Browsing by Author "Rupasinghe, L"

Filter results by typing the first few letters
Now showing 1 - 20 of 59
  • Thumbnail Image
    PublicationEmbargo
    An Analysis on Different Distance Measures in KNN with PCA for Android Malware Detection
    (IEEE, 2022-11-30) Dissanayake, S; Gunathunga, S; Jayanetti, D; Perera, K; Liyanapathirana, C; Rupasinghe, L
    As Majority of the market is presently occupied by Android consumers, Android operating system is a prominent target for intruders. This research shows a dynamic Android malware detection approach that classifies dangerous and trustworthy applications using system call monitoring. While the applications were in the execution phase, dynamic system call analysis was conducted on legitimate and malicious applications. Majority of relevant machine learning-based studies on detecting android malware frequently employ baseline classifier settings and concentrate on selecting either the best attributes or classifier. This study examines the performance of K Nearest Neighbor (KNN), factoring its many hyper-parameters with a focus on various distance metrics and this paper shows performance of KNN before and after performing Principal Component Analysis (PCA). The findings demonstrate that the classification performance may be significantly improved by using the adequate distance metric. KNN algorithm shows decent accuracy and improvement of efficiency such as decreasing the training time After PCA.
  • Thumbnail Image
    PublicationOpen Access
    Androsafe: Online malware analysis with static and dynamic methods
    (Annual Technical Conference 2016 - IET- Sri Lanka Network, 2016) Kesavan, K; Liyanapathirana, C; Sampath, S. A. W. S; Sureni, Y. M; Koshila, C. P; Wanigarathna, S; Nawarathna, C. P; Rupasinghe, L
    With an estimated market share of 70% to 80%, Android as becoming the most popular operating system for smartphone and tablet. Cyber criminals naturally expanded their various activities towards Google’s mobile platform.An additional incentive for mobile malware authors to target Android instead of another mobile platform is Android open design that allows users to install the application from a variety of sources. "Androsafe" is an online malware analysis tool which can analyze malware in an isolated environment without any damaging to the mobile device by using both existing and new anomaly based and behavioral analysis. Through this combination, we can analyze a large number of malware families because some malware families may only perform signature base or behavioral. Then the sandboxes based on signature will not have analysis malware families that only perform a behavior and the sandboxes based on behavior will not analysis signaturebased malware families.“Androsafe” sandbox will be hosted in the Honeynet Project’s cloud. Dynamic Analysis will be queued and run in the background, and an email which contains malware analyzing report will be sent to the user when the analysis is over. This method is very efficient more than offline kernel and app base sandbox.
  • Thumbnail Image
    PublicationEmbargo
    Anomaly Detection in Microservice Systems Using Autoencoders
    (IEEE, 2022-12-09) de Silva, M; Daniel, S; Kumarapeli, M; Mahadura, S; Rupasinghe, L; Liyanapathirana, C
    The adaptation of microservice architecture has increased massively during the last few years with the emergence of the cloud. Containers have become a common choice for microservices architecture instead of VMs (Virtual Machines) due to their portability and optimized resource usage characteristics. Along with the containers, container-orchestration platforms are also becoming an integral part of microservice-based systems, considering the flexibility and scalability offered by the container-orchestration media. With the virtualized implementation and the dynamic attribute of modern microservice architecture, it has been a cumbersome task to implement a proper observability mechanism to detect abnormal behaviour using conventional monitoring tools, which are most suitable for static infrastructures. We present a system that will collect required data with the understanding of the dynamic attribute of the system and identify anomalies with efficient data analysis methods.
  • Thumbnail Image
    PublicationEmbargo
    Application of Federated Learning in Health Care Sector for Malware Detection and Mitigation Using Software Defined Networking Approach
    (IEEE, 2022-10-11) Panagoda, D; Malinda, C; Wijetunga, C; Rupasinghe, L; Bandara, B; Liyanapathirana, C
    This research takes us forward with the concepts of Federated Learning and SDN to introduce an efficient malware detection technique and provide a mitigation mechanism to give birth to a resilient and automated healthcare sector network system by also adding the feature of extended privacy preservation. Due to the daily transformation of new malware attacks on hospital ICEs, the healthcare industry is at an undefinable peak of never knowing its continuity direction. The state of blindness by the array of indispensable opportunities that new medical device inventions and their connected coordination offer daily, a factor that should be focused driven is not yet entirely understood by most healthcare operators and patients. This solution has the involvement of four clients in the form of hospital networks to build up the federated learning experimentation architectural structure with different geographical participation to reach the most reasonable accuracy rate with privacy preservation. While the logistic regression with cross-entropy conveys the detection, SDN comes in handy in the second half of the research to stack up the initial development phases of the system with malware mitigation based on policy implementation. The overall evaluation sums up with a system that proves the accuracy with the added privacy. It is no longer needed to continue with traditional centralized systems that offer almost everything but not privacy.
  • Thumbnail Image
    PublicationEmbargo
    Authdna: An adaptive authentication service for any identity server
    (IEEE, 2019-12-05) De Silva, H. L. S. R. P; Wittebron, D. C; Lahiru, A. M. R; Madumadhavi, K. L; Rupasinghe, L; Abeywardena, K. Y
    Adaptive authentication refers to the way that configures two factors or multi-factor authentication, based on the user's risk profile. One of the most pressing concerns in modern days is the security of credentials. As a solution, developers have introduced the multifactor authentication. The multi-factor authentication has an adverse effect on user experience. This paper proposes a novel adaptive authentication mechanism which tries to eradicate the negative user experience of the traditional multi factor authentication systems. Adaptive authentication gathers information about each user and prevents fraudulent attempts by validating them against the created profiles. This approach will increase the usability, user-friendliness by introducing multi-factor authentication only when its necessary using a risk based adaptive approach. Furthermore, the solution ensures security by authenticating the legitimate user through collectively analyzing the properties, behavior, device and network related information. In the creation of the user profile, the adaptive authentication system will gather and analyze the user typing behaviors using a unique recurrent neural network algorithm named LSTMs with 95.55% accuracy and mouse behaviors using SVMs with 95.48% accuracy. In device-based authentication, a fingerprint is generated to the browser and to the mobile device which is utilized in the analysis of the accuracy rate of the authentication. Blacklisting and whitelisting of the networks and geo velocity of the authentication request are captured under the geolocation and network-based authentication. All the accuracy rates are fed to the risk-based authentication which helps the decision of re-authentication or in the grant of access to the system by analyzing the risk score generated for the authentication request.
  • Thumbnail Image
    PublicationEmbargo
    An Automated Tool for Memory Forensics
    (IEEE, 2019-12-05) Murthaja, M; Sahayanathan, B; Munasinghe, A. N. T. S; Uthayakumar, D; Rupasinghe, L; Senarathne, A
    In the present, memory forensics has captured the world's attention. Currently, the volatility framework is used to extract artifacts from the memory dump, and the extracted artifacts are then used to investigate and to identify the malicious processes in the memory dump. The investigation process must be conducted manually, since the volatility framework provides only the artifacts that exist in the memory dump. In this paper, we investigate the four predominant domains of registry, DLL, API calls and network connections in memory forensics to implement the system `Malfore,' which helps automate the entire process of memory forensics. We use the cuckoo sandbox to analyze malware samples and to obtain memory dumps and volatility frameworks to extract artifacts from the memory dump. The finalized dataset was evaluated using several machine learning algorithms, including RNN. The highest accuracy achieved was 98%, and it was reached using a recurrent neural network model, fitted to the data extracted from the DLL artifacts, and 92% accuracy was reached using a recurrent neural network model, fitted to data extracted from the network connection artifacts.
  • Thumbnail Image
    PublicationEmbargo
    Autonomous Cyber AI for Anomaly Detection
    (IEEE, 2021-12-09) Madhuvantha, K. A. N; Hussain, M. H; De Silva, H. W. D. T; Liyanage, U. I. D; Rupasinghe, L; Liyanapathirana, C
    Since available signature-based Intrusion Detection systems (IDS) are lacking in performance to identify such cyber threats and defend against novel attacks. It does not have the ability to detect zero-day or advanced malicious activities. To address the issue with signature-based IDS, a possible solution is to adopt anomaly-based detections to identify the latest cyber threats including zero days. We initially focused on network intrusions. This research paper discusses detecting network anomalies using AI-based technologies such as machine learning (ML) and natural language processing (NLP). In the proposed solution, network traffic logs and HTTP traffic data are taken as inputs using a mechanism called beats. Once relevant data has been extracted from the captured traffic, it will be passed to the AI engine to conduct further analysis. Algorithms such as Word2vec, Convolution Neural Network (CNN), Artificial Neural networks (ANN), and autoencoders are used in order to conduct the threat analysis. HTTP DATASET CSIC 2010, that NSL-KDD, CICIDS are the benchmarking datasets used in parallel with the above algorithms in order to receive high accuracy in detection. The outputted data is integrated and visualized using the Kibana dashboard and blockchain model is implemented to maintain and handle all the data.
  • Thumbnail Image
    PublicationEmbargo
    Code Vulnerability Identification and Code Improvement using Advanced Machine Learning
    (IEEE, 2019-12-05) Ruggahakotuwa, L; Rupasinghe, L; Abeygunawardhana, P. K. W
    Cyber-attacks are fairly mundane. The misconfigurations of the source code can result in security vulnerabilities that potentially encourage the attackers to exploit them and compromise the system. This paper aims to discover various mechanisms of automating the detection and correction of vulnerabilities in source code. Usage of static and dynamic analysis, various machine learning, deep learning, and neural network techniques will enhance the automation of detecting and correcting processes. This paper systematically presents the various methods and research efforts of detecting vulnerabilities in the source code, starting with what is a software vulnerability and what kind of exploitation, existing vulnerability detection methods, correction methods and efforts of best researches in the world relevant to the research area. A plugin will be developed which is capable of intelligently and efficiently detecting the vulnerable source code segment and correcting the source code accurately in the development stage.
  • Thumbnail Image
    PublicationEmbargo
    Code Vulnerability Identification and Code Improvement using Advanced Machine Learning
    (IEEE, 2019-12-05) Ruggahakotuwa, L; Rupasinghe, L; Abeygunawardhana, P. K. W
    Cyber-attacks are fairly mundane. The misconfigurations of the source code can result in security vulnerabilities that potentially encourage the attackers to exploit them and compromise the system. This paper aims to discover various mechanisms of automating the detection and correction of vulnerabilities in source code. Usage of static and dynamic analysis, various machine learning, deep learning, and neural network techniques will enhance the automation of detecting and correcting processes. This paper systematically presents the various methods and research efforts of detecting vulnerabilities in the source code, starting with what is a software vulnerability and what kind of exploitation, existing vulnerability detection methods, correction methods and efforts of best researches in the world relevant to the research area. A plugin will be developed which is capable of intelligently and efficiently detecting the vulnerable source code segment and correcting the source code accurately in the development stage.
  • Thumbnail Image
    PublicationEmbargo
    Comparative analysis of the application of Deep Learning techniques for Forex Rate prediction
    (2019-12-05) Nadarajah, D; Aryal, S; Kasthurirathna, D; Rupasinghe, L; Jayawardena, C
    Forecasting the financial time series is an extensive field of study. Even though the econometric models, traditional machine learning models, artificial neural networks and deep learning models have been used to predict the financial time series, deep learning models have been recently employed to do predictions of financial time series. In this paper, three different deep learning models called Long Short-Term Memory (LSTM), Convolutional Neural Network (CNN) and Temporal Convolution Network (TCN) have been used to predict the United States Dollar (USD) to Sri Lankan Rupees (LKR) exchange rate and compared the accuracy of the models. The results indicate the superiority of CNN model over other models. We conclude that CNN based models perform best in financial time series prediction.
  • Thumbnail Image
    PublicationEmbargo
    Comparative analysis of the application of Deep Learning techniques for Forex Rate prediction
    (IEEE, 2019-12-05) Aryal, S; Nadarajah, D; Kasthurirathna, D; Rupasinghe, L; Jayawardena, C
    Forecasting the financial time series is an extensive field of study. Even though the econometric models, traditional machine learning models, artificial neural networks and deep learning models have been used to predict the financial time series, deep learning models have been recently employed to do predictions of financial time series. In this paper, three different deep learning models called Long Short-Term Memory (LSTM), Convolutional Neural Network (CNN) and Temporal Convolution Network (TCN) have been used to predict the United States Dollar (USD) to Sri Lankan Rupees (LKR) exchange rate and compared the accuracy of the models. The results indicate the superiority of CNN model over other models. We conclude that CNN based models perform best in financial time series prediction.
  • Thumbnail Image
    PublicationEmbargo
    Comparative analysis of the application of Deep Learning techniques for Forex Rate prediction
    (IEEE, 2019-12-05) Aryal, S; Nadarajah, D; Kasthurirathna, D; Rupasinghe, L; Jayawardena, C
    Forecasting the financial time series is an extensive field of study. Even though the econometric models, traditional machine learning models, artificial neural networks and deep learning models have been used to predict the financial time series, deep learning models have been recently employed to do predictions of financial time series. In this paper, three different deep learning models called Long Short-Term Memory (LSTM), Convolutional Neural Network (CNN) and Temporal Convolution Network (TCN) have been used to predict the United States Dollar (USD) to Sri Lankan Rupees (LKR) exchange rate and compared the accuracy of the models. The results indicate the superiority of CNN model over other models. We conclude that CNN based models perform best in financial time series prediction.
  • Thumbnail Image
    PublicationEmbargo
    Comprehensive Forensic Data Extraction and Representation System for Windows Registry
    (IEEE, 2019-12-05) W. De Alwis, C; Rupasinghe, L
    Computer forensics is the process of methodically examining computer media (hard disks, diskettes, tapes, etc.) for evidence. When considering computer forensics, registry forensics plays a vital role because it helps identifying system configurations, application details, user configurations and helps in finding registry malware. Therefore, it is significant to extract this registry information to simplify the investigations for forensic professionals. At present, tools are limited to few commonly used registry information and there is a much border area to cover. Investigators have to manually search for the registries for required artifacts. But the nature and complexity of the registry file structure limits most of the investigators using these registries. Limiting this registry analysis only to the physical registry files and not considering the ability of extraction of registry information from Volatile Memory is another significant issue in registry forensics. Because these tools are only rely on the physical registry files and cannot extract registry artifacts from Volatile Memory. In order to cater to this problem, this research provide a comprehensive solution to registry analysis. This system is capable of extracting registry information from both physical registry files and Volatile Memory.
  • Thumbnail Image
    PublicationEmbargo
    Deepfake audio detection: a deep learning based solution for group conversations
    (IEEE, 2020-12-10) Wijethunga, R. L. M. A. P. C; Matheesha, D. M. K; Noman, A. A; De Silva, K. H. V. T. A; Tissera, M; Rupasinghe, L
    The recent advancements in deep learning and other related technologies have led to improvements in various areas such as computer vision, bio-informatics, and speech recognition etc. This research mainly focuses on a problem with synthetic speech and speaker diarization. The developments in audio have resulted in deep learning models capable of replicating natural-sounding voice also known as text-to-speech (TTS) systems. This technology could be manipulated for malicious purposes such as deepfakes, impersonation, or spoofing attacks. We propose a system that has the capability of distinguishing between real and synthetic speech in group conversations.We built Deep Neural Network models and integrated them into a single solution using different datasets, including but not limited to Urban-Sound8K (5.6GB), Conversational (12.2GB), AMI-Corpus (5GB), and FakeOrReal (4GB). Our proposed approach consists of four main components. The speech-denoising component cleans and preprocesses the audio using Multilayer- Perceptron and Convolutional Neural Network architectures, with 93% and 94% accuracies accordingly. The speaker diarization was implemented using two different approaches, Natural Language Processing for text conversion with 93% accuracy and Recurrent Neural Network model for speaker labeling with 80% accuracy and 0.52 Diarization-Error-Rate. The final component distinguishes between real and fake audio using a CNN architecture with 94 % accuracy. With these findings, this research will contribute immensely to the domain of speech analysis.
  • Thumbnail Image
    PublicationEmbargo
    Deepfake Audio Detection: A Deep Learning Based Solution for Group Conversations
    (IEEE, 2020-12-10) Wijethunga, R. L. M. A. P. C; Matheesha, D. M. K; Noman, A. A; De Silva, K. H. V. T. A; Tissera, M; Rupasinghe, L
    The recent advancements in deep learning and other related technologies have led to improvements in various areas such as computer vision, bio-informatics, and speech recognition etc. This research mainly focuses on a problem with synthetic speech and speaker diarization. The developments in audio have resulted in deep learning models capable of replicating natural-sounding voice also known as text-to-speech (TTS) systems. This technology could be manipulated for malicious purposes such as deepfakes, impersonation, or spoofing attacks. We propose a system that has the capability of distinguishing between real and synthetic speech in group conversations.We built Deep Neural Network models and integrated them into a single solution using different datasets, including but not limited to Urban-Sound8K (5.6GB), Conversational (12.2GB), AMI-Corpus (5GB), and FakeOrReal (4GB). Our proposed approach consists of four main components. The speech-denoising component cleans and preprocesses the audio using Multilayer- Perceptron and Convolutional Neural Network architectures, with 93% and 94% accuracies accordingly. The speaker diarization was implemented using two different approaches, Natural Language Processing for text conversion with 93% accuracy and Recurrent Neural Network model for speaker labeling with 80% accuracy and 0.52 Diarization-Error-Rate. The final component distinguishes between real and fake audio using a CNN architecture with 94 % accuracy. With these findings, this research will contribute immensely to the domain of speech analysis.
  • Thumbnail Image
    PublicationOpen Access
    Development of a Virtual Learning Environment (VLE) During the COVID -19 Pandemic: A Study with special reference to Advanced Technological Institute
    (researchgate.net, 2022-02) Rupasinghe, L; Nowfeek, M. R. M
    In this Covid-19 pandemic, Information and communication technology (ICT) plays a significant role and IT solutions such as the Virtual Learning Environments (VLE) have become vital. In pandemic situation, the Virtual Learning Environment (VLE) integrates many tools to provide higher educational institutions with an effective and efficient method to share, manage, store, and enhance their traditional approach of teaching. The implementation of VLE During the COVID -19 Pandemic has become a need at Advanced Technological institute in the learning and teaching environment. Although there is an increased willingness to its widespread implementation among higher educational institutes in this pandemic situation. The primary goal of this study is to develop a Virtual Learning Environment (VLE) for Advanced Technological Institute during the COVID -19 Pandemic, as well as to identify the existing virtual learning environment status of other higher educational institutes and implement innovative tools in Virtual Learning Environment (VLE) at Advanced Technological Institute in the COVID -19 Pandemic. The conduct of this study involved qualitative method, the finding of the research presented that existing system used only for downloading the notes of lectures. As per the finding, virtual system developed using the following features such as conducing online examination, quizzes, discussion forum and as a new components automatic question generation using natural language processing added to enhance the learning and teaching process. Adobe photoshop for image editing purpose, MySQL for creating database, Apache Web Server, WordPress, Natural Language processing (NLP) for prototype question generation and php for virtual environment development as well as Microsoft Visio for diagram drawing were utilized to develop this system development.
  • Thumbnail Image
    PublicationEmbargo
    A Drone-Based Approach for Deforestation Monitoring
    (IEEE, 2022-12-29) Nuwantha, M. B; Jayalath, C. N; Rathnayaka, M.P; Fernando, D. C; Rupasinghe, L; Chethana, M
    Most importantly the forests play a major role in providing worldwide oxygen and other essentials necessity. Monitoring the forest cover from above the forest canopy level can be easily done by retrieving images from the space satellites. Yet, it’s a great challenge to identify the deforestation as they are more complex. To overcome the complexity, the need of taking images from a considerable height is important. To do this part this research shows that unmanned ariel vehicles as knows as drones can do it conveniently and assist the process accurately. Monitoring the forest cover using drones is accurate but its challenging to break the barriers such as discovering objects and filtrate them to parts to process the correct data to arbitration as output. In this research project planned to design the image processing mechanism to success those mention obstacles to give successful output. To contribute the development of this research project in here using more effective approaches mostly using drones and automated software solution with getting help of less manpower on it. Utilization of the monitoring process is more effective with the real time image processing from the drone footages taken from the targeted site with the help of the software. The research is expecting the final output should be much as effective. Finally, this research project is scoping to track deforestation and we evaluated current literature on drone environmental applications, including forest monitoring, and drew on our own practical experience flying tiny drones to map and monitor tropical forests. Also, this project believes that the use of small drones can assist tropical communities in better managing and conserving the forests, while also benefiting partner organizations, governments, and forest data end-users, particularly those involved in forestry, biodiversity conservation, and climate change.
  • Thumbnail Image
    PublicationEmbargo
    E-commerce (WEB) Application security: Defense against Reconnaissance
    (IEEE, 2016-12-08) Perera, A. C; Kesavan, K; Bannakkotuwa, S. V; Liyanapathirana, C; Rupasinghe, L
    Intrusion Detection/prevention Systems and web application firewalls provide important layer(s) of security for web applications. Even though they are well configured and maintained continually with latest attack signatures and profiles, they often fail when it comes to reconnaissance because the requests of reconnaissance to the web server often take a form of legitimate requests and they are unpredictable. Addition of signatures of reconnaissance or learning legitimate request patterns used to identify reconnaissance are practically infeasible because of the time, resource and performance issues. On the other hand IDS, IPS and WAFs prioritize "attacks" over the "reconnaissance" - thus, it always tends to consider most of the reconnaissance as "events" not "incidents" which enables the adversaries to have a good understanding/profile of the web applications. The goal of this research is to analyze the reconnaissance patterns which can bypass security layers such as IDS/IPS or WAF and providing a solution which can handle the reconnaissance without hindering the performance of the application. The proposed solution is demonstrated as a plugin for a known PHP framework.
  • Thumbnail Image
    PublicationEmbargo
    Emergency Patient Identification System
    (IEEE, 2019-12-05) Sandamal, T; Fernando, N; Jayasinghe, I; Xavier, J; Kuruwitaarachchi, N; Rupasinghe, L
    Emergency patient identification system (EPIS) will enable the more powerful quality system in the health industry. This research study was conducted to develop an EPI system, which is a complete patient-based medical information recording system. This system will help to identify the patients uniquely. Doctors can get patients' latest situation and can make quick decisions to do the treatments in emergencies. To achieve this approach, authors use the patient's fingerprint, face recognition technology, and eye recognition to identify the person. The patient can view his medical records; system reminds the notifications. The system helps the patients in storing and tracking the diet weight, medications, allergies, health history, fitness, lab results, x-rays, blood pressure, ongoing surgeries, drug reminders, doctor visits, doctor's appointments, images and more. The system helps the user in receiving and sending necessary health-related information to the doctors and hospitals. This system has many unique features; an emergency will help to find nearest hospitals. This can add patient's family member's history so it can help to remind his present medical situation. The main system is working on web interface; another part is offered as a mobile application.
  • Thumbnail Image
    PublicationEmbargo
    Enhancing the security of OLSR protocol using reinforcement learning
    (IEEE, 2017-09-14) Priyadarshani, H; Jayasekara, N; Chathuranga, L; Kesavan, K; Nawarathna, C; Sampath, K. K; Liyanapathirana, C; Rupasinghe, L
    Mobile ad-hoc networks are used in various institutions such as the military, hospitals, and various businesses. Due to their dynamic mobile structure-free and self-adaptive nature, they are ideal to be used in emergency situations where the resources available are limited. The wireless range of the devices in the MANET is narrow. In order to communicate with the desired device often times it is necessary to use intermediate devices between the source and the destination. Therefore, it is important to secure sensitive information sent through intermediate devices. OLSR is a widely used MANET routing protocol. Although OLSR protocol has excelled in performance and reliability, it is rather poor in security. In this context, we attempt to improve the security of OLSR protocol with the aid of Q-Learning by selecting trustworthy nodes to forward messages. Behavior of the nodes is used to determine the trust of the nodes.