Statement of Purpose

Mr. Ajit Ashok Muzumdar

Everyday huge amount of information is transferred from one network to another, the information
may be exposed to attacks. The information and information system should be protected from
unauthorized usersAccording to the McAfee survey 2016 on malware suggested that there is rise of
10% new malwares i.e. 42 million new malicious hashes discovered, 10% more than in Q3 and the second
highest on record ,there is a 72% increase in new mobile malware samples. These statistics states that
there is always scope for improvement in the field of Security and cryptography.Although various
methods are used to protect the information, loopholes exist. Data mining methods can be used to analyze
different attack patterns in the network. . To provide and maintain the Confidentiality and Integrity of
the information is a very tedious job so Intrusion Detection plays a very important role. If chance is
given I would like to do research in the field of security and cryptography. I think security is one of the
field where every day you come across new challenges.
Intrusion detection is the process of monitoring and analyzing the events occurring in a computer
system in order to detect signs of security problems .The intrusion detection and other security
technologies such as cryptography, authentication, and fire walls has gained in importance in last ten
years. However, intrusion detection is not yet a perfect technology. Intrusion detection is an area growing
in relevance as more and more sensitive data are stored and processed in networked systems. An intrusion
detection system (IDS) monitors networked devices and looks for anomalous or malicious behavior in
the patterns of activity in the audit stream. A comprehensive IDS requires a significant amount of human
expertise and time for development. As the expected operational requirement of IDSs is given as: “low
false positive rate, calculated as the percentage of normalcy variations detected as anomalies, and high
true positive rate, calculated as the percentage of anomalies detected”. So there is a lot much scope for
research in improving detection performance for unknown attacks & detection speed.
With increasing the requirement of Network security, Data mining technique can be used
to find the patterns in a large datasets. It involves different methods and algorithms. Lots of research has
been done using different Classifications, Clustering and Hybrid algorithm to improve the detection rate
of an attack. Comparison of different classification algorithm is done to analyze the intrusion detection.
Various data mining methods can be used for improving the detection rate and reduce the false alarm
rates that had been implemented in the past few years. The Classification Algorithm can only detect
known Intrusion. After the review of different classification algorithms for Intrusion detection, Decision
Tree algorithm is the best classification algorithm. The reviewed Decision Tree algorithms detection rate
is better when compared to other algorithms.
The Hybrid Algorithm (Classification via Clustering) will reduce the false positive and false
negative to improve the accuracy of the detection. Signature based IDS can be trained by using previously
known attack pattern. Whenever new record comes to system it compares that pattern with previously
known attack pattern and based on comparison decision will be given. Anomaly-based intrusion
detection system (AIDS).Anomaly-based detection systems are supposed to detect unknown attacks.
These systems are often designed for analysis due to their expensive processing and memory overheads.
Signature based system leverages manually characterized attack signatures to detect known attacks in
real-time traffic. These two subsystems join hands to cover all traffic events initiated by both legitimate
and malicious users. Signature learning methods are not able to recognize unknown attacks and the
attacks with high accuracy are unable to detect by Anomaly learning methods .Some intrusion behaviour
are similar to normal or other attributes. Using any particular algorithm cannot give proper result. So, to
increase the accuracy and the detection rate hybrid method can be used.
I found cryptography very interesting because it works on both authentication and confidentiality services
of security. Its focus lies on constructing secure cryptographic schemes for light-weight devices like
smart-cards or RFID tags. Such devices also become more and more popular for security relevant
applications like electronic passports, wireless car key, etc. A major problem is that light-weight devices
are susceptible to so called side-channel attacks where an adversary measures information inevitably
leaked during computation from the device. Recently I read one paper “Remote Timing Attacks are
Practical” by David Brumley, Dan Boneh (Stanford University) actually it was an old paper. Here
authors discussed that timing attacks are possible on weak computing devices like smart cards. The
timing attack is effective when carried out between machines separated by multiple routers. Similarly,
the timing attack is effective between two processes on the same machine and two Virtual Machines on
the same computer. This is only one aspect there so many factors which we can consider for side channel
attack. Preventing this attack is again main concern. As one of the solution is leakage Resilient.
Side-channel attacks exploit physical characteristics of implementations of cryptographic
algorithms in order to extract sensitive information such as the secret key. These physical attacks are
among the most powerful attacks against real-world crypto-systems. S-boxes in DES Algorithm is often
targeted by implementation attacks. We can analyze Sboxes of several candidates that were submitted to
the competition on authenticated encryption (CAESAR) as well as several other ciphers.
All the experiments indicate that (1) it is still unclear how an evaluator can sort Sboxes in terms
of resiliency against side-channel attacks, (2) the outcomes of transparency order differ from the results
of confusion coefficient, and (3) the outcomes of the theoretical metrics do not always reflect the success
rate of a side-channel attack when considering simulated and real leakages. In front of our results, the
design of cryptographic primitives (e.g., AESCC) based on these theoretical metrics may render the
system still vulnerable to physical attacks.
Future works include (1) the evaluation of the resistance of Sboxes against other physical attacks,
(2) comparing the evaluation metrics in front of different types of devices (such as FPGA and ASIC)
leaking information in a different way (represented by different leakage functions), (3) finding theoretical
metric that fits the reality better (by better understanding the lack of precision of existing metrics), and
(4) the exploration of theoretical metrics that can be applied on Sboxes resilient to side-channel attacks
There is still lot of research to be done from the engineering point of view so that the actual physical
devices on which the protocols run, leak information within the range tolerated by existing provably
leakage resilient constructions. Even if arguing about the latter seems a very hard task.