Abhrajit Ghosh’s research while affiliated with Perspecta Labs and other places

What is this page?


This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.

Publications (26)


Computing with Time: Microarchitectural Weird Machines
  • Article

November 2024

·

4 Reads

Communications of the ACM

Thomas S. Benjamin

·

Jeffery A. Eitel

·

·

[...]

·

Angelo Sapello

Side-channel attacks, such as Spectre, rely on properties of modern CPUs that permit discovery of microarchitectural state via timing of various operations. The Weird Machine concept is an increasingly popular model for characterization of execution that emerges from side-effects of conventional computing constructs. In this work we introduce Microarchitectural Weird Machines ( μ WMs): code constructions that allow performing computation through the means of side effects and conflicts between microarchitectual entities such as branch predictors and caches. The results of such computations are observed as timing variations in the execution of instructions that interact with these side effects. We demonstrate how μ WMs can be used as a powerful obfuscation engine where computation operates using events unobservable to conventional anti-obfuscation tools based on emulation, debugging, static and dynamic analysis techniques. We present a practical example in which we use a μ WM to obfuscate malware code such that its passive operation is invisible to an observer with full power to view the architectural state of the system until the code receives a trigger. When the trigger is received the malware decrypts and executes its payload. To show the effectiveness of obfuscation we demonstrate its use in the concealment and subsequent execution of a payload that creates a reverse shell. In the full version of this work we also demonstrate a payload that exfiltrates a shadow password file. We then demonstrate the generality of μ WMs by showing that they can be used to reliably perform non-trivial computation by implementing a SHA-1 hash function.







Privacy-Preserving Range Queries from Keyword Queries

July 2015

·

40 Reads

·

5 Citations

Lecture Notes in Computer Science

We consider the problem of a client performing privacy-preserving range queries to a server’s database. We propose a cryptographic model for the study of such protocols, by expanding previous well-studied models of keyword search and private information retrieval to the range query type and to incorporate a multiple-occurrence attribute column in the database table. Our first two results are 2-party privacy-preserving range query protocols, where either (a) the value domain is linear in the number of database records and the database size is only increased by a small constant factor; or (b) the value domain is exponential (thus, essentially of arbitrarily large size) in the number of database records and the database size is increased by a factor logarithmic in the value domain size. Like all previous work in private information retrieval and keyword search, this protocol still satisfies server time complexity linear in the number of database payloads. We discuss how to adapt these results to a 3-party model where encrypted data is outsourced to a third party (i.e., a cloud server). The result is a private database retrieval protocol satisfying a highly desirable tradeoff of privacy and efficiency properties; most notably: (1) no unintended information is leaked to clients or servers, and the information leaked to the third party is characterized as ‘access pattern’ on encrypted data; (2) for each query, all parties run in time only logarithmic in the number of database records and linear in the answer size; (3) the protocol’s query runtime is practical for real-life applications.


System and method for creating BGP route-based network traffic profiles to detect spoofed traffic
  • Patent
  • Full-text available

January 2015

·

17 Reads

An inventive system and method for creating source profiles to detect spoofed traffic comprises obtaining a routing path for data to traverse nodes using traffic profiles, each routing path comprising at least a target AS, initializing one or more AS sets with last hop ASes, enhancing the AS sets by connecting the AS sets to routers, for each enhanced AS set, filtering observed traffic flows, and using the filtered flows to associate enhanced AS sets with network monitoring points to create the source profiles. In one aspect, filtering flows comprise TCP session filtering and/or destination bogon filtering. In one aspect, the routers are border gateway protocol routers. In one aspect, the last hop ASes are one hop away from the target AS.

Download

Method, apparatus and program for detecting spoofed network traffic

December 2014

·

7 Reads

A method, an apparatus and a program for detecting spoofed Internet Protocol (IP) traffic directed to a network having a plurality of autonomous systems (AS) is provided. The method comprises receiving an incoming packet through an AS, the incoming packet containing a source IP address and a destination IP address, acquiring a corresponding source and destination IP address prefixes, converting the corresponding source and destination IP address prefixes into a source AS number and a destination AS number, determining if the incoming packet arrived from an unexpected source based upon the corresponding destination IP address prefix and the converted source and destination AS number using an unexpected pair tuple table generated from network routing information and generating an alert indicating that the incoming packet is not allowed to enter the network.


System and method for spammer host detection from network flow data profiles

July 2014

·

19 Reads

A system and method for spammer host detection from network flow data profiles comprises constructing one or more cluster profiles and detecting spammer hosts. Construction cluster profiles comprises observing network flow data from one or more hosts; for each host, representing the network flow data associated with the host as a multidimensional vector; clustering the vectors of the hosts into the plurality of cluster profiles; annotating each cluster profile using at least one of black lists and white lists; and calculating a confidence in each cluster profile annotation. Detecting spammer hosts comprises observing the network flow data from a new host; representing the network flow data associated with the new host as a multidimensional vector, and placing the new multidimensional vector of the new host into one cluster profile of the one or more cluster profiles.


Citations (16)


... For example, Rathee et al. (2023) discussed the potential of natural preservatives such as polyphenols in various industries, emphasizing the need to address problems associated with synthetic preservatives and misleading advertisements. Additionally, Chadha et al. (2015) proposed a trust estimation system for wireless networks, which could be adapted for detecting deceptive practices in online advertising. Furthermore, Abtahi et al. (2017) developed an intelligent system for fraud detection in financial markets, demonstrating the application of advanced technologies in identifying deceptive transactions. ...

Reference:

From seduction to deception: A bibliometric perspective on the evolution of deceptive advertising
TREND: Trust estimation system for wireless networks via multi-pronged detection
  • Citing Conference Paper
  • October 2015

... These methods range from automated methods applying wavelet analysis [16] to graph theory [17], basic machine learning [14,18], and deep learning [12]. Clustering [13,[19][20][21][22][23] and autoencoders [4,13,[24][25][26][27][28] are popular methods, since they can detect patterns in data using unsupervised learning and hence do not require labelled training data. ...

Insider attack detection using weak indicators over network flow data
  • Citing Conference Paper
  • October 2015

... We can cite Checkmate [8] and Pioneer [13] as representative of the works from the first category. Works such as SMART [7] and VRASED [12] clearly fit in the second category as they imply maintaining a secret and require hardware support for access control. ...

On the Feasibility of Deploying Software Attestation in Cloud Environments
  • Citing Conference Paper
  • June 2014

... Fan et al. adopted a multilevel hierarchical ID method based on GA (genetic algorithm) to solve the problems of a single-level ID system [9]. Ghosh et al. proposed a method of constructing an ID system with a decision tree, which can identify unknown attacks in the network [10]. Alotaibi and Alotaibi proposed an abnormal traffic detection method based on a deep neural network, which can identify the normal or abnormal connections in the network, and the detection effect is good [11]. ...

Managing High Volume Data for Network Attack Detection Using Real-Time Flow Filtering

China Communications

... Verma et. al. [5] proposed a query rate sharing between the victim and the DNS resolvers such that when the unsolicited packets begin arriving at the victim's network, the victim forwards the new DNS server from whom it has received traffic from and the query/response rate to other resolvers involved in the amplification attack. This way, all the resolvers build up an estimated consolidated query rate that is going towards that server and mitigate the attacks locally. ...

On the use of BGP AS numbers to detect spoofing
  • Citing Article
  • December 2010

... In [6] the authors state the importance of testing the system with the bursts of messages but their study is not supported by quantitative results. On the other hand, some studies adapt the middle-ware or proxy to the network for resource utilization [7] or modification of transmission rates [6], [8]. Since user- ...

QAM: A comprehensive QoS-aware Middleware suite for tactical communications
  • Citing Article
  • November 2011

... These defense techniques can, however, be faked by attackers using encrypted traffic and authentication forging or by introducing jitter, while other techniques are inefficient due to the huge traffic that needs to be monitored and analyzed. To further improve these techniques other solutions have been proposed [61] that detect the presence of jitter and chaff in interactive connections by using three anomaly detection algorithms [62]. ...

Improving Stepping Stone Detection Algorithms using Anomaly Detection Techniques