M.

Phil Computer Science Network Security Projects

Web : www.kasanpro.com

Email : sales@kasanpro.com

List Link : http://kasanpro.com/projects-list/m-phil-computer-science-network-security-projects

Title :Evaluation of Symmetric Encryption Algorithms for MANETs

Language : C#
Project Link : http://kasanpro.com/p/c-sharp/symmetric-encryption-algorithms-manet
Abstract : The growth of mobile networks has brought vast changes in mobile devices, middleware development,
standards and network implementation. The nature of the mobile ad hoc networks (MANETs) makes them very
vulnerable to an adversary's malicious attacks. Providing security through cryptographic algorithms in these networks
is very much essential. Among all the cryptographic algorithms, encryption algorithms play a main role in information
security systems. Encryption algorithms are known to be computationally intensive. They consume a significant
amount of computing resources such as CPU time, memory, and battery power. A wireless device, usually with very
limited resources, especially battery power, is subject to the problem of energy consumption due to encryption
algorithms. Designing energy efficient security protocols first requires an understanding of and data related to the
energy consumption of common encryption schemes. This paper presents a comparison of the most commonly used
symmetric encryption algorithms AES (Rijndael), DES, 3DES and Blowfish in terms of power consumption. A
comparison has been conducted for those encryption algorithms at different data types like text, image, audio and
video. Experimental results are given to demonstrate the effectiveness of each algorithm.
Title :In Home Health Monitoring Platform using Wirless Sensor Networks
Language : NS2
Project Link : http://kasanpro.com/p/ns2/home-health-monitoring-platform-wirless-sensor-networks
Abstract : We propose a general purpose home area sensor network and monitoring platform that is intended for
e-Health applications, ranging from elderly monitoring to early homecomingafter a hospitalization period. Our
monitoring platform is multi purpose, meaning that the system is easily configurable for various user needs and is
easy to set up. The system could be temporarily rented from a service company by, for example, hospitals, elderly
service providers, specialized hysiological rehabilitation centers,or individuals. Our system consists of a chosen set of
sensors, a wireless sensor network, a home client, and a distant server. We evaluated our concept in two initial trials:
one with an elderly woman living in sheltered housing, and the other with a hip surgery patientduring his rehabilitation
phase. The results prove the functionality of the platform. However, efficient utilization of such platforms requires
further work on the actual e-Health service concepts.
Title :Flexible Robust Group Key Agreement
Language : C#
Project Link : http://kasanpro.com/p/c-sharp/flexible-robust-group-key-agreement
Abstract : A robust group key agreement protocol (GKA) allows a set of players to establish a shared secret key,
regardless of network/node failures. Current constant-round GKA protocols are either efficient and nonrobust or
robust but not efficient; assuming a reliable broadcast communication medium, the standard encryption-based group
key agreement protocol can be robust against arbitrary number of node faults, but the size of the messages broadcast
by every player is proportional to the number of players. In contrast, nonrobust group key agreement can be achieved
with each player broadcasting just constant-sized messages. We propose a novel 2-round group key agreement
protocol, which tolerates up to T node failures, using O sized messages for any T . We show that the new protocol
implies a fully-robust group key agreement with logarithmic-sized messages and expected round complexity close to
2, assuming random node faults. The protocol can be extended to withstand malicious insiders at small constant
factor increases in bandwidth and computation. The proposed protocol is secure under the (standard) Decisional
Square Diffie-Hellman assumption.
Title :Public Key Cryptography - based Security Scheme for Wireless Sensor Networks in Healthcare
Language : NS2

Project Link :
http://kasanpro.com/p/ns2/public-key-cryptography-security-scheme-wireless-sensor-networks-healthcare
Abstract : The application of wireless sensor networks (WSNs) in healthcare is one of the most important and rapidly
growing areas. One of the most critical security concerns is patients' privacy. Since patients are monitored all the
time, authentication of who can access the information, and what information one is authorized to access are
indispensable to maintain privacy. In healthcare environments, authentication and access control face a big challenge
due to dynamic network topology, mobility, and stringent resource constraints. In this paper, we propose a secure,
scalable, and nergy-efficient security scheme called Mutual Authentication and Access Control scheme based on
Elliptic Curve Cryptography (MAACE). MAACE provides mutual authentication where a healthcare professional can
authenticate to an accessed node (a PDA or medical sensor) and vice versa. This is to ensure that medical data is not
exposed to an unauthorized person. On the other hand, it ensures that medical data sent to healthcare professionals
did not originate from a malicious node. By applying elliptic curve cryptography (ECC), MAACE provides a public key
approach which is more scalable and requires less memory compared to symmetric key-based schemes.
Furthermore, it is practically feasible to implement it on sensor platforms. Security analysis and performance
evaluation results are presented and compared to existing schemes to show advantages of the proposed scheme.
Title :An Adaptive Network Coded Retransmission Scheme for Single-HopWireless Multicast Broadcast Services
Language : NS2
Project Link : http://kasanpro.com/p/ns2/retransmission-scheme-single-hopwireless-multicast-broadcast-services
Abstract : Network coding has recently attracted attention as a substantial improvement to packet retransmission
schemes in wireless multicast broadcast services (MBS). Since the problem offinding the optimal network code
maximizing the bandwidth efficiency is hard to solve and hard to approximate, two main network coding heuristic
schemes, namely opportunistic and full network coding, were suggested in the literature to improve the MBS
bandwidth efficiency. However, each of these two schemes usually outperforms the other in different receiver,
demand, and feedback settings. The continuous and rapid change of these settings in wireless networks limits the
bandwidth efficiency gains if only one scheme is always employed. In this paper, we propose an adaptive scheme
that maintains the highest bandwidth efficiency obtainable by both opportunistic and full network coding schemes in
wireless MBS. The proposed scheme adaptively selects, between these two schemes, the one that is expected to
achieve the better bandwidth efficiency performance. The core contribution in this adaptive selection scheme lies in
our derivation of performance metrics for opportunistic network coding, using random graph theory,which achieves
efficient selection when compared to appropriate full network coding parameters. To compare between different
complexity levels, we present three approaches to compute the performance metric for opportunistic coding using
different levels of knowledge about the opportunistic coding graph. For the three considered approaches, simulation
results show that our proposed scheme almost achieves the bandwidth efficiency performance that could be obtained
by the optimal selection between the opportunistic and full coding schemes.
M.Phil Computer Science Network Security Projects
Title :A Large-Scale Hidden Semi-Markov Model for Anomaly Detection on User Browsing Behaviors
Language : C#
Project Link : http://kasanpro.com/p/c-sharp/hidden-semi-markov-model-anomaly-detection-user-browsing-behaviors
Abstract : Many methods designed to create defenses against distributed denial of service (DDoS) attacks are
focused on the IP and TCP layers instead of the high layer. They are not suitable for handling the new type of attack
which is based on the application layer. In this paper, we introduce a new scheme to achieve early attack detection
and filtering for the application-layer-based DDoS attack. An extended hidden semi-Markov model is proposed to
describe the browsing behaviors of web surfers. In order to reduce the computational amount introduced by the
model's large state space, a novel forward algorithm is derived for the online implementation of the model based on
the M-algorithm. Entropy of the user's HTTP request sequence fitting to the model is used as a criterion to measure
the user's normality. Finally, experiments are conducted to validate our model and algorithm.
Title :Throughput Optimization in Mobile Backbone Networks
Language : C#
Project Link : http://kasanpro.com/p/c-sharp/throughput-optimization-mobile-backbone-networks
Abstract : This paper describes new algorithms for throughput optimization in a mobile backbone network. This
hierarchical communication framework combines mobile backbone nodes, which have superior mobility and

communication capability, with regular nodes, which are constrained in mobility and communication capability. An
important quantity of interest in mobile backbone networks is the number of regular nodes that can be successfully
assigned to mobile backbone nodes at a given throughput level. This paper develops a novel technique for
maximizing this quantity in networks of fixed regular nodes using mixed-integer linear programming (MILP). The
MILP-based algorithm provides a significant reduction in computation time compared to existing methods and is
computationally tractable for problems of moderate size. An approximation algorithm is also developed that is
appropriate for large scale problems. This paper presents a theoretical performance guarantee for the approximation
algorithm and also demonstrates its empirical performance. Finally, the mobile backbone network problem is
extended to include mobile regular nodes, and exact and `approximate solution algorithms are presented for this
extension.
Title :A Secure Routing Protocol in Proactive Security Approach for Mobile Ad-hoc Networks
Language : NS2
Project Link : http://kasanpro.com/p/ns2/secure-routing-protocol-mobile-ad-hoc-networks
Abstract : Secure routing of Mobile Ad-hoc Networks (MANETs) is still a hard problem after years of research. We
therefore propose to design a secure routing protocol in a new approach. This protocol starts from a prerequisite
secure status and fortifies this status by protecting packets using identity-based cryptography and updating
cryptographic keys using threshold cryptography periodically or when necessary. Compared to existing schemes, the
main contribution of our proposal is the notion of allowing only legitimate nodes to participate in the bootstrapping
process, rather than trying to detect adversary nodes after they are participating in the routing protocol. Besides, the
proposal has several improvements in routing setup and maintenance: it does not need any side channel or secret
channel; it simplifies secret updates without requiring a node to move around; it does not use flooding to set up initial
routing, and does not use multicast to update secrets.

http://kasanpro.com/ieee/final-year-project-center-coimbatore-reviews
Title :CIA Security Management for Wireless Sensor Network Nodes
Language : NS2
Project Link : http://kasanpro.com/p/ns2/cia-security-management-wireless-sensor-network-nodes
Abstract : Wireless sensor networks (WSN) have become a complete solution in making use of low power
implementation and embedded systems. Nevertheless, the many constraints arising from low communication range,
limited computing power, lack of availability of networking protocol, programming in the absence of certainty and
security lapses in the areas of confidentiality, integrity and availability (CIA), have so far reduced the full
implementations of WSN. A novel security technique and its functionality for WSN nodes have been proposed. A
review of past and current research, the possibility of having a secured network and proposals meant to prevent
denial of service (DOS) and complexity attacks. These schemes if properly implemented, can provide an
energy-efficient mechanism using pre-allocation and a re-keying of key management models with a secured routine
algorithm
Title :Credit Card Fraud Detection Using Hidden Markov Models
Language : C#
Project Link : http://kasanpro.com/p/c-sharp/credit-card-fraud-detection-using-hidden-markov-models
Abstract : Due to a rapid advancement in the electronic commerce technology, the use of credit cards has
dramatically increased. As credit card becomes the most popular mode of payment for both online as well as regular
purchase, cases of fraud associated with it are also rising. In this paper, we model the sequence of operations in
credit card transaction processing using a Hidden Markov Model (HMM) and show how it can be used for the
detection of frauds. An HMM is initially trained with the normal behavior of a cardholder. If an incoming credit card
transaction is not accepted by the trained HMM with sufficiently high probability, it is considered to be fraudulent. At
the same time, we try to ensure that genuine transactions are not rejected. We present detailed experimental results
to show the effectiveness of our approach and compare it with other techniques available in the literature.
M.Phil Computer Science Network Security Projects
Title :RSU-Based Distributed Key Management (RDKM) For Secure Vehicular Multicast Communications
Language : C#

Project Link :
http://kasanpro.com/p/c-sharp/rsu-based-distributed-key-management-rdkm-for-secure-vehicular-multicast
Abstract : Although lots of research efforts have focused on group key management (GKM) for secure multicast,
existing GKM schemes are inadequate for vehicle communication (VC) systems since they incur unnecessary
rekeying overhead without considering the characteristics of VC systems such as Vehicle- to-Infrastructure
communications and a great number of high mobility vehicles. Therefore, we propose a GKM scheme, called
RSU-based decentralized key management (RDKM), dedicated for the multicast services in the VC systems. The
RDKM schemesignificantly reduces the rekeying overhead through delegating a part of the key management
functions to the road-side infras- tructure units (RSUs) and through updating the key encryption keys (KEKs) within a
RSU. The performance of the RDKM scheme is analyzed in terms of communication overhead and storage overhead
each of which has a strong impact on the performance of GKM. Furthermore, we propose an optimization algorithm
that minimizes the weighted sum of the communication and the storage overhead, called the GKM overhead (GKMO),
by appropriately determining the design parameters. The numerical results from the extensive analysis demonstrate
that the RDKM scheme outperforms the existing GKM schemes in terms of the GKMO.
Title :A Symmetric Key Generation and Pre-Distribution Scheme for WSN Using MRD Codes
Language : NS2
Project Link : http://kasanpro.com/p/ns2/symmetric-key-generation-pre-distribution-scheme-wsn-using-mrds
Abstract : This paper addresses the problem of secure path key establishment in WSN using a key pre-distribution
scheme. In this paper first we have proposed a symmetric key generation scheme using Maximum Rank
Distance(MRD) codes and then we have proposed a path establishment algorithm. Our scheme not only substantially
improves the memory usage requirements but also reduces the communication overhead to setup a common link key,
it only requires 2 messages to setup a link key between two nodes(One from each node). It is shown with example
and simulation results that our scheme provides high level of network connectivity and scalability.
Title :Trust Key Management Scheme for Wireless Body Area Networks
Language : NS2
Project Link : http://kasanpro.com/p/ns2/trust-key-management-scheme-wireless-body-area-networks
Abstract : With recent advances in wireless sensor networks and em-bedded computing technologies, miniaturized
pervasive health monitoring devices have become practically fea- sible. In addition to providing continuous monitoring
and analysis of physiological parameters, the recently pro- posed Wireless Body Area Networks (WBAN) incorporates context aware sensing for increased sensitivity and specificity. A number of tiny wireless sensors, strategi- cally
placed on the human body, create a WBAN that can monitor various vital signs, providing real-time feed- back to the
user and medical personnel. The wireless body area networks promise to revolutionize health mon-itoring. Since the
sensors collect personal medical data, security and privacy are important components in this kind of networks. It is a
challenge to implement tradi- tional security infrastructures in these types of lightweight networks, since they are by
design limited in both com- putational and communication resources. A key enabling technology for secure
communications in WBANs has emerged to be biometrics. In this paper, we present an approach that exploits
physiological signals (electrocar- diogram (ECG)) to address security issues in WBAN: a Trust Key Management
Scheme for Wireless Body Area Network. This approach manages the generation and dis- tribution of symmetric
cryptographic keys to constituent sensors in a WBAN (using ECG signal) and protects the privacy.
Title :Distributed Group Key Management with Cluster based Communication for Dynamic Peer Groups
Language : NS2
Project Link : http://kasanpro.com/p/ns2/distributed-group-key-management-peer-cluster
Abstract : Secure group communication is an increasingly popular research area having received much attention in
recent years. Group key management is a fundamental building block for secure group communication systems. This
paper introduces a new family of protocols addressing cluster based communication, and distributed group key
agreement for secure group communication in dynamic peer groups. In this scheme, group members can be divided
into sub groups called clusters. We propose three cluster based communication protocols with tree-based group key
management. The protocols (1) provides the communication within the cluster by generating common group key
within the cluster, (2) provides communication between the clusters by generating common group key between the
clusters and (3) provides the communication among all clusters by generating common group key among the all
clusters. In our approach group key will be updated for each session or when a user joins or leaves the cluster. More
over we use Certificate Authority which guarantees key authentication, and protects our protocol from all types of
attacks.

Title :An Efficient Key Management Scheme for Wireless Network

Language : NS2
Project Link : http://kasanpro.com/p/ns2/key-management-scheme-wireless-network
Abstract : Sensor networks have great potential to be employed in mission critical situations like battlefields but also
in more everyday security and commercial applications such as building and traffic surveillance, habitat monitoring
and smart homes etc. However, wireless sensor networks pose unique security challenges. While the deployment of
sensor nodes in an unattended environment makes the networks vulnerable to a variety of potential attacks, the
inherent power and memory limitations of sensor nodes makes conventional security solutions unfeasible. Key
Management is a major challenge to achieve security in wireless sensor networks. In most of the schemes presented
for key management in wireless sensor networks, it is assumed that the sensor nodes have the same capability. This
research presents a security framework WSNSF (Wireless Sensor Networks Security Framework) to provide a
comprehensive security solution against the known attacks in sensor networks. The proposed framework consists of
four interacting components: a secure triple-key (STKS) scheme, secure routing algorithms (SRAs), a secure
localization technique (SLT) and a malicious node detection mechanism. Singly, each of these components can
achieve certain level of security. However, when deployed as a framework, a high degree of security is achievable.
WSNSF takes into consideration the communication and computation limitations of sensor networks. While there is
always a tradeoff between security and performance, experimental results prove that the proposed framework can
achieve high degree of security, transmission overheads and perfect resilience against node capture
M.Phil Computer Science Network Security Projects
Title :Knapsack-Based Elliptic Curve Cryptography Using Stern Series for Digital Signature Authentication
Language : C#
Project Link : http://kasanpro.com/p/c-sharp/knapsack-based-elliptic-curve-cryptography
Abstract : This paper presents the implementation of knapsack based Elliptic Curve Cryptography (ECC) for digital
signature authentication with message recovery. For any key size, elliptic curve cryptosystem provides greater
security when compared to integer factorization and discrete logarithm system. Generally in digital signature,
signature (r, s) along with message will be sent to the receiver but in our scheme, signature alone is sent and
message will be recovered from (r, s). The strength of knapsack algorithm depends on the selection of the knapsack
series. Stern series which reduces the time complexity of the existing system has been used. In our approach,
knapsack series alone can be kept secret, but in RSA various domain parameters need to be kept secret. The
proposed algorithm is secure against the current attacking mechanisms like key only attacks and message attacks.

http://kasanpro.com/ieee/final-year-project-center-coimbatore-reviews
Title :Initial Distribution of Group Keys for Confidential Group Communication
Language : C#
Project Link : http://kasanpro.com/p/c-sharp/group-keys-confidential-group-communication
Abstract : Traditional methods for the initial distribution of group keys based on encryption and digital signature
cannot effectively protect the privacy of a new member who joins a confidential group since the digital signature
allows anyone to verify it using the public key. When joining such a group, a new member may not want to make
private information, such as the group it joins, the group manager and especially the entity who issues the admission
token, available to the general public to prevent the information from being disclosed to an adversary. In this paper,
we propose two schemes for the initial distribution of group keys for confidential group communication based on
elliptic curve ElGamal encryption and directed signature with the property that the signature can only be verified by
the designated receiver. We show through experiments using statistical hypothesis t-test two samples for means that
our schemes can effectively protect the privacy of a new joining member at the cost of little computation resources.
Title :A Hierarchical Identity Based Key Management Scheme in Tactical Mobile Ad Hoc Networks
Language : C#
Project Link :
http://kasanpro.com/p/c-sharp/hierarchical-identity-based-key-management-scheme-tactical-mobile-ad-hoc-networks
Abstract : Hierarchical key management schemes would serve well for military applications where the organization of

the network is already hierarchical in nature. Most of the existing key management schemes concentrate only on
network structures and key allocation algorithms, ignoring attributes of the nodes themselves. Due to the distributed
and dynamic nature of MANETs, it is possible to show that there is a security benefit to be attained when the node
states are considered in the process of constructing a private key generator (PKG). In this paper, we propose a
distributed hierarchical key management scheme in which nodes can get their keys updated either from their parent
nodes or a threshold of sibling nodes. The dynamic node selection process is formulated as a stochastic problem and
the proposed scheme can select the best nodes to be used as PKGs from all available ones considering their security
conditions and energy states. Simulation results show that the proposed scheme can decrease network
compromising probability and increase network lifetime in tactical MANETs.
Title :Detecting Credit Card Fraud by Decision Trees and Support Vector Machines
Language : C#
Project Link : http://kasanpro.com/p/c-sharp/credit-card-fraud-detection-decision-trees-support-vector-machines
Abstract : With the developments in the Information Technology and improvements in the communication channels,
fraud is spreading all over the world, resulting in huge financial losses. Though fraud prevention mechanisms such as
CHIP&PIN are developed, these mechanisms do not prevent the most common fraud types such as fraudulent credit
card usages over virtual POS terminals or mail orders. As a result, fraud detection is the essential tool and probably
the best way to stop such fraud types. In this study, classification models based on decision trees and support vector
machines (SVM) are developed and applied on credit card fraud detection problem. This study is one of the firsts to
compare the performance of SVM and decision tree methods in credit card fraud detection with a real data set.
Title :Dirichelt-Based Trust Management for Effective Collaborative Intrusion Detection Networks
Language : C#
Project Link :
http://kasanpro.com/p/c-sharp/dirichelt-based-trust-management-effective-collaborative-intrusion-detection-networks
Abstract : Intrusion Detection Systems (IDSs) are designed to monitor network traffic and computer activities in order
to alert users about suspicious intrusions. Collaboration among IDSs allows users to benefit from the collective
knowledge and information from their collaborators and achieve more accurate intrusion detection. However, most
existing collaborative intrusion detection networks rely on the exchange of intrusion data which raises privacy
concerns. To overcome this problem, we propose Rule sharing NIDS: a Rule Sharing intrusion detection network,
which provides a platform for IDS users to effectively share their customized detection knowledge in an IDS
community. An automatic rule propagation mechanism is proposed based on a decentralized two-level optimization
problem formulation. We evaluate our rule sharing system through simulations and compare our results to existing
knowledge sharing methods such as random gossiping and fixed neighbors sharing schemes.
M.Phil Computer Science Network Security Projects
Title :Dirichelt-Based Trust Management for Effective Collaborative Intrusion Detection Networks
Language : NS2
Project Link :
http://kasanpro.com/p/ns2/dirichelt-based-trust-management-effective-collaborative-intrusion-detection-networks-code
Abstract : Intrusion Detection Systems (IDSs) are designed to monitor network traffic and computer activities in order
to alert users about suspicious intrusions. Collaboration among IDSs allows users to benefit from the collective
knowledge and information from their collaborators and achieve more accurate intrusion detection. However, most
existing collaborative intrusion detection networks rely on the exchange of intrusion data which raises privacy
concerns. To overcome this problem, we propose Rule sharing NIDS: a Rule Sharing intrusion detection network,
which provides a platform for IDS users to effectively share their customized detection knowledge in an IDS
community. An automatic rule propagation mechanism is proposed based on a decentralized two-level optimization
problem formulation. We evaluate our rule sharing system through simulations and compare our results to existing
knowledge sharing methods such as random gossiping and fixed neighbors sharing schemes.
Title :A Novel En-route Filtering Scheme against False Data Injection Attacks in Cyber-Physical Networked Systems
Language : NS2
Project Link :
http://kasanpro.com/p/ns2/en-route-filtering-scheme-false-data-injection-attacks-cyber-physical-networked-systems

Abstract : In Cyber-Physical Networked Systems (CPNS), the adversary can inject false measurements to the
controller through compromised sensor nodes, which not only threaten the security of the system, but also consumes
network resources. To deal with this issue, a number of en-route filtering schemes have been designed for wireless
sensor networks in the past. However, these schemes either lack resilience to the number of compromised nodes or
depend on the statically configure routes and node localization, which are not suitable for CPNS. In this paper, we
propose a Polynomial-based Compromise-Resilient En-route Filtering scheme (PCREF), which can filter false injected
data effectively and achieve a high resilience to the number of compromised nodes without relying on static routes
and node localization. Particularly, PCREF adopts polynomials instead of MACs (Message Authentication Codes) for
endorsing measurement reports to achieve the resilience to attacks. Each node stores two types of polynomials:
authentication polynomial and check polynomial, derived from the primitive polynomial, and used for endorsing and
verifying the measurement reports. Via extensive theoretical analysis and experiments, our data show that PCREF
achieves better filtering capacity and resilience to the large number of compromised nodes in comparison to the
existing schemes.
Title :Grouping-Enhanced Resilient Probabilistic En-Route Filtering of Injected False Data in WSNs
Language : NS2
Project Link :
http://kasanpro.com/p/ns2/grouping-enhanced-resilient-probabilistic-en-route-filtering-injected-false-data-wsns
Abstract : In wireless sensor networks, the adversary may inject false reports to exhaust network energy or trigger
false alarms with compromised sensor nodes. In response to the problems of existing schemes on the security
resiliency, applicability and filtering effectiveness, this paper proposed a scheme, referred to as Grouping - enhanced
Resilient Probabilistic En - route Filtering (GRPEF). In GRPEF, an efficient distributed algorithm is proposed to group
nodes without incurring extra groups, and a multiaxis division based approach for deriving location - aware keys is
used to overcome the threshold problem and remove the dependence on the sink immobility and routing protocols.
Compared to the existing schemes, GRPEF significantly improves the effectiveness of the en- route filtering and can
be applied to the sensor networks with mobile sinks while reserving the resiliency.
Title :Identifying Infection Sources and Regions in Large Networks
Language : C#
Project Link : http://kasanpro.com/p/c-sharp/identifying-infection-sources-regions-large-networks
Abstract : Identifying the infection sources in a network, including the index cases that introduce a contagious
disease into a population network, the servers that inject a computer virus into a computer network, or the individuals
who started a rumor in a social network, plays a critical role in limiting the damage caused by the infection through
timely quarantine of the sources. We consider the problem of estimating the infection sources and the infection
regions (subsets of nodes infected by each source) in a network, based only on knowledge of which nodes are
infected and their connections, and when the number of sources is unknown a priori. We derive estimators for the
infection sources and their infection regions based on approximations of the infection sequences count. We prove that
if there are at most two infection sources in a geometric tree, our estimator identifies the true source or sources with
probability going to one as the number of infected nodes increases. When there are more than two infection sources,
and when the maximum possible number of infection sources is known, we propose an algorithm with quadratic
complexity to estimate the actual number and identities of the infection sources. Simulations on various kinds of
networks, including tree networks, small-world networks and real world power grid networks, and tests on two real
data sets are provided to verify the performance of our estimators.

http://kasanpro.com/ieee/final-year-project-center-coimbatore-reviews
Title :Identifying Infection Sources and Regions in Large Networks
Language : NS2
Project Link : http://kasanpro.com/p/ns2/identifying-infection-sources-regions-large-networks-code
Abstract : Identifying the infection sources in a network, including the index cases that introduce a contagious
disease into a population network, the servers that inject a computer virus into a computer network, or the individuals
who started a rumor in a social network, plays a critical role in limiting the damage caused by the infection through
timely quarantine of the sources. We consider the problem of estimating the infection sources and the infection
regions (subsets of nodes infected by each source) in a network, based only on knowledge of which nodes are
infected and their connections, and when the number of sources is unknown a priori. We derive estimators for the
infection sources and their infection regions based on approximations of the infection sequences count. We prove that
if there are at most two infection sources in a geometric tree, our estimator identifies the true source or sources with

probability going to one as the number of infected nodes increases. When there are more than two infection sources,
and when the maximum possible number of infection sources is known, we propose an algorithm with quadratic
complexity to estimate the actual number and identities of the infection sources. Simulations on various kinds of
networks, including tree networks, small-world networks and real world power grid networks, and tests on two real
data sets are provided to verify the performance of our estimators.
M.Phil Computer Science Network Security Projects
Title :Vulnerability of Network Mechanisms to Sophisticated DDoS Attacks
Language : C#
Project Link : http://kasanpro.com/p/c-sharp/vulnerability-network-mechanisms-sophisticated-ddos-attacks
Abstract : In recent years, we have experienced a wave of DDoS attacks threatening the welfare of the internet.
These are launched by malicious users whose only incentive is to degrade the performance of other, innocent, users.
The traditional systems turn out to be quite vulnerable to these attacks. The objective of this work is to take a first step
to close this fundamental gap, aiming at laying a foundation that can be used in future computer/network designs
taking into account the malicious users. Our approach is based on proposing a metric that evaluates the vulnerability
of a system. We then use our vulnerability metric to evaluate a data structure which is commonly used in network
mechanisms--the Hash table data structure. We show that Closed Hash is much more vulnerable to DDoS attacks
than Open Hash, even though the two systems are considered to be equivalent by traditional performance evaluation.
We also apply the metric to queuing mechanisms common to computer and communications systems. Furthermore,
we apply it to the practical case of a hash table whose requests are controlled by a queue, showing that even after the
attack has ended, the regular users still suffer from performance degradation or even a total denial of service.
Title :Vulnerability of Network Mechanisms to Sophisticated DDoS Attacks
Language : NS2
Project Link : http://kasanpro.com/p/ns2/vulnerability-network-mechanisms-sophisticated-ddos-attacks-code
Abstract : In recent years, we have experienced a wave of DDoS attacks threatening the welfare of the internet.
These are launched by malicious users whose only incentive is to degrade the performance of other, innocent, users.
The traditional systems turn out to be quite vulnerable to these attacks. The objective of this work is to take a first step
to close this fundamental gap, aiming at laying a foundation that can be used in future computer/network designs
taking into account the malicious users. Our approach is based on proposing a metric that evaluates the vulnerability
of a system. We then use our vulnerability metric to evaluate a data structure which is commonly used in network
mechanisms--the Hash table data structure. We show that Closed Hash is much more vulnerable to DDoS attacks
than Open Hash, even though the two systems are considered to be equivalent by traditional performance evaluation.
We also apply the metric to queuing mechanisms common to computer and communications systems. Furthermore,
we apply it to the practical case of a hash table whose requests are controlled by a queue, showing that even after the
attack has ended, the regular users still suffer from performance degradation or even a total denial of service.
Title :NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems
Language : C#
Project Link :
http://kasanpro.com/p/c-sharp/nice-network-intrusion-detection-countermeasure-selection-virtual-network-systems
Abstract : Cloud security is one of most important issues that has attracted a lot of research and development effort
in past few years. Particularly, attackers can explore vulnerabilities of a cloud system and compromise virtual
machines to deploy further large-scale Distributed Denial-of-Service (DDoS). DDoS attacks usually involve early
stage actions such as multistep exploitation, low-frequency vulnerability scanning, and compromising identified
vulnerable virtual machines as zombies, and finally DDoS attacks through the compromised zombies. Within the
cloud system, especially the Infrastructure-as-a-Service (IaaS) clouds, the detection of zombie exploration attacks is
extremely difficult. This is because cloud users may install vulnerable applications on their virtual machines. To
prevent vulnerable virtual machines from being compromised in the cloud, we propose a multiphase distributed
vulnerability detection, measurement, and countermeasure selection mechanism called NICE, which is built on attack
graph-based analytical models and reconfigurable virtual network-based countermeasures. The proposed framework
leverages OpenFlow network programming APIs to build a monitor and control plane over distributed programmable
virtual switches to significantly improve attack detection and mitigate attack consequences. The system and security
evaluations demonstrate the efficiency and effectiveness of the proposed solution.
Title :NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems
Language : NS2

Project Link :
http://kasanpro.com/p/ns2/nice-network-intrusion-detection-countermeasure-selection-virtual-network-systems-code
Abstract : Cloud security is one of most important issues that has attracted a lot of research and development effort
in past few years. Particularly, attackers can explore vulnerabilities of a cloud system and compromise virtual
machines to deploy further large-scale Distributed Denial-of-Service (DDoS). DDoS attacks usually involve early
stage actions such as multistep exploitation, low-frequency vulnerability scanning, and compromising identified
vulnerable virtual machines as zombies, and finally DDoS attacks through the compromised zombies. Within the
cloud system, especially the Infrastructure-as-a-Service (IaaS) clouds, the detection of zombie exploration attacks is
extremely difficult. This is because cloud users may install vulnerable applications on their virtual machines. To
prevent vulnerable virtual machines from being compromised in the cloud, we propose a multiphase distributed
vulnerability detection, measurement, and countermeasure selection mechanism called NICE, which is built on attack
graph-based analytical models and reconfigurable virtual network-based countermeasures. The proposed framework
leverages OpenFlow network programming APIs to build a monitor and control plane over distributed programmable
virtual switches to significantly improve attack detection and mitigate attack consequences. The system and security
evaluations demonstrate the efficiency and effectiveness of the proposed solution.
Title :EAACK--A Secure Intrusion-Detection System for MANETs
Language : C#
Project Link : http://kasanpro.com/p/c-sharp/eaack-instrusion-detection-system-mannet
Abstract : The migration to wireless network from wired net- work has been a global trend in the past few decades.
The mobility and scalability brought by wireless network made it possible in many applications. Among all the
contemporary wireless net- works, Mobile Ad hoc NETwork (MANET) is one of the most important and unique
applications. On the contrary to traditional network architecture, MANET does not require a fixed network
infrastructure; every single node works as both a transmitter and a receiver. Nodes communicate directly with each
other when they are both within the same communication range. Otherwise, they rely on their neighbors to relay
messages. The self-configuring ability of nodes in MANET made it popular among critical mission applications like
military use or emergency recovery. However, the open medium and wide distribution of nodes make MANET
vulnerable to malicious attackers. In this case, it is crucial to develop efficient intrusion-detection mechanisms to
protect MANET from attacks. With the improvements of the technology and cut in hardware costs, we are witnessing
a current trend of expanding MANETs into industrial applications. To adjust to such trend, we strongly believe that it is
vital to address its potential security issues. In this paper, we propose and implement a new intrusion-detection
system named Enhanced Adaptive ACKnowledgment (EAACK) specially designed for MANETs. Compared to
contemporary approaches, EAACK demonstrates higher malicious-behavior-detection rates in certain circumstances
while does not greatly affect the network performances.
M.Phil Computer Science Network Security Projects
Title :EAACK--A Secure Intrusion-Detection System for MANETs
Language : NS2
Project Link : http://kasanpro.com/p/ns2/eaack-secure-instrusion-detection-system-mannet
Abstract : The migration to wireless network from wired net- work has been a global trend in the past few decades.
The mobility and scalability brought by wireless network made it possible in many applications. Among all the
contemporary wireless net- works, Mobile Ad hoc NETwork (MANET) is one of the most important and unique
applications. On the contrary to traditional network architecture, MANET does not require a fixed network
infrastructure; every single node works as both a transmitter and a receiver. Nodes communicate directly with each
other when they are both within the same communication range. Otherwise, they rely on their neighbors to relay
messages. The self-configuring ability of nodes in MANET made it popular among critical mission applications like
military use or emergency recovery. However, the open medium and wide distribution of nodes make MANET
vulnerable to malicious attackers. In this case, it is crucial to develop efficient intrusion-detection mechanisms to
protect MANET from attacks. With the improvements of the technology and cut in hardware costs, we are witnessing
a current trend of expanding MANETs into industrial applications. To adjust to such trend, we strongly believe that it is
vital to address its potential security issues. In this paper, we propose and implement a new intrusion-detection
system named Enhanced Adaptive ACKnowledgment (EAACK) specially designed for MANETs. Compared to
contemporary approaches, EAACK demonstrates higher malicious-behavior-detection rates in certain circumstances
while does not greatly affect the network performances.
Title :RIHT: A Novel Hybrid IP Traceback Scheme
Language : C#

Project Link : http://kasanpro.com/p/c-sharp/riht-novel-hybrid-ip-traceback-scheme-implement

Abstract : Because the Internet has been widely applied in various fields, more and more network security issues
emerge and catch people's attention. However, adversaries often hide them- selves by spoofing their own IP
addresses and then launch attacks. For this reason, researchers have proposed a lot of traceback schemes to trace
the source of these attacks. Some use only one packet in their packet logging schemes to achieve IP tracking. Others
combine packet marking with packet logging and therefore create hybrid IP traceback schemes demanding less
storage but requiring a longer search. In this paper, we propose a new hybrid IP traceback scheme with efficient
packet logging aiming to have a fixed storage requirement for each router (under 320 KB, according to CAIDA's
skitter data set) in packet logging without the need to refresh the logged tracking information and to achieve zero false
positive and false negative rates in attack-path reconstruction. In addition, we use a packet's marking field to censor
attack traffic on its upstream routers. Lastly, we simulate and analyze our scheme, in comparison with other related
research, in the following aspects: storage requirement, computation, and accuracy.

http://kasanpro.com/ieee/final-year-project-center-coimbatore-reviews
Title :RIHT: A Novel Hybrid IP Traceback Scheme
Language : NS2
Project Link : http://kasanpro.com/p/ns2/riht-novel-hybrid-ip-traceback-scheme
Abstract : Because the Internet has been widely applied in various fields, more and more network security issues
emerge and catch people's attention. However, adversaries often hide them- selves by spoofing their own IP
addresses and then launch attacks. For this reason, researchers have proposed a lot of traceback schemes to trace
the source of these attacks. Some use only one packet in their packet logging schemes to achieve IP tracking. Others
combine packet marking with packet logging and therefore create hybrid IP traceback schemes demanding less
storage but requiring a longer search. In this paper, we propose a new hybrid IP traceback scheme with efficient
packet logging aiming to have a fixed storage requirement for each router (under 320 KB, according to CAIDA's
skitter data set) in packet logging without the need to refresh the logged tracking information and to achieve zero false
positive and false negative rates in attack-path reconstruction. In addition, we use a packet's marking field to censor
attack traffic on its upstream routers. Lastly, we simulate and analyze our scheme, in comparison with other related
research, in the following aspects: storage requirement, computation, and accuracy.
Title :The Silence of the LANs: Efficient Leakage Resilience for IPsec VPNs
Language : C#
Project Link : http://kasanpro.com/p/c-sharp/efficient-leakage-resilience-ipsec-vpns
Abstract : Virtual Private Networks (VPNs) are increasingly used to build logically isolated networks. However,
existing VPN designs and deployments neglected the problem of traffic analysis and covert channels. Hence, there
are many ways to infer information from VPN traffic without decrypting it. Many proposals have been made to mitigate
network covert channels, but previous works remained largely theoretical or resulted in prohibitively high padding
overhead and performance penalties.
In this work, we (1) analyse the impact of covert channels in IPsec, (2) present several improved and novel
approaches for covert channel mitigation in IPsec, (3) propose and implement a system for dynamic performance
trade-o_s, and (4) implement our design in the Linux IPsec stack and evaluate its performance for different types of
traffic and mitigation policies. At only 24% overhead, our prototype enforces tight information-theoretic bounds on all
information leak- age. To encourage further research on practical systems, our prototype is available for public use.
Title :The Silence of the LANs: Efficient Leakage Resilience for IPsec VPNs
Language : NS2
Project Link : http://kasanpro.com/p/ns2/efficient-leakage-resilience-ipsec-vpns-code
Abstract : Virtual Private Networks (VPNs) are increasingly used to build logically isolated networks. However,
existing VPN designs and deployments neglected the problem of traffic analysis and covert channels. Hence, there
are many ways to infer information from VPN traffic without decrypting it. Many proposals have been made to mitigate
network covert channels, but previous works remained largely theoretical or resulted in prohibitively high padding
overhead and performance penalties.
In this work, we (1) analyse the impact of covert channels in IPsec, (2) present several improved and novel

approaches for covert channel mitigation in IPsec, (3) propose and implement a system for dynamic performance
trade-o_s, and (4) implement our design in the Linux IPsec stack and evaluate its performance for different types of
traffic and mitigation policies. At only 24% overhead, our prototype enforces tight information-theoretic bounds on all
information leak- age. To encourage further research on practical systems, our prototype is available for public use.
M.Phil Computer Science Network Security Projects
Title :DISC : Detection of infection sources in dynamic infection spreading model
Language : NS2
Project Link : http://kasanpro.com/p/ns2/disc-detection-infection-sources-dynamic-infection-spreading-model
Abstract : A rumor started by a few individuals can spread quickly through the underlying network. In many cases,
we are interested to find the sources of the rumor. We can model this as an infection spreading in a network of nodes.
In a population network, the infection is the disease that is transmitted between individuals. We consider the problem
of estimating the infection sources and the infection regions (subsets of nodes infected by each source) in a network,
based only on knowledge of which nodes are infected and their connections, and when the number of sources is
unknown a priori. We derive estimators for the infection sources and their infection regions based on approximations
of the infection sequences count. When there are more than two infection sources, and when the maximum possible
number of infection sources is known, we propose an algorithm with quadratic complexity to estimate the actual
number and identities of the infection sources. Our research includes the use of richer diffusion models that allow the
inclusion of drifts and other dynamics in the infection spreading process, and tools from statistics to approximate
optimal estimators for the infection sources.
Title :Intelligent Enhanced Adaptive ACKnowledgement trust model for multipath Routing in MANET
Language : NS2
Project Link :
http://kasanpro.com/p/ns2/intelligent-enhanced-adaptive-acknowledgement-trust-model-multipath-routing-manet
Abstract : The use of Mobile Ad hoc Networks (MANETs) has increased in recent years mainly due to their
advantages and their broad applications. MANETs are dynamic peer-to-peer networks that consist of a collection of
mobile nodes. These nodes perform multi-hop information transfer without requiring a predefined infrastructure.
Recently, Intrusion Detection System (IDS) plays a major role in the security of MANETs. Moreover, IDSs are an
effective way to detect various types of attacks in networks thereby securing the MANETs. An effective Intrusion
Detection System requires high accuracy and detection rate as well as low false alarm rate. In this paper, we propose
a new intrusion detection system called Intelligent Enhanced Adaptive ACKnowledgment(IEAACK) specially designed
for MANETs. The proposed system introduces a new digital signature to prevent the attacker from forging
acknowledgment packets. Moreover, we propose a trust prediction model to secure the network effectively. The
model can evaluate the trustworthiness of nodes, based on the historical behaviours of nodes. Finally, a multi-path
secured routing scheme is used in this work. The experimental results obtained in this work show high detection rates
and reduce the false alarm rate.