Project Incharge: 
Dr. T. Senthil Kumar
Date: 
Sunday, April 1, 2018
Department: 
Computer Science Engineering
School: 
School of Engineering
Funding Agency: 
IBM Shared University Research

The organization consists of different networks at various geographical locations. For such vast networks a simple honeypot is not enough to decoy attackers. Hence, a collection of various honeypots installed at various geographically separated locations inside the organization is necessary for luring attackers. Such a conglomeration of honeypots – Honeynet – is the key in collection of attacker data and traffic destined at the organization. Heterogeneous data from Network devices, Systems, Firewalls, NIDS, UTMs, etc., are collected at a centralized location using Cloud basedSplunk Security Information and Event Management (SIEM) for further processing. Extracting useful information from a plethora of heterogeneous data is a difficult task. SIEM is supported with a Correlation Engine for processing such heterogeneous data. The Correlation Engine is capable of deploying Complex Event Analysis techniques, Data Mining techniques, Deep Learning algorithms, Log Analysis techniques, etc., for searching the presence of attack vectors (or anomalous behaviour). The output of the Correlation Engine can be categorised to rank the output network behaviour in terms of the severity of the data/traffic by using a metric such as Vulnerability Score. The dashboard of the SIEM machine is capable of displaying the near real time processing of the various network and host events, network traffic flow statistics, system behaviour, and other properties of the network.

Team Members:

  • Dr.Gireesh Kumar T-Associate Professor( CSE)
  • Dr. Senthil Kumar T –Associate Professor(CSE)
  • Dr.Harish Ram D.S-Assistant Professor(ECE)
  • Dr. Binoy B Nair -Assistant Professor(ECE)

The teams of students working on the project is as below:

Deep Learning Based Model Development for Malware Analysis

Team Number Team Members Department
1 Kiran S Raj CSE
Krishna Tej
2 Sri Harsha
VijeyShrivathsan
3 SaiRamanan M K
Deekshan S
4 Vedanth
5 V Amrith
Suriya KS
Darshan S
6 Rajesh kumarThiagarajan
GokulPeriasamy
7 Abhinaya
AradhanaJayaprakash
8 SahithyaSenthil
SisiraPathakamuri
9 BarathManchikanti
Sri hari
10 SudhaySenthilkumar
KarthikShriram G S
VelpulaNithin Krishna
SandeepRajakrishnan
11 Balajibharatwaj
Adityareddy

Data Preprocessing:

Team Number Team Members Department
1 SandeepRajakrishnan CSE
2 SudhaySenthilkumar
3 KarthikManikandan
4 V S Tharunika
5 Suvethaa E
6 Sameekshaa R
7 Shridhar T

UI Design:

Team Number Team Members Department
1 Amrith V CSE
2 Suriya KS
3 Darshan

The outcomes of the project under different student groups is as below:

  • BalajiBharatwajM  (CB.EN.U4CSE16607)
  • Mali Aditya Reddy   (CB.EN.U4CSE17431)

Detection of DoS and DDoS Packets using Hidden Markov Model

Description: Companies use internet to access resources like GPU andNAS. Network is essential for any company. DNS attacks are more prominent in these networks. DoS and DDoS, minimizes the potential of theresources available in the company. In this paper, we have presenteda method to detect DoS and DDoS using HMM algorithm. KDD-CUPdataset is used for our research. Various sub-classes of DNS attacks havebeen listed and description of the sub-classes are provided. Performanceof Logistic regression & KNN is compared with HMM.

Architecture Diagram

Results:

Logistic Regression

kNN

HMM

HMM algorithm has a higher True Negative Rate of 94.8 % when compared with kNN which has 80.04% and Logistic Regression with 79.40%. Another key factor is HMM has very low False Negative rate, whereas Logistic Regression has high rate. Recall is also high for HMM ss False Negative rate is inversely proportional to Recall. Detecting DoS and DDoS is not easy withstandard machine learning algorithms. It requires understanding of the interconnection of the features and analysing the past data. HMM got an accuracyof 92.11%. HMM was able to detect more packets than generic machine learning algorithms. Finally, HMM outperforms other two machine learning algorithms.

  • Roll Number: CB.EN.U4CSE16360
    Name:Varahabhatla Sri HarshaChayanulu
  • Roll Number: CB.EN.U4CSE16362
    Name:VijeyShrivathsan

Description:

Network intrusion detection system (NIDS) is a tool used to detect and classify the network breaches dynamically in information and communication technologies (ICT) systems in both industries and academia. NIDS is used to detect network born attacks such as Denial of Service (DoS) attacks, malware replication, and intruders that are operating within the system. Deep learning algorithms and frameworks have revolutionized predictive analysis over the past decade. These powerful techniques can be leveraged in the field of Intrusion Detection to classify and predict cyber-attacks with minimal overhead. The dynamic nature of the problem along with the arise of new network attacks, make this problem highly intricate. In this project, we explore LSTM-Autoencoders and a unique two-stage deep learning framework for NIDS. The work is done on the CICIDS-17 dataset which is a comprehensive dataset with an amalgam of real, modern, normal and contemporary attacks. We propose this deep neural network to classify the attacks using flow-based traffic with a significant classification accuracy higher than that of existing deep learning frameworks.

Batchwise training results for the LSTM Autoencoder

  • Roll Number: CB.EN.U4CSE17430
    Name: Kiran S. Raj
  • Roll Number: CB.EN.U4CSE17402
    Name:Krishna Tej

Title : Ensemble Techniques for Malicious Threat Detection

Description:

In the world that we live in today, malware and malicious messages circulate around systems causing havoc and issues. Hence in a cyber world where social media is prevalent and API requests simultaneously flooding, malicious content is a very serious concern. The traditional approach to the problem is done by comparing these messages with a core ruleset consisting of predefined signatures. This method is not accurate and has always fallen prey to updating the core set signatures. The aim of the project is to develop a Machine Learning model capable of detecting these malicious messages and hence being more generalisable to detect the same. Various methods from linear, neural networks, ensemble techniques are used to assess the difference in the performance of detecting these various malicious contents.

The above screenshot details the training of the target model and the obtained results. From the tuning and training of the model, it achieved a validation accuracy of 98.1%.

Share this Story: