Dr. Ezhil Selvam Kalaimannan

The high scale of cyber-attacks has revealed the shortcomings of conventional intrusion detection systems (IDS), which has prompted the development of new and sophisticated methods that can model complicated traffic patterns. In this work, the emphasis is on enhancing proactive anomaly detection using graph convolutional networks (GCNs) in conjunction with classical machine learning techniques. Two models are suggested: a GCN-autoencoder (GCN-AE) to identify any anomalies with no supervision and a GCN-k-nearest neighbors (GCN-KNN) to classify intrusions with supervision. The UNSW-NB15 dataset consists of 700,000 instances and 49 features, which were pre-processed by scaling the features, encoding labels, and converting categorical variables into one-hot encodings. To reduce class bias, a balanced data set of 22,000 anomalies and 22,000 non-anomalies was subsequently generated. Graph structures were used to encode node-to-node relationships, and both models were run in Keras-TensorFlow with hyperparameter optimization. Experimental results demonstrate that GCN-AE performed moderately (Accuracy: 52.86% and Precision: 81.48% and Recall: 7.96% and F1-score: 14.51%), and GCN-KNN performed exceptionally well (Accuracy: 99.94% and Precision: 99.90% and Recall: 99.97 and F1-score: 99.93) with an AUC of 0.99 and extremely low false positives. In all, this study demonstrates that graph-based learning, particularly GCN-KNN, offers a robust and classical framework for detecting intrusions. The suggested solution is capable of detecting various threats, including DoS, port scanning, and data exfiltration, which makes it promising to implement in a multilayer network infrastructure.

The rapid increase in network traffic has created an urgent need for more effective security systems. Intrusion Detection Systems (IDS) are essential for network security but struggle with the growing volume and complexity of data, particularly in efficiently processing high-dimensional network traffic data. We introduce AEJaya+DE, a novel optimization approach that combines the Adaptive Enhanced Jaya Algorithm (AEJaya) with Differential Evolution (DE) to address these challenges. AEJaya+DE addresses the limitations of the basic Jaya algorithm, which often gets trapped in local optima due to its single learning strategy. Our method enhances the algorithm's performance through two key innovations: it improves local search capabilities using local attractors for exploitation, and it strengthens global exploration through historical population data. The algorithm incorporates dynamic parameter adjustment and adaptive probabilistic strategy selection to maintain an optimal balance between the exploration and exploitation phases. We validated AEJaya+DE's effectiveness using two standard benchmark datasets. On the UNSW-NB15 dataset, it reduced the feature set from 42 to 21 features while achieving 96.10% accuracy using the XGBoost classifier. The NSL-KDD dataset decreased features from 41 to 24 while reaching 99.93% accuracy with the CatBoost classifier. These results demonstrate AEJaya+DE's ability to select a compact yet highly informative feature set, significantly improving intrusion detection systems' accuracy and computational efficiency. The method represents a significant advancement in network security, offering a robust and efficient solution for intrusion detection across various network environments.

Quantum memory is essential for the prolonged storage and retrieval of quantum information. Nevertheless, no current studies have focused on the creation of effective quantum memory for continuous variables while accounting for the decoherence rate. This work presents an effective continuous-variable quantum key distribution method with parameter optimization utilizing the Elitist Elk Herd Random Immigrants Optimizer (2E-HRIO) technique. At the outset of transmission, the quantum device undergoes initialization and authentication via Compressed Hash-based Message Authentication Code with Encoded Post-Quantum Hash (CHMAC-EPQH). The settings are subsequently optimized from the authenticated device via 2E-HRIO, which mitigates the effects of decoherence by adaptively tuning system parameters. Subsequently, quantum bits are produced from the verified device, and pilot insertion is executed within the quantum bits. The pilot-inserted signal is thereafter subjected to pulse shaping using a Gaussian filter. The pulse-shaped signal undergoes modulation. Authenticated post-modulation, the prediction of link failure is conducted through an authenticated channel using Radial Density-Based Spatial Clustering of Applications with Noise. Subsequently, transmission occurs via a non-failure connection. The receiver performs channel equalization on the received signal with Recursive Regularized Least Mean Squares. Subsequently, a dataset for side-channel attack authentication is gathered and preprocessed, followed by feature extraction and classification using Adaptive Depthwise Separable Convolutional Neural Networks (ADS-CNNs), which enhances security against side-channel attacks. The quantum state is evaluated based on the signal received, and raw data are collected. Thereafter, a connection is established between the transmitter and receiver. Both the transmitter and receiver perform the scanning process. Thereafter, the calculation and correction of the error rate are performed based on the sifting results. Ultimately, privacy amplification and key authentication are performed using the repaired key via B-CHMAC-EPQH. The proposed system demonstrated improved resistance to decoherence and side-channel attacks, while achieving a reconciliation efficiency above 90% and increased key generation rate.

The IEEE 802.15.4 standard specifies two network topologies: 1) star and 2) cluster tree. A cluster-tree network comprises of multiple clusters that allow the network to scale by connecting devices over multiple wireless hops. The role of a cluster head (CH) is to aggregate data from all devices in the cluster and then transmit it to the overall personal area network (PAN) coordinator. This specific role of CH needs to be rotated among multiple coordinators in the cluster to prevent it from energy drain out. Prior works on CH rotation are either based on threshold energy levels or rely on periodic rotation. Both approaches have their respective limitations and, at times, result in unnecessary CH rotations or nonoptimal selection of CH. To address this, we propose a nonthreshold CH rotation scheme (NCHR), which incurs minimal rotation overhead. It supports topological changes, node heterogeneity, and can also handle CH failures. Through simulations and hardware implementation, the performance of the proposed NCHR scheme is analyzed in terms of network lifetime, CH rotation overhead, and the number of CH rotations. It is shown that the proposed scheme boosts network lifetime, incurs less rotation overhead, and needs fewer CH rotations compared to other related schemes.

This article focuses on results obtained from two cloud-based models that examine trade-offs between security, scalability, and efficiency of data collection for Internet-of-Things sensor networks. This work can provide insight for Internet-of-Things systems designers in choosing security controls and scalability features when working with cloud services. The results were obtained from a smart home Internet-of-Things prototype system in which data records from in-home sensors are transmitted wirelessly to an in-home hub, which forwards them to a cloud web service for storage and analysis. We consider different configurations and security controls on the wireless (in-home) and on the wired (home-to-web) sides. The configuration on the wireless side includes encrypted or plain-text transmission from the wireless sensors to the in-home hub for probing if software encryption of sensor data adds appreciable delay to the transmission time. The configuration on the wired side includes encryption or plain-text transmission, with or without authentication, with or without scalable cloud services. For each configuration, we measure end-to-end latency, transmission latency, and processing latency at the web service. Results of the experiments on the wired side showed much greater latencies and variability of latencies when using scalable cloud services.

This paper uses a hybrid feature selection process and classification techniques to classify cyber-attacks in the UNSW-NB15 dataset. A combination of k-means clustering, and a correlation-based feature selection, were used to come up with an optimum subset of features and then two classification techniques, one probabilistic, Naive Bayes (NB), and a second, based on decision trees (J48), were employed. Our results show that this hybrid feature selection method in combination with the NB model was able to improve the classification accuracy of most attacks, especially the rare attacks. The false alarm rates were lower for most of the attacks, and particularly the rare attacks, with this combination of feature selection and the NB model. The J48 decision tree model, however, did not perform any better with the feature selection, but its classification rate for all attack families was already very high, with or without feature selection.

Today, Supervisory Control and Data Acquisition (SCADA) devices find their use across a wide range of industries. SCADA applications include industrial, infrastructure, facility, and unique private systems. The evolution of SCADA to interconnect multiple remote locations and networks, communicate over Transmission Control Protocol/Internet Protocol (TCP/IP) on Local Area Networks (LAN) connected to the internet, and integrate with Internet of Things (IoT) and other Internet Enabled Devices (IED) extends vulnerability exposure risks to the internet and presents a greater need for security considerations for design, implementation, and use. The research in this paper presents the SCADA vulnerability baseline and examines mitigation through an integrating and encapsulating Framework We present a securely engineered SCADA framework which provides an improvement in security, performance and return of investment for industrial applications.

Due to the global increase in mobile devices and cellular networks such as 3G, 4G, or LTE-A networks, the concept of the interpenetration of peer-to-peer (P2P) overlay networks in cellular environments has gained immense popularity among mobile users. P2P networks allow users to share their computing resources efficiently with the advantages of fault tolerance, robust connectivity, load balancing, and easy maintenance. The ability of a peer to connect to another peer depends on the distinguishing features of the overlay networks. For connection, network routing tables are maintained by each peer in the network to construct the P2P overlay on the Internet. This construction renders the P2P networks vulnerable to the existing attacks using the Internet. Some of these attack models have been proposed in the past using botnets. However, models using botnets do not accommodate the advanced attacks that can infect the majority of the entries in the routing table. In this paper, we propose a model to analyze the impacts of routing table poisoning attacks on the P2P botnet (rBot) architecture. We present the security analysis of the proposed epidemic model for state-of-the-art rBots. The obtained results were effective for attacks on the unstructured P2P static and mobile environments.

Network traffic classification and characterisation is playing an increasingly vital role in understanding and solving security-related issues in internet-based applications. The priority of research studies in this area has focused on characterisation of network traffic based on various layers of communication protocols as outlined in the TCP/IP stack and even further expanded to concentrate on specific application-layer protocols. Virtual Private Networks (VPNs) have become one of the most popular remote access communication methods among users over the public internet and other Internet Protocol (IP)-based networks. VPNs are governed by IP Security, which is a suite of protocols used for tunnelling the already encrypted IP traffic, to guarantee secure remote access to servers. In this paper, we propose and develop a framework to classify VPN or non-VPN network traffic using time-related features. Our focus is on classification of network traffic which is encrypted, tunnelled through a VPN, and the one which is normally encrypted (non-VPN transmission), using machine-learning techniques on data sets of time-related features. Six classification models: logistic regression, support vector machine, Naïve Bayes, k-nearest neighbour and ensemble methods - the Random Forest (RF) classifier and Gradient Boosting Tree (GBT) classifiers - are compared, and recommendations of optimised RF and GBT models over other models are provided in terms of high accuracy and low overfitting. Features which contributed to achieve 90% accuracy in each category were also identified.

The inception of malware disguised as a solution to fix a problem to the current sophisticated malware demanding huge money, ransomware has attained significant proliferation through various advancements in information technologies. As a result of this development, cybercriminals have become adept and highly successful in compromising advanced information systems. Computer and network systems infected with ransomware are also often infected with various forms of malicious software. Ransomware targets have become more educated, aware and cautious of malware, motivating cybercriminals to respond with innovative attacks. In this paper, we analyse the evolution of ransomware from the perspective of what makes an individual or an organisation susceptible to the succumbing demands of ransomware. Finally, we conclude with few suggestions about the predictions of future trends of ransomware.