Monowar Bhuyan

Monowar Bhuyan
Umeå University Sweden · Computing Science

PhD

About

86
Publications
46,078
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
3,138
Citations
Introduction
Since January 2020, Dr. Bhuyan is an Assistant Professor in the Department of Computing Science at Umeå University, Sweden, one of the research leaders in Autonomous Distributed Systems Lab.
Additional affiliations
January 2020 - present
Umeå University
Position
  • Professor (Assistant)
April 2019 - December 2019
Nara Institute of Science and Technology
Position
  • Researcher
April 2018 - present
Elastisys AB
Position
  • Analyst
Education
August 2009 - November 2014
Tezpur University
Field of study
  • Machine learning and Computer Security

Publications

Publications (86)
Article
The centralized nature of software‐defined networks (SDN) makes them a suitable choice for vehicular networks. This enables numerous vehicles to communicate within an SD‐vehicular network (SDVN) through vehicle‐to‐vehicle (V2V) and with road‐side units (RSUs) via vehicle‐to‐infrastructure (V2I) connections. The increased traffic volume necessitates...
Article
Horizontal Federated Learning exhibits substantial similarities in feature space across distinct clients. However, not all features contribute significantly to the training of the global model. Moreover, the curse of dimensionality delays the training. Therefore, reducing irrelevant and redundant features from the feature space makes training faste...
Article
Full-text available
In Cloud-based computing, job scheduling and load balancing are vital to ensure on-demand dynamic resource provisioning. However, reducing the scheduling parameters may affect datacenter performance due to the fluctuating on-demand requests. To deal with the aforementioned challenges, this research proposes a job scheduling algorithm, which is an i...
Preprint
Full-text available
Visual anomaly detection targets to detect images that notably differ from normal pattern, and it has found extensive application in identifying defective parts within the manufacturing industry. These anomaly detection paradigms predominantly focus on training detection models using only clean, unlabeled normal samples, assuming an absence of cont...
Preprint
Full-text available
Software Defined Networking (SDN) has evolved to revolutionize next-generation networks, offering programmability for on-the-fly service provisioning, primarily supported by the OpenFlow (OF) protocol. The limited storage capacity of Ternary Content Addressable Memory (TCAM) for storing flow tables in OF switches introduces vulnerabilities, notably...
Article
Software Defined Networking (SDN) has evolved to revolutionize next-generation networks, offering programmability for on-the-fly service provisioning, primarily supported by the OpenFlow (OF) protocol. The limited storage capacity of Ternary Content Addressable Memory (TCAM) for storing flow tables in OF switches introduces vulnerabilities, notably...
Preprint
Full-text available
The key challenge of personalized federated learning (PerFL) is to capture the statistical heterogeneity properties of data with inexpensive communications and gain customized performance for participating devices. To address these, we introduced personalized federated learning in multi-tier architecture (PerMFL) to obtain optimized and personalize...
Article
Edge artificial intelligence (AI) is an innovative computing paradigm that aims to shift the training and inference of machine learning models to the edge of the network. This paradigm offers the opportunity to significantly impact our everyday lives with new services such as autonomous driving and ubiquitous personalized health care. Nevertheless,...
Preprint
Full-text available
Horizontal Federated Learning exhibits substantial similarities in feature space across distinct clients. However, not all features contribute significantly to the training of the global model. Moreover, the curse of dimensionality delays the training. Therefore, reducing irrelevant and redundant features from the feature space makes training faste...
Article
Full-text available
Anomaly detection plays a vital role in ensuring the security and reliability of edge clouds, which are decentralized computing environments with limited resources. However, the unique challenges of limited computing power and lack of edge-related labeled training data pose significant obstacles to effective supervised anomaly detection. In this pa...
Chapter
Most current methods for detecting anomalies in text concentrate on constructing models solely relying on unlabeled data. These models operate on the presumption that no labeled anomalous examples are available, which prevents them from utilizing prior knowledge of anomalies that are typically present in small numbers in many real-world application...
Preprint
Full-text available
Most current methods for detecting anomalies in text concentrate on constructing models solely relying on unlabeled data. These models operate on the presumption that no labeled anomalous examples are available, which prevents them from utilizing prior knowledge of anomalies that are typically present in small numbers in many real-world application...
Chapter
With the increasing advent of applications and services adopting cloud-based technologies, generic automated tuning techniques of database services are gaining much attraction. This work identifies and proposes to overcome the potential challenges associated with deploying a tuning service as part of Platform-as-a-Service (PaaS) offerings for tunin...
Article
Most existing large distributed systems have poor observability and cannot use the full potential of machine learning-based behavior analysis. The system logs, which contain the primary source of information, are unstructured and lack the context needed to track procedures and learn the system’s behavior. This work presents a new trace guideline th...
Article
Due to millions of loosely coupled devices, the smart-home security is gaining the attention of industry professionals, attackers, and academic researchers. The smart home is a typical home where many sensors, actuators, and IoT devices are used to automate home users’ daily activities. Although a smart home provides comfort, safety, and satisfacti...
Article
The explosive growth of end devices that generate massive amounts of data requires close-proximity computing resources for processing at the network’s edge. Having geographic distributions and limited resources of edge nodes or servers opens several doors for attackers to exploit them primarily to the detriment of deployed services; one of the rece...
Article
Full-text available
Edge-driven software applications often deployed as online services in the cloud-to-edge continuum lack significant protection for services and infrastructures against emerging cyberattacks. Very-Short Intermittent Distributed Denial of Service (VSI-DDoS) attack is one of the biggest factor for diminishing the Quality of Services (QoS) and Quality...
Article
The inherent characteristics of cloud systems often lead to anomalies, which pose challenges for high availability, reliability, and high performance. Detecting anomalies in cloud key performance indicators (KPI) is a critical step towards building a secure and trustworthy system with early mitigation features. This work is motivated by (i) the eff...
Chapter
In the era of big data and federated learning, traditional feature selection methods show unacceptable performance for handling heterogeneity when deployed in federated environments. We propose Fed-FiS, an information-theoretic federated feature selection approach to overcome the problem occur due to heterogeneity. Fed-FiS estimates feature-feature...
Chapter
The proliferation of the Internet of Things (IoT) applications and devices make human life more comfortable by employing automation in daily operations. These applications are typically deployed in the cloud to offer diverse and healthy services to the users. Due to the inherent demand for low response time, applications need to be secure and close...
Article
Internet of Things (IoT) devices are inherently vulnerable due to insecure design, implementation, and configuration. Aggressive behavior changes, due to increased attacker’s sophistication, and the heterogeneity of the data in IoT have proven that securing IoT devices trigger multiple challenges. It includes complex and dynamic attack detection, d...
Conference Paper
Full-text available
Data plays a vital role in deep learning model training. In large-scale medical image analysis, data privacy and ownership make data gathering challenging in a centralized location. Hence, federated learning has been shown as successful in alleviating both problems for the last few years. In this work, we have proposed multi-diseases classification...
Chapter
Full-text available
With the number of users of social media and web platforms increasing day-by-day in recent years, cyberbullying has become a ubiquitous problem on the internet. Controlling and moderating these social media platforms manually for online abuse and cyberbullying has become a very challenging task. This paper proposes a Recurrent Neural Network (RNN)...
Article
Full-text available
The edge computing system attracts much more attention and is expected to satisfy ultra-low response time required by emerging IoT applications. Nevertheless, as there were problems on latency such as the emerging traffic requiring very sensitive delay, a new Edge Computing system architecture, namely Home Edge Computing (HEC) supporting these real...
Chapter
Internet of Things (IoT) devices are inherently vulnerable due to insecure design, implementation, and configuration. Aggressive behavior change, due to increased attacker’s sophistication, and the heterogeneity of the data in IoT have proven that securing IoT devices is a making challenge. To detect intensive attacks and increase device uptime, we...
Chapter
The emerging 5G networks promises more throughput, faster, and more reliable services, but as the network complexity and dynamics increases, it becomes more difficult to troubleshoot the systems. Vendors are spending a lot of time and effort on early anomaly detection in their development cycle and majority of the time is spent on manually analyzin...
Chapter
It is hoped that this book increases awareness of the reader of threats that have come into existence recently and techniques, systems, and tools for detecting such threats. Any antivirus or defense software can only detect the threats if and only if the defender software understands how attackers get entry into a system and what tools they use to...
Chapter
To evaluate a network anomaly detection or prevention, it is essential to test using benchmark network traffic datasets. This chapter aims to provide a systematic hands-on approach to generate real-life intrusion dataset. It is organized in three major sections. Section 3.1 provides the basic concepts. Section 3.2 introduces several benchmark and r...
Chapter
Performance evaluation is a major part of any network traffic anomaly detection technique or system. Without proper evaluation, it is difficult to make the case that a detection mechanism can be deployed in a real-time environment. An evaluation of a method or a system in terms of accuracy or quality provides a snapshot of its performance in time....
Chapter
As an ANIDS (anomaly-based network intrusion detection system) or IDS (intrusion detection system) monitors network-wide traffic, it generates warning messages (i.e., alerts) that indicate attack or suspicious or legitimate events. Due to widespread deployment of IDSs, they may generate an overwhelming number of alerts with true alerts mixed with f...
Chapter
A tool is usually developed for a specific purpose with respect to a specific task. For example, nmap is a security scanning tool to discover open host or network services. Network security tools provide methods to network attackers as well as network defenders to identify vulnerabilities and open network services. This chapter is composed of three...
Chapter
Before discussing the actual detection and prevention of network traffic anomalies, we must introduce fundamental concepts on networks, network traffic, and traffic measurement. Therefore, this chapter is comprised of two parts. The first part discusses components of networks, topologies, and layered architectures followed by protocols used, metric...
Chapter
To develop a network traffic anomaly detection technique and system, it is indeed necessary to know the basic properties of network-wide traffic. This chapter starts with a discussion of the basic properties of network-wide traffic with an example. This chapter is organized into six major sections to describe different network anomaly detection tec...
Book
This indispensable text/reference presents a comprehensive overview on the detection and prevention of anomalies in computer network traffic, from coverage of the fundamental theoretical concepts to in-depth analysis of systems and methods. Readers will benefit from invaluable practical guidance on how to design an intrusion detection technique and...
Article
Distributed denial-of-service (DDoS) attacks cause havoc by exploiting threats to Internet services. In this paper, we propose E-LDAT, a lightweight extended-entropy metric-based system for both DDoS flooding attack detection and IP (Internet Protocol) traceback. It aims to identify DDoS attacks effectively by measuring the metric difference betwee...
Article
Outlier detection is of considerable interest in fields such as physical sciences, medical diagnosis, surveillance detection, fraud detection and network anomaly detection. The data mining and network management research communities are interested in improving existing score-based network traffic anomaly detection techniques because of ample scopes...
Article
A low-rate distributed denial of service (DDoS) attack has the ability to obscure its traffic because it is very similar to legitimate traffic. It can easily evade current detection mechanisms. Rank correlation measures can quantify sig-nificant differences between attack traffic and legitimate traffic based on their rank values. In this paper, we...
Article
With exponential growth in the number of computer applications and the sizes of networks, the potential damage that can be caused by attacks launched over the Internet keeps increasing dramatically. A number of network intrusion detection methods have been developed with respective strengths and weaknesses. The majority of network intrusion detecti...
Article
Distributed Denial of Service (DDoS) attacks pose a serious threat to efficient and uninterrupted Internet services. During Distributed Denial of Service (DDoS), attackers make fool of innocent servers (i.e., Slave) into reddening packets to the victim. Most low-rate DDoS attack detection mechanisms are associated with specific protocols used by th...
Article
Invasion by Distributed Denial of Service (DDoS) is a serious threat to services offered on the Internet. A low-rate DDoS attack allows legitimate network traffic to pass and consumes low bandwidth. So, detection of this type of attacks is very difficult in high speed networks. Information theory is popular because it allows quantifications of the...
Article
To prevent and defend networks from the occurrence of attacks, it is highly essential that we have a broad knowledge of existing tools and systems available in the public domain. Based on the behavior and possible impact or severity of damages, attacks are categorized into a number of distinct classes. In this survey, we provide a taxonomy of attac...
Article
Network anomaly detection is an important and dynamic research area. Many network intrusion detection methods and systems (NIDS) have been proposed in the literature. In this paper, we provide a structured and comprehensive overview of various facets of network anomaly detection so that a researcher can become quickly familiar with every aspect of...
Article
Distributed Denial of Service (DDoS) attacks represent a major threat to uninterrupted and efficient Internet service. In this paper, we empirically evaluate several major information metrics, namely, Hartley entropy, Shannon entropy, Renyi’s entropy, generalized entropy, Kullback–Leibler divergence and generalized information distance measure in t...
Article
Distributed denial of service (DDoS) attack is a coordinated attack, generally performed on a massive scale on the availability of services of a target system or network resources. Owing to the continuous evolution of new attacks and ever-increasing number of vulnerable hosts on the Internet, many DDoS attack detection or prevention mechanisms have...
Chapter
To prevent and defend networks from the occurrence of attacks, it is highly essential that we have a broad knowledge of existing tools and systems available in the public domain. Based on the behavior and possible impact or severity of damages, attacks are categorized into a number of distinct classes. In this survey, we provide a taxonomy of attac...
Article
Full-text available
As the communication industry has connected distant corners of the globe using advances in network technology, intruders or attackers have also increased attacks on networking infrastructure commensurately. System administrators can attempt to prevent such attacks using intrusion detection tools and systems. There are many commercially available si...
Article
Full-text available
This paper presents an effective fingerprint classification method designed based on a hierarchical agglomerative clustering technique. The performance of the technique was evaluated in terms of several real-life datasets and a significant improvement in reducing the misclassification error has been noticed. This paper also presents a query based f...
Article
Full-text available
Coordinated attacks are distributed in nature because they attempt to compromise a target machine from multiple sources. It is important for network defenders and administrators to detect these scans as possible preliminaries to more serious attacks. However, it is very difficult to detect malicious scans based on port specific behavior alone. In t...
Article
Full-text available
In this paper, we present an effective tree based subspace clustering technique (TreeCLUS) for finding clusters in network intrusion data and for detecting unknown attacks without using any labelled traffic or signatures or training. To establish its effectiveness in finding all possible clusters, we perform a cluster stability analysis. We also in...
Article
Full-text available
Scanning of ports on a computer occurs frequently on the Internet. An attacker performs port scans of Internet protocol addresses to find vulnerable hosts to compromise. However, it is also useful for system administrators and other network defenders to detect port scans as possible preliminaries to more serious attacks. It is a very difficult task...
Conference Paper
Full-text available
Anomaly detection, which is an important task in any Network Intrusion Detection System (NIDS), enables discovery of known as well as unknown attacks. Anomaly detection using outlier approach is a successful network anomaly identification technique. In this paper, we describe NADO (Network Anomaly Detection using Outlier approach), an effective out...
Conference Paper
Outlier detection has gained considerable interest in several fields of research including various sciences, medical diagnosis, fraud detection, and network intrusion detection. Most existing techniques are either distance based or density based. In this paper, we present an effective reference point based outlier detection technique (RODD) which p...
Chapter
Full-text available
As the communication industry has connected distant corners of the globe using advances in network technology, intruders or attackers have also increased attacks on networking infrastructure commensurately. System administrators can attempt to prevent such attacks using intrusion detection tools and systems. There are many commercially available si...
Article
This paper presents an effective method for fingerprint classification using data mining approach. Initially, itgenerates a numeric code sequence for each fingerprint image based on the ridge flow patterns. Then for each class, a seed isselected by using a frequent itemsets generation technique. These seeds are subsequently used for clustering the...
Article
Full-text available
As the communication industry has connected distant corners of the globe using advances in network technology, intruders or attackers have also increased attacks on networking infrastructure commensurately. System administrators can attempt to prevent such attacks using intrusion detection tools and systems. There are many commercially available si...

Questions

Questions (10)
Question
One new and very attractive postdoc position announced in the area of robust machine learning at Umeå University, Sweden. This position is funded by WASP, Sweden’s largest ever individual research program, and a major national initiative for strategic basic research, education and faculty recruitment.
Link for details (Deadline - August 10, 2020):
Please consider applying if you are eligible and interested to work with one of the Swedish largest autonomous distributed systems Lab located at Umeå, Sweden. Please feel free to share!
Question
How is it important to achieve in edge computing?
Question
DNS based DDoS attack detection
Question
Because it is time consuming and high cost.
Question
Because implementation of a model for cloud data center security in Hadoop is orthogonal. So, can you suggest any other framework where it is possible. 
Question
How can I analyse cloud data-center network traffic to report anomalousness?
Question
The cloud data-center normally comprises of a huge amount of data. It is very difficult to keep secure.
Question
Need link for benchmark data of application-layer DDoS attacks?

Network

Cited By