情報科学研究院 ビッグデータとIoTに関する共同センター



  • 情報科学研究院 ビッグデータとIoTに関する共同センター


  • 准教授


  • Ph.D., Computing Science(2008年05月  University of Technology Sydney, Australia)

J-Global ID




  • Amjad Qashlan, Priyadarsi Nanda, Manoranjan Mohanty
    Future Generation Computer Systems 150 49 - 63 2024年01月 
    Secure and private communications using the Internet of Things (IoT) pose several challenges for smart home systems. In particular, data collected from IoT devices comprise sensitive personal information such as biomedical data, financial data, and location and activity data. Recent research looks into the use of blockchain in smart home systems, protecting the privacy of the data in use. Such solutions need to address the issue of privacy using a formal and mathematical model for data privacy due to the vulnerability associated with privacy-preserving blockchain networks. In the present paper, our approach aims to provide a privacy-preserving data aggregation mechanism in the context of Smart Homes that agree to contribute their data to a cloud server using machine learning to improve services for home users. We propose the use of differential privacy, a powerful concept in privacy preserving schemes to provide formal assurances about how much information is leaked using a privacy budget. The main purpose of using such a privacy-preserving scheme is to limit what can be inferred about individual training data from the model. Our techniques use a R′enyi differential privacy (RDP) machine learning scheme and are based on a variant of the stochastic gradient descent function. The performance of our proposed framework is evaluated using three public datasets: UNSW-NB15, NSL-KDD, and ToN-IoT datasets. Our findings show that differential private models can provide privacy protection against attackers by sacrificing a substantial amount of model utility. Therefore, we propose an empirical value of ϵ, that can optimally balances utility and privacy for the current smart home scenario datasets.
  • Vamshi Sunku Mohan, Sriram Sankaran, Priyadarsi Nanda, Krishnashree Achuthan
    Journal of Network and Computer Applications 219 2023年10月 
    Narrowband Internet of Things (NB-IoT) is a low bandwidth 3GPP communication standard transmitting small quantities of data over long distances at random intervals. However, as NB-IoT cannot support seamless handover between base stations, its applications are limited to stationary devices, which may result in the potential risk of fake base station connections in an attempt to maintain connectivity across cells. Considering characteristics such as low power consumption and high connection density, researchers envision using NB-IoT in mobile applications such as public-bike sharing, pet tracking etc. Connecting NB-IoT devices using decentralised architecture such as blockchain ensures seamless communication in mobile applications and eliminates bottlenecks due to multiple data requests observed in centralised networks. In this paper, we develop a hybrid blockchain framework facilitating mutual authentication between base stations to enhance user privacy and prevent fake base station connections and certificate transfers. Zero-knowledge proof used as the consensus algorithm enhances user privacy and message confidentiality. IoT devices are designed to store the hashes of their approved transactions as a linear hash chain instead of the complete merkle tree to minimise hash verification complexity. Additionally, base station memory is partitioned dynamically to enhance scalability and memory utilisation efficiency. We prototype our framework on Remix IDE in Ethereum and implement it on Raspberry Pi 4. The security of the proposed framework is formally verified using Scyther. Further, we show that our approach achieves 80.50% lower computational power, 74.73% lower execution time and 50% lower memory, respectively, in comparison with existing schemes making our proposed scheme lightweight.
  • Han Xu, Priyadarsi Nanda, Jie Liang, Xiangjian He
    Journal of Information Security and Applications 76 2023年08月 
    Federated learning has gained prominence for its superior privacy-preserving properties. However, establishing an incentive framework that motivates participants to contribute fully is essential to mitigate opportunistic behaviour arising from information asymmetry. Current frameworks primarily incentivize data owners to contribute resources in scenarios where model owners are dominant. This article addresses the underexplored scenario where data owners are in charge and the potential unethical behaviours it may entail. We propose a new framework, the Fair Clearing House (FCH), that promotes balanced participation from data owners and model owners, optimizing their contributions to the learning process. Numerical results demonstrate that FCH outperforms existing frameworks under comparable conditions while reducing unethical behaviours.
  • Abeer Alalmaie, Priyadarsi Nanda, Xiangjian He
    ACM International Conference Proceeding Series 1 - 9 2023年01月30日 
    The large number of connected networks that underpin today's IT ecosystem make them more vulnerable to cyber threats because of their connectivity, user diversity, amount of connected devices, and services and applications that are available worldwide. As a response to these cyberthreats, zero trust security has been recommended. However, it's crucial to remember that this kind of security monitoring can be done by outside experts. When cloud-based third parties access network traces, there are threats to data security, thus the present trend in security monitoring needs to change to a "Never Trust, Always Verify"approach. Network Intrusion Detection System (NIDS) can be used to detect anomalous behavior. Convolution Neural Network (CNN) and Bi-directional Long Short Term Memory (BiLSTM) based classifiers and Auto-Encoder (AE) feature extractors have shown promising results in NIDS. AE feature extractor provides possibility of compressing the most important information and training the model unsupervised. CNNs are capable to capture local spatial relationships, while BiLSTMs are good at exploiting temporal interactions. In addition, Attention modules are good at capturing content-based global interactions, and can be applied on CNNs to attend to the most important contextual information. In this work, we utilized the advantages of all AE, CNN and BiLSTM structures using a multi-head Self Attention mechanism to focus and integrate CNN features for feeding into BiLSTM classifier. We proposed to use the bottleneck features of a pre-trained AE for an Attention-based CNN-BiLSTM classifier. Our experiments using 6 and 10 category NID system on UNSW-NB15 dataset showed that our proposed method outperforms state-of-the-art methods and achieved accuracy of 89.79% and 88.13% respectively. Also, we proposed a balanced data sampler for training 10 categories of NIDS which improved the accuracy up to 91.72%. We demonstrated the importance of Attention mechanism through our proposed method.
  • Abeer Z. Alalmaie, Priyadarsi Nanda, Xiangjian He, Mohrah Saad Alayan
    Lecture Notes in Networks and Systems 655 LNNS 181 - 192 2023年 
    The rise of COVID-19 brought an unprecedented change in the way people lived. It left several people in a work-from-home situation. This Paper aims to investigate the recent works which applied Zero Trust and the reason that this framework adoption has emerged during and after the Pandemic. In this regard, a questionnaire was prepared, and its results are reported. According to its results, with Zero Trust Architecture (ZTA) gaining skyrocket popularity and trust, for around 60% corporates, ZT Access is planned for future, while for around 30% corporates, the project is in pipeline. None of the organizations surveyed have the ZTA in place. 14% of organizations are uninterested in adopting ZTA. Plus, in past 2 years, the percentage of north American organizations having a ZTA on the plans to establish one in the next 12–18 months has shot up.
  • Adel Atieh, Priyadarsi Nanda, Manoranjan Mohanty
    2023 International Conference on Computing, Networking and Communications, ICNC 2023 331 - 335 2023年 
    Interactions between different types of systems from various environments are increasing continuously due to the nature of business and commercial requirements. All of these interactions require a level of trust given for each system in order to enable essential operations and functions. Traditional trust models and frameworks implemented in different environments define static levels of trust given to users and systems. This includes the Defence-in-depth security model that is typically implemented in industrial control systems (ICS) environments. While this model and other security models provide an outstanding level of restriction and security if implemented correctly, they can still allow unauthorised access to sensitive data through compromised trust devices. Industrial Internet of Things (IIoT) solutions are actively being deployed in different sectors. Despite the criticality of the environments IIoT solutions serve, these solutions require more integrated connectivity that ICS environment due to cloud connectivity. This research paper proposes a zero-trust framework for IIoT and explores how this framework could mitigate the existing risks within IIoT solutions. Moreover, this research paper proposes a zero-trust anatomy for IIoT and explores the potential performance and/or complexity overhead resulted from the use of this model.
  • Asad Faraz Khan, Priyadarsi Nanda
    2023 International Wireless Communications and Mobile Computing, IWCMC 2023 1509 - 1514 2023年 
    The fifth-generation (5G) technology is one of the enabling technologies which is composed of heterogeneous services and offers extensive network coverage. The paradigm of Software Defined Networking (SDN) is widely juxtaposed with 5G Heterogeneous Networks (HetNets) as a control mechanism. But the combination of 5G HetNets and SDN is highly exploited by cyber attackers as there is several problems exist like unauthorized user participation, handover pitfalls, ineffective data plane management, and inaccurate flow investigation. To overcome the prevailing research gaps, we have proposed a C-Block method in which Network Functions Virtualization (NFV), consortium blockchain, and edge computing technologies are infused. The proposed framework encompasses three consecutive processes namely registration and authenticated handover, flow classification, and suspicious flow investigation. Initially, users are authenticated using Advanced Encryption System (AES) symmetric cipher algorithm to reduce unauthorized user participation. Then, only authenticated users are handover using a temporary ID to the optimal base station based on several parameters. In the second process, switches are clustered using an Improved K-Means (IKM) algorithm where only trusted switches are considered. After clustering, the cluster head keeps flows hierarchically and performs flow investigation. At this phase, CH classifies the flows into three classes based on flow features using Proximal Policy optimization (PPO) algorithm. In the third process, suspicious flows are investigated by the Hybrid Deep Learning Algorithm (HDLA). Here, flows are classified into two classes based on packet features. Finally, the illegitimate flow details are generated as a report for intimating the affected region with the help of a delegator. The proposed work is simulated using Network Simulator (NS-3.26) tool. The experimentation results show that the proposed work surpasses the existing works in terms of different performance metrics.
  • Nazar Waheed, Fazlullah Khan, Spyridon Mastorakis, Mian Ahmad Jan, Abeer Z. Alalmaie, Priyadarsi Nanda
    2023 IEEE International Conference on Omni-Layer Intelligent Systems, COINS 2023 2023年 
    The rapid expansion of Internet of Things (IoT) devices in smart homes has significantly improved the quality of life, offering enhanced convenience, automation, and energy efficiency. However, this proliferation of connected devices raises critical concerns regarding security and privacy of the user data. In this paper, we propose a differential privacy-based system to ensure comprehensive security for data generated by smart homes. We employ the randomized response technique for the data and utilize Local Differential Privacy (LDP) to achieve data privacy. The data is then transmitted to an aggregator, where an obfuscation method is applied to ensure individual anonymity. Furthermore, we implement the Hidden Markov Model (HMM) technique at the aggregator level and apply differential privacy to the private data received from smart homes. Consequently, our approach achieves a dual layer of privacy protection, addressing the security concerns associated with IoT devices in smart cities.
  • Abeer Z. Alalmaie, Priyadarsi Nanda, Xiangjian He
    Proceedings of the International Conference on Security and Cryptography 1 99 - 110 2023年 
    Zero Trust security can tackle various cyberthreats. Current trends in security monitoring must shift to a “never trust, always verify” approach, as data security is threatened when cloud-based third parties access network traces. Network Intrusion Detection System (NIDS) can be exploited to detect anomalous behaviour. Convolution Neural Network (CNN), Bi-directional Long Short Term Memory (BiLSTM) based classifiers and Auto-Encoder (AE) feature extractors have presented promising results in NIDS. AE feature extractor can compress the important information and train the unsupervised model. CNNs detect local spatial relationships, while BiLSTMs can exploit temporal interactions. Furthermore, Attention modules can capture content-based global interactions and can be applied on CNNs to attend to the significant contextual information. In this paper, we utilized the advantages of all AE, CNN and BiLSTM structures using a multi-head Self Attention mechanism to integrate CNN features for feeding into BiLSTM classifier. We use the bottleneck features of a pre-trained AE for an Attention-based CNN-BiLSTM classifier. Our experiments using 10, 6 and 2 categories NID system on UNSW-NB15 dataset showed that the proposed method outperforms state-of-the-art methods and achieved accuracy of 91.72%, 89.79% and 93.01%, respectively. Plus, we introduced a balanced data sampler for training 10 categories of NIDS.
  • Hasina Rahman, Priyadarsi Nanda, Manoranjan Mohanty, Nazim Uddin Sheikh
    Proceedings of the International Conference on Security and Cryptography 1 830 - 837 2023年 
    Smart meters, intelligent devices used for managing energy consumption of consumers, are one of the integral components of the smart grid infrastructure. The smart metering infrastructure can facilitate a two-way communications through the Internet to leverage home energy management and remote meter reading by the service providers. As a consequence, the smart meters are extremely susceptible to various potential security threats, such as data tampering, distributed denial of services (DDoS) attack and spoofing attacks. In this paper, we put forward a scheme to detect anomalies in energy consumption data using real-world datasets. Thereby, addressing data tampering attacks. We have adapted an unsupervised machine learning method to distinguish the anomalous behaviour from the normal behaviour in energy consumption patterns of consumers. In addition, we have proposed a robust threshold mechanism for detecting abnormalities against noise, which has not been used in smart grids before. Our proposed model shows an accuracy of 94.53% in detecting anomalous patterns in energy consumption data. This accuracy surpasses the existing benchmark in anomaly detection in energy consumption data using machine learning models (Huang and Xu, 2021).
  • Wenhao Li, Yongqing He, Zhimin Wang, Saleh Mansor Alqahtani, Priyadarsi Nanda
    Proceedings of the International Conference on Security and Cryptography 1 813 - 821 2023年 
    The proliferation of phishing attacks pose substantial threats to global prosperity amidst the Fourth Industrial Revolution. Given the burgeoning number of Internet users and devices, cyber criminals are harnessing phishing toolkits and Phishing-as-a-Service (PhaaS) platforms to spawn numerous fraudulent websites. In retaliation, assorted detection mechanisms, with anti-phishing blacklists acting as a primary line of defense against phishing sites, have been proposed. Yet, adversaries have contrived cloaking techniques to dodge this detection method. This study endeavors to unearth the shortcomings of prevailing blacklists and thereby bolster the efficacy of detection strategies for Anti-Phishing Entities (APEs). This paper presents an exhaustive analysis of innovative and practicable attacks on current anti-phishing blacklists, unmasking potential weaknesses in these protection mechanisms hitherto unexplored in prior research. Additionally, we divulge potential loopholes exploitable by attackers and appraise their effectiveness against popular browser blacklists.
  • Asad Faraz Khan, Priyadarsi Nanda
    2022 International Wireless Communications and Mobile Computing, IWCMC 2022 223 - 230 2022年 
    5G networks provide high data rates, high bandwidth, high coverage, and low latency compared to 4G networks. However, 5G includes some challenges such as privacy, network management, security. To overcome these issues, we propose SDN-5G HetNet (Software Defined Network-based 5G Heterogeneous network) model which addresses three issues such as handover authentication, flow rule validation, and hybrid intrusion detection and mitigation. Authentication is performed by Bio-Signature Validation Authentication mechanism for validating the users. User credentials are stored in the public blockchain for security. Handover is performed by the Dual Constraints Chaotic Radial Movement Optimization algorithm using User Entity and Access Network constraints. Flow rules are hashed and stored in the private blockchain for validation. Also, flow rules are monitored using Hidden Markov Model (HMM). Simulation is performed using NS-3.26 network simulator, which demonstrates our proposed work achieves better performance in terms of detection accuracy, handover delay, switch failure rate, packet loss rate, delay, and throughput compared to other state-of-the-art works.
  • Nazar Waheed, Muhammad Ikram, Saad Sajid Hashmi, Xiangjian He, Priyadarsi Nanda
    Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 13724 LNCS 325 - 339 2022年 
    Web-based chatbots provide website owners with the benefits of increased sales, immediate response to their customers, and insight into customer behaviour. While Web-based chatbots are getting popular, they have not received much scrutiny from security researchers. The benefits to owners come at the cost of users’ privacy and security. Vulnerabilities, such as tracking cookies and third-party domains, can be hidden in the chatbot’s iFrame script. This paper presents a large-scale analysis of five Web-based chatbots among the top 1-million Alexa websites. Through our crawler tool, we identify the presence of chatbots in these 1-million websites. We discover that 13,392 out of the top 1- million Alexa websites (1.58%) use one of the five analysed chatbots. Our analysis reveals that the top 300k Alexa ranking websites are dominated by Intercom chatbots that embed the least number of third-party domains. LiveChat chatbots dominate the remaining websites and embed the highest samples of third-party domains. We also find that 721 (5.38%) web-based chatbots use insecure protocols to transfer users’ chats in plain text. Furthermore, some chatbots heavily rely on cookies for tracking and advertisement purposes. More than two-thirds (68.92%) of the identified cookies in chatbot iFrames are used for ads and tracking users. Our results show that, despite the promises for privacy, security, and anonymity given by most websites, millions of users may unknowingly be subject to poor security guarantees by chatbot service providers.
  • Han Xu, Priyadarsi Nanda, Jie Liang, Xiangjian He
    Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 13787 LNCS 357 - 373 2022年 
    In federated learning, data owners ‘provide’ their local data to model owners to train a mature model in a privacy-preserving way. A critical factor in the success of a federated learning scheme is an optimal incentive mechanism that motivates all participants to fully contribute. However, the privacy protection inherent to federated learning creates a dual ethical risk problem in that there is information asymmetry between the two parties, so neither side’s effort is observable. Additionally, there is often an implicit cost associated with the effort contributed to training a model, which may lead to self-interested, opportunistic behaviour on both sides. Existing incentive mechanisms have not addressed this issue. Hence, in this paper, we analyse how dual ethical risk affects the performance of federated learning schemes. We also derive an optimal multi-stage contract-theoretic incentive mechanism that minimises this risk, and experiment with calculating an optimal incentive contract for all participants. To our best knowledge, this is the first time that dual ethical risk for federated learning participants has been discussed. It is also the first time that an optimal incentive mechanism to overcome this issue has been developed.
  • Abeer Z. Alalmaie, Priyadarsi Nanda, Xiangjian He
    Proceedings - 2022 IEEE 21st International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2022 449 - 456 2022年 
    As the enterprise networks are being constantly targeted by sophisticated cyber threats, Zero Trust Security has been suggested to address existing threats. Zero Trust Security models have been recently proposed for outsourcing network security monitoring to third-party analysts. Therefore, the current trends of security monitoring needs to shift to "Never Trust, Always Verify". There are no concerns about analysis accuracy, if a zero trust model is resistant against security attacks. In this paper, a modified multi-view approach is proposed to preserve privacy in network traces, emphasizing the challenges needed to be tackled. We then extend the multi-view approach for the features that are not in the known list of the analyzer and extend the partitioning methods to a more balanced approach. In addition, in order to send any data to the analyzer, we propose to use an Auto-Encoder Convolutional Neural Network, which has the ability to receive any type of input attributes for detecting intrusive behavior. Our proposed multi-view approach outperforms existing works and improves efficiency by improving indistinguishability and preserving privacy for any attributes. The proposed Intrusion Detection System also outperforms existing works by up to 1% higher accuracy without any need for feature engineering.
  • Xiaochen Fan, Chaocan Xiang, Chao Chen, Panlong Yang, Liangyi Gong, Xudong Song, Priyadarsi Nanda, Xiangjian He
    IEEE Transactions on Mobile Computing 20 6 2154 - 2171 2021年06月01日 
    With the rapid development of smart cities, smart buildings are generating a massive amount of building sensing data by the equipped sensors. Indeed, building sensing data provides a promising way to enrich a series of data-demanding and cost-expensive urban mobile applications. In this paper, as a preliminary exploration, we study how to reuse building sensing data to predict traffic volume on nearby roads. Compared with existing studies, reusing building sensing data has considerable merits of cost-efficiency and high-reliability. Nevertheless, it is non-trivial to achieve accurate prediction on such cross-domain data with two major challenges. First, relationships between building sensing data and traffic data are not unknown as prior, and the spatio-temporal complexities impose more difficulties to uncover the underlying reasons behind the above relationships. Second, it is even more daunting to accurately predict traffic volume with dynamic building-traffic correlations, which are cross-domain, non-linear, and time-varying. To address the above challenges, we design and implement BuildSenSys, a first-of-its-kind system for nearby traffic volume prediction by reusing building sensing data. Our work consists of two parts, i.e., Correlation Analysis and Cross-domain Learning. First, we conduct a comprehensive building-traffic analysis based on multi-source datasets, disclosing how and why building sensing data is correlated with nearby traffic volume. Second, we propose a novel recurrent neural network for traffic volume prediction based on cross-domain learning with two attention mechanisms. Specifically, a cross-domain attention mechanism captures the building-traffic correlations and adaptively extracts the most relevant building sensing data at each predicting step. Then, a temporal attention mechanism is employed to model the temporal dependencies of data across historical time intervals. The extensive experimental studies demonstrate that BuildSenSys outperforms all baseline methods with up to 65.3 percent accuracy improvement (e.g., 2.2 percent MAPE) in predicting nearby traffic volume. We believe that this work can open a new gate of reusing building sensing data for urban traffic sensing, thus establishing connections between smart buildings and intelligent transportation.
  • Annie Gilda Roselin, Priyadarsi Nanda, Surya Nepal, Xiangjian He
    IEEE Access 9 47243 - 47251 2021年 
    The availability of an enormous amount of unlabeled datasets drives the anomaly detection research towards unsupervised machine learning algorithms. Deep clustering algorithms for anomaly detection gain significant research attention in this era. We propose an intelligent anomaly detection for extensive network traffic analysis with an Optimized Deep Clustering (ODC) algorithm. Firstly, ODC does the optimization of the deep AutoEncoder algorithm by tuning the hyperparameters. Thereby we can achieve a reduced reconstruction error rate from the deep AutoEncoder. Secondly, ODC feeds the optimized deep AutoEncoder's latent view to the BIRCH clustering algorithm to detect the known and unknown malicious network traffic without human intervention. Unlike other deep clustering algorithms, ODC does not require to specify the number of clusters needed to analyze the network traffic dataset. We experiment ODC algorithm with the CoAP off-path dataset obtained from our testbed and the MNIST dataset to compare our algorithm's accuracy with state-of-art clustering algorithms. The evaluation results show ODC deep clustering method outperforms the existing deep clustering methods for anomaly detection.
  • Amjad Qashlan, Priyadarsi Nanda, Xiangjian He, Manoranjan Mohanty
    IEEE Access 9 103651 - 103669 2021年 
    The IoT, or Internet of Things has been a major talking point amongst technology enthusiasts in recent years. The internet of thing (IoT) has been emerged and evolved rapidly, making the world's fabric around us smarter and more responsive. The smart home uses one such transformation of IoT, which seems to be the wave of the future. However, with the increasing wide adoption of IoT, data security, and privacy concerns about how our data is collected and shared with others, has also risen. To solve these challenges, an approach to data privacy and security in a smart home using blockchain technology is proposed in this paper. We propose authentication scheme that combines attribute-based access control with smart contracts and edge computing to create a secure framework for IoT devices in smart home systems. The edge server adds scalability to the system by offloading heavy processing activities and using a differential privacy method to aggregate data to the cloud securely and privately. We present several aspects of testing and implementing smart contracts, the differential private stochastic gradient descent algorithm, and system architecture and design. We demonstrate the efficacy of our proposed system by fully examining its security and privacy goals in terms of confidentiality, integrity, and availability. Our framework achieves desired security and privacy goals and is resilient against modification, DoS attacks, data mining and linkage attacks. Finally, we undertake a performance evaluation to demonstrate the proposed scheme's feasibility and efficiency.
  • Haitham Assiri, Priyadarsi Nanda, Manoranjan Mohanty
    IBIMA Business Review 2021 2021年 
    The e-Government system leverages Information and Communication Technology (ICT) to transform the relationship between government bodies and citizens, businesses and other government ministries, departments, and agencies. The primary aim is to make government services more seamless, efficient and timely for every citizen and organisation. However, eGovernment systems are now faced with security threats and cyber attacks, and these challenges have raised concerns about users' privacy as well as the confidentiality and integrity of user data. Therefore, this paper assesses the degree of risk and vulnerability associated with websites used for e-Government function. This paper considers one such website, the Saudi's e-government website Yesser, by using three penetration test tools namely Zap, Rapid7, and Nessus. The results show that the Yesser website does not have critical vulnerabilities; however, it has severe and medium-level vulnerabilities. The paper proposes a new framework which can integrate blockchain based scheme into the Saudi eGovernment system. The framework represents a hierarchical model and involves the use of blockchain between the De Militarized Zone (DMZ) and the Secured Intranet zone.
  • Adel Atieh, Priyadarsi Nanda, Manoranjan Mohanty
    2021 International Wireless Communications and Mobile Computing, IWCMC 2021 598 - 603 2021年 
    The connectivity of devices has increased in the last decade enabling multiple innovative applications and solutions to serve industries and societies. This has solved multiple challenges and facilitated the improvement of methodologies and techniques adapted by humanity. One of the newly created paradigms that changed industries and technology is the Industrial Internet of Things (IIoT). IIoT is currently being adapted by various industries creating interactive supply chain ecosystems through the use of cloud computing. The size and distributions of these ecosystems introduced latency and Quality of Service (QoS) issues for edge devices sending data to the cloud. This research paper explores a paradigm called “Fog Computing” which aims to reduce the latency between IIoT devices and the cloud by deploying a “cloud-like” computing layer closer to the IIoT devices. In addition, a Context-Aware implementation of fog computing is proposed in this paper to provide the most optimised service to edge devices. Furthermore, this paper includes various experiments that examine the different context-awareness perspectives this paper proposes for fog computing. The results and outcomes of these experiments show reduction in latency and automated resource scaling from the use of context-awareness with fog computing over cloud computing for IIoT.
  • Amjad Qashlan, Priyadarsi Nanda, Xiangian He
    Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020 951 - 958 2020年12月 
    There has been wide range of applications involving smart home systems for user comfort and accessibility to essential commodities. Users enjoy featured home services supported by the IoT smart devices. These IoT devices are resource-constrained, incapable of securing themselves and can be easily hacked. Edge computing can provide localized computations and storage which can augment such capacity limitations for IoT devices. Furthermore, blockchain has emerged as technology with capabilities to provide secure access and authentication for IoT devices in decentralized manner. In this paper, we propose an authentication scheme which integrate attribute based access control using smart contracts with ERC-20 Token (Ethereum Request For Comments) and edge computing to construct a secure framework for IoT devices in Smart home system. The edge server provide scalability to the system by offloading heavier computation tasks to edge servers. We present system architecture and design and discuss various aspects related to testing and implementation of the smart contracts. We show that our proposed scheme is secure by thoroughly analysing its security goals with respect to confidentiality, integrity and availability. Finally, we conduct a performance evaluation to demonstrate the feasibility and efficiency of the proposed scheme.
  • Xiaochen Fan, Chaocan Xiang, Liangyi Gong, Xin He, Yuben Qu, Saeed Amirgholipour, Yue Xi, Priyadarsi Nanda, Xiangjian He
    CCF Transactions on Pervasive Computing and Interaction 2 4 240 - 260 2020年12月 
    With the emerging concepts of smart cities and intelligent transportation systems, accurate traffic sensing and prediction have become critically important to support urban management and traffic control. In recent years, the rapid uptake of the Internet of Vehicles and the rising pervasiveness of mobile services have produced unprecedented amounts of data to serve traffic sensing and prediction applications. However, it is significantly challenging to fulfill the computation demands by the big traffic data with ever-increasing complexity and diversity. Deep learning, with its powerful capabilities in representation learning and multi-level abstractions, has recently become the most effective approach in many intelligent sensing systems. In this paper, we present an up-to-date literature review on the most advanced research works in deep learning for intelligent traffic sensing and prediction.
  • Thawatchai Chomsiri, Xiangjian He, Priyadarsi Nanda, Zhiyuan Tan
    IEEE Transactions on Cloud Computing 8 4 1237 - 1249 2020年10月 
    Traditional firewalls employ listed rules in both configuration and process phases to regulate network traffic. However, configuring a firewall with listed rules may create rule conflicts, and slows down the firewall. To overcome this problem, we have proposed a Tree-rule firewall in our previous study. Although the Tree-rule firewall guarantees no conflicts within its rule set and operates faster than traditional firewalls, keeping track of the state of network connections using hashing functions incurs extra computational overhead. In order to reduce this overhead, we propose a hybrid Tree-rule firewall in this paper. This hybrid scheme takes advantages of both Tree-rule firewalls and traditional listed-rule firewalls. The GUIs of our Tree-rule firewalls are utilized to provide a means for users to create conflict-free firewall rules, which are organized in a tree structure and called 'tree rules'. These tree rules are later converted into listed rules that share the merit of being conflict-free. Finally, in decision making, the listed rules are used to verify against packet header information. The rules which have matched with most packets are moved up to the top positions by the core firewall. The mechanism applied in this hybrid scheme can significantly improve the functional speed of a firewall.
  • Muhammad Usman, Mian Ahmad Jan, Xiangjian He, Priyadarsi Nanda
    Future Generation Computer Systems 109 604 - 610 2020年08月 
    Mobile Adhoc NETworks (MANETs) are valuable for various applications due to an efficient, flexible, low-cost and dynamic infrastructure. In these networks, proper utilization of network resources is desirable to maintain Quality of Service (QoS). In multi-hop end-to-end communication, intermediate nodes may eavesdrop on data in transit. As a result, a secured and reliable data delivery from source to destination is required. In this paper, we propose a novel scheme, known as QASEC, to achieve better throughput by securing end-to-end communication in MANETs. The QoS is maintained through an optimal link selection from a queue of available transmission links. The end-to-end communication is secured by authentication. A simple secret-key based symmetric encryption is deployed for interacting nodes. Our proposed QASEC scheme prevents the malicious nodes from data exchange with legitimate intermediate nodes on any established path between the source and the destination. Experimental results show that QASEC performs better in terms of packet-loss rate, jitter and end-to-end delay. Furthermore, QASEC is efficient against various attacks and has a much better performance in terms of associated costs, such as key generation, encryption, and storage and communication.
  • Ashish Nanda, Priyadarsi Nanda, Xiangjian He, Aruna Jamdagni, Deepak Puthal
    Future Generation Computer Systems 109 521 - 530 2020年08月 
    As we progress in into a digital era where most aspects of our life depend upon a network of computers, it is essential to focus on digital security. Each component of a network, be it a physical network, virtual network or social network requires security when transmitting data. Hence the dynamic wireless mesh network must also deploy high levels of security as found in current legacy networks. This paper presents a secure Geo-Location Oriented Routing (Secure-GLOR) protocol for wireless mesh networks, which incorporates a hybrid encryption scheme for its multilevel security framework. The hybrid encryption technique improves the network's overall performance compared to the basic encryption by using a combination of symmetric key as well as asymmetric key encryption. Using the combination of the two encryption schemes, the performance of the network can be improved by reducing the transmitted data size, reduced computational overhead and faster encryption–decryption cycles. In this paper discussed multiple encryption schemes for both symmetric and asymmetric encryption, compare their performance in various experimental scenarios. Proposed security scheme achieves better performance based on the results obtained with most viable options for our network model.
  • Nisha Malik, Priyadarsi Nanda, Xiangjian He, Ren Ping Liu
    Wireless Networks 26 6 4207 - 4226 2020年08月01日 
    In vehicular ad hoc networks (VANET), effective trust establishment with authentication is an important requirement. Trust management among communicating vehicles is significant for secure message transmission; however, very less contributions have been made towards evaluating the trustworthiness of the node. This research work intends to introduce a new trust management system in VANET with two major phases: secured message transmission and node trustability prediction. The security assured message passing is carried out by incorporating the privacy preservation model under the data sanitization process. The key used for the sanitization process is optimally tuned by a new hybrid algorithm termed Sea Lion Explored-Whale Optimization Algorithm, which is the combination of Whale Optimization Algorithm and Sea Lion Optimization Algorithm, respectively. The blockchain technology is assisted to handle the key generated by the nodes. Subsequently, the trustability of the node is evaluated under novel specifics “two-level evaluation process” with a rule-based and machine learning-based evaluation process. Finally, the performance of the proposed model is verified and proved over other conventional methods for certain measures.
  • Priyadarsi Nanda, Xiangjian He, Laurence T. Yang
    Future Generation Computer Systems 109 446 - 449 2020年08月 
    Today's world experiences massively interconnected devices to share information across variety of platforms between traditional computers (machines), Smart IoT devices used across smart homes, smart interconnected vehicles etc. and of course the social networks apps such as Facebook, Linkdn, twitter etc. We experience the growth has been skyrocketing and the trend will continue exponentially to the future. At one end, we find life becomes easier with such developments and at the other end; we experience more and more cyber threats on our privacy, security and trustworthiness with organizations holding our data. In this special issue, we summarize contributions by authors in advanced topics related to security, trust and privacy based on a range of applications and present a selection of the most recent research efforts in these areas.
  • Amjad Qashlan, Priyadarsi Nanda, Xiangjian He
    Smart Innovation, Systems and Technologies 141 313 - 326 2020年 
    Presence of Internet of Things (IoT) based applications has been increasing in various domains including transportation, logistics, health care, and smart homes. Such applications involve deploying an enormous number of IoT devices, which generally lacks from security and often associates several vulnerabilities. These IoT devices need to communicate and synchronize with each other, which also increase the security and privacy challenges. Traditional security models are based on centralized and often include complicated approaches which, tend to be inapplicable and have some limitations. Therefore, one proposed solution is to use blockchain technology which could provide decentralize, secure, and peer-to-peer networks. In this paper, private blockchain implementation using Ethereum smart contract is developed for the smart home to ensure only the home owner can access and monitor home appliances. Simple smart contracts are designed to allow devices to communicate without the need for trusted third party. Our prototype demonstrates three key elements of blockchain-based smart security solution for smart home applications such as smart contract, blockchain-based access control and performance evaluation of the proposed scheme.
  • Priyadarsi Nanda, Abid Arain, Upasana Nagar
    Smart Innovation, Systems and Technologies 141 555 - 565 2020年 
    Machine learning approach is being extensively used in the area of cybersecurity in recent years developing solutions to protect Internet users. The use of state-based cognitive data and the increased prevalence of data mining has allowed for the amalgamation of statistical concepts with machine learning providing real-time network packet analysis with an aim to detect when an entity has intruded the network. In this paper, the use of mean squares error for packet payload aggregation, coupled with prediction techniques using Bayes and ensemble learning outputs to data clusters provide useful and important insight to generate hybrid solutions to existing data breach problems. The use of dynamic tolerance levels and countering this against the potential for false positives is central to the design of our proposed scheme. We believe that correlations between expected information against the aggregated payloads could provide sufficient level of accuracy, which is sufficient to flag certain packets for further human assessment.
  • Shuang Lai, Xiaochen Fan, Qianwen Ye, Zhiyuan Tan, Yuanfang Zhang, Xiangjian He, Priyadarsi Nanda
    IEEE Access 8 13516 - 13526 2020年 
    Mobile cloud computing has emerged as a promising paradigm to facilitate computation-intensive and delay-sensitive mobile applications. Computation offloading services at the edge mobile cloud environment are provided by small-scale cloud infrastructures such as cloudlets. While offloading tasks to in-proximity cloudlets enjoys benefits of lower latency and smaller energy consumption, new issues related to the cloudlets are rising. For instance, unbalanced task distribution and huge load gaps among heterogeneous mobile cloudlets are becoming more challenging, concerning the network dynamics and distributed task offloading. In this paper, we propose 'FairEdge', a Fairness-oriented computation offloading scheme to enable balanced task distribution for mobile Edge cloudlet networks. By integrating the balls-and-bins theory with fairness index, our solution promotes effective load balancing with limited information at low computation cost. The evaluation results from extensive simulations and experiments with real-world datasets show that, FairEdge outperforms conventional task offloading methods, and it can achieve a network fairness up to 0.85 and reduce the unbalanced task offload by 50%.
  • Annie Gilda Roselin Arockia Baskaran, Priyadarsi Nanda, Surya Nepal, Sean He
    Concurrency and Computation: Practice and Experience 31 23 2019年12月10日 
    6LoWPAN networks involving wireless sensors consist of resource starving miniature sensor nodes. Since secured authentication is one of the important considerations, the use of asymmetric key distribution scheme may not be a perfect choice. Recent research shows that Lucky Thirteen attack has compromised Datagram Transport Layer Security (DTLS) with Cipher Block Chaining (CBC) mode for key establishment. Even though EAKES6Lo and S3 K techniques for key establishment follow the symmetric key establishment method, they strongly rely on a remote server and trust anchor. Our proposed Lightweight Authentication Protocol (LAUP) used a symmetric key method with no preshared keys and comprised of four flights to establish authentication and session key distribution between sensors and Edge Router in a 6LoWPAN environment. Each flight uses freshly derived keys from existing information such as PAN ID (Personal Area Network IDentification) and device identities. We formally verified our scheme using the Scyther security protocol verification tool. We simulated and evaluated the proposed LAUP protocol using COOJA simulator and achieved less computational time and low power consumption compared to existing authentication protocols such as the EAKES6Lo and SAKES. LAUP is evaluated using real-time testbed and achieved less computational time, which is supportive of our simulated results.
  • Priyadarsi Nanda, Deepak Puthal, Saraju P. Mohanty
    Concurrency and Computation: Practice and Experience 31 23 2019年12月10日
  • Yongkai Fan, Xiaodong Lin, Wei Liang, Gang Tan, Priyadarsi Nanda
    Future Generation Computer Systems 101 127 - 135 2019年12月 
    Data deduplication is a key technique to improve storage efficiency in cloud computing. By pointing redundant files to a single copy, cloud service providers greatly reduce their storage space as well as data transfer costs. Despite of the fact that the traditional deduplication approach has been adopted widely, it comes with a high risk of losing data confidentiality because of the data storage models in cloud computing. To deal with this issue in cloud storage, we first propose a TEE (trusted execution environment) based secure deduplication scheme. In our scheme, each cloud user is assigned a privilege set; the deduplication can be performed if and only if the cloud users have the correct privilege. Moreover, our scheme augments the convergent encryption with users’ privileges and relies on TEE to provide secure key management, which improves the ability of such cryptosystem to resist chosen plaintext attacks and chosen ciphertext attacks. A security analysis indicates that our scheme is secure enough to support data deduplication and to protect the confidentiality of sensitive data. Furthermore, we implement a prototype of our scheme and evaluate the performance of our prototype, experiments show that the overhead of our scheme is practical in realistic environments.
  • Annie Gilda Roselin, Priyadarsi Nanda, Surya Nepal, Xiangjian He, Jarod Wright
    IEEE Internet of Things Journal 6 6 9338 - 9349 2019年12月 
    The constrained application protocol (CoAP) is a specially designed Web transfer protocol for use with constrained nodes and low-power networks. The widely available CoAP implementations have failed to validate the remote CoAP clients. Each CoAP client generates a random source port number when communicating with the CoAP server. However, we observe that in such implementations it is difficult to distinguish the regular packet and the malicious packet, opening a door for a potential off-path attack. The off-path attack is considered a weak attack on a constrained network and has received a less attention from the research community. However, the consequences resulting from such an attack cannot be ignored in practice. In this article, we exploit the combination of IP spoofing vulnerability and the remote server access support of CoAP is to be launch an off-path attack. The attacker injects a fake request message to change the credentials of the 6LoWPAN smart door keypad lock system. This creates a request spoofing vulnerability in CoAP, and the attacker exploits this vulnerability to gain full access to the system. Through our implementation, we demonstrated the feasibility of the attack scenario on the 6LoWPAN-CoAP network using smart door keypad lock. We proposed a machine learning (ML)-based approach to mitigate such attacks. To the best of our knowledge, we believe that this is the first article to analyze the remote CoAP server access support and request spoofing vulnerability of CoAP to launch an off-path attack and demonstrate how an ML-based approach can be deployed to prevent such attacks.
  • Nisha Malik, Priyadarsi Nanda, Xiangjian He, Renping Liu
    Proceedings - 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering, TrustCom/BigDataSE 2019 34 - 41 2019年08月 
    Appending digital signatures and certificates to messages guarantee data integrity and ensure non-repudiation, but do not identify greedy authenticated nodes. Trust evolves if some reputable and trusted node verifies the node, data and evaluates the trustworthiness of the node using an accurate metric. But, even if the verifying party is a trusted centralized party, there is opacity and obscurity in computed reputation rating. The trusted party maps it with the node's identity, but how is it evaluated and what inputs derive the reputation rating remains hidden, thus concealment of transparency leads to privacy. Besides, the malevolent nodes might collude together for defamatory actions against reliable nodes, and eventually bad mouth these nodes or praise malicious nodes collaboratively. Thus, we cannot always assume the fairness of the nodes as the rating they give to any node might not be a fair one. In this paper, we propose a smart contract-based approach to update and query the reputation of nodes, stored and maintained by IPFS distributed storage. The use case particularly deals with an emergency scenario, dealing against colluding attacks. Our scheme is implemented using MATLAB simulation. The results show how smart contracts are capable of accurately identifying trustworthy nodes and record the reputation of a node transparently and immutably.
  • Deepak Puthal, Saraju P. Mohanty, Priyadarsi Nanda, Elias Kougianos, Gautam Das
    2019 IEEE International Conference on Consumer Electronics, ICCE 2019 2019年03月06日 
    Resource -constrained distributed systems such as the Internet of Things (IoT), edge computing and fog computing are deployed for real-time monitoring and evaluation. Current security solutions are problematic when there is a centralized controlling entity. The blockchain provides decentralized security architectures using proof-of-work (PoW). Proof-of-work is an expensive process for IoT and edge computing due to the deployment of resource-constrained devices. This paper presents a novel consensus algorithm called Proof-of-Authentication (PoAh) to replace Proof-of-Work and introduce authentication in such environments to make the blockchain application-specific. This paper implemented the Proof-of-Authentication system to evaluate its sustainability and applicability for the IoT and edge computing. The evaluation process is conducted in both simulation and real-time testbeds to evaluate performance. Finally, the process of Proof-of-Authentication and its integration with blockchain in resource-constrained distributed systems is discussed. Our proposed PoAh, while running in limited computer resources (e.g. single-board computing devices like the Raspberry Pi) has a latency in the order of 3 secs.
  • Deepak Puthal, Rajiv Ranjan, Ashish Nanda, Priyadarsi Nanda, Prem Prakash Jayaraman, Albert Y. Zomaya
    Journal of Parallel and Distributed Computing 124 60 - 69 2019年02月 
    Edge computing is an emerging research area to incorporate cloud computing into edge network devices. An Edge datacenter, also referred to as EDC, processes data streams and user requests in real-time and is therefore used to decrease the latency and congestion in the network. EDC is usually setup as a distributed system and is accordingly placed between the cloud datacenter and the data source. These EDCs work as an intermediate layer in the fog hierarchy between IoT and Cloud datacenter. EDC's are aided by load balancers, responsible for distributing the workload amongst multiple EDC, in order to optimize resource utilization and response time. The load balancers make sure that the workload is equally divided amongst the available EDCs to avoid over loading of some EDCs while other remain idle as this directly impacts the user response and real-time event detection. Given the fact that EDCs are deployed in remote environments, the need for secure authentication is of major importance. In this paper we propose a novel load balancing technique that enables EDC authentication as well as identification of idle EDCs for better load balancing. The proposed load balancing technique is also compared with existing approaches and proves to be more efficient in locating EDC's with less workload. In addition to the improved efficiency, the proposed scheme also strengthens the security of the network by incorporating destination EDC authentication.
  • Meng Liu, Yun Luo, Priyadarsi Nanda, Shui Yu, Jianbing Zhang
    Computational Intelligence 35 3 555 - 576 2019年 
    Secure multiparty computation is an important scheme in cryptography and can be applied in various real-life problems. The first secure multiparty computation problem is the millionaires' problem, and its protocol is an important building block. Because of the less efficiency of public key encryption scheme, most existing solutions based on public key cryptography to this problem are inefficient. Thus, a solution based on the symmetric encryption scheme has been proposed. In this paper, we formally analyse the vulnerability of this solution, and propose a new scheme based on the decisional Diffie-Hellman assumption. Our solution also uses 0-encoding and 1-encoding generated by our modified encoding method to reduce the computation cost. We implement the solution based on symmetric encryption scheme and our protocol. Extensive experiments are conducted to evaluate the efficiency of our solution, and the experimental results show that our solution can be much more efficient and be approximately 8000 times faster than the solution based on symmetric encryption scheme for a 32-bit input and short-term security. Moreover, our solution is also more efficient than the state-of-the-art solution without precomputation and can also compare well with the state-of-the-art protocol while the bit length of private inputs is large enough.
  • Ashish Nanda, Priyadarsi Nanda, Mohammed S. Obaidat, Xiangjian He, Deepak Puthal
    Proceedings - IEEE Global Communications Conference, GLOBECOM 2019年 
    A major concern in distributed networks is the ability to provide acceptable levels of security. This is achieved by using encryption and authentication mechanisms that depend on encryption keys. However, given the ever-expanding nature of the network, it is difficult to keep setting up authorities that can aid the key- exchange process. This paper presents a novel solution to the challenge of exchanging keys of a large, distributed network without the need to set up additional authorities. The key-exchange scheme presented takes advantage of features such as packet anonymity, random selection and a multi- path approach for the exchange process. The paper also discusses the effectiveness of the proposed scheme against various threat scenarios.
  • Nisha Malik, Priyadarsi Nanda, Arushi Arora, Xiangjian He, Deepak Puthal
    Proceedings - 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018 674 - 679 2018年09月05日 
    Authentication and revocation of users in Vehicular Adhoc Networks (VANETS) are two vital security aspects. It is extremely important to perform these actions promptly and efficiently. The past works addressing these issues lack in mitigating the reliance on the centralized trusted authority and therefore do not provide distributed and decentralized security. This paper proposes a blockchain based authentication and revocation framework for vehicular networks, which not only reduces the computation and communication overhead by mitigating dependency on a trusted authority for identity verification, but also speedily updates the status of revocated vehicles in the shared blockchain ledger. In the proposed framework, vehicles obtain their Pseudo IDs from the Certificate Authority (CA), which are stored along with their certificate in the immutable authentication blockchain and the pointer corresponding to the entry in blockchain, enables the Road Side Units (RSUs) to verify the identity of a vehicle on road. The efficiency and performance of the framework has been validated using the Omnet++ simulation environment.
  • Meng Liu, Priyadarsi Nanda, Xuyun Zhang, Chi Yang, Shui Yu, Jianxin Li
    Proceedings - 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018 990 - 995 2018年09月05日 
    Secure multiparty computation (SMC) is an important scheme in cryptography and can be applied in various real-life problems. The first SMC problem is the millionaires' problem which involves two-party secure computation. Because the efficiency of public key encryption scheme appears less than symmetric encryption scheme, most existing solutions based on public key cryptography to this problem is inefficient. Thus, a solution based on the symmetric encryption scheme has been proposed. Although it is claimed that this approach can be efficient and practical, we discover that there exist several severe security flaws in this solution. In this paper, we analyze the vulnerability of existing solutions, and propose a new scheme based on the Decisional Diffie-Hellman hypothesis (DDH). Our solution also uses two special encodings (0-encoding and 1-encoding) generated by our modified encoding method to reduce the computation cost of modular multiplications. Extensive experiments are conducted to evaluate the efficiency of our solution, and the experimental results show that our solution can be much more efficient and be approximately 8000 times faster than the solution based on symmetric encryption scheme for a 32-bit input and short-term security. Moreover, our solution is also more efficient than the state-of-the-art solution.
  • Xiaochen Fan, Xiangjian He, Chaocan Xiang, Deepak Puthal, Liangyi Gong, Priyadarsi Nanda, Gengfa Fang
    IEEE Access 6 47535 - 47545 2018年08月28日 
    With the explosive usage of smart mobile devices, sustainable access to wireless networks (e.g., Wi-Fi) has become a pervasive demand. Most mobile users expect seamless network connection with low cost. Indeed, this can be achieved by using an accurate received signal strength (RSS) map of wireless access points. While existing methods are either costly or unscalable, the recently emerged mobile crowdsensing (MCS) paradigm is a promising technique for building RSS maps. MCS applications leverage pervasive mobile devices to collaboratively collect data. However, the heterogeneity of devices and the mobility of users could cause inherent noises and blank spots in collected data set. In this paper, we study how to: 1) tame the sensing noises from heterogenous mobile devices and 2) construct accurate and complete RSS maps with random mobility of crowdsensing participants. First, we build a mobile crowdsensing system called i Map to collect RSS measurements with heterogeneous mobile devices. Second, through observing experimental results, we build statistical models of sensing noises and derive different parameters for each kind of mobile device. Third, we present the signal transmission model with measurement error model, and we propose a novel signal recovery scheme to construct accurate and complete RSS maps. The evaluation results show that the proposed method can achieve 90% and 95% recovery rate in geographic coordinate system and polar coordinate system, respectively.
  • Ning Yang, Xiaochen Fan, Deepak Puthal, Xiangjian He, Priyadarsi Nanda, Shiping Guo
    IEEE Access 6 44175 - 44189 2018年08月13日 
    With the advancement of wireless networking technologies and communication infrastructures, mobile cloud computing has emerged as a pervasive paradigm to execute computing tasks for capacity-limited mobile devices. More specifically, at the network edge, the resource-rich and trusted cloudlet system can provide in-proximity computing services by executing the workloads for nearby devices. Nevertheless, there are chances for malicious users to generate distributed denial-of-service (DDoS) flooding tasks to overwhelm cloudlet servers and block computing services from legitimate users. Load balancing is one of the most effective methods to solve DDoS attacks in distributed networks. However, existing solutions require overall load information to achieve load balancing in cloudlet networks, making it costly in both communication and computation. To achieve more efficient and low-cost load balancing, we propose CTOM, a novel collaborative task offloading scheme to avoid DDoS attacks for secure and sustainable mobile cloudlet networks. The proposed solution is based on the balls-and-bins theory and it can balance the task loads with extremely limited information. The CTOM reduces the number of overloaded cloudlets smoothly, thus handling the potential DDoS attacks in mobile cloudlet networks. Extensive simulations and evaluation demonstrate that, the proposed CTOM outperforms the conventional random and proportional allocation schemes in reducing the task gaps between maximum load and minimum load among mobile cloudlets by 65% and 55%, respectively.
  • Nisha Malik, Deepak Puthal, Priyadarsi Nanda
    Proceedings - 2017 International Conference on Information Technology, ICIT 2017 208 - 213 2018年07月31日 
    Vehicular Ad hoc Networks (VANET) is emerging as a promising technology of the Intelligent Transportation systems (ITS) due to its potential benefits for travel planning, notifying road hazards, cautioning of emergency scenarios, alleviating congestion, provisioning parking facilities and environmental predicaments. But, the security threats hinder its wide deployment and acceptability by users. This paper gives an overview of the security threats at the various layers of the VANET communication stack and discuss some of the existing solutions, thus concluding why designing a security framework for VANET needs to consider these threats for overcoming security challenges in VANET.
  • Xiaochen Fan, Xiangjian He, Deepak Puthal, Shiping Chen, Chaocan Xiang, Priyadarsi Nanda, Xunpeng Rao
    IEEE International Conference on Communications 2018-May 2018年07月27日 
    Mobile cloud computing has emerged as a pervasive paradigm to execute computing tasks for capacity- limited mobile devices. More specifically, at the network edge, the resource-rich and trusted cloudlet system is acting as a 'data center in a box' to support compute-intensive mobile applications. The mobile cloudlets can provide in-proximity services by executing the workloads for nearby devices. Nevertheless, load balancing in mobile cloudlet network is of great importance, as it has a huge impact on task response time. Existing methods for cloudlet load balancing basically rely on the strategic placement or user cooperation. However, the above solutions require the global task load information from the whole network, which is costly in both communication and computation. To achieve more efficient and low-cost load balancing, we propose 'CTOM', a Collaborative Task Offioading Mechanism for mobile cloudlet networks. Our solution is based on the balls-and-bins theory and can balance the task load only requiring limited information. Extensive simulations and evaluation based on mobility trace demonstrate that, our CTOM outperforms the conventional random and proportional allocation schemes by reducing the task gaps among mobile cloudlets by 65% and 55% respectively. Meanwhile, CTOM's performance is close to that of the greedy algorithm but with much lower computing complexity.
  • Deepak Puthal, Mohammad S. Obaidat, Priyadarsi Nanda, Mukesh Prasad, Saraju P. Mohanty, Albert Y. Zomaya
    IEEE Communications Magazine 56 5 60 - 65 2018年05月 
    Fog computing is a recent research trend to bring cloud computing services to network edges. EDCs are deployed to decrease the latency and network congestion by processing data streams and user requests in near real time. EDC deployment is distributed in nature and positioned between cloud data centers and data sources. Load balancing is the process of redistributing the work load among EDCs to improve both resource utilization and job response time. Load balancing also avoids a situation where some EDCs are heavily loaded while others are in idle state or doing little data processing. In such scenarios, load balancing between the EDCs plays a vital role for user response and real-Time event detection. As the EDCs are deployed in an unattended environment, secure authentication of EDCs is an important issue to address before performing load balancing. This article proposes a novel load balancing technique to authenticate the EDCs and find less loaded EDCs for task allocation. The proposed load balancing technique is more efficient than other existing approaches in finding less loaded EDCs for task allocation. The proposed approach not only improves efficiency of load balancing; it also strengthens the security by authenticating the destination EDCs.
  • Mian Ahmad Jan, Priyadarsi Nanda, Xiangjian He, Ren Ping Liu
    Future Generation Computer Systems 80 613 - 626 2018年03月 
    Wireless Sensor Networks (WSNs) have experienced phenomenal growth over the past decade. They are typically deployed in human-inaccessible terrains to monitor and collect time-critical and delay-sensitive events. There have been several studies on the use of WSN in different applications. All such studies have mainly focused on Quality of Service (QoS) parameters such as delay, loss, jitter, etc. of the sensed data. Security provisioning is also an important and challenging task lacking in all previous studies. In this paper, we propose a Sybil attack detection scheme for a cluster-based hierarchical network mainly deployed to monitor forest wildfire. We propose a two-tier detection scheme. Initially, Sybil nodes and their forged identities are detected by high-energy nodes. However, if one or more identities of a Sybil node sneak through the detection process, they are ultimately detected by the two base stations. After Sybil attack detection, an optimal percentage of cluster heads are elected and each one is informed using nomination packets. Each nomination packet contains the identity of an elected cluster head and an end user's specific query for data collection within a cluster. These queries are user-centric, on-demand and adaptive to an end user requirement. The undetected identities of Sybil nodes reside in one or more clusters. Their goal is to transmit high false-negative alerts to an end user for diverting attention to those geographical regions which are less vulnerable to a wildfire. Our proposed approach has better network lifetime due to efficient sleep–awake scheduling, higher detection rate and low false-negative rate.
  • Amber Umair, Priyadarsi Nanda, Xiangjian He, Kim Kwang Raymond Choo
    Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 11058 LNCS 337 - 348 2018年 
    Mobile devices are a wealth of information about its user and their digital and physical activities (e.g. online browsing and physical location). Therefore, in any crime investigation artifacts obtained from a mobile device can be extremely crucial. However, the variety of mobile platforms, applications (apps) and the significant size of data compound existing challenges in forensic investigations. In this paper, we explore the potential of machine learning in mobile forensics, and specifically in the context of Facebook messenger artifact acquisition and analysis. Using Quick and Choo (2017)’s Digital Forensic Intelligence Analysis Cycle (DFIAC) as the guiding framework, we demonstrate how one can acquire Facebook messenger app artifacts from an Android device and an iOS device (the latter is, using existing forensic tools. Based on the acquired evidence, we create 199 data-instances to train WEKA classifiers (i.e. ZeroR, J48 and Random tree) with the aim of classifying the device owner’s contacts and determine their mutual relationship strength.
  • Ashish Nanda, Priyadarsi Nanda, Xiangjian He, Aruna Jamdagni, Deepak Puthal
    Proceedings of the Annual Hawaii International Conference on System Sciences 2018-January 5532 - 5541 2018年 
    Authentication is an essential part of any network and plays a pivotal role in ensuring the security of a network by preventing unauthorised devices/users access to the network. As dynamic wireless mesh networks are evolving and being accepted in various fields, there is a strong need to improve the security of the network. It’s features like self-organizing and self-healing make it great but get undermined when rigid authentication schemes are used. We propose a hybrid authentication scheme for such dynamic mesh networks under three specified scenarios; full authentication, quick authentication and new node authentication. The proposed schemes are applied on our previous works on dynamic mesh routing protocol, Geo location Oriented Routing Protocol (GLOR Simulation results show our proposed scheme is efficient in terms of resource utilization as well as defending against security threats.
  • Upasana Nagar, Xiangjian He, Priyadarsi Nanda, Zhiyuan Tan
    ACM International Conference Proceeding Series 188 - 193 2017年10月13日 
    Cloud computing offers an on demand, elastic, global network access to a shared pool of resources that can be configured on user demand. The advantages of cloud computing are lucrative for well-established organizations looking to reduce infrastructure cost overheads. However, the users are not quite confident in entrusting their data to the cloud due to security threats and risks perceived in the cloud domain. Issues involving privacy requirements for the cloud and best practices in the cloud are suggested in this paper. Although the cloud provider ensures security in the cloud yet the flow of data, storage location, data computing process and security breaches are not transparent to the cloud customer. This distrust and lack of control on data is a major hindrance for potential cloud customers in adopting the cloud models for their businesses. Intrusion Detection Systems (IDSs) are widely used to detect malicious activities. However existing solutions with IDSs involving DDoS and other non-detectable events may not be suitable in applying to the cloud due to distributed data storage and a major shift in Internet access mechanisms offered by cloud providers. Hence there is a strong need to analyze an appropriate IDS to counter DDoS attacks in the cloud. In this paper we propose a novel framework for data security in the cloud using Collaborative Intrusion Detection (CIDS) scheme. The benefits of CIDS scheme in cloud are enabling the end user to get comprehensive information in the event of a distributed attack on cloud.
  • Deepak Puthal, Saraju P. Mohanty, Priyadarsi Nanda, Uma Choppali
    IEEE Consumer Electronics Magazine 6 4 24 - 27 2017年10月 
    Due to the wide variety of devices used in computer network systems, cybersecurity plays a major role in securing and improving the performance of the network or system. Although cybersecurity has received a large amount of global interest in recent years, it remains an open research space. Current security solutions in network-based cyberspace provide an open door to attackers by communicating first before authentication, thereby leaving a black hole for an attacker to enter the system before authentication. This article provides an overview of cyberthreats, traditional security solutions, and the advanced security model to overcome current security drawbacks.
  • Mian Jan, Priyadarsi Nanda, Muhammad Usman, Xiangjian He
    Concurrency and Computation: Practice and Experience 29 17 2017年09月10日 
    Wireless sensor networks (WSNs) consist of resource-starving miniature sensor nodes deployed in a remote and hostile environment. These networks operate on small batteries for days, months, and even years depending on the requirements of monitored applications. The battery-powered operation and inaccessible human terrains make it practically infeasible to recharge the nodes unless some energy-scavenging techniques are used. These networks experience threats at various layers and, as such, are vulnerable to a wide range of attacks. The resource-constrained nature of sensor nodes, inaccessible human terrains, and error-prone communication links make it obligatory to design lightweight but robust and secured schemes for these networks. In view of these limitations, we aim to design an extremely lightweight payload-based mutual authentication scheme for a cluster-based hierarchical WSN. The proposed scheme, also known as payload-based mutual authentication for WSNs, operates in 2 steps. First, an optimal percentage of cluster heads is elected, authenticated, and allowed to communicate with neighboring nodes. Second, each cluster head, in a role of server, authenticates the nearby nodes for cluster formation. We validate our proposed scheme using various simulation metrics that outperform the existing schemes.
  • Ashish Nanda, Priyadarsi Nanda, Xiangjian He, Aruna Jamdagni, Deepak Puthal
    Proceedings - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017 269 - 276 2017年09月07日 
    With the dawn of a new era, digital security has become one of the most essential part of any network. Be it a physical network, virtual network or social network, the demand for secure data transmission is ever increasing. Wireless mesh networks also stand the same test of security as the legacy networks. This paper presents a secure version of the Geo-Location Oriented Routing (GLOR) protocol for wireless mesh networks, incorporating a multilevel security framework. It implements authentication using the new features of the network model and enables encryption throughout the network to provide high levels of security.
  • Khaled Aldebei, Helia Farhood, Wenjing Jia, Priyadarsi Nanda, Xiangjian He
    Proceedings - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017 379 - 385 2017年09月07日 
    Document clustering groups documents of certain similar characteristics in one cluster. Document clustering has shown advantages on organization, retrieval, navigation and summarization of a huge amount of text documents on Internet. This paper presents a novel, unsupervised approach for clustering single-author documents into groups based on authorship. The key novelty is that we propose to extract contextual correlations to depict the writing style hidden among sentences of each document for clustering the documents. For this purpose, we build an Hidden Markov Model (HMM) for representing the relations of sequential sentences, and a two-level, unsupervised framework is constructed. Our proposed approach is evaluated on four benchmark datasets, widely used for document authorship analysis. A scientific paper is also used to demonstrate the performance of the approach on clustering short segments of a text into authorial components. Experimental results show that the proposed approach outperforms the state-of-the-art approaches.
  • Amber Umair, Priyadarsi Nanda, Xiangjian He
    Proceedings - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017 1139 - 1144 2017年09月07日 
    Online Social Networks (OSN) such as Facebook, Twitter, LinkedIn, and Instagram are heavily used to socialize, entertain or gain insights on people behavior and their activities. Everyday terabytes of data is generated over these networks, which is then used by the businesses to generate revenue or misused by the wrongdoers to exploit vulnerabilities of these social network platforms. Specifically social network information helps in extracting various important features such as; user association, access pattern, location information etc. Recent research shows, many such features could be used to develop novel attack models and investigate further into defending the users from exposing their information to outsiders. This paper analyzes some of the available tools to extract OSN information and discusses research work on similar type of unstructured data. Recent research works, which focus on gathering bits and pieces of information to extract meaningful results for digital forensics, has been discussed. An online survey is conducted to gauge the cautiousness of users in social media usage in terms of personal information dissemination.
  • Priyadarsi Nanda, Yang Xiang, Yi Mu
    Proceedings - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017 xvii  2017年09月07日
  • Qingru Li, Zhiyuan Tan, Aruna Jamdagni, Priyadarsi Nanda, Xiangjian He, Wei Han
    Proceedings - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017 978 - 983 2017年09月07日 
    This paper proposes an anomaly-based Intrusion Detection System (IDS), which flags anomalous network traffic with a distance-based classifier. A polynomial approach was designed and applied in this work to extract hidden correlations from traffic related statistics in order to provide distinguishing features for detection. The proposed IDS was evaluated using the well-known KDD Cup 99 data set. Evaluation results show that the proposed system achieved better detection rates on KDD Cup 99 data set in comparison with another two state-of-the-art detection schemes. Moreover, the computational complexity of the system has been analysed in this paper and shows similar to the two state-of-the-art schemes.
  • Ashish Nanda, Priyadarsi Nanda, Xiangjian He
    Proceedings - 18th IEEE International Conference on High Performance Computing and Communications, 14th IEEE International Conference on Smart City and 2nd IEEE International Conference on Data Science and Systems, HPCC/SmartCity/DSS 2016 891 - 898 2017年01月20日 
    Wireless Mesh Network is an emerging technology with great potential to become a Self-Sustained Network. Unlike the traditional networks that dominate the current communication system and rely on a large and expensive setup of wired/wireless access points to provide connection between users, the Wireless Mesh Network is formed by the user devices (referred as Nodes) which connect to each other to form a network. However, due to the use of legacy/traditional network models for mesh networks, there exist various limitations towards its implementation. This paper presents a new approach towards the Wireless Mesh Network, incorporating a new routing scheme based on the Geo-Location of the devices. It puts forward the structure, working principle and its performance during the first implementation.
  • Dat Dang, Doan Hoang, Priyadarsi Nanda
    Data Security in Cloud Computing 117 - 150 2017年01月01日 
    Cloud computing has become an alternative IT infrastructure where users, infrastructure providers, and service providers all share and deploy resources for their business processes and applications. In order to deliver cloud services cost effectively, users’ data is stored in a cloud where applications are able to perform requests from clients efficiently. As data is transferred to the cloud, data owners are concerned about the loss of control of their data and cloud service providers (CSPs) are concerned about their ability to protect data when it is moved about both within and out of its own environment. Many security and protection mechanisms have been proposed to protect cloud data by employing various policies, encryption techniques, and monitoring and auditing approaches. However, data is still exposed to potential disclosures and attacks if it is moved and located at another cloudwhere there is no equivalent security measure at visited sites. In a realistic cloud scenario with hierarchical service chain, the handling of data in a cloud can be delegated by a CSP to a subprovider or another. However, CSPs do not often deploy the same protection schemes. Movement of user’s data is an important issue in cloud, and it has to be addressed to ensure the data is protected in an integrated manner regardless of its location in the environment. The user is concerned whether its data is located in locations covered by the service level agreement, and data operations are protected from unauthorized users. When user’s data is moved to data centers located at locations different from its home, it is necessary to keep track of its locations and data operations. This chapter discusses data protection and mobility management issues in cloud environment and in particular the implementation of a trust-oriented data protection framework.
  • Mohammed A. Ambusaidi, Xiangjian He, Priyadarsi Nanda, Zhiyuan Tan
    IEEE Transactions on Computers 65 10 2986 - 2998 2016年10月01日 
    Redundant and irrelevant features in data have caused a long-term problem in network traffic classification. These features not only slow down the process of classification but also prevent a classifier from making accurate decisions, especially when coping with big data. In this paper, we propose a mutual information based algorithm that analytically selects the optimal feature for classification. This mutual information based feature selection algorithm can handle linearly and nonlinearly dependent data features. Its effectiveness is evaluated in the cases of network intrusion detection. An Intrusion Detection System (IDS), named Least Square Support Vector Machine based IDS (LSSVM-IDS), is built using the features selected by our proposed feature selection algorithm. The performance of LSSVM-IDS is evaluated using three intrusion detection evaluation datasets, namely KDD Cup 99, NSL-KDD and Kyoto 2006+ dataset. The evaluation results show that our feature selection algorithm contributes more critical features for LSSVM-IDS to achieve better accuracy and lower computational cost compared with the state-of-the-art methods.
  • Ashish Nanda, Priyadarsi Nanda, Xiangjian He, Aruna Jamdagni
    Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 10063 LNCS 393 - 408 2016年 
    Wireless Mesh Network is an emerging technology with great potential for evolving into a self-sustained network. The traditional networks, which dominate the present day communication systems, rely on large and expensive setups of wired/wireless access points for connection between users. Unlike the traditional networks, a Wireless Mesh Network is formed by the user devices which connect to each other to form a network. The security of such networks is however very low as each data packet passes through multiple devices making it susceptible to vulnerabilities. This paper discusses a new network model that implements a strong security framework over a new routing technique. The new network model, unlike any other, features a new addressing scheme that is no longer limited by the drawbacks of the legacy systems and can hence implement better security measures.
  • Thanh Dat Dang, Doan Hoang, Priyadarsi Nanda
    Proceedings - 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 10th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Symposium on Parallel and Distributed Processing with Applications, IEEE TrustCom/BigDataSE/ISPA 2016 1485 - 1491 2016年 
    Cloud computing has been adopted as an efficient computing infrastructure model for provisioning resources and providing services to users. Several distributed resource models such as Hadoop and parallel databases have been deployed in healthcare-related services to manage electronic health records (EHR). However, these models are inefficient for managing a large number of small files and hence they are not widely deployed in Healthcare Information Systems. This paper proposed a novel Hash-Based File Clustering Scheme (HBFC) to distribute, store and retrieve EHR efficiently in cloud environments. The HBFC possesses two distinctive features: it utilizes hashing to distribute files into clusters in a control way and it utilizes P2P structures for data management. HBFC scheme is demonstrated to be effective in handling big health data that comprises of a large number of small files in various formats. It allows users to retrieve and access data records efficiently. The initial implementation results demonstrate that the proposed scheme outperforms original P2P system in term of data lookup latency.
  • Thawatchai Chomsiri, Xiangjian He, Priyadarsi Nanda, Zhiyuan Tan
    Proceedings - 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 10th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Symposium on Parallel and Distributed Processing with Applications, IEEE TrustCom/BigDataSE/ISPA 2016 178 - 184 2016年 
    Firewalls are important network devices which provide first hand defense against network threat. This level of defense is depended on firewall rules. Traditional firewalls, i.e., Cisco ACL, IPTABLES, Check Point and Juniper NetScreen firewall use listed rule to regulate packet flows. However, the listed rules may lead to rule conflictions which make the firewall to be less secure or even slowdown in performance. Based on our previous research works, we proposed the Tree-Rule firewall which does not encounter such rule conflicts within its rule set and operates faster than the traditional firewalls. However, in big or complex networks, the Tree-Rule firewall still may face two main problems. 1. Firewall administrators may face difficulty to write big and complex rule. 2. Difficulty to select appropriate attribute column for the Root node. In this paper, we propose an improved model for the Tree-Rule firewall by extending our previous models. We offer the use of combination between IN and OUT interfaces of the firewall to separate a big rule to many small independent rules. Each separated rule then can be managed in an individual screen. Sequence of verifying attributes, i.e., Source IP, Destination IP and Destination Port numbers, can be ordered independently in each separated rule. We implement the two main schemes on Linux Cent OS 6.3. We found that the improved Tree-Rule firewall can be managed easily with low processing delay.
  • Muhammad Usman, Mian Ahmad Jan, Xiangjian He, Priyadarsi Nanda
    Proceedings - 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 10th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Symposium on Parallel and Distributed Processing with Applications, IEEE TrustCom/BigDataSE/ISPA 2016 590 - 597 2016年 
    The use of Multimedia Wireless Sensor Networks (MWSNs) is becoming common nowadays with a rapid growth in communication facilities. Similar to any other WSNs, these networks face various challenges while providing security, trust and privacy for user data. Provisioning of the aforementioned services become an uphill task especially while dealing with real-time streaming data. These networks operates with resource-constrained sensor nodes for days, months and even years depending on the nature of an application. The resource-constrained nature of these networks makes it difficult for the nodes to tackle real-time data in mission-critical applications such as military surveillance, forest fire monitoring, health-care and industrial automation. For a secured MWSN, the transmission and processing of streaming data needs to be explored deeply. The conventional data authentication schemes are not suitable for MWSNs due to the limitations imposed on sensor nodes in terms of battery power, computation, available bandwidth and storage. In this paper, we propose a novel quality-driven clustering-based technique for authenticating streaming data in MWSNs. Nodes with maximum energy are selected as Cluster Heads (CHs). The CHs collect data from member nodes and forward it to the Base Station (BS), thus preventing member nodes with low energy from dying soon and increasing life span of the underlying network. The proposed approach not only authenticates the streaming data but also maintains the quality of transmitted data. The proposed data authentication scheme coupled with an Error Concealment technique provides an energy-efficient and distortion-free real-time data streaming. The proposed scheme is compared with an unsupervised resources scenario. The simulation results demonstrate better network lifetime along with 21.34 dB gain in Peak Signal-to-Noise Ratio (PSNR) of received video data streams.
  • Mohammed A. Ambusaidi, Xiangjian He, Priyadarsi Nanda
    Proceedings - 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2015 1 295 - 301 2015年12月02日 
    This paper considers the feature selection problem for data classification in the absence of data labels. It first proposes an unsupervised feature selection algorithm, which is an enhancement over the Laplacian score method, named an Extended Laplacian score, EL in short. Specifically, two main phases are involved in EL to complete the selection procedures. In the first phase, the Laplacian score algorithm is applied to select the features that have the best locality preserving power. In the second phase, EL proposes a Redundancy Penalization (RP) technique based on mutual information to eliminate the redundancy among the selected features. This technique is an enhancement over Battiti's MIFS. It does not require a user-defined parameter such as beta to complete the selection processes of the candidate feature set as it is required in MIFS. After tackling the feature selection problem, the final selected subset is then used to build an Intrusion Detection System. The effectiveness and the feasibility of the proposed detection system are evaluated using three well-known intrusion detection datasets: KDD Cup 99, NSL-KDD and Kyoto 2006+ dataset. The evaluation results confirm that our feature selection approach performs better than the Laplacian score method in terms of classification accuracy.
  • Mian Ahmad Jan, Priyadarsi Nanda, Xiangjian He, Ren Ping Liu
    Proceedings - 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2015 1 318 - 325 2015年12月02日 
    Wireless Sensor Networks (WSNs) have experienced phenomenal growth over the past decade. They are typically deployed in remote and hostile environments for monitoring applications and data collection. Miniature sensor nodes collaborate with each other to provide information on an unprecedented temporal and spatial scale. The resource-constrained nature of sensor nodes along with human-inaccessible terrains poses various security challenges to these networks at different layers. In this paper, we propose a novel detection scheme for Sybil attack in a centralized clustering-based hierarchical network. Sybil nodes are detected prior to cluster formation to prevent their forged identities from participating in cluster head selection. Only legitimate nodes are elected as cluster heads to enhance utilization of the resources. The proposed scheme requires collaboration of any two high energy nodes to analyze received signal strengths of neighboring nodes. The simulation results show that our proposed scheme significantly improves network lifetime in comparison with existing clustering-based hierarchical routing protocols.
  • Thanh Dat Dang, Doan Hoang, Priyadarsi Nanda
    Proceedings - 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2015 1 750 - 757 2015年12月02日 
    Cloud computing dramatically reduces the expense and complexity of managing IT systems. Business customers do not need to invest in their own costly IT infrastructure, but can delegate and deploy their services effectively to cloud vendors and service providers. A number of security and protection mechanisms have been proposed to prevent the disclosure of sensitive information or tempering with the data by employing various policy, encryption, and monitoring approaches. However, few efforts have been focused on data mobility issues in terms of protection of data when it is moved within a cloud or to and from a new cloud environment. To allay users' concern of data control, data ownership, security and privacy, we propose a novel data mobility management model which ensures continuity protecting data at new cloud hosts at new data locations. The model provides a mobility service to handle data moving operation that relies on a new location database service. The new model allows the establishment of a proxy supervisor in the new environment and the ability of the active data to record its own location. The experimental outcomes demonstrate the feasibility, proactivity, and efficiency by the full mobility management model.
  • Vijaya Durga Chemalamarri, Priyadarsi Nanda, Karla Felix Navarro
    Proceedings - European Workshop on Software Defined Networks, EWSDN 55 - 60 2015年10月30日 
    As enterprises migrate to SDN, a brown field network transitional state is inevitable, where both Software Defined and Legacy networks coexist. The aim of this work is to further the knowledge in the area of Hybrid Software Defined Network (SDN) networks, by investigating requirements and challenges involved in building such networks. This work proposes a Hybrid SDN controller architecture to establish, control and inter-domain communication between the legacy and SDN domains.
  • Anil Saini, Manoj Singh Gaur, Vijay Laxmi, Priyadarsi Nanda
    ACM International Conference Proceeding Series 08-10-Sep-2015 2015年09月08日 
    Browser functionalities can be widely extended by browser extensions. One of the key features that makes browser extensions so powerful is that they run with "high" privi-leges. As a consequence, a vulnerable or malicious extension might expose browser, and operating system (OS) resources to possible attacks such as privilege escalation, information stealing, and session hijacking. The resources are referred as browser as well as OS components accessed through browser extension such as accessing information on the web appli-cation, executing arbitrary processes, and even access files from a host file system. This paper presents sandFOX (secure sandbox and iso-lated environment), a client-side browser policies for constructing sandbox environment. sandFOX allows the browser exten-sion to express fine-grained OS specific security policies that are enforced at runtime. In particular, our proposed policies provide the protection to OS resources (e.g., host file system, network and processes) from the browser attacks. We use Security-Enhanced Linux (SELinux) to tune OS and build a sandbox that helps in reducing potential damage from at-tacks on the OS resources. To show the practicality of sand-FOX in a range of settings, we compute the effectiveness of sandFOX for various browser attacks on OS resources. We also show that sandFOX enabled browser experiences low overhead on loading pages and utilizes negligible memory when running with sandbox environment.
  • Zhiyuan Tan, Aruna Jamdagni, Xiangjian He, Priyadarsi Nanda, Ren Ping Liu, Jiankun Hu
    IEEE Transactions on Computers 64 9 2519 - 2533 2015年09月01日 
    Detection of Denial-of-Service (DoS) attacks has attracted researchers since 1990s. A variety of detection systems has been proposed to achieve this task. Unlike the existing approaches based on machine learning and statistical analysis, the proposed system treats traffic records as images and detection of DoS attacks as a computer vision problem. A multivariate correlation analysis approach is introduced to accurately depict network traffic records and to convert the records into their respective images. The images of network traffic records are used as the observed objects of our proposed DoS attack detection system, which is developed based on a widely used dissimilarity measure, namely Earth Mover's Distance (EMD). EMD takes cross-bin matching into account and provides a more accurate evaluation on the dissimilarity between distributions than some other well-known dissimilarity measures, such as Minkowski-form distance Lp and X2 statistics. These unique merits facilitate our proposed system with effective detection capabilities. To evaluate the proposed EMD-based detection system, ten-fold cross-validations are conducted using KDD Cup 99 dataset and ISCX 2012 IDS Evaluation dataset. The results presented in the system evaluation section illustrate that our detection system can detect unknown DoS attacks and achieves 99.95 percent detection accuracy on KDD Cup 99 dataset and 90.12 percent detection accuracy on ISCX 2012 IDS evaluation dataset with processing capability of approximately 59,000 traffic records per second.
  • Thawatchai Chomsiri, Xiangjian He, Priyadarsi Nanda, Zhiyuan Tan
    Proceedings - 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2014 122 - 129 2015年01月15日 
    In this paper, we propose a novel connection tracking mechanism for Tree-rule firewall which essentially organizes firewall rules in a designated Tree structure. A new firewall model based on the proposed connection tracking mechanism is then developed and extended from the basic model of Net filter's Conn Track module, which has been used by many early generation commercial and open source firewalls including IPTABLES, the most popular firewall. To reduce the consumption of memory space and processing time, our proposed model uses one node per connection instead of using two nodes as appeared in Net filter model. This can reduce memory space and processing time. In addition, we introduce an extended hash table with more hashing bits in our firewall model in order to accommodate more concurrent connections. Moreover, our model also applies sophisticated techniques (such as using static information nodes, and avoiding timer objects and memory management tasks) to improve its processing speed. Finally, we implement this model on Linux Cent OS 6.3 and evaluate its speed. The experimental results show that our model performs more efficiently in comparison with the Net filter/IPTABLES.
  • Mian Ahmad Jan, Priyadarsi Nanda, Xiangjian He, Zhiyuan Tan, Ren Ping Liu
    Proceedings - 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2014 205 - 211 2015年01月15日 
    The Internet of Things is a vision that broadens the scope of the internet by incorporating physical objects to identify themselves to the participating entities. This innovative concept enables a physical device to represent itself in the digital world. There are a lot of speculations and future forecasts about the Internet of Things devices. However, most of them are vendor specific and lack a unified standard, which renders their seamless integration and interoperable operations. Another major concern is the lack of security features in these devices and their corresponding products. Most of them are resource-starved and unable to support computationally complex and resource consuming secure algorithms. In this paper, we have proposed a lightweight mutual authentication scheme which validates the identities of the participating devices before engaging them in communication for the resource observation. Our scheme incurs less connection overhead and provides a robust defence solution to combat various types of attacks.
  • Mohammed A. Ambusaidi, Xiangjian He, Zhiyuan Tan, Priyadarsi Nanda, Liang Fu Lu, Upasana T. Nagar
    Proceedings - 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2014 82 - 89 2015年01月15日 
    Intrusion Detection Systems (IDSs) play a significant role in monitoring and analyzing daily activities occurring in computer systems to detect occurrences of security threats. However, the routinely produced analytical data from computer networks are usually of very huge in size. This creates a major challenge to IDSs, which need to examine all features in the data to identify intrusive patterns. The objective of this study is to analyze and select the more discriminate input features for building computationally efficient and effective schemes for an IDS. For this, a hybrid feature selection algorithm in combination with wrapper and filter selection processes is designed in this paper. Two main phases are involved in this algorithm. The upper phase conducts a preliminary search for an optimal subset of features, in which the mutual information between the input features and the output class serves as a determinant criterion. The selected set of features from the previous phase is further refined in the lower phase in a wrapper manner, in which the Least Square Support Vector Machine (LSSVM) is used to guide the selection process and retain optimized set of features. The efficiency and effectiveness of our approach is demonstrated through building an IDS and a fair comparison with other stateof-the-art detection approaches. The experimental results show that our hybrid model is promising in detection compared to the previously reported results.
  • Adrian Johannes, Priyadarsi Nanda, Xiangjian He
    Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 9532 669 - 677 2015年 
    Utilizing cloud-based services, users are required to first specify their goal of using such cloud based applications and then obtain service compositions satisfying their specific needs from the cloud service providers. The process involves dynamic pricing schemes for service provisioning between themselves and their cloud service providers. As a result, it is quite challenging with existing supply and demand driven approaches to ensure true dynamic resource provisioning for users with critical applications. To address this problem, we propose a game theory approach based on fuzzy logic which is then used to ensure aspects of resource provisioning on cloud. In our approach, we perform a trade-off for resources between service provider, cloud resource provider and service user based on the user demand and avoid rejecting users to ensure reliable resource provisioning. Experimental results demonstrate that our proposed approach can improve resource utilization associated with users.
  • Mian Ahmad Jan, Priyadarsi Nanda, Xiangjian He, Ren Ping Liu
    Computer Networks 74 PB 92 - 102 2014年12月09日 
    Wireless sensor networks comprise resource-starved sensor nodes, which are deployed to sense the environment, gather data, and transmit it to a base station (BS) for further processing. Cluster-based hierarchical-routing protocols are used to efficiently utilize the limited energy of the nodes by organizing them into clusters. Only cluster head (CH) nodes are eligible for gathering data in each cluster and transmitting it to a BS. Unbalanced clusters result in network congestion, thereby causing delay, packet loss, and degradation of Quality of Service (QoS) metrics. In this study, we propose a priority-based application-specific congestion control clustering (PASCCC) protocol, which integrates the mobility and heterogeneity of the nodes to detect congestion in a network. PASCCC decreases the duty cycle of each node by maintaining threshold levels for various applications. The transmitter of a sensor node is triggered when the reading of a specific captured event exceeds a specific threshold level. Time-critical packets are prioritized during congestion in order to maintain their timeliness requirements. In our proposed approach, CHs ensure coverage fidelity by prioritizing the packets of distant nodes over those of nearby nodes. A novel queue scheduling mechanism is proposed for CHs to achieve coverage fidelity, which ensures that the extra resources consumed by distant nodes are utilized effectively. The effectiveness of PASCCC was evaluated based on comparisons with existing clustering protocols. The experimental results demonstrated that PASCCC achieved better performance in terms of the network lifetime, energy consumption, data transmission, and other QoS metrics compared with existing approaches.
  • Zhiyuan Tan, Upasana T. Nagar, Xiangjian He, Priyadarsi Nanda, Ren Ping Liu, Song Wang, Jiankun Hu
    IEEE Cloud Computing 1 3 27 - 33 2014年09月01日 
    Big data, often stored in cloud networks, is changing our business models and applications. Rich information residing in big data is driving business decision making to be a data-driven process. The security and privacy of this data, however, have always been a concern of the data owners. Securing cloud computing environments could strengthen data security and privacy. Doing so requires a comprehensive security solution, from attack prevention to attack detection. Intrusion detection systems (IDSs) are playing an increasingly important role in network security schemes. This article studies vulnerabilities in cloud computing and proposes a collaborative IDS framework to enhance the security and privacy of big data.
  • Zhiyuan Tan, Aruna Jamdagni, Xiangjian He, Priyadarsi Nanda, Ren Ping Liu
    IEEE Transactions on Parallel and Distributed Systems 25 2 447 - 456 2014年02月 
    Interconnected systems, such as Web servers, database servers, cloud computing servers and so on, are now under threads from network attackers. As one of most common and aggressive means, denial-of-service (DoS) attacks cause serious impact on these computing systems. In this paper, we present a DoS attack detection system that uses multivariate correlation analysis (MCA) for accurate network traffic characterization by extracting the geometrical correlations between network traffic features. Our MCA-based DoS attack detection system employs the principle of anomaly based detection in attack recognition. This makes our solution capable of detecting known and unknown DoS attacks effectively by learning the patterns of legitimate network traffic only. Furthermore, a triangle-area-based technique is proposed to enhance and to speed up the process of MCA. The effectiveness of our proposed detection system is evaluated using KDD Cup 99 data set, and the influences of both non-normalized data and normalized data on the performance of the proposed detection system are examined. The results show that our system outperforms two other previously developed state-of-the-art approaches in terms of detection accuracy. © 1990-2012 IEEE.
  • Xiangjian He, Thawatchai Chomsiri, Priyadarsi Nanda, Zhiyuan Tan
    Future Generation Computer Systems 30 1 116 - 126 2014年 
    This study proposes a new model of firewall called the 'Tree-Rule Firewall', which offers various benefits and is applicable for large networks such as 'cloud' networks. The recently available firewalls (i.e., Listed-Rule firewalls) have their limitations in performing the tasks and are inapplicable for working on some networks with huge firewall rule sizes. The Listed-Rule firewall is mathematically tested in this paper to prove that the firewall potentially causes conflict rules and redundant rules and hence leads to problematic network security systems and slow functional speed. To overcome these problems, we show the design and development of Tree-Rule firewall that does not create conflict rules and redundant rules. In a Tree-Rule firewall, the rule positioning is based on a tree structure instead of traditional rule listing. To manage firewall rules, we implement a Tree-Rule firewall on the Linux platform and test it on a regular network and under a cloud environment respectively to show its performance. It is demonstrated that the Tree-Rule firewall offers better network security and functional speed than the Listed-Rule firewall. Compared to the Listed-Rule firewall, rules of the Tree-Rule firewall are easier to be created, especially on a large network such as a cloud network. © 2013 Elsevier B.V. All rights reserved.
  • Mian Ahmad Jan, Priyadarsi Nanda, Xiangjian He, Ren Ping Liu
    Proceedings - 2013 IEEE International Conference on High Performance Computing and Communications, HPCC 2013 and 2013 IEEE International Conference on Embedded and Ubiquitous Computing, EUC 2013 1400 - 1407 2014年 
    Wireless Sensor Network (WSN) performs energy extensive tasks and it is essential to rotate sensor nodes frequently so that Cluster Head selections can be made efficiently. In this paper, we aim to improve the lifetime of sensor network by using LEACH based protocols and efficiently utilizing the limited energy available in these sensor nodes. In sensor network, the amount of data delivered at the base station is not important but it is the quality of the data which is of utmost importance. Our proposed approach significantly improves the life time and quality of data being delivered at the base station in sensor network. We evaluate our proposed approach using different sets of node energy levels and in each case our approach shows significant improvement over existing cluster-based hierarchical routing protocols. We evaluate our scheme in terms of energy consumption, life time and quality of data delivered at the base station. © 2013 IEEE.
  • Mohammed A. Ambusaidi, Zhiyuan Tan, Xiangjian He, Priyadarsi Nanda, Liang Fu Lu, Aruna Jamdagni
    International Journal of Internet Protocol Technology 8 2-3 77 - 86 2014年01月01日 
    Cyber crimes and malicious network activities have posed serious threats to the entire internet and its users. This issue is becoming more critical, as network-based services, are more widespread and closely related to our daily life. Thus, it has raised a serious concern in individual internet users, industry and research community. A significant amount of work has been conducted to develop intelligent anomaly-based intrusion detection systems (IDSs) to address this issue. However, one technical challenge, namely reducing false alarm, has been along with the development of anomaly-based IDSs since 1990s. In this paper, we provide a solution to this challenge. A nonlinear correlation coefficient-based (NCC) similarity measure is proposed to help extract both linear and nonlinear correlations between network traffic records. This extracted correlative information is used in our proposed IDS to detect malicious network behaviours. The effectiveness of the proposed NCC-based measure and the proposed IDS are evaluated using NSL-KDD dataset. The evaluation results demonstrate that the proposed NCC-based measure not only helps reduce false alarm rate, but also helps discriminate normal and abnormal behaviours efficiently.
  • Dong Yu, Priyadarsi Nanda, Longbing Cao, Xiangjian He
    International Journal of Sensor Networks 14 3 168 - 177 2013年 
    This paper presents an evaluation framework for architecture designs on wireless sensor networks (WSNs). We introduce a simple evaluation model: triangular constraint tradeoffs model (TCTM) to grasp the essence of the architecture design consideration under transient wireless media characteristic and stringent limitation on energy and computing resource of WSNs. Based on this evaluation framework, we investigate the existing architectures proposed in literature from three main competing constraint aspects, namely generality, cost, and performance. Two important concepts: performance efficiency and deployment efficiency are identified and distinguished in overall architecture efficiency. With this powerful abstract and simple model, we describe the motivations of major body of WSNs architectures proposed in current literature. We also analyse the fundamental advantage and limitations of each class of architectures from TCTM perspective. We foresee the influence of evolving technology to futuristic architecture design. We believe our efforts will serve as a reference to orient researchers and system designers in this area. Copyright © 2013 Inderscience Enterprises Ltd.
  • Mian Ahmad Jan, Priyadarsi Nanda, Xiangjian He
    Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 7889 LNCS 154 - 167 2013年 
    Wireless Sensor Networks (WSN) consists of battery-powered sensor nodes which collect data and route the data to the Base Station. Centralized Cluster-based routing protocols efficiently utilize limited energy of the nodes by selecting Cluster Heads (CHs) in each round. Selection of CHs and Cluster formation is performed by the Base Station. In each round, nodes transmit their location information and their residual energy to the Base Station. This operation is a considerable burden on these resource hungry sensor nodes. In this paper we propose a scheme whereby a small number of High-Energy nodes gather location information and residual energy status of the sensing nodes and transmit to the Base Station. This scheme eliminates CH advertisement phase in order to conserve energy. Based on the energy consumption by various types of nodes, we have derived an energy model for our algorithm which depicts the total energy consumption in the network. © 2013 Springer-Verlag.
  • Hugo Cruz-Sanchez, Laurent Ciarletta, Ye Qiong Song, Priyadarsi Nanda
    2013 9th International Wireless Communications and Mobile Computing Conference, IWCMC 2013 159 - 164 2013年 
    This work contains a routing proposition to be used over a Wireless Sensor Network (WSN) location system based on the IEEE 802.15.4 standard. The technical solution for communication consists of an n-ary tree algorithm for routing using a 16 bit addressing scheme. It is compared to a binary routing scheme originally used on a real system which suffers from coverage, routing and addressing problem. An analysis of the coverage aspects is driven by a geometric study. It includes an analysis of a generated topology for different coverage areas and different routing topologies. The geometric analysis is validated by a simulation work. We observe that the proposed scheme outperforms the existing routing solution in terms of hop-count, delay and association process time. The work puts in evidence that the Connectivity of the network is an important parameter to be considered during the network deployment and for the routing scheme. © 2013 IEEE.
  • Thawatchai Chomsiri, Xiangjian He, Priyadarsi Nanda
    Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 7646 LNCS 275 - 287 2012年 
    This research will illustrate that firewalls today (Listed-Rule Firewall) have five important limitations which may lead to security problem, speed problem, and "difficult to use" problem. These limitations consist of, firstly, limitation about "Shadowed rules" (the rule that cannot match with any packet because a packet will be matched with other rules above) which can lead to security and speed problem. Secondly, limitation about swapping position between rules can bring a change in firewall policy and cause security problem. The third limitation is about "Redundant rules" which can cause speed problem. Next, limitation of rule design; firewall administrators have to put "Bigger Rules" only at the bottom or lower positions that can result in a "difficult to use" problem. Lastly, limitation from sequential computation can lead to speed problem. Moreover, we also propose design of the new firewall named "Tree-Rule Firewall" which does not have above limitations.
  • Zhiyuan Tan, Aruna Jamdagni, Xiangjian He, Priyadarsi Nanda, Ren Ping Liu
    Proc. of the 11th IEEE Int. Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - 11th IEEE Int. Conference on Ubiquitous Computing and Communications, IUCC-2012 33 - 40 2012年 
    Cloud computing plays an important role in current converged networks. It brings convenience of accessing services and information to users regardless of location and time. However, there are some critical security issues residing in cloud computing, such as availability of services. Denial of service occurring on cloud computing has even more serious impact on the Internet. Therefore, this paper studies the techniques for detecting Denial-of-Service (DoS) attacks to network services and proposes an effective system for DoS attack detection. The proposed system applies the idea of Multivariate Correlation Analysis (MCA) to network traffic characterization and employs the principal of anomaly-based detection in attack recognition. This makes our solution capable of detecting known and unknown DoS attacks effectively by learning the patterns of legitimate network traffic only. Furthermore, a triangle area technique is proposed to enhance and speed up the process of MCA. The effectiveness of our proposed detection system is evaluated on the KDD Cup 99 dataset, and the influence of both non-normalized and normalized data on the performance of the detection system is examined. The results presented in the system evaluation section illustrate that our DoS attack detection system outperforms two state-of-theart approaches. © 2012 IEEE.
  • Muhammad Mujtaba, Priyadarsi Nanda, Xiangjian He
    Proc. of the 11th IEEE Int. Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - 11th IEEE Int. Conference on Ubiquitous Computing and Communications, IUCC-2012 1239 - 1244 2012年 
    Border Gateway Protocol (BGP) is the de-facto inter-domain routing protocol used across thousands of Autonomous Systems (AS) joined together in the Internet. Security has been a major issue for BGP. Nevertheless, BGP suffers from serious threats even today, like Denial of Service (DoS) attack and misconfiguration of routing information. BGP is one of the complex routing protocols and hard to configure against malicious attacks. However, it is important to detect such malicious activities in a network, which could otherwise cause problems for availability of services in the Internet. In this paper we use the Failure Quality Control (FQC), a technique to detect anomaly packets in the network for real time intrusion detection. © 2012 IEEE.
  • Hla Myint, Priyadarsi Nanda, Xiangjian He
    2012 International Symposium on Communications and Information Technologies, ISCIT 2012 895 - 900 2012年 
    This article develops a charging scheme that is simple and easily usable for the users and provides them with the incentives to use only the resources they require. Our scheme has been developed and based on the use of Internet resource and demonstrates how the contributing providers can share the total charge earned by each mobile and wireless services in a fair way. We made a comparison of our architecture with existing architectures and demonstrated that our architecture adopts an accommodating approach for customer which is economically viable for the ISP provider. © 2012 IEEE.
  • Jurgen Schulte, Nguyen Anh Duc, Doan B. Hoang, Doug Elliott, Sharon McKinley, Priyadarsi Nanda
    Proceedings of IEEE Sensors 2012年 
    This paper proposes and implements an integrated remote sensor-based 6-minute walk test (6MWT) for monitoring a patient's clinical condition and correlate this data to the walking activity that the patient is performing to assess his/her functional ability and physical performance. The 6MWT is known to be one of the most effective rehabilitation tests for a clinician to assess individuals with a variety of clinical conditions including survivors of a critical illness. Our method deploys body sensors for measuring health conditions and an on-body accelerometer for detecting motion. An intelligent algorithm was developed to detect a walk step, count the number of steps, and dynamically derive the step distance based on an individual's real-time walking parameters. The path and the derived walk distance are then related to their vital signs to assess their functional ability under various walk conditions. Our remote 6MWT is being considered for a telehealth rehabilitation procedure in an integrated assistive healthcare system. © 2012 IEEE.
  • Dong Yu, Priyadarsi Nanda, Xiangjian He
    Proceedings - 2012 International Conference on Control Engineering and Communication Technology, ICCECT 2012 723 - 726 2012年 
    In this paper we try to characterize wireless sensor network (WSNs) performance uncertainty (PU) attribute, identify the source and cause of PU, then we challenge that performance stability should treated seriously as one metric among other important metrics depending application scenario. We further classify PU impacts on system evaluation and comparison process. Finally, we propose PU mitigation strategy. © 2012 IEEE.
  • Zhiyuan Tan, Aruna Jamdagni, Priyadarsi Nanda, Xiangjian He, Ren Ping Liu
    ACM International Conference Proceeding Series 160 - 164 2012年 
    In this paper, a Denial-of-Service (DoS) attack detection system is explored, where a multivariate correlation analysis technique based on Euclidean distance is applied for network traffic characterization and the principal of anomaly-based detection is employed in attack recognition. The effectiveness of the detection system is evaluated on the KDD Cup 99 dataset and the influence of data normalization on the performance of attack detection is analyzed in this paper as well. The evaluation results and comparisons prove that the detection system is effective in distinguishing DoS attack network traffic from legitimate network traffic and outperforms two state-of-the-art systems. Copyright 2012 ACM.
  • Doan B. Hoangi, Doug Elliott, Sharon McKinley, Priyadarsi Nandai, Jurgen Schulte, Duc Nguyeni
    2012 IEEE International Symposium on Signal Processing and Information Technology, ISSPIT 2012 101 - 106 2012年 
    This paper proposes and explores the design of a system that includes sensor-based procedures and techniques for remote physiological sensing and functional assessment for these individuals. The remote monitoring (e.g. heart rate, SpOz level) and assessment system (6-minute walk test) was developed to support the recovery of survivors following a critical illness after their hospital discharge. The paper suggests a new model of care, through a clinician-patient remote monitoring loop, that will enable minimisation of the cost of frequent home visits and allow patients to recover safely in their home environment. © 2012 IEEE.
  • Yang Yang, Priyadarsi Nanda
    2011 International Conference on Internet Technology and Applications, iTAP 2011 - Proceedings 2011年 
    Content Distribution Network (CDN) involves several technologies, rather than just one technology working alone. CDN is another method to provide Quality of Service (QoS) to different applications and deliver different types of media content to end-users over the Internet. Since it is important to improve Internet performance in recent years, CDN has been an approach providing better Internet services. There are a number of technologies and components included in the CDN, and also several challenges needed to be considered for its performance. This paper presents basic components of CDN and summarizes the challenges and issues analyzing the development of CDNs towards QoS. © 2011 IEEE.
  • Dong Yu, Priyadarsi Nanda, Robin Braun
    7th International Conference on Wireless Communications, Networking and Mobile Computing, WiCOM 2011 2011年 
    Wireless network Simulation is challenging due to the effect of the dynamic and fading channel. The task is even more challenging in Wireless Sensor Network (WSN), adding the factor of energy source limitation. Validating simulation results with real implementation are still an unresolved question in wireless research in general and in particular WSN. There are few standard procedures to follow which guarantee accuracy and credibility in terms of answering the question in hands. On one hand, simulation results are aimed towards as realistic as possible conforming to real world implementation. On the other hand, abstraction can eliminate the fragmentation of hardware prototypes, operating system models and different simulation tools. In our research we try to tackle credibility problem in WSN with tradeoffs between realistic and abstraction, and setup the principles and guideline for practical simulations in WSN. © 2011 IEEE.
  • Zhiyuan Tan, Aruna Jamdagni, Xiangjian He, Priyadarsi Nanda, Ren Ping Liu
    Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 7043 LNCS 388 - 398 2011年 
    The quality of feature has significant impact on the performance of detection techniques used for Denial-of-Service (DoS) attack. The features that fail to provide accurate characterization for network traffic records make the techniques suffer from low accuracy in detection. Although researches have been conducted and attempted to overcome this problem, there are some constraints in these works. In this paper, we propose a technique based on Euclidean Distance Map (EDM) for optimal feature extraction. The proposed technique runs analysis on original feature space (first-order statistics) and extracts the multivariate correlations between the first-order statistics. The extracted multivariate correlations, namely second-order statistics, preserve significant discriminative information for accurate characterizations of network traffic records, and these multivariate correlations can be the high-quality potential features for DoS attack detection. The effectiveness of the proposed technique is evaluated using KDD CUP 99 dataset and experimental analysis shows encouraging results. © 2011 Springer-Verlag.
  • Hla Myint, Priyadarsi Nanda
    Proceedings - 2011 12th ACIS International Conference on Software Engineering, Artificial Intelligence Networking and Parallel Distributed Computing, SNPD 2011 38 - 44 2011年 
    This article develops a charging scheme that is simple and easily usable for the users and provides them with the incentives to use only the resources they need. This scheme is developed on the time-volume charging approach to show how the contributing providers can share the total charge earned by each mobile and wireless service instance in a fair way, with each provider collecting the portion of charge that corresponds to the consumption of its own resources for the service. This is also an important issue for the commercial viability of mobile services to mobile users, given that its provision spans multiple domains. Our proposed architecture is compliant to the relevant standards and can serve as a basis for applying other Internet charging schemes as well. © 2011 IEEE.
  • Zhiyuan Tan, Aruna Jamdagni, Xiangjian He, Priyadarsi Nanda, Ren Ping Liu
    Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 7064 LNCS PART 3 756 - 765 2011年 
    The reliability and availability of network services are being threatened by the growing number of Denial-of-Service (DoS) attacks. Effective mechanisms for DoS attack detection are demanded. Therefore, we propose a multivariate correlation analysis approach to investigate and extract second-order statistics from the observed network traffic records. These second-order statistics extracted by the proposed analysis approach can provide important correlative information hiding among the features. By making use of this hidden information, the detection accuracy can be significantly enhanced. The effectiveness of the proposed multivariate correlation analysis approach is evaluated on the KDD CUP 99 dataset. The evaluation shows encouraging results with average 99.96% detection rate and 2.08% false positive rate. Comparisons also show that our multivariate correlation analysis based detection approach outperforms some other current researches in detecting DoS attacks. © 2011 Springer-Verlag.
  • Muhammad Mujtaba, Priyadarsi Nanda
    Proceedings of the 9th Australian Information Security Management Conference 204 - 214 2011年 
    Border Gateway Protocol (BGP) is a dynamic routing protocol in the Internet that allows Autonomous System (AS) to exchange information with other networks. The main goal of BGP is to provide a loop free path to the destination. Security has been a major issue for BGP and due to a large number of attacks on routers; it has resulted in router misconfiguration, power failure and Denial of Service (DoS) attacks. Detection and prevention of attacks in router at early stages of implementation has been a major research focus in the past few years. In this research paper, we compare three statistical based anomaly detection algorithms (CUSUM, adaptive threshold and k-mean cluster) through experiment. We then carry out analysis, based on detection probability, false alarm rate and capture intensity (high & low) on the attacked routers.
  • Zhiyuan Tan, Aruna Jamdagni, Xiangjian He, Priyadarsi Nanda
    2010 IEEE Globecom Workshops, GC'10 1545 - 1549 2010年 
    Anomaly Intrusion Detection System (IDS) is a statistical based network IDS which can detect attack variants and novel attacks without a priori knowledge. Current anomaly IDSs are inefficient for real-time detection because of their complex computation. This paper proposes a novel approach to reduce the heavy computational cost of an anomaly IDS. Linear Discriminant Analysis (LDA) and difference distance map are used for selection of significant features. This approach is able to transform high-dimensional feature vectors into a low-dimensional domain. The similarity between new incoming packets and a normal profile is determined using Euclidean distance on the simple, low-dimensional feature domain. The final decision will be made according to a pre-calculated threshold to differentiate normal and abnormal network packets. The proposed approach is evaluated using DARPA 1999 IDS dataset. ©2010 IEEE.
  • Aruna Jamdagni, Zhiyuan Tan, Priyadarsi Nanda, Xiangjian He, Ren Ping Liu
    IWCMC 2010 - Proceedings of the 6th International Wireless Communications and Mobile Computing Conference 1193 - 1197 2010年 
    Intrusion detection systems are widely used security tools to detect cyber-attacks and malicious activities in computer systems and networks. Hypertext Transport Protocol (HTTP) is used for new applications without much interference. In this paper, we focus on intrusion detection of HTTP traffic by applying pattern recognition techniques using our Geometrical Structure Anomaly Detection (GSAD) model. Experimental results reveal that features extracted from HTTP request using GSAD model can be used to distinguish anomalous traffic from normal traffic, and attacks carried out over HTTP traffic can be identified. We evaluate and compare our results with the results of PAYL intrusion detection systems for the test of DARPA 1999 IDS data set. The results show GSAD has high detection rates and low false positive rates. Copyright © 2010 ACM.
  • Zhiyuan Tan, Aruna Jamdagni, Xiangjian He, Priyadarsi Nanda, Ren Ping Liu, Wenjing Jia, Wei Chang Yeh
    Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 6476 LNCS 459 - 471 2010年 
    Computational cost is one of the major concerns of the commercial Intrusion Detection Systems (IDSs). Although these systems are proven to be promising in detecting network attacks, they need to check all the signatures to identify a suspicious attack in the worst case. This is time consuming. This paper proposes an efficient two-tier IDS, which applies a statistical signature approach and a Linear Discriminant Method (LDM) for the detection of various Web-based attacks. The two-tier system converts high-dimensional feature space into a low-dimensional feature space. It is able to reduce the computational cost and integrates groups of signatures into an identical signature. The integration of signatures reduces the cost of attack identification. The final decision is made on the integrated low-dimensional feature space. Finally, the proposed two-tier system is evaluated using DARPA 1999 IDS dataset for webbased attack detection. © 2010 Springer-Verlag.
  • Aruna Jamdagni, Zhiyuan Tan, Priyadarsi Nanda, Xiangjian He, Ren Ping Liu
    Proceedings of the 8th Australian Information Security Management Conference 8 - 17 2010年 
    Web servers and web-based applications are commonly used as attack targets. The main issues are how to prevent unauthorised access and to protect web servers from the attack. Intrusion Detection Systems (IDSs) are widely used security tools to detect cyber-attacks and malicious activities in computer systems and networks. In this paper, we focus on the detection of various web-based attacks using Geometrical Structure Anomaly Detection (GSAD) model and we also propose a novel algorithm for the selection of most discriminating features to improve the computational complexity of payload-based GSAD model. Linear Discriminant method (LDA) is used for the feature reduction and classification of the incoming network traffic. GSAD model is based on a pattern recognition technique used in image processing. It analyses the correlations between various payload features and uses Mahalanobis Distance Map (MDM) to calculate the difference between normal and abnormal network traffic. We focus on the detection of generic attacks, shell code attacks, polymorphic attacks and polymorphic blending attacks. We evaluate accuracy of GSAD model experimentally on the real-world attacks dataset created at Georgia Institute of Technology. We conducted preliminary experiments on the DARPA 99 dataset to evaluate the accuracy of feature reduction.
  • N. Pathak, P. Nanda, G. K. Mahanti
    Journal of Infrared, Millimeter, and Terahertz Waves 30 7 709 - 716 2009年07月 
    In this paper, we propose an optimization method based on Particle Swarm Optimization (PSO) algorithm for thinning a large multiple concentric circular ring array of uniformly excited isotropic antennas and generate a pencil beam in the vertical plane with minimum relative side lobe level (SLL). The half-power beam width of the pattern is attempted to make equal to that of a fully populated array of same size and shape. The synthesis is performed with a standard particle swarm optimization technique as well as with an improved version of standard PSO. Simulation results of the proposed thinned array are compared with a fully populated array to illustrate the effectiveness of our proposed method. © 2009 Springer Science+Business Media, LLC.
  • Zhiyuan Tan, Xiangjian He, Priyadarsi Nanda
    Proceedings - 2009 IEEE International Symposium on Parallel and Distributed Processing with Applications, ISPA 2009 389 - 393 2009年 
    Abstract-The problem of piracy has disturbed people's daily life for hundreds of years and has not been relieved until now, though many existing anti-counterfeit solutions have been applied. However, due to the emergences of Radio Frequency IDentification (RFID) technologies, there is a more reliable alternative solution to construct authentication system. On the other hand, there arises another issue of how to simplify the deployment of RFID-centric anti-counterfeit system over the Internet. In this article, we propose an approach, Web Service Locating Unit (WSLU), to achieve this goal to manage numbers of RFID-centric authentication services (relied on web services).
  • Aruna Jamdagni, Zhiyuan Tan, Priyadarsi Nanda, Xiangjian He, Ren Liu
    4th International Conference on Frontier of Computer Science and Technology, FCST 2009 327 - 333 2009年 
    We propose a statistical model, namely Geometrical Structure Anomaly Detection (GSAD) to detect intrusion using the packet payload in the network. GSAD takes into account the correlations among the packet payload features arranged in a geometrical structure. The representation is based on statistical analysis of Mahalanobis distances among payload features, which calculate the similarity of new data against precomputed profile. It calculates weight factor to determine anomaly in the payload. In the 1999 DARPA intrusion detection evaluation data set, we conduct several tests for limited attacks on port 80 and port 25. Our approach establishes and identifies the correlation among packet payloads in a network. © 2009 IEEE.
  • Priyadarsi Nanda, Xiangjian He
    The Handbook of Research on Scalable Computing Technologies 2 739 - 759 2009年 
    The evolution of Internet and its successful technologies has brought a tremendous growth in business, education, research etc. over the last four decades. With the dramatic advances in multimedia technologies and the increasing popularity of real-time applications, recently Quality of Service (QoS) support in the Internet has been in great demand. Deployment of such applications over the Internet in recent years, and the trend to manage them efficiently with a desired QoS in mind, researchers have been trying for a major shift from its Best Effort (BE) model to a service oriented model. Such efforts have resulted in Integrated Services (Intserv), Differentiated Services (Diffserv), Multi Protocol Label Switching (MPLS), Policy Based Networking (PBN) and many more technologies. But the reality is that such models have been implemented only in certain areas in the Internet not everywhere and many of them also faces scalability problem while dealing with huge number of traffic flows with varied priority levels in the Internet. As a result, an architecture addressing scalability problem and satisfying end-to-end QoS still remains a big issue in the Internet. In this chapter the authors propose a policy based architecture which they believe can achieve scalability while offering end to end QoS in the Internet. © 2010, IGI Global.
  • Priyadarsi Nanda
    Proceedings - International Conference on Computer Science and Software Engineering, CSSE 2008 3 137 - 142 2008年 
    The problem of providing Quality of Service (QoS) in the Internet stems from the original choice of a datagram packet switching service model for the Internet Protocol (IP). Since, in principle, each packet can take any path to the destination, it is impossible to provide any absolute guarantees about service. This paper presents a scheme using traffic engineering techniques and implements policy based routing supported by Border Gateway Protocol (BGP) to achieve QoS parameters (loss, delay and jitter) values within the bound for high priority voice traffic in the Internet. Simulation using OPNET shows how such techniques can achieve the desired results. © 2008 IEEE.
  • Priyadarsi Nanda, Andrew James Simmonds
    Advances in Computer Science and Eng.: Reports and Monographs - Innovative Applications of Information Technology for the Developing World - Proc. of the 3rd Asian Applied Comput. Conf., AACC 2005 2 300 - 307 2007年 
    An important objective of Internet traffic Engineering is to facilitate reliable network operations by providing proper QoS to different services through mechanisms which will enhance network integrity and achieve network survivability. Current Internet architecture is very much distributed in nature interconnected by Internet Service Providers (ISPs), where the central goal of each service provider is to enhance emergent properties of their network by providing better service qualities with strong emphasis on economic considerations. Hence, service providers always aim at setting up their objective function based upon economic considerations and governed by their network wide policies to get the best result. In this paper we present a scheme in which Autonomous System (AS) relationships are central to any policy decision imposed by individual ISPs. Based on these policy relationships, we propose a framework which is expected to match the need for better QoS, uniform Internet wide service management and contribute efficiently towards traffic engineering. This paper presents an integrated approach comprising traffic engineering, routing and policy mechanisms for better management of QoS over the Internet.
  • Priyadarsi Nanda, Rohan Fernandes
    1st International Conference on the Digital Society, ICDS 2007 2  2007年 
    Telemedicine is one of the fastest growing fields with several innovations happening in managed health-care. With Internet and its infrastructures playing important role in the success of this field, it is not advisable to run some of the critical applications like high quality audio and video involved in telemedicine without proper Quality of Service (QoS) built on to the network. This paper focuses on two telemedicine setups that have been implemented on different backbone technologies. The first case discusses a virtual critical care unit that is setup for communication on an Asynchronous Transfer Mode (ATM) backbone and a possible model on how QoS for important traffic streams can be achieved in ATM. The second case discusses a minimal access operation that was remotely conducted on a patient with the help of telerobotics on a Multi Protocol Label Switching (MPLS) setup and provides a possible solution for achieving quality of service through MPLS in that scenario.
  • Priyadarsi Nanda, Andrew James Simmonds
    Proceedings of the 2006 International Conference on Communications in Computing, CIC 2006 63 - 69 2006年 
    Routing protocols are important to exchange routing information between neighboring routers. Such information is used to update routing tables and to share in formation about status of the network so that traffics to appropriate destinations will be fast and efficient. Different types of routing protocols are in widespread use across the Internet. Apart from determining optimal routing paths and canying traffics through the networks, these routing protocols should have additional functionalities to support network policies, traffic engineering and security'. In this paper we discuss the use of one such routing protocol the Border Gateway Protocol (BGP) which is the industry standard. We also present an algorithm in which each Autonomous System (AS) decides how to forward its traffic satisfying end-to-end- QoS for its users and services. Our proposed algorithm is dynamic in that network status and route advertisements, which change with time and based on naffic loads in the network, are monitored and taken as input to the final decision on n affic fomwding between ASs. Copyright © 2006 CSREA Press.
  • Brian J. D'Auriol, Hamid R. Arabnia, Ping Tsai Chung, Kathy Liszka, Yi Pan, Behrooz Parhami, Antonio Pescapè, Jan Smid, Abdullah Abonamah, Tarek Alameldin, Jaafar M. Alghazo, Padma Apparao, Virendra Bhavsar, Saad Biaz, Rajendra V. Boppana, Anu Bourgeois, Herwig Bruneel, Seyed Mohamed Buhari, Henry Chan, Zhao Chen, Clincy Victor, Yuanshun Dai, Xuan Hien Dang, Filip De Turck, Frank Dehne, Thomas Engel, M. Rasit Eskicioglu, Edward E.E. Frietman, Jose Garrido, Marina L. Gavrilova, Peter C.J. Graham, George A. Gravvanis, Liwen He, Chih Cheng Hung, Khan M. Iftekharuddin, Youssef Iraqi, Jean Jack, Weijia Jia, Yong Kee Jun, Hatsuhiko Kato, Keqin Li, Kuan Ching Li, Xuejun Liang, Annalisa Massini, Klaus D. McDonald-Maier, Rami Melhem, Padmaja Mudiraj, Jean Frederic Myoupo, Priyadarsi Nanda, Mohamed Ould-Khaoua, Marcin Paprzycki, Dana Petcu, Alexander Reinefeld, Tore Risch, Rodrigo Romero, Carlo Sansone, David Semé, Joe Sessums, Ruth Shaw, Hong Shen, H. Shrikumar, Tor Skeie, Yahya Slimani, Pradip K. Srimani, Al Stutz, Keum Young Sung, Johnson Thomas, Steve Uhlig, R. Vaidyanathan, Shantaram Vasikarla, Alan Wagner, Biing Feng Wang, Peter Welch, Sabine Wittevrongel, Fuming Wu, Chong Wei Xu, Lan Yang, Keun Soo Yim, G. Young, Heather Yu, S. Q. Zheng
    Proceedings of the 2005 International Conference on Communications in Computing, CIC'05 2005年
  • Andrew Simmonds, Priyadarsi Nanda
    IFIP Advances in Information and Communication Technology 119 313 - 323 2003年 
    The Differentiated services architecture (diffserv) proposed by the Internet Engineering Task Force (IETF) [1] provides service differentiation in the Internet in an efficient and scalable manner. The centrat idea of diffserv is that the Type Of Service field (TOS) in the 1Pv4 header can be used to prioritize traffic in an aggregated manner. In this paper we work on the resource management implementation issues required to support a wide variety of Quality of Service (QoS) traffic streams having different parameters. A weil known problern with diffserv [2, 3] is that, being based on aggregate streams, it currently does not support end-to-end QoS. We believe our approach to diffserv can help to achieve dynamically allocated end-to-end QoS using a Bandwidth Broker (BB) architecture. We consider our resource management scheme to be simple and weil suited to implementation in a diffserv intemet of multiple domains. Bandwidth Brokers (BB) in each domain are the point of control for various activities performed within and between the domains. © 2003 by Springer Science+Business Media Dordrecht.
  • Priyadarsi Nanda, Andrew James Simmonds
    Proceedings of the International Conference on Internet Computing 2 866 - 872 2003年 
    Current Internet architecture is based on the Best Effort (BE) model, where packets can be dropped indiscriminately in the event of congestion. This architecture attempts to deliver all traffic as soon as possible within the limits of its abilities, but without any guarantees about throughput, delay and packet loss etc. Though such a model works well for certain traditional applications such as FTP, E-mail and less QoS constrained applications, it can be intolerable for newly emerged real-time, multimedia applications such as Internet Telephony, Video-Conferencing and Video on-Demand. This paper is based on the on-going research activities being carried out by various researchers in the area of QoS and proposes a Policy Based Network (PBN) architecture for the Differentiated Services (Diff-serv) Network. Policy Based Networking received much attention recently as the devices within the networks can be implemented with greater control. Our proposed architecture ti based on the functionalities defined within the existing IETF/DMTF Policy architecture, with an objective to achieve QoS through proper Resource management techniques.


  • Priyadarsi Nanda, Vivek Kumar Verma, Sumit Srivastava, Rohit Kumar Gupta, Arka Prokash Mazumdar Lecture Notes in Networks and Systems 238 v -vi 2022年
  • Aruna Jamdagni, Zhiyuan Tan, Xiangjian He, Priyadarsi Nanda, Ren Ping Liu Computer Networks 57 (3) 811 -824 2013年02月26日 
    Intrusion Detection System (IDS) deals with huge amount of network traffic and uses large feature set to discriminate normal pattern and intrusive pattern. However, most of existing systems lack the ability to process data for real-time anomaly detection. In this paper, we propose a 3-Tier Iterative Feature Selection Engine (IFSEng) for feature subspace selection. Principal Component Analysis (PCA) technique is used for the pre-processing of data. Mahalanobis Distance Map (MDM) is used to discover hidden correlations between the features and between the packets. We also propose a novel Real-time Payload-based Intrusion Detection System (RePIDS) that integrates a 3-Tier IFSEng and the MDM approach. Mahalanobis Distance (MD) dissimilarity criterion is used to classify each packet as either a normal or an attack packet. The effectiveness of the proposed RePIDS is evaluated using DARPA 99 dataset and Georgia Institute of Technology attack dataset. The traffic for Web-based application is considered for validating our model. F-value, a criterion, is used to evaluate the detection performance of RePIDS. Experimental results show that RePIDS achieves better performance (high F-values, 0.9958 for DARPA 99 dataset and 0.976 for Georgia Institute of Technology attack dataset respectively, with only 0.85% false alarm rate) and lower computational complexity when compared against two state-of-the-art payload-based intrusion detection systems. Additionally, it has 1.3 time higher throughput in comparison with real scenario of medium sized enterprise network. © 2012 Elsevier B.V. All rights reserved.

Copyright © MEDIA FUSION Co.,Ltd. All rights reserved.