269-276.View/Download from: UTS OPUS or Publisher's site
With the dawn of a new era, digital security has become one of the most essential part of any network. Be it a physical network, virtual network or social network, the demand for secure data transmission is ever increasing. Wireless mesh networks also stand the same test of security as the legacy networks. This paper presents a secure version of the Geo-Location Oriented Routing (GLOR) protocol for wireless mesh networks, incorporating a multilevel security framework. It implements authentication using the new features of the network model and enables encryption throughout the network to provide high levels of security
Roselin, A, Nanda, P & Nepal, S 2017, 'Lightweight Authentication Protocol (LAUP) for 6LoWPAN Wireless Sensor Networks', 2017 IEEE Trustcom/BigDataSE/ICESS, 2017 IEEE Trustcom/BigDataSE/ICESS, IEEE Computer Society, Sydney, pp. 371-378.View/Download from: UTS OPUS or Publisher's site
6LoWPAN networks involving wireless sensors consist of resource starving miniature sensor nodes. Since secured authentication of these resource-constrained sensors is one of the important considerations during communication, use of asymmetric key distribution scheme may not be the perfect choice to achieve secure authentication. Recent research shows that Lucky Thirteen attack has compromised Datagram Transport Layer Security (DTLS) with Cipher Block Chaining (CBC) mode for key establishment. Even though EAKES6Lo and S3K techniques for key establishment follow the symmetric key establishment method, they strongly rely on a remote server and trust anchor for secure key distribution. Our proposed Lightweight Authentication Protocol (LAUP) used a symmetric key method with no preshared keys and comprised of four flights to establish authentication and session key distribution between sensors and Edge Router in a 6LoWPAN environment. Each flight uses freshly derived keys from existing information such as PAN ID (Personal Area Network IDentification) and device identities. We formally verified our scheme using the Scyther security protocol verification tool for authentication properties such as Aliveness, Secrecy, Non-Injective Agreement and Non-Injective Synchronization. We simulated and evaluated the proposed LAUP protocol using COOJA simulator with ContikiOS and achieved less computational time and low power consumption compared to existing authentication protocols such as the EAKES6Lo and SAKES.
Umair, A, Nanda, P & He, X 2017, 'Online Social Network Information Forensics: A Survey on Use of Various Tools and Determining How Cautious Facebook Users are?', Proceedings - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017, IEEE Trustcom/BigDataSE/ICESS, IEEE, Sydney, Australia, pp. 1139-1144.View/Download from: UTS OPUS or Publisher's site
© 2017 IEEE. Online Social Networks (OSN) such as Facebook, Twitter, LinkedIn, and Instagram are heavily used to socialize, entertain or gain insights on people behavior and their activities. Everyday terabytes of data is generated over these networks, which is then used by the businesses to generate revenue or misused by the wrongdoers to exploit vulnerabilities of these social network platforms. Specifically social network information helps in extracting various important features such as; user association, access pattern, location information etc. Recent research shows, many such features could be used to develop novel attack models and investigate further into defending the users from exposing their information to outsiders. This paper analyzes some of the available tools to extract OSN information and discusses research work on similar type of unstructured data. Recent research works, which focus on gathering bits and pieces of information to extract meaningful results for digital forensics, has been discussed. An online survey is conducted to gauge the cautiousness of users in social media usage in terms of personal information dissemination.
aldebei, K, Farhood, H, Jia, W, Nanda, P & He, X 2017, 'Sequential and Unsupervised Document Authorial Clustering Based on Hidden Markov Model', Trustcom/BigDataSE/ICESS.2017, 2017 IEEE Trustcom/BigDataSE/ICESS, IEEE, Sydney.View/Download from: UTS OPUS or Publisher's site
Document clustering groups documents of certain similar characteristics in one cluster. Document clustering has shown advantages on organization, retrieval, navigation and summarization of a huge amount of text documents on Internet.
This paper presents a novel, unsupervised approach for clustering single-author documents into groups based on authorship. The key novelty is that we propose to extract contextual correlations to depict the writing style hidden among sentences of each document for clustering the documents. For this purpose, we build an Hidden Markov Model (HMM) for representing the relations of sequential sentences, and a two-level, unsupervised framework is constructed. Our proposed approach is evaluated on four benchmark datasets, widely used for document authorship analysis. A scientific paper is also used to demonstrate the
performance of the approach on clustering short segments of a text into authorial components. Experimental results show that the proposed approach outperforms the state-of-the-art approaches.
Li, Q, Tan, Z, Jamdagni, A, Nanda, P, He, X & Han, W 2017, 'An Intrusion Detection System Based on Polynomial Feature Correlation Technique', Proceedings of the 2017 IEEE Trustcom/BigDataSE/ICESS, 2017 IEEE Trustcom/BigDataSE/ICESS, IEEE Computer Society, Sydney, pp. 978-983.View/Download from: UTS OPUS or Publisher's site
This paper proposes an anomaly-based Intrusion Detection System (IDS), which flags anomalous network traffic with a distance-based classifier. A polynomial approach was designed and applied in this work to extract hidden correlations from traffic related statistics in order to provide distinguishing features for detection. The proposed IDS was evaluated using the well-known KDD Cup 99 data set. Evaluation results show that the proposed system achieved better detection rates on KDD Cup 99 data set in comparison with another two state-of-the-art detection schemes. Moreover, the computational complexity of the system has been analysed in this paper and shows similar to the two state-of-the-art schemes.
Xia, H, Zhao, W, Zhou, Z, Jiang, F, Li, H & He, XS 2017, 'Deformable Template Matching Using Proposal-Based Best-Buddies Similarity', 2017 IEEE Trustcom/BigDataSE/ICESS, IEEE International Conference On Trust, Security And Privacy In Computing And Communications, IEEE, Sydney, pp. 517-521.View/Download from: UTS OPUS or Publisher's site
We propose a new method for template matching based on the Best-Buddies Similarity (BBS) measure. Our method is able to match objects with large difference in size and hence achieves a deformable template matching. In addition, compared with the original method for template matching based on the BBS, our method significantly cuts down on the computation time. The fast and deformable template matching is implemented by measuring the BBS of only potential areas instead of all positions in an image. The potential areas, which can have different size from the given template, are found by a proposal generation based on edge priors and a selective search among the obtained proposals. The results from the experiments conducted on a challenging dataset demonstrate that our method out-performs the state-of-the-art methods in terms of accuracy.
He, X, Mohapatra, P, Sandhu, R, Guo, S, Di Martino, B, Lu, J, Mosse, D & Pasricha, S 2017, 'Message from the IEEE TrustCom/BigDataSE/ICESS 2017 General Chairs', Proceedings - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017, p. xvi.View/Download from: Publisher's site
Nanda, P, Xiang, Y & Mu, Y 2017, 'Message from the IEEE TrustCom 2017 Program Chairs', Proceedings - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017, p. xvii.View/Download from: Publisher's site
Nagar, U, Nanda, P, He, X & Tan, Z 2017, 'A Framework for Data Security in Cloud using CollaborativeIntrusion Detection Scheme', SIN'17: Proceedings of the 10th International Conference on Security of Information and Networks, International Conference On Security Of Information And Networks, ACM Digital Library, Jaipur, India, pp. 188-193.View/Download from: UTS OPUS or Publisher's site
Cloud computing offers an on demand, elastic, global network access to a shared pool of resources that can be configured on user demand. The advantages of cloud computing are lucrative for well-established organizations looking to reduce infrastructure cost overheads. However, the users are not quite confident in entrusting their data to the cloud due to security threats and risks perceived in the cloud domain. Issues involving privacy requirements for the cloud and best practices in the cloud are suggested in this paper. Although the cloud provider ensures security in the cloud yet the flow of data, storage location, data computing process and security breaches are not transparent to the cloud customer. This distrust and lack of control on data is a major hindrance for potential cloud customers in adopting the cloud models for their businesses. Intrusion Detection Systems (IDSs) are widely used to detect malicious activities. However existing solutions with IDSs involving DDoS and other non-detectable events may not be suitable in applying to the cloud due to distributed data storage and a major shift in Internet access mechanisms offered by cloud providers. Hence there is a strong need to analyze an appropriate IDS to counter DDoS attacks in the cloud. In this paper we propose a novel framework for data security in the cloud using Collaborative Intrusion Detection (CIDS) scheme. The benefits of CIDS scheme in cloud are enabling the end user to get comprehensive information in the event of a distributed attack on cloud
Nanda, P, Malik, N & Puthal, D 2017, 'An Overview of Security Challenges in Vehicular Ad-Hoc Networks', IEEE Explore, 16th International Conference on Information Technology (ICIT), Bhubaneswar, India.View/Download from: UTS OPUS
Vehicular Ad hoc Networks (VANET) is emerging as a promising technology of the Intelligent Transportation systems (ITS) due to its potential benefits for travel planning, notifying road hazards, cautioning of emergency scenarios, alleviating congestion, provisioning parking facilities and environmental predicaments. But, the security threats hinder its wide deployment and acceptability by users. In this paper, we give an overview of the security threats at the various layers of the VANET communication stack and discuss some of the existing solutions, thus concluding why designing a security framework for VANETS needs to consider these threats for overcoming security challenges in VANETS.
Usman, M, Jan, M, He, XS & Nanda, P 2016, 'Data Sharing in Secure Multimedia Wireless Sensor Networks', Porcoeedings of the 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (2016 IEEE Trustcom/BigDataSE/ISPA), IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), IEEE, Tianjin, China.View/Download from: UTS OPUS or Publisher's site
The use of Multimedia Wireless Sensor Networks (MWSNs) is becoming common nowadays with a rapid growth in communication facilities. Similar to any other WSNs, these networks face various challenges while providing security, trust and privacy for user data. Provisioning of the aforementioned services become an uphill task especially while dealing with real-time streaming data. These networks operates with resource-constrained sensor nodes for days, months and even years depending on the nature of an application. The resource-constrained nature of these networks makes it difficult for the nodes to tackle real-time data in mission-critical applications such as military surveillance, forest fire monitoring, health-care and industrial automation. For a secured MWSN, the transmission and processing of streaming data needs to be explored deeply. The conventional data authentication schemes are not suitable for MWSNs due to the limitations imposed on sensor nodes in terms of battery power, computation, available bandwidth and storage. In this paper, we propose a novel quality-driven clustering-based technique for authenticating streaming data in MWSNs. Nodes with maximum energy are selected as Cluster Heads (CHs). The CHs collect data from member nodes and forward it to the Base Station (BS), thus preventing member nodes with low energy from dying soon and increasing life span of the underlying network. The proposed approach not only authenticates the streaming data but also maintains the quality of transmitted data. The proposed data authentication scheme coupled with an Error Concealment technique provides an energy-efficient and distortion-free real-time data streaming. The proposed scheme is compared with an unsupervised resources scenario. The simulation results demonstrate better network lifetime along with 21.34 dB gain in Peak Signal-to-Noise Ratio (PSNR) of received video data streams.
Chomsiri, T, He, XS, Nanda, P & Tan, Z 2016, 'An Improvement of Tree-Rule Firewall for a Large Network: Supporting Large Rule Size and Low Delay', Proceedings of the 2016 IEEE Trustcom/BigDataSE/ISPA, IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), IEEE, Tianjin, China, pp. 178-184.View/Download from: UTS OPUS or Publisher's site
Firewalls are important network devices which provide first hand defense against network threat. This level of defense is depended on firewall rules. Traditional firewalls, i.e., Cisco ACL, IPTABLES, Check Point and Juniper NetScreen firewall use listed rule to regulate packet flows. However, the listed rules may lead to rule conflictions which make the firewall to be less secure or even slowdown in performance. Based on our previous research works, we proposed the Tree-Rule firewall which does not encounter such rule conflicts within its rule set and operates faster than the traditional firewalls. However, in big or complex networks, the Tree-Rule firewall still may face two main problems. 1. Firewall administrators may face difficulty to write big and complex rule. 2. Difficulty to select appropriate attribute column for the Root node. In this paper, we propose an improved model for the Tree-Rule firewall by extending our previous models. We offer the use of combination between IN and OUT interfaces of the firewall to separate a big rule to many small independent rules. Each separated rule then can be managed in an individual screen. Sequence of verifying attributes, i.e., Source IP, Destination IP and Destination Port numbers, can be ordered independently in each separated rule. We implement the two main schemes on Linux Cent OS 6.3. We found that the improved Tree-Rule firewall can be managed easily with low processing delay.
Nanda, A, Nanda, P, He, X & Jamdagni, A 2016, 'A Secure Routing Scheme for Wireless Mesh Networks', ICISS 2016: Information Systems Security (LNCS), International Conference on Information Systems Security (ICISS), Springer, Jaipur, India, pp. 393-408.View/Download from: UTS OPUS or Publisher's site
Wireless Mesh Network is an emerging technology with great potential for evolving into a self-sustained network. The traditional networks, which dominate the present day communication systems, rely on large and expensive setups of wired/wireless access points for connection between users. Unlike the traditional networks, a Wireless Mesh Network is formed by the user devices which connect to each other to form a network. The security of such networks is however very low as each data packet passes through multiple devices making it susceptible to vulnerabilities. This paper discusses a new network model that implements a strong security framework over a new routing technique. The new network model, unlike any other, features a new addressing scheme that is no longer limited by the drawbacks of the legacy systems and can hence implement better security measures.
Nanda, A, Nanda, P & He, X 2016, 'Geo-Location Oriented Routing Protocol for Smart Dynamic Mesh Network', Proceedings of the 18th IEEE International Conference on High Performance Computing and Communications (HPCC-2016), IEEE International Conference on High Performance Computing and Communications, IEEE, Sydney, Australia.View/Download from: UTS OPUS or Publisher's site
Wireless Mesh Network is an emerging technology with great potential to become a Self-Sustained Network. Unlike the traditional networks that dominate the current communication system and rely on a large and expensive setup of wired/wireless access points to provide connection between users, the Wireless Mesh Network is formed by the user devices (referred as Nodes) which connect to each other to form a network. However, due to the use of legacy/traditional network models for mesh networks, there exist various limitations towards its implementation. This paper presents a new approach towards the Wireless Mesh Network, incorporating a new routing scheme based on the Geo-Location of the devices. It puts forward the structure, working principle and its performance during the first implementation.
Dang, TD, Hoang, D & Nanda, P 2016, 'A novel hash-based file clustering scheme for efficient distributing, storing, and retrieving of large scale health records', Proceedings - 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 10th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Symposium on Parallel and Distributed Processing with Applications, IEEE TrustCom/BigDataSE/ISPA 2016, International Conference on Trust, Security and Privacy in Computing and Communications, 10th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Symposium on Parallel and Distributed Processing with Applications, IEEE, Tianjin, China, pp. 1485-1491.View/Download from: UTS OPUS or Publisher's site
© 2016 IEEE. Cloud computing has been adopted as an efficient computing infrastructure model for provisioning resources and providing services to users. Several distributed resource models such as Hadoop and parallel databases have been deployed in healthcare-related services to manage electronic health records (EHR). However, these models are inefficient for managing a large number of small files and hence they are not widely deployed in Healthcare Information Systems. This paper proposed a novel Hash-Based File Clustering Scheme (HBFC) to distribute, store and retrieve EHR efficiently in cloud environments. The HBFC possesses two distinctive features: it utilizes hashing to distribute files into clusters in a control way and it utilizes P2P structures for data management. HBFC scheme is demonstrated to be effective in handling big health data that comprises of a large number of small files in various formats. It allows users to retrieve and access data records efficiently. The initial implementation results demonstrate that the proposed scheme outperforms original P2P system in term of data lookup latency.
Ambusaidi, MA, He, X & Nanda, P 2015, 'Unsupervised feature selection method for intrusion detection system', Proceedings - 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2015, IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), IEEE, Helsinki, Finland, pp. 295-301.View/Download from: UTS OPUS or Publisher's site
© 2015 IEEE. This paper considers the feature selection problem for data classification in the absence of data labels. It first proposes an unsupervised feature selection algorithm, which is an enhancement over the Laplacian score method, named an Extended Laplacian score, EL in short. Specifically, two main phases are involved in EL to complete the selection procedures. In the first phase, the Laplacian score algorithm is applied to select the features that have the best locality preserving power. In the second phase, EL proposes a Redundancy Penalization (RP) technique based on mutual information to eliminate the redundancy among the selected features. This technique is an enhancement over Battiti's MIFS. It does not require a user-defined parameter such as beta to complete the selection processes of the candidate feature set as it is required in MIFS. After tackling the feature selection problem, the final selected subset is then used to build an Intrusion Detection System. The effectiveness and the feasibility of the proposed detection system are evaluated using three well-known intrusion detection datasets: KDD Cup 99, NSL-KDD and Kyoto 2006+ dataset. The evaluation results confirm that our feature selection approach performs better than the Laplacian score method in terms of classification accuracy.
Jan, M, Nanda, P, He, X & Liu, RP 2015, 'A Sybil Attack Detection Scheme for a Centralized Clustering-based Hierarchical Network', The 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-15), IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), IEEE, Helsinki, Finland, pp. 318-325.View/Download from: UTS OPUS or Publisher's site
Wireless Sensor Networks (WSNs) have experienced phenomenal growth over the past decade. They are typically deployed in remote and hostile environments for monitoring applications and data collection. Miniature sensor nodes collaborate with each other to provide information on an unprecedented temporal and spatial scale. The resource-constrained nature of sensor nodes along with human-inaccessible terrains poses various security challenges to these networks at different layers. In this paper, we propose a novel detection scheme for Sybil attack in a centralized clustering-based hierarchical network. Sybil nodes are detected prior to cluster formation to prevent their forged identities from participating in cluster head selection. Only legitimate nodes are elected as cluster heads to enhance utilization of the resources. The proposed scheme requires collaboration of any two high energy nodes to analyze received signal strengths of neighboring nodes. The simulation results show that our proposed scheme significantly improves network lifetime in comparison with existing clustering-based hierarchical routing protocols.
Saini, A, Gaur, M, Laxmi, V & Nanda, P 2015, 'sandFOX: Secure Sandboxed and Isolated Environment for Firefox Browser', Proceedings of the 8th International Conference on Security of Information and Networks, International Conference on Security of Information and Networks, AMC, Sochi, Russia, pp. 20-27.View/Download from: UTS OPUS or Publisher's site
Browser functionalities can be widely extended by browser extensions. One of the key features that makes browser extensions so powerful is that they run with "high" privileges. As a consequence, a vulnerable or malicious extension might expose browser, and operating system (OS) resources to possible attacks such as privilege escalation, information stealing, and session hijacking. The resources are referred as browser as well as OS components accessed through browser extension such as accessing information on the web application, executing arbitrary processes, and even access files from a host file system.
This paper presents sandFOX (secure sandbox and iso- lated environment), a client-side browser policies for constructing sandbox environment. sandFOX allows the browser extension to express fine-grained OS specific security policies that are enforced at runtime. In particular, our proposed policies provide the protection to OS resources (e.g., host file system, network and processes) from the browser attacks. We use Security-Enhanced Linux (SELinux) to tune OS and build a sandbox that helps in reducing potential damage from attacks on the OS resources. To show the practicality of sandFOX in a range of settings, we compute the effectiveness of sandFOX for various browser attacks on OS resources. We also show that sandFOX enabled browser experiences low overhead on loading pages and utilizes negligible memory when running with sandbox environment
Chemalamarri, VD, Nanda, P & Felix Navarro, KM 2015, 'SYMPHONY - A Controller Architecture for Hybrid Software Defined Networks', Proceedings of the 2015 Fourth European Workshop on Software Defined Networks (EWSDN), European Workshop on Software Defined Networks, IEEE, Bilbao, Spain, pp. 55-60.View/Download from: UTS OPUS or Publisher's site
As enterprises migrate to SDN, a brown field network transitional state is inevitable, where both Software Defined and Legacy networks coexist. The aim of this work is to further the knowledge in the area of Hybrid Software Defined Network (SDN) networks, by investigating requirements and challenges involved in building such networks. This work proposes a Hybrid SDN controller architecture to establish, control and inter-domain communication between the legacy and SDN domains.
Johannes, A, Nanda, P & He, X 2015, 'Resource Utilization Based Dynamic Pricing Approach on Cloud Computing Application', Springer International Publishing, International Conference on Algorithms and Architectures for Parallel Processing, Springer International Publishing, Zhangjiajie, China, pp. 669-677.View/Download from: UTS OPUS or Publisher's site
Utilizing cloud-based services, users are required to first specify their goal of using such cloud based applications and then obtain service compositions satisfying their specific needs from the cloud service providers. The process involves dynamic pricing schemes for service provisioning between themselves and their cloud service providers. As a result, it is quite challenging with existing supply and demand driven approaches to ensure true dynamic resource provisioning for users with critical applications. To address this problem, we propose a game theory approach based on fuzzy logic which is then used to ensure aspects of resource provisioning on cloud. In our approach, we perform a trade-off for resources between service provider, cloud resource provider and service user based on the user demand and avoid rejecting users to ensure reliable resource provisioning. Experimental results demonstrate that our proposed approach can improve resource utilization associated with users.
Dang, T, Hoang, D & Nanda, P 2015, 'Data mobility management model for active data cubes', 2015 IEEE Trustcom/BigDataSE/ISPA, IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), IEEE, Helsinki, Finland, pp. 750-757.View/Download from: UTS OPUS or Publisher's site
Cloud computing dramatically reduces the expense and complexity of managing IT systems. Business customers do not need to invest in their own costly IT infrastructure, but can delegate and deploy their services effectively to cloud vendors and service providers. A number of security and protection mechanisms have been proposed to prevent the disclosure of sensitive information or tempering with the data by employing various policy, encryption, and monitoring approaches. However, few efforts have been focused on data mobility issues in terms of protection of data when it is moved within a cloud or to and from a new cloud environment. To allay users' concern of data control, data ownership, security and privacy, we propose a novel data mobility management model which ensures continuity protecting data at new cloud hosts at new data locations. The model provides a mobility service to handle data moving operation that relies on a new location database service. The new model allows the establishment of a proxy supervisor in the new environment and the ability of the active data to record its own location. The experimental outcomes demonstrate the feasibility, proactivity, and efficiency by the full mobility management model.
Ambusaidi, MA, He, X, Tan, Z, Nanda, P, Lu, L & Nagar, U 2014, 'A novel feature selection approach for intrusion detection data classification', 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), IEEE Computer Society, Beijing, pp. 82-89.View/Download from: UTS OPUS or Publisher's site
Intrusion Detection Systems (IDSs) play a significant
role in monitoring and analyzing daily activities occurring
in computer systems to detect occurrences of security threats.
However, the routinely produced analytical data from computer
networks are usually of very huge in size. This creates a major
challenge to IDSs, which need to examine all features in the
data to identify intrusive patterns. The objective of this study is
to analyze and select the more discriminate input features for
building computationally efficient and effective schemes for an
IDS. For this, a hybrid feature selection algorithm in combination
with wrapper and filter selection processes is designed in this
paper. Two main phases are involved in this algorithm. The
upper phase conducts a preliminary search for an optimal subset
of features, in which the mutual information between the input
features and the output class serves as a determinant criterion.
The selected set of features from the previous phase is further
refined in the lower phase in a wrapper manner, in which the
Least Square Support Vector Machine (LSSVM) is used to guide
the selection process and retain optimized set of features. The
efficiency and effectiveness of our approach is demonstrated
through building an IDS and a fair comparison with other stateof-
the-art detection approaches. The experimental results show
that our hybrid model is promising in detection compared to the
previously reported results.
Chomsiri, He, X, Nanda, P & Tan, Z 2014, 'A Stateful Mechanism for the Tree-Rule Firewall', 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), IEEE Computer Society, Beijing, pp. 122-129.View/Download from: UTS OPUS or Publisher's site
In this paper, we propose a novel connection
tracking mechanism for Tree-rule firewall which essentially
organizes firewall rules in a designated Tree structure. A new
firewall model based on the proposed connection tracking
mechanism is then developed and extended from the basic model
of Netfilter's ConnTrack module, which has been used by many
early generation commercial and open source firewalls including
IPTABLES, the most popular firewall. To reduce the
consumption of memory space and processing time, our proposed
model uses one node per connection instead of using two nodes as
appeared in Netfilter model. This can reduce memory space and
processing time. In addition, we introduce an extended hash table
with more hashing bits in our firewall model in order to
accommodate more concurrent connections. Moreover, our
model also applies sophisticated techniques (such as using static
information nodes, and avoiding timer objects and memory
management tasks) to improve its processing speed. Finally, we
implement this model on Linux Cent OS 6.3 and evaluate its
speed. The experimental results show that our model performs
more efficiently in comparison with the Netfilter/IPTABLES.
Jan, A, Nanda, P, He, X, Tan, Z & Liu, R 2014, 'A Robust Authentication Scheme for Observing Resources in the Internet of Things Environment', 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), IEEE Computer Society, Beijing, pp. 205-211.View/Download from: UTS OPUS or Publisher's site
The Internet of Things is a vision that broadens
the scope of the internet by incorporating physical objects to
identify themselves to the participating entities. This innovative
concept enables a physical device to represent itself in the digital
world. There are a lot of speculations and future forecasts
about the Internet of Things devices. However, most of them
are vendor specific and lack a unified standard, which renders
their seamless integration and interoperable operations. Another
major concern is the lack of security features in these devices and
their corresponding products. Most of them are resource-starved
and unable to support computationally complex and resource
consuming secure algorithms. In this paper, we have proposed
a lightweight mutual authentication scheme which validates the
identities of the participating devices before engaging them in
communication for the resource observation. Our scheme incurs
less connection overhead and provides a robust defence solution
to combat various types of attacks.
Yu, D, Nanda, P & He, S 2012, 'Performance Uncertainty Impact on WSNs Design Evaluation', 2012 International Conference on Control Engineering and Communication Technology, International Conference on Control Engineering and Communication Technology (ICCECT), IEEE Computer Society, Liaoning, China, pp. 723-726.View/Download from: UTS OPUS or Publisher's site
In this paper we try to characterize wireless sensor network (WSNs) performance uncertainty (PU) attribute, identify the source and cause of PU, then we challenge that performance stability should treated seriously as one metric among other important metric depending application scenario. We further classify PU impacts on system evaluation and comparison process. Finally, we propose PU mitigation strategy
Hugo Cruz, S, Ciarletta, L, Song, Y & Nanda, P 2013, 'Routing Scheme for a Wireless Sensor Network Real-Time Locating System', The 9th International Wireless Communications and Mobile Computing Conference, ACM International Wireless Communications and Mobile Computing Conference, IEEE Computer Society, Cagliari, Italy, pp. 159-164.View/Download from: UTS OPUS or Publisher's site
This work contains a routing proposition to be used over a Wireless Sensor Network (WSN) location system based on the IEEE 802.15.4 standard. The technical solution for communication consists of an n-ary tree algorithm for routing using a 16 bit addressing scheme. It is compared to a binary routing scheme originally used on a real system which suffers from coverage, routing and addressing problem. An analysis of the coverage aspects is driven by a geometric study. It includes an analysis of a generated topology for different coverage areas and different routing topologies. The geometric analysis is validated by a simulation work. We observe that the proposed scheme outperforms the existing routing solution in terms of hop-count, delay and association process time. The work puts in evidence that the Connectivity of the network is an important parameter to be considered during the network deployment and for the routing scheme
Jan, MA, Nanda, P & He, S 2013, 'Energy Evaluation Model for an Improved Centralized Clustering Hierarchical Algorithm in WSN', Lecture Notes in Computer Science, International Conference on Wired / Wireless Internet Communications, Springer-Verlag Berlin Heidelberg, St. Petersburg, Russia, pp. 154-167.View/Download from: UTS OPUS or Publisher's site
Wireless Sensor Networks (WSN) consists of battery-powered sensor nodes which collect data and route the data to the Base Station. Centralized Cluster-based routing protocols efficiently utilize limited energy of the nodes by selecting Cluster Heads (CHs) in each round. Selection of CHs and Cluster formation is performed by the Base Station. In each round, nodes transmit their location information and their residual energy to the Base Station. This operation is a considerable burden on these resource hungry sensor nodes. In this paper we propose a scheme whereby a small number of High-Energy nodes gather location information and residual energy status of the sensing nodes and transmit to the Base Station. This scheme eliminates CH advertisement phase in order to conserve energy. Based on the energy consumption by various types of nodes, we have derived an energy model for our algorithm which depicts the total energy consumption in the network.
Jan, MA, Nanda, P, He, S & Liu, R 2013, 'Enhancing Lifetime and Quality of Data in Cluster-based Hierarchical Routing Protocol for Wireless Sensor Network', 2013 IEEE International Conference on High Performance Computing and Communications & 2013 IEEE International Conference on Embedded and Ubiquitous Computing, IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, IEEE, Zhangjiajie, Hunan Province, P.R. China, pp. 1400-1407.View/Download from: UTS OPUS or Publisher's site
Wireless Sensor Network (WSN) performs energyextensive tasks and it is essential to rotate sensor nodes frequently so that Cluster Head selections can be made efficiently. In this paper, we aim to improve the lifetime of sensor network by using LEACH based protocols and efficiently utilizing the limited energy available in these sensor nodes. In sensor network, the amount of data delivered at the base station is not important but it is the quality of the data which is of utmost importance. Our proposed approach significantly improves the life time and quality of data being delivered at the base station in sensor network. We evaluate our proposed approach using different sets of node energy levels and in each case our approach shows significant improvement over existing cluster-based hierarchical routing protocols. We evaluate our scheme in terms of energy consumption, life time and quality of data delivered at the base station.
Hoang, DB, Elliott, D, McKinley, SM, Nanda, P, Schulte, J & Duc, NA 2012, 'Tele-monitoring techniques to support recovery at home for survivors of a critical illness', Signal Processing and Information Technology 2012, IEEE International Symposium on Signal Processing and Information Technology (ISSPIT), IEEE, Ho Chi Minh City, Vietnam, pp. 1-6.View/Download from: UTS OPUS or Publisher's site
This paper proposes and explores the design of a system that includes sensor-based procedures and techniques for remote physiological sensing and functional assessment for these individuals.
Chomsiri, T, He, S & Nanda, P 2012, 'Limitation of Listed-Rule Firewall and the Design of Tree-Rule Firewall', Internet and Distributed Computing Systems (LNCS), International Conference on Internet and Distributed Computing Systems, Springer, Fujian, China, pp. 275-287.View/Download from: UTS OPUS or Publisher's site
This research will illustrate that firewalls today (Listed-Rule Firewall) have five important limitations which may lead to security problem, speed problem and "difficult to use" problem. These limitations consist of, firstly, limitation about "Shadowed rules" (the rule that cannot match with any packet because a packet will be matched with other rules above) which can lead to security and speed problem. Secondly, limitatin about swapping position between rules can bring a change in firewall policy and cause security problem. The third limitation is about "Redundant rules" which can cause speed problem. Next,limitation of rule design; firewall administrators have to put "Bigger Rules" only at the bottom or lower positions can result in a "difficult to use" problem. Lastly, limitation from sequential computation can lead to speed problem. Moreover, we also propose design of the new firewall named "Tree-Rule Firewall" which does not have above limitations.
Mujtaba, M, Nanda, P & He, S 2012, 'Border Gateway Protocol Anomaly Detection using Failure Quality Control Method', 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), CPS (Conference Publishing Services), Liverpool, UK, pp. 1239-1244.View/Download from: UTS OPUS or Publisher's site
Border Gateway Protocol (BGP) is the de-facto inter-domain routing protocol used across thousands of Autonomous Systems (AS) joined together in the Internet. Security has been a major issue for BGP. Nevertheless, BGP suffers from serious threats even today, like Denial of Service (DoS) attack and misconfiguration of routing information. BGP is one of the complex routing protocols and hard to configure against malicious attacks. However, it is important to detect such malicious activities in a network, which could otherwise cause problems for availability of services in the Internet. In this paper we use the Failure Quality Control (FQC), a technique to detect anomaly packets in the network for real time intrusion detection.
Tan, T, Jamdagni, A, Nanda, P, He, S & Liu, R 2012, 'Evaluation on Multivariate Correlation Analysis Based Denial-of-Service Attack Detection System', International Conference on Security of Internet of Things, International Conference on Security of Internet of Things, ACM, Kollam, India, pp. 1-5.View/Download from: UTS OPUS or Publisher's site
In this paper, a Denial-of-Service (DoS) attack detection system is explored, where a multivariate correlation analysis technique based on Euclidean distance is applied for network traffic characterization and the principal of anomaly-based detection is employed in attack recognition. The effectiveness of the detection system is evaluated on the KDD Cup 99 dataset and the influence of data normalization on the performance of attack detection is analyzed in this paper as well. The evaluation results and comparisons prove that the detection system is effective in distinguishing DoS attack network traffic from legitimate network traffic and outperforms two state-of-the-art systems.
Tan, T, Jamdagni, A, He, S, Nanda, P & Liu, R 2012, 'Triangle-Area-Based Multivariate Correlation Analysis for Effective Denial-of-Service Attack Detection', 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), IEEE Computer Society, Liverpool UK, pp. 33-40.View/Download from: UTS OPUS or Publisher's site
Cloud computing plays an important role in current converged networks. It brings convenience of accessing services and information to users regardless of location and time. However, there are some critical security issues residing in cloud computing, such as availability of services. Denial of service occurring on cloud computing has even more serious impact on the Internet. Therefore, this paper studies the techniques for detecting Denial-of-Service (DoS) attacks to network services and proposes an effective system for DoS attack detection. The proposed system applies the idea of Multivariate Correlation Analysis (MCA) to network traffic characterization and employs the principal of anomaly-based detection in attack recognition. This makes our solution capable of detecting known and unknown DoS attacks effectively by learning the patterns of legitimate network traffic only. Furthermore, a triangle area technique is proposed to enhance and speed up the process of MCA. The effectiveness of our proposed detection system is evaluated on the KDD Cup 99 dataset, and the influence of both non-normalized and normalized data on the performance of the detection system is examined. The results presented in the system evaluation section illustrate that our DoS attack detection system outperforms two state-of-theart approaches
Ambu Saidi, MA, Lu, L, Tan, T, He, S, Jamdagni, A & Nanda, P 2012, 'A Nonlinear Correlation Measure for Intrusion Detection', The 7th International Conference on Frontier of Computer Science and Technology (FCST-12), International Conference on Frontier of Computer Science and Technology, IEEE Computer Society, Suzhou, China, pp. 1-7.View/Download from: UTS OPUS
The popularity of the Internet supplies attackers with a new means to violate any organizations and individuals. This raises the concerns of the Internet users and research community. One of the effective solutions of addressing this issue is Intrusion Detection System (IDS), which is defined as a type of security tools used to detect any malicious behaviors on computer networks. However, IDSs are commonly prone to high false positive rates. In order to solve this technical challenge, this paper proposes an effective Nonlinear Correlation Coefficient (NCC) based measure, which can accurately extract both linear and nonlinear correlations between network traffic records, for intrusion detection. Then, we demonstrate the effectiveness of our proposed NCC-based measure in extracting correlations by comparing against the Pearsonâs Correlation Coefficient (PCC) based measure. The demonstration is conducted on KDD Cup 99 data set, and the experimental results show that our proposed NCC-based measure not only helps reduce false alarm rate, but also helps distinguish normal and abnormal behaviors efficiently.
Myint, H, Nanda, P & He, X 2012, 'Evaluation of billing and charging architecture for the Internet service provisioning', 2012 International Symposium on Communications and Information Technologies, ISCIT 2012, International Symposium on Communications and Information Technologies, IEEE Xplore, Gold Coast, QLD, Australia, pp. 895-900.View/Download from: UTS OPUS or Publisher's site
This article develops a charging scheme that is simple and easily usable for the users and provides them with the incentives to use only the resources they require. Our scheme has been developed and based on the use of Internet resource and demonstrates how the contributing providers can share the total charge earned by each mobile and wireless services in a fair way. We made a comparison of our architecture with existing architectures and demonstrated that our architecture adopts an accommodating approach for customer which is economically viable for the ISP provider. © 2012 IEEE.
Schulte, J, Nguyen, V, Hoang, DB, Elliott, D, McKinley, SM & Nanda, P 2012, 'A remote sensor-based 6-minute functional walking ability test', IEEE Sensors 2012, IEEE Sensors, IEEE, Taipei, Taiwan, pp. 1-4.View/Download from: UTS OPUS or Publisher's site
This paper proposes and implements an integrated remote sensor-based 6-minute walk test (6MWT) for monitoring a patient's clinical condition and correlate this data to the walking activity that the patient is performing to assess his/her functional ability and physical performance. The 6MWT is known to be one of the most effective rehabilitation tests for a clinician to assess individuals with a variety of clinical conditions including survivors of a critical illness. Our method deploys body sensors for measuring health conditions and an on-body accelerometer for detecting motion. An intelligent algorithm was developed to detect a walk step, count the number of steps, and dynamically derive the step distance based on an individual's real-time walking parameters. The path and the derived walk distance are then related to their vital signs to assess their functional ability under various walk conditions. Our remote 6MWT is being considered for a telehealth rehabilitation procedure in an integrated assistive healthcare system.
Yang, A & Nanda, P 2011, 'Building Content Distribution Network : A Solution to achieve QoS on Internet', 2011 International Conference on Internet Technology and Applications iTAP 2011, International Conference on Internet Technology and Applications iTAP, IEEE Computer Society, Wuhan, China, pp. 1-3.View/Download from: UTS OPUS or Publisher's site
Content Distribution Network (CDN) involves several technologies, rather than just one technology working alone. CDN is another method to provide Quality of Service (QoS) to different applications and deliver different types of media content to end-users over the Internet. Since it is important to improve Internet performance in recent years, CDN has been an approach providing better Internet services. There are a number of technologies and components included in the CDN, and also several challenges needed to be considered for its performance. This paper presents basiccomponents of CDN and summarizes the challenges and issues analyzing the development of CDNs towards QoS.
Nanda, P & Mujtaba, M 2011, 'Analysis of BGP Security Vulnerabilities', 9th Australian Information Security Management Conference, Australian Information Security Management Conference, SECAU- Security Research Centre, Edith Cowan University, Perth, Citigate Hotel, Perth, pp. 204-214.View/Download from: UTS OPUS
Border Gateway Protocol (BGP) is a dynamic routing protocol in the Internet that allows Autonomous System (AS) to exchange information with other networks. The main goal of BGP is to provide a loop free path to the destination. Security has been a major issue for BGP and due to a large number of attacks on routers; it has resulted in router misconfiguration, power failure and Denial of Service (DoS) attacks. Detection and prevention of attacks in router at early stages of implementation has been a major research focus in the past few years. In this research paper, we compare three statistical based anomaly detection algorithms (CUSUM, adaptive threshold and k-mean cluster) through experiment. We then carry out analysis, based on detection probability, false alarm rate and capture intensity (high & low) on the attacked routers.
Myint, H & Nanda, P 2011, 'An Integrated Model Supporting Billing and QOS in the internet', 12th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD 2011), ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, IEEE Computer Society, Sydney Australia, pp. 38-44.View/Download from: UTS OPUS or Publisher's site
This article develops a charging scheme that is simple and easily usable for the users and provides them with the incentives to use only the resources they need. This scheme is developed on the time-volume charging approach to show how the contributing providers can share the total charge earned by each mobile and wireless service instance in a fair way, with each provider collecting the portion of charge that corresponds to the consumption of its own resources for the service. This is alos an important issue for the commercial viability of mobile service to mobile users, given that its provision spans multiple domains. Our proposed architecture is compliant to the relevant standards and can serve as a basis for applying other internet charging schemes as well
Tan, T, Jamdagni, A, He, S, Nanda, P & Liu, R 2011, 'Multivariate Correlation Analysis Technique Based on Euclidean Distance Map for Network Traffic Characterization', Information and Communications Security 13th International Conference, ICICS 2011, International Conference on Information and Communications Security, Springer Verlag, Beijing, China, pp. 388-398.View/Download from: UTS OPUS or Publisher's site
The quality of feature has significant impact on the performance of detection techniques used for Denial-of-Service (DoS) attack. The features that fail to provide accurate characterization for network traffic records make the techniques suffer from low accuracy in detection. Although researches have been conducted and attempted to overcome this problem, there are some constraints in these works. In this paper, we propose a technique based on Euclidean Distance Map (EDM) for optimal feature extraction. The proposed technique runs analysis on original feature space (first-order statistics) and extracts the multivariate correlations between the first-order statistics. The extracted multivariate correlations, namely second-order statistics, preserve significant discriminative information for accurate characterizations of network traffic records, and these multivariate correlations can be the high-quality potential features for DoS attack detection. The effectiveness of the proposed technique is evaluated using KDD CUP 99 dataset and experimental analysis shows encouraging results.
Yu, D, Nanda, P & Braun, RM 2011, 'Credibility Problems and Tradeoff between Realistic and Abstraction in WANET and WSN Simulation', The 7th International Conference on Wireless Communications, Networking and Mobile Computing (WICOM 2011), International Conference on Wireless Communications, Networking and Mobile Computing, IEEE Computer Society, Wuhan, China, pp. 1-4.View/Download from: UTS OPUS or Publisher's site
Wireless network Simulation is challenging due to the effect of the dynamic and fading channel. The task is even more challenging in Wireless Sensor Network (WSN), adding the factor of energy source limitation. Validating simulation results with real implementation are still an unresolved question in wireless research in general and in particular WSN. There are few standard procedures to follow which guarantee accuracy and credibility in terms of answering the question in hands. On one hand, simulation results are aimed towards as realistic as possible conforming to real world implementation. On the other hand, abstraction can eliminate the fragmentation of hardware prototypes, operating system models and different simulation tools. In our research we try to tackle credibility problem in WSN with tradeoffs between realistic and abstraction, and setup the principles and guideline for practical simulations in WSN.
Tan, T, Jamdagni, A, He, S, Nanda, P & Liu, R 2011, 'Denial-of-Service Attack Detection Based on Multivariate Correlation Analysis', Neural Information Processing 18th International Conference, ICONIP 2011, International Conference on Neural Information Processing, Springer-Verlag, Shanghai, China, pp. 756-765.View/Download from: UTS OPUS or Publisher's site
The reliability and availability of network services are being threatened by the growing number of Denial-of-Service (DoS) attacks. Effective mechanisms for DoS attack detection are demanded. Therefore, we propose a multivariate correlation analysis approach to investigate and extract second-order statistics from the observed network traffic records. These second-order statistics extracted by the proposed analysis approach can provide important correlative information hiding among the features. By making use of this hidden information, the detection accuracy can be significantly enhanced. The effectiveness of the proposed multivariate correlation analysis approach is evaluated on the KDD CUP 99 dataset. The evaluation shows encouraging results with average 99.96% detection rate and 2.08% false positive rate. Comparisons also show that our multivariate correlation analysis based detection approach outperforms some other current researches in detecting DoS attacks.
Mujtaba, M & Nanda, P 2011, 'Analysis of the BGP Security Vulnerabilities', 9th Australian Information Security Management Conference, Australian Information Security Management Conference, Security Research Centre, Edith Cowan University, Perth, Western Australia, pp. 204-214.View/Download from: UTS OPUS
Border Gateway Protocol (BGP) is a dynamic routing protocol in the Internet that allows Autonomous System (AS) to exchange information with other networks. The main goal of BGP is to provide a loop free path to the destination. Security has been a major issue for BGP and due to a large number of attacks on routers; it has resulted in router misconfiguration, power failure and Denial of Service (DoS) attacks. Detection and prevention of attacks in router at early stages of implementation has been a major research focus in the past few years. In this research paper, we compare three statistical based anomaly detection algorithms (CUSUM, adaptive threshold and k-mean cluster) through experiment. We then carry out analysis, based on detection probability, false alarm rate and capture intensity (high & low) on the attacked routers.
Jamdagni, A, Tan, T, Nanda, P, He, S & Liu, R 2010, 'Intrusion Detection Using GSAD Model for HTTP Traffic on Web Services', 2010 IWCMC - Proceedings of the 6th International Wireless Communications and Mobile Computing Conference, International Wireless Communications and Mobile Computing Conference, Association for Computing Machinery, Inc. (ACM), Caen, France, pp. 1193-1197.View/Download from: UTS OPUS or Publisher's site
Intrusion detection systems are widely used security tools to detect cyber-attacks and malicious activities in computer systems and networks. Hypertext Transport Protocol (HTTP) is used for new applications without much interference. In this paper, we focus on intrusion detection of HTTP traffic by applying pattern recognition techniques using our Geometrical Structure Anomaly Detection (GSAD) model. Experimental results reveal that features extracted from HTTP request using GSAD model can be used to distinguish anomalous traffic from normal traffic, and attacks carried out over HTTP traffic can be identified. We evaluate and compare our results with the results of PAYL intrusion detection systems for the test of DARPA 1999 IDS data set. The results show GSAD has high detection rates and low false positive rates.
Jamdagni, A, Tan, T, Nanda, P, He, S & Liu, R 2010, 'Mahalanobis Distance Map Approach for Anomaly Detection of Web-Based Attacks', The Proceedings of the 8th Australian Information Security Management Conference, Australian Information Security Management Conference, SECAU - Security Research Centre, Perth, Western Australia, pp. 8-17.View/Download from: UTS OPUS
Web servers and web-based applications are commonly used as attack targets. The main issues ar how to prevent unauthorised access and to protect web servers from the attack. Intrusion Detection Systems (IDSs) are widely used security tools to detect cyber-attacks and malicious activities in computer systems and networks. In this paper, we focus on the detection of various web-based attacks using Geometrical Structure Anomaly Detection (GSAD) model and we also propose a novel algorithm for the selection of most discriminating features to improve the computational complexity of payload-based GSAD model. Linear Discriminant method (LDA) is used for the feature reduction and classification of the incoming network traffic. GSAD model is based on a pattern recognition technique used in image processing. It analyses te correlations between various payload fetures and uses Mahalanobis Distance Map (MDM) to calculate the difference between normal and abnormal network traffic. We focus on the detection of generic attacks, shell code attacks, polymorphic attacks and polymorphic blending attacks. We evaluate accuracy of GSAD model experimentally on the real world attacks dataset created at Georgia Institute of Technology. We conducted preliminary experiments on the DARPA 99 dataset to evaluate the accuracy of feature reduction.
Tan, T, Jamdagni, A, He, S, Nanda, P, Liu, R, Jia, W & Yeh, W 2010, 'A Two-Tier System for Web Attack Detection Using Linear Discriminant Method', Information and Communications Security - Lecture Notes in Computer Science 6476, Information and Communications Security, Springer, Barcelona, Spain, pp. 459-471.View/Download from: UTS OPUS or Publisher's site
Computational cost is one of the major concerns of the commercial Intrusion Detection Systems (IDSs). Although these systems are proven to be promising in detecting network attacks, they need to check all the signatures to identify a suspicious attack in the worst case. This is time consuming. This paper proposes an efficient two-tier IDS, which applies a statistical signature approach and a Linear Discriminant Method (LDM) for the detection of various Web-based attacks. The two-tier system converts high-dimensional feature space into a low-dimensional feature space. It is able to reduce the computational cost and integrates groups of signatures into an identical signature. The integration of signatures reduces the cost of attack identification. The final decision is made on the integrated low-dimensional feature space. Finally, the proposed two-tier system is evaluated using DARPA 1999 IDS dataset for webbased attack detection.
Tan, T, Jamdagni, A, He, S & Nanda, P 2010, 'Network Intrusion Detection Based on LDA for Payload Feature Selection', IEEE Globecom 2010 Workshop on Web and Pervasive Security (WPS 2010), IEEE Globecom Workshop on Web and Pervasive Security, IEEE Computer Society, Miami USA, pp. 1590-1594.View/Download from: UTS OPUS or Publisher's site
Anomaly Intrusion Detection System (IDS) is a statistical based network IDS which can detect attack variants and nove attacks without a priori knowledge. Current anomaly IDSs are inefficient for real-time detection because of their complex computation. This paper proposes a novel approach to reduce the heavy computational cost of an anomaly IDS. Linear Discriminant Analysis (LDA) and difference distance map are used for selection of significant features. This approach is able to transform high-dimensional features. This approach is able to transform high-dimensional feature vectors into a low-dimensional domain. The similarity between new incoming packets and a normal profile is determined using Euclidean distance o the simple, low dimensional feature domain. The final decision will be made according to a pre-calculated threshold to diffferentiate normal and abnormal network packets. The proposed approach is evaluated using DARPA 1999 IDS dataset.
Jamdagni, A, Tan, T, Liu, R, Nanda, P & He, S 2010, 'Pattern Recognition Approach for Anomaly Detection of Web-based Attacks', The Seventh Annual CSIRO ICT Centre Science and Engineering Conference, Annual CSIRO ICT Centre Science and Engineering Conference, CSIRO, Australian Technology Park, Eveleigh, NSW, Australia, pp. 1-2.View/Download from: UTS OPUS
The universal use of the Internet has made it more difficult to achieve high security. Attackers target web applications instead of Telnet ports. Cyber-attacks and breaches of information security are increasing in frequency. The goal of Intrusion Detection Systems (IDSs) is to monitor network traffic and detect web-based attacks. Common IDSs are either signature based or anomaly based. Signature based IDS is unable to detect novel attack (Le., zero-day) or polymorphic attacks, until the signature database is updated. On the other hand, an anomaly-based IDS can detect new attacks and polymorphic attacks. However, anomaly based system has a relatively high number of false positives.
Tan, T, He, S & Nanda, P 2009, 'Web Service Locating Unit in RFID-centric Anti-counterfeit System', Proceeding of 2009 IEEE International Symposium on Parallel and Distributed Processing with Applications, IEEE International Symposium on Parallel and Distributed Processing with Applications, IEEE Computer Society, Chengdu, Sichuan, China, pp. 389-393.View/Download from: UTS OPUS or Publisher's site
Web Service Locating Unit (WSLU) is able to simplify the deployment of RFID-centric anti-counterfeit system over the Internet.
Jamdagni, A, Tan, T, Nanda, P, He, S & Liu, R 2009, 'Intrusion Detection Using Geometrical Structure', Proceeding of 2009 International Conference on Frontier of Computer Science and Technology, International Conference on Frontier of Computer Science and Technology, IEEE Computer Society, Shanghai, China, pp. 327-333.View/Download from: UTS OPUS or Publisher's site
Geometrical Structure Anomaly Detection (GSAD) model to detect intrusion using the packet payload in the network. GSAD takes into account the correlations among the packet payload features arranged in a geometrical structure. The representation is based on statistical analysis of Mahalanobis distances among payload features, which calculate the similarity of new data against precomputed profile.
Jamdagni, A, Tan, T, Liu, R, Nanda, P & He, S 2009, 'A Frame Work for Geometrical Structure Anomaly Detection Model', The sixth annual CSIRO ICT Centre Science and Engineering Conference, Centre Science and Engineering Conference, CSIRO, Australian Technology Park, NSW, Australia, pp. 109-110.View/Download from: UTS OPUS
The growth of Internet offers quality and convenience to human life, but at the same time provides a platform for hackers and criminals. The Internet security hence becomes an important issue. Intrusion Detection System (IDS) is designed to detect intrusion and also to prevent a system from being compromised. In this paper, we present a novel Geometrical Structure Anomaly Detection (GSAD) model. GSAD employs pattern recognition techniques previously used in human detection [2}.
Nanda, P 2008, 'Supporting QoS guarantees using Traffic Engineering and Policy based Routing', 2008 International Conference on Computer Science and Software Engineering, International Conference on Computer Science and Software Engineering, IEEE Computer Society, Wuhan, Hubei, China, pp. 137-142.View/Download from: UTS OPUS or Publisher's site
Nanda, P & Simmonds, AJ 2005, 'Effect of Network Policies on Internet Traffic Engineering', Innovative Applications of Information Technology for Developing World: Proceedings of the Third Asian Applied Computing Conference, Asian Applied Computing Conference, Imperial College Press, Kathmandu, Nepal, pp. 300-307.View/Download from: UTS OPUS
Nanda, P & Fernandes, RC 2007, 'Quality of Service in Telemedicine', Proceeding of International Conference on Digital Society (ICDS) 2007, International Conference on Digital Society, IEEE Computer Society, Guadaloupe, French Carribean, pp. 1-6.View/Download from: UTS OPUS or Publisher's site
Telemedicine is one of the fastest growing fields with several innovations happening in managed health-care. With Internet and its infrastructures playing important role in the success of this field, it is not advisable to run some of the critical applications like high quality audio and video involved in telemedicine without proper Quality of Service (QoS) built on to the network. This paper focuses on two telemedicine setups that have been implemented on different backbone technologies. The first case discusses a virtual critical care unit that is setup for communication on an Asynchronous Transfer Mode (ATM) backbone and a possible model on how QoS for important traffic streams can be achieved in ATM. The second case discusses a minimal access operation that was remotely conducted on a patient with the help of telerobotics on a Multi Protocol Label Switching (MPLS) setup and provides a possible solution for achieving quality of service through MPLS in that scenario.
Nanda, P & Simmonds, AJ 2006, 'Policy based QOS support using BGP routing', 2006 international conference on communications in computing - CIC 06, International Conference on Communications in Computing, CSREA Press, Las Vegas, USA, pp. 63-69.View/Download from: UTS OPUS
D'Auriol, BJ, Arabnia, HR, Chung, PT, Liszka, K, Pan, Y, Parhami, B, Pescapè, A, Smid, J, Abonamah, A, Alameldin, T, Alghazo, JM, Apparao, P, Bhavsar, V, Biaz, S, Boppana, RV, Bourgeois, A, Bruneel, H, Buhari, SM, Chan, H, Chen, Z, Victor, C, Dai, Y, Dang, XH, De Turck, F, Dehne, F, Engel, T, Eskicioglu, MR, Frietman, EEE, Garrido, J, Gavrilova, ML, Graham, PCJ, Gravvanis, GA, He, L, Hung, CC, Iftekharuddin, KM, Iraqi, Y, Jack, J, Jia, W, Jun, YK, Kato, H, Li, K, Li, KC, Liang, X, Massini, A, McDonald-Maier, KD, Melhem, R, Mudiraj, P, Myoupo, JF, Nanda, P, Ould-Khaoua, M, Paprzycki, M, Petcu, D, Reinefeld, A, Risch, T, Romero, R, Sansone, C, Semé, D, Sessums, J, Shaw, R, Shen, H, Shrikumar, H, Skeie, T, Slimani, Y, Srimani, PK, Stutz, A, Sung, KY, Thomas, J, Uhlig, S, Vaidyanathan, R, Vasikarla, S, Wagner, A, Wang, BF, Welch, P, Wittevrongel, S, Wu, F, Xu, CW, Yang, L, Yim, KS, Young, G, Yu, H & Zheng, SQ 2005, 'General chair's foreword', Proceedings of the 2005 International Conference on Communications in Computing, CIC'05.
Nanda, P & Simmonds, AJ 2003, 'Policy Based Architecture for QoS over Differentiated Services Network', Proceedings of the International Conference on Internet Computing IC'03, International Conference on Internet Computing, CSREA Press, Las Vegas, USA, pp. 866-872.View/Download from: UTS OPUS
Nanda, P, Simmonds, AJ & Rajput, K 2003, 'Policy Based Network Architectures in Support for Guaranteed QoS', Proc of the International Conference on Information Technology, ITPC - 2003, Unknown, Kathmandu, Nepal, pp. 3-10.
Hoang, DB, Yu, Q, Li, M & Feng, D 2002, 'Fair Intelligent Congestion Control Resource Discovery Protocol on TCP Based Network', Converged Networking: Data and Real-time Communications over IP, 6TH International Symposium on Communications Internetworking, Kluwer Publishers, Perth, Australia, pp. 145-159.
Nanda, P & Simmonds, AJ 2001, 'Providing End-to-End Guaranteed Quality of Service Over The Internet: A Survey on Bandwidth Broker Architecture For Differentiated Services Network', Proceedings of The 4th International Conference on Information Technology, CIT 2001, Tata McGraw Hill Publishing Company Limited, Berhampur, India, pp. 211-216.View/Download from: UTS OPUS
Nanda, P, Simmonds, AJ & Lee, S 2002, 'Measuring Quality of Service in A Differentiated Services Domain With Linux', Proceedings of 5th International Conference on Information Technology, CIT 2002, Tata McGraw Hill Publishing Company Limited, Bhubaneswar, India, pp. 183-188.View/Download from: UTS OPUS
Simmonds, AJ & Nanda, P 2002, 'Resource Management in Differentiated Services Networks', Proceedings of the 6th International Symposium on Communication Networking, 6th International Symposium on Communication Networking, Kluwer Academic Publishers, Perth, Australia, pp. 313-323.View/Download from: UTS OPUS
- Data 61, Australia
- Institut National de Recherche en Informatique et Automatique (INRIA), Nancy, France
- Kaspersky Lab, Russia