S. Shiva

S. Shiva
University of Memphis | U of M · Department of Computer Science

About

91
Publications
79,257
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
2,318
Citations

Publications

Publications (91)
Article
Full-text available
The distributed denial of service (DDoS) attack is one of the most pernicious threats in cyberspace. Catastrophic failures over the past two decades have resulted in catastrophic and costly disruption of services across all sectors and critical infrastructure. Machine-learning-based approaches have shown promise in developing intrusion detection sy...
Conference Paper
Full-text available
Classified ad platforms have become a popular way for people to sell and purchase goods and services online. Unfortunately, while convenient, sites like Craigslist carry the risk of fraud because buyers do not meet sellers face to face. Many unsuspecting buyers fall victim to online scams and lose both time and money as a result. While there is lit...
Conference Paper
We propose an intrusion detection system (NLPIDS) that utilizes natural language processing and ensemble-based machine learning. The proposed NLPIDS converts natural language HTTP requests into vectors which are then used to train several supervised and ensemble-based machine learning models. The trained models are then used to detect anomalous tra...
Conference Paper
Since traditional machine learning (ML) techniques use black-box model, the internal operation of the classifier is unknown to human. Due to this black-box nature of the ML classifier, the trustworthiness of their predictions is sometimes questionable. Interpretable machine learning (IML) is a way of dissecting the ML classifiers to overcome this s...
Article
Full-text available
Due to the extensive use of computer networks, new risks have arisen, and improving the speed and accuracy of security mechanisms has become a critical need. Although new security tools have been developed, the fast growth of malicious activities continues to be a pressing issue that creates severe threats to network security. Classical security to...
Data
Dataset extracted features are as follows: • Flow: ID which presents the unique id calculated from the 5-tuple i.e., Src IP, Dst IP, Src Port, Dst Port, and Protocol number as follows o Src IP: the IP address of the machine from which the traffic started. o Src Port : the source port number. o Dst IP: the IP address of the destination machine. o...
Article
Stealthy false data injection attacks target state estimation in energy management systems in smart power grids to adversely affect operations of the power transmission systems. This paper presents a data-driven machine learning based scheme to detect stealthy false data injection attacks on state estimation. The scheme employs ensemble learning, w...
Conference Paper
Full-text available
Scamming users of online dating sites has rapidly increased in recent years. According to the Federal Trade Commission, 21,000 online dating scams were reported in 2018, with total reported losses of $143 million. A common tactic used by scammers to trick dating site users is using celebrity profile photos to increase attractiveness. In this paper,...
Conference Paper
Full-text available
Internet of Medical Things (IoMT) is a fast-emerging technology in healthcare with a lot of scope for security vulnerabilities. Like any other Internet-connected device, IoMT is not immune to breaches. These breaches can not only affect the functionality of the device but also impact the Security and Privacy (S&P) of the data. The impact of these b...
Chapter
Full-text available
Cloud applications, also known as software as a service (SaaS), provide advantageous features that increase software adoption, accelerate upgrades, reduce the initial capital costs of software development, and provide less strenuous scalability and supportability. Developing software with these features adds new dimensions of complexity to software...
Article
Full-text available
Security and privacy are among the key barriers to adopting the Internet of Medical Things (IoMT) solutions. IoMT adopters have to adhere to security and privacy policies to ensure that patient data remains confidential and secure. However, there is confusion among IoMT stakeholders as to what security measures they should expect from the IoMT manu...
Conference Paper
Full-text available
Internet of Medical Things (IoMT) is now growing rapidly, with internet-enabled devices helping people to track and monitor their health, early diagnosis of their health issues, treat their illness, and administer therapy. Because of its increasing demand and its accessibility to high internet speed, IoMT has opened doors for security vulnerabiliti...
Chapter
Full-text available
The advent of the Internet of Things (IoT) has resulted in the enhancement and adaptation of existing Internet technologies and the development of newer technologies. These technologies play a prominent role in the architecture, network, and management of the IoT, accelerating its adoption and helping to make the IoT a reality. Understanding these...
Conference Paper
Full-text available
Crowdsourcing is an approach whereby employers call for workers online with different capabilities to process a task for monetary reward. With a vast amount of tasks posted every day, satisfying the workers, employers, and service providers who are the stakeholders of any crowdsourcing system is critical to its success. To achieve this, the system...
Conference Paper
Full-text available
As the Internet of things continues to mature, there has been a wide and rapid adoption of Internet of things solutions in many domains. However, the security and privacy of these solutions are often underrated. The lack of security and privacy in the solutions can lead to catastrophic results, especially in sensitive domains like healthcare. There...
Preprint
Full-text available
To protect the systems exposed to the Internet against attacks, a security system with the capability to engage with the attacker is needed. There have been attempts to model the engagement/interactions between users, both benign and malicious, and network administrators as games. Building on such works, we present a game model which is generic eno...
Conference Paper
Full-text available
As the number of devices (things) connected to the Internet (Internet of things: IoT) is growing, achieving robust security and privacy (S&P) is becoming increasingly challenging. With the heavy use of medical things (MT), the S&P in the medical domain poses a serious issue that continues to grow. Due to the criticality and sensitivity of the data...
Article
Full-text available
To protect the systems exposed to the Internet against attacks, a security system with the capability to engage with the attacker is needed. There have been attempts to model the engagement/interactions between users, both benign and malicious, and network administrators as games. Building on such works, we present a game model which is generic eno...
Conference Paper
Full-text available
The emerging paradigm of cloud computing (CC) presents many security risks that can potentially and adversely impact any one of the plethora of stakeholders. The widespread deployment and service models of CC in addition to the wide variety of stakeholders make it difficult to comprehend security and privacy (S&P). In this paper, we present CSSR1,...
Conference Paper
Full-text available
Moving data and applications to the cloud implies shifting their control from cloud consumers to the cloud service provider (CSP) indefinitely. Hence, the security and privacy (S&P) of the consumers’ assets becomes an important issue. Assessing and comparing potential cloud computing (CC) services, poses an issue for CC adopters to choose S&P optio...
Conference Paper
Full-text available
Cloud consumers are hesitant in choosing an appropriate cloud service as they are under the assumption that clouds are not safe for their data and operations. This is due to the presence of a trust gap between cloud service consumers and cloud service providers (CSP) as well as a lack of understanding among consumers about what security and privacy...
Article
The emergence of crowdsourcing has enabled workforce seekers to delegate various tasks to the unknown public to accomplish. Crowdsourcing serves in Software development where projects often fail due to the inability to find and allocate expertise. In cloud application (i.e. Software as Service – [SaaS]) development, projects severely suffer from sh...
Conference Paper
Full-text available
The emergence of crowdsourcing has enabled workforce seekers to delegate various tasks to the unknown public to accomplish. Crowdsourcing serves in Software development where projects often fail due to the inability to find and allocate expertise. In cloud application (i.e. Software as Service – [SaaS]) development, projects severely suffer from sh...
Article
Full-text available
Crowdsourcing is an approach where requesters can call for workers with different capabilities to process a task for monetary reward. With the vast amount of tasks posted every day, satisfying workers, requesters, and service providers--who are the stakeholders of any crowdsourcing system--is critical to its success. To achieve this, the system sho...
Article
Full-text available
Multiple input multiple output (MIMO) wireless mesh networks (WMNs) aim to provide the last-mile broadband wireless access to the Internet. Along with the algorithmic development for WMNs, some fundamental mathematical problems also emerge in various aspects such as routing, scheduling, and channel assignment, all of which require an effective math...
Article
Full-text available
There have been attempts to model the interaction between users, both malicious and benign, and network administrators as games. Building on such works, we here present a game model which is generic enough to capture various modes of such interactions. The model facilitates stochastic games with imperfect information. The imperfect information is d...
Conference Paper
The Cloud Computing (CC) as a field is progressing by leaps and bounds. In order to organize the knowledge on this newly flourishing field, numerous taxonomies have been proposed over the last few years. A well-developed cloud taxonomy aims to support researchers and practitioners from academia and industry by organizing cloud computing-concepts an...
Conference Paper
Full-text available
The Cloud Computing (CC) as a field is progressing by leaps and bounds. In order to organize the knowledge on this newly flourishing field, numerous taxonomies have been proposed over the last few years. A well-developed cloud taxonomy aims to support researchers and practitioners from academia and industry by organizing cloud computing-concepts an...
Article
Game theory offers a promising approach toward modeling cyber attacks and countermeasures as games played among attackers and system defenders. The widely accepted concept of Nash equilibrium can be used to determine the optimal strategy for all players playing the game. In this work, we demonstrate the applicability of game theory in modeling the...
Article
Full-text available
Attack graphs have been used to model the vulnerabilities of the systems and their potential exploits. The successful exploits leading to the partial/total failure of the systems are subject of keen security interest. Considerable effort has been expended in exhaustive modeling, analyses, detection, and mitigation of attacks. One prominent methodol...
Conference Paper
Full-text available
It has been widely accepted that service oriented architecture (SoA), has been a promising approach for business development and growth. SoA principles (also known as SoA qualities) attempt to guide development, maintenance, and usage of the SoA. These principles provide benefits like: ease of reuse, service automation, and lowering integration cos...
Conference Paper
Full-text available
As the email is becoming a prominent mode of communication so are the attempts to misuse it to take undue advantage of its low cost and high reachability. However, as email communication is very cheap, spammers are taking advantage of it for advertising their products, for committing cybercrimes. So, researchers are working hard to combat with the...
Conference Paper
Full-text available
Denial of service (DoS) attacks are currently one of the biggest risks any organization connected to the Internet can face. Hence, the congestion handling techniques at its edge router(s), such as active queue management (AQM) schemes must consider possibilities of such attacks. Ideally, an AQM scheme should (a) ensure that each network flow gets i...
Conference Paper
Full-text available
Cloud based systems(CBSs) are increasing in the computing world. These systems derive their complexity due to both the disparate components and the diverse stake holders involved in them. The component wise security alone does not solve the problem of securing CBSs, but the stakeholder's computational space spanning across many components of the CB...
Conference Paper
Full-text available
Game theory has been researched extensively in network security demonstrating an advantage of modeling the interactions between attackers and defenders. Game theoretic defense solutions have continuously evolved in most recent years. One of the pressing issues in composing a game theoretic defense system is the development of consistent quantifiabl...
Conference Paper
Full-text available
The emerging paradigm of cloud computing (CC) arises security risks that adversely impact its different stakeholders. The widespread deployment and service models of CC in addition to the wide variety of stakeholders make it difficult to guarantee privacy and security. This work-in- progress paper proposes a stakeholder-oriented taxonomical ap...
Conference Paper
Web applications are increasingly used in recent years to provide online services such as banking, shopping, social networking, etc. These applications operate with sensitive user information and hence there is a high need for assuring their confidentiality, integrity, and availability. Existing pre-deployment testing techniques, tools, and methodo...
Conference Paper
Full-text available
The cloud computing paradigm is now adopted in many organizations in various fields because of its low cost, high availability and scalability features. Healthcare, education, business, and many other domains look at cloud computing as an endeavor to solve the continuous shortage in volume, infrastructure, accessibility, and monitoring potency. How...
Article
Evolution in cloud services and infrastructure has been constantly reshaping the way we conduct business and provide services in our day to day lives. Tools and technologies created to improve such cloud services can also be used to impair them. By using generic tools like nmap, hping and wget, one can estimate the placement of virtual machines in...
Conference Paper
Full-text available
Increased usage of web applications in recent years has emphasized the need to achieve (i) confidentiality, (ii) integrity, and (iii) availability of web applications. Backend database being the main target for external attacks such as SQL Injection Attacks, there is an emerging need to handle such attacks to secure stored information. Pre-deployme...
Conference Paper
Software Testing is the process used to assure the correctness, completeness, performance, security and reliability of the software. Different software testing techniques are used during pre-deployment phase of the software. But, these do not ensure that all possible behaviors of implementation are analyzed, executed and tested. Because of the inco...
Chapter
Ad-hoc security mechanisms are effective in solving the particular problems they are designed for, however, they generally fail to respond appropriately under dynamically changing real world scenarios. We discuss a novel holistic security approach which aims at providing security using a quantitative decision making framework inspired by game theor...
Article
Full-text available
Formal methods have been used to establish the idea of safety and monitorable properties. Drawing from such work, we provide here two examples of monitorable properties, affecting the security of the systems. In this work we have constructed two sensors using run-time monitors. One of them detect the anomalies in the system operations due to an int...
Conference Paper
Full-text available
While there are significant advances in information technology and infrastructure which offer new opportunities, cyberspace is still far from completely secured. In many cases, the employed security solutions are ad hoc and lack a quantitative decision framework. To this end, game theory poses huge potential in building a defense architecture based...
Conference Paper
It is often assumed that to pursue knowledge management, a knowledge management system must be independently developed or purchased. The intent of this paper is to illustrate that a knowledge management framework can be designed by combining existing technologies and techniques. While some development work may be required, it should be largely limi...
Article
Full-text available
1 While there are significant advances in information technology and infrastructure which offer new opportunities, cyberspace is still far from completely secured. In many cases, the employed security solutions are ad hoc and lack a quantitative decision framework. While they are effective in solving the particular problems they are designed for, t...
Article
Full-text available
The area of cyberspace defense mechanism design has received immense attention from the research community for more than two decades. However, the cyberspace security problem is far from completely solved. In this project we explored the applicability of game theoretic approaches to address some of the challenging cyber security issues: (a) We buil...
Conference Paper
Full-text available
As cyber attacks continue to grow in number, scope, and severity, the cyber security problem has become increasingly important and challenging to both academic researchers and industry practitioners. We explore the applicability of game theoretic approaches to the cyber security problem with focus on active bandwidth depletion attacks. We model the...
Conference Paper
Full-text available
Network security is a complex and challenging problem. The area of network defense mechanism design is receiving immense attention from the research community for more than two decades. However, the network security problem is far from completely solved. Researchers have been exploring the applicability of game theoretic approaches to address the n...
Article
Full-text available
While there are significant advances in information technology and infrastructure which offer new opportunities, cyberspace is still far from completely secured. Recently, researchers have started exploring the applicability of game theory to address the cyber security problem. The interaction between the attacks and the defense mechanisms can be c...
Article
Full-text available
Classification of data objects based on a predefined knowledge of the objects is a data mining and knowledge management technique used in grouping similar data objects together. It can be defined as supervised learning algorithms as it assigns class labels to data objects based on the relationship between the data items with a pre-defined class lab...
Conference Paper
There are many stakeholders in the information technology (IT) domain, including the business community and software development and support staff. A high degree of collaboration and knowledge sharing is required to take a system from business concept to production implementation in complex organizations where numerous teams are involved in the sof...
Article
Full-text available
In today's global economy, shrinking business cycles and global competetition are changing the landscape of software development. Frequently, multiple and geographically dispersed development teams are working together on large complex software systems. The complexity of global software development (GSD) warrants investigation into practices for bu...
Conference Paper
Full-text available
We present in this paper several solutions to the chal- lenging task of clustering software defect reports. Cluster- ing defect reports can be very useful for prioritizing the test- ing effort and to better understand the nature of software de- fects. Despite some challenges with the language used and semi-structured nature of defect reports, our e...
Article
Full-text available
Cyber attacks have greatly increased over the years, where the attackers have progressively improved in devising attacks towards a specific target. To aid in identifying and defending against cyber attacks we propose a cyber attack taxonomy called AVOIDIT (Attack Vector, Operational Impact, Defense, Information Impact, and Target). We use five majo...
Article
Clustering algorithms can be described as unsu-pervised learning algorithms in machine learning process. They assign class labels to data objects based on the relationship between data items without any pre-defined class label. This gives rise to an inherent uncertainty in the clustering process. As such clustering validity measures are needed to v...
Article
Full-text available
It has been almost four decades since the idea of software reuse was proposed. Many success stories have been told, yet it is believed that software reuse is still in the development phase and has not reached its full potential. How far are we with software reuse research? What have we learned from previous software reuse efforts? This paper is an...
Conference Paper
This paper addresses the problem of clustering defect reports. Clustering defect reports can provide valuable information to software testers, e.g. it could help better plan and prioritize the testing effort as testers could focus on testing the features with most defects as indicated by the largest clusters identified. In this paper, we present re...
Conference Paper
Full-text available
It has been more than three decades since the idea of software reuse was proposed. Many success stories have been told, yet it is believed that software reuse is still in the development phase and has not reached its full potential. How far are we with software reuse research and practice? This paper is an attempt to answer this question
Article
Over the last few years Computer Science has been an enormously successful discipline. It has been intellectually rich, has produced major international industry and has reshaped life for everyone no matter where they live [1]. While the Computer science curriculum has kept up with the advances in industry, the core topics are still programming, al...
Conference Paper
Full-text available
This paper discusses two related challenges faced by software engineering instructors. First, assuming that projects are necessary to produce successful computer science majors, what should be the role of projects and how best do we integrate theory and application? Second, what life cycle models and associated processes should students have the op...
Conference Paper
This paper explores the fulfillment of Capability Maturity Model Integration (CMMI) processes and practices by two widely published agent-based software development methodologies: Multiagent Systems Engineering Methodology (MaSE) and Gaia. Comparisons of these methodologies have been documented and published, but no known research exists that compa...
Conference Paper
This paper explores three widely published agent-based software development methodologies, Multiagent Systems Engineering Methodology (MaSE), Prometheus, and Tropos, using the traditional Waterfall model of software engineering as a baseline. Differences between the methodologies are examined and gaps between the agent-based methodologies and the W...
Article
Building software systems with using modules has been a popular trend. The concept of the 'module' has changed from a subroutine, to object, to component (DCOM, JavaBean) and now to an 'agent'. Various definitions of the agent have been used over the past few years. In general, a software agent is a component that can exhibit both proactive and rea...
Conference Paper
This paper discusses two related challenges faced by software engineering instructors. First, assuming that projects are necessary to produce successful computer science majors, what should be the role of projects and how best do we integrate theory and application? Second, what life cycle models and associated processes should students have the op...
Conference Paper
The knowledge-based software reuse environment (KBSRE) for program development assists the user to familiarize himself with the domain application environment, to locate partially matched components from the reusable component library, to understand the life-cycle knowledge of a component, and to decompose a component when its subcomponents are ava...
Conference Paper
This paper examines how tasking is implemented in the languages Concurrent C, SR, and Ada. It describes how a solution was implemented for the dining philosophers problem in each of the three languages. Lastly, it compares how tasks are implemented and used in those languages, and the advantages and disadvantages of each
Article
Full-text available
The cloud computing is a paradigm involving many disparate stake holders. Any system built upon this paradigm and a business run on such system architecture would have similarly disparate scope of access, activities and responsibilities for the stake holders. Depending on the scope of the activities and responsibilities, a stakeholder has to device...
Article
Full-text available
The aim of this research is to design a testing process for FedEx Corporation that more thoroughly integrates testing activities throughout the software development life cycle. With the new process, testing personnel will be actively involved in the planning, requirements, and design of the project. This should have the side-benefit of increasing m...
Article
Full-text available
Cyber-attacks have greatly increased over the years, where the attackers have strategically improved in devising attacks toward a specific target. In order to correctly classify cyber-attacks there is a considerable need to neatly organize a representation scheme that is useful in an application setting. The classification of cyber-attacks within k...
Article
Full-text available
Runtime Monitoring is performed during the execution of software to detect anomalies in them. Curren