Research Publications Authored by SLIIT Staff

Permanent URI for this communityhttps://rda.sliit.lk/handle/123456789/4195

This collection includes all SLIIT staff publications presented at external conferences and published in external journals. The materials are organized by faculty to facilitate easy retrieval.

Browse

Filters

2018 - 2019102020 - 20257

Advanced Search

Filter by

Settings

Author: search.filters.author.Abeywardena, K. Y

Search Results

Now showing 1 - 10 of 17
  • Thumbnail Image
    PublicationOpen Access
    Enhancing Organizational Threat Profiling by Employing Deep Learning with Physical Security Systems and Human Behavior Analysis
    (Science and Information Organization, 2025) Senevirathna D.H; Gunasekara W.M.M; Gunawardhana K.P.A.T; Ashra M.F.F; Fernando, H; Abeywardena, K. Y
    Organizations need a comprehensive threat profiling system that uses cybersecurity methods together with physical security methods because advanced cyber-threats have become more complex. The objective of this study is to implement deep learning models to boost organizational threat identification via human behavior assessment and continuous surveillance activities. Our method for human behavior analysis detects insider threats through assessments of user activities that include logon patterns along with device interactions and measurement of psychometric traits. CNN, together with Random Forest classifiers, has been utilized to identify behavioral patterns that indicate security threats from inside the organization. Our model uses labeled datasets of abnormal user behavior to properly differentiate between normal and dangerous user activities with high accuracy. The physical security component improves surveillance abilities through the use of MobileNetV2 for real-time anomaly detection in CCTV video data. The system receives training to detect security breaches and violent and unauthorized entry attempts, and specific security-related incidents. The combination of transfer learning and fine-tuning methodologies enables MobileNetV2 to deliver outstanding security anomaly detection alongside low power requirements, thus it fits into Security Operations Centers operations. Experiments using our framework operate on existing benchmark collection sets that assess cybersecurity, together with physical security threats. Experimental testing establishes high precision levels for detecting insider threats along with physical security violations by surpassing conventional rule-based methods. Security Operation Centers gain an effective modern threat profiling solution through the application of deep learning models. The investigation generates better organization defenses against cyber-physical threats using behavioral analytics together with intelligent surveillance systems.
  • Thumbnail Image
    PublicationOpen Access
    Biometric based digital signature scheme for land registry verification
    (International Journal of Research Publications (, 2018-09-08) Sinthujan, R; Senthilkumaran, S; Pranavan, N; Vijitharan, V; Abeywardena, K. Y
    One of the most common and frequent problem faced by developing countries like Sri Lanka is the management and administration of land properties due to poor land ownership verification mechanisms exercised by government in the sector of land registry department. This leads to cases like land fraudulent, land encroachment, land misuse and land disuse. This research paper states of a biometric based verification scheme for land property management which guarantees the authenticity of land ownership, integrity of land information, and non-repudiation of land transactions. The goal is to generate biometric based asymmetric keys from a personnel’s fingerprint to be used for digitally signing the land registry document and then to verify that signature in a secure way where some of the key procedures must take place within an isolated area like sandbox environment to ensure the security and robustness of the system. Also, there are procedures in place for handling disputes that can be confronted when implementing a land management system with biometric verification procedures. This biometric based verification scheme is not limited only within the boundaries of the land registry domain, but can also be extended and applied as a generic solution for many other similar domains where the verification procedure is vital and a must.
  • Thumbnail Image
    PublicationEmbargo
    SEAMS: A Symmetric Encryption Algorithm Modification System to Resist Power Based Side Channel Attacks
    (Springer, Cham, 2018-11-02) Pathirana, K. P. A. P; Lankarathne, L. R. M. O; Hangawaththa, N. H. A. D. A; Abeywardena, K. Y; Kuruwitaarachchi, N
    Side channel attacks which examine physical characteristics of a cryptographic algorithm, are getting much more popular in present days since it is easier to mount an attack in a short time with only a few hundred dollars’ worth of devices. Sensitive information of a cryptographic module can be easily identified by evaluating the side channel information, such as power consumption, heat and electromagnetic emissions that outputs from the cryptographic device. This creates a huge impact on the security of the cryptographic modules as it is an efficient technique to break cryptographic algorithms by analyzing the patterns of the side channel information without having any specialized knowledge in cryptography. The solution proposed in this paper is an algorithm modification system for symmetric algorithms in order to mitigate side channel attacks. This is achieved by injecting randomness to the algorithm following a comprehensive analysis of power fluctuations that outputs from a given algorithm. In the proposed solution, a hardware device tracks down the patterns in power consumption and analyze those meter readings by utilizing machine learning techniques. As a result of this analysis, it identifies the pattern generating source code positions. System will add random code fragments in to the identified positions in the algorithm without altering the output in order to resist side channel attacks.
  • Thumbnail Image
    PublicationEmbargo
    Intelligent Enterprise Security Enhanced COPE (Intelligent ESECOPE)
    (IEEE, 2018-12-21) Samarathunge, R. D. S. P; Perera, W. P. P; Ranasinghe, R. A. N. I; Kahaduwa, K. K. U. S; Senarathne, A. N; Abeywardena, K. Y
    Mobile devices have come a long way of supporting humans' day to day tasks. Companies from all over the world tend to implement Information Technology (IT) consumerization in their premises in order to attain high productivity as well as employee satisfaction. Bring Your Own Device (BYOD), Corporate Owned Personally Enabled (COPE) and Choose Your Own Device (CYOD) assist to implement IT consumerization according to the organization's requirements. This research looks at the security issues in Corporate Owned Personally Enabled concept. The purpose of this research is to identify major security concerns an organization could have and propose sophisticated yet effective countermeasures. Research components are categorized into four main parts which are web data loss prevention, email data loss prevention, malware identification and malware classification. The information leak can be occurred either deliberately or unintentionally by an individual or a group of individuals in any organization which affects financial status, customer or public security and the reputation. ESECOPE is built with a revived technique that is based on keyword-based search detection to reach the goal. Proposed Implementations consist range of features in data loss prevention such as deep content analysis, secure wiping of sensitive data, encryption of sensitive data. The combination of both machine learning techniques, signature, and behavioral based analysis will be used to craft a tool which is integrated into the system that outputs less false negative results. Apart from identification and classification generation of IT administrator alerts, Quarantine identified malware can be listed as additional features provided by the tool. The platform which supports deploying multiple vulnerability scanning tools together makes the end product unique from other existing COPE solutions provides a vast amount of advantages including mobile device scanning individually or at once, report generation and also it reduces the workload of IT administrator.
  • Thumbnail Image
    PublicationEmbargo
    FIMAA: Four-way Integrated Mobile Authentication API
    (IEEE, 2019-12-05) Kariyawasam, L; Moonamaldeniya, M; Samarawickrama, V; Premalal, S. H; Rupasinghe, L; Abeywardena, K. Y
    In this era of the digital world, mobile device users have been increased to a significant number. This proposed system presents a hybrid authentication approach which can be considered as a combination of silent authentication and input based authentication to enhance mobile security in android mobile applications. A four-way integrated mobile API introduces the gait patterns and location traces as well as the image context and face ID-based emotions of the user. This application silently authenticates the exposed location trace and gait patterns of the user while other ear and emotion inputs will be prompted to end-user accordingly with input authentication.
  • Thumbnail Image
    PublicationEmbargo
    Blockchain based Patients' detail management System
    (IEEE, 2020-12-10) Abeywardena, K. Y; Attanayaka, B; Periyasamy, K; Gunarathna, S; Prabhathi, U; Kudagoda, S
    In the data technology revolution, electronic medical records are a standard way to store patients' information in hospitals. Although some hospital systems using server-based patient detail management systems, they need a large amount of storage to store all the patients' medical reports, therefore affecting the scalability. At the same time, they are facing several difficulties, such as interoperability concerns, security and privacy issues, cyber-attacks to the centralized storage and maintaining adhering to medical policies. Proposed Flexi Medi is a private blockchain based patient detail management system which is expected to address the above problems. Solution proposes a distributed secure ledger to permits efficient system access and systems retrieval, which is secure and immutable. The improved consensus mechanism achieves the consensus of the data without large energy utilization and network congestion. Moreover, Flexi Medi achieves high data security principles based on a combination of hybrid access control mechanism, public key cryptography, and a secure live health condition monitoring mechanism. The proposed solution results in successfully deployed smart contracts according to the roles of the system, real time patient health monitoring with more scalable and access controlled system. The overall objective of this solution is to bring the entire medical industry into a common platform using a decentralized approach to store, share medical details while eliminating the need to maintain printed medical records.
  • Thumbnail Image
    PublicationOpen Access
    Vanguard: A Blockchain-based Solution to Digital Piracy
    (Global Journals, 2021-01-13) Jayasinghe, Y; Abeywardena, K. Y; Munasinghe, T; Mannage, S; Warnasooriya, T; Edirisinghe, G
    Online pirates and Intellectual Property (IP) holders have been in perpetual war over various products like music, movies, software, etc. since the popularity of the Internet. It is estimated that the US entertainment industry loses approximately 29 billion USD every year for pirates. Online piracy has since gone from bad to worse as growing internet users and better broadband connections enable people to share large files freely over the internet. The objective of this research is to investigate the causes and enablers for online piracy in movie industry and to come up with an anti-pirating solution. The primary outcome of the study will consist of a dedicated blockchain based anti-piracy system, ‘Vanguard’. This system will provide all-round piracy protection from a built-in streaming service to a component to actively look through the internet for pirated movies and torrents. This system will greatly deter the piracy of movies since the IP holders can ensure their IP rights through this system and quickly act against illegitimate distribution of their media
  • Thumbnail Image
    PublicationEmbargo
    SentinelPlus: A Cost-Effective Cyber Security Solution for Healthcare Organizations
    (IEEE, 2021-12-09) Janith, K; Iddagoda, R; Gunawardena, C; Sankalpa, K; Abeywardena, K. Y; Yapa, K
    Electronic Protected Health Information (ePHI) has proven to be quite lucrative by cybercriminals due to their long shelf life and multiple possible avenues of monetization. These highly sensitive data has become an easy target for cyber attackers due to the poor cyber resiliency strategies exercised by Healthcare Organizations. The reasoning behind the poor cyber security management in the healthcare sector sums to the collective impact of budgetary restriction, lack of cyber security competency and talent in the domain, prioritizing convenience over security, and various work culture malpractices. Further-more, a substantial number of data breaches in the healthcare sector are known to be caused by human errors, security misconfigurations, and information mismanagement. Secondly, the increasing prevalence of ransomware and botnet attacks has hampered the efficiency and availability of healthcare services. As a result, in order to provide a holistic security mechanism, this paper presents "SentinelPlus," a machine learning-based security management suite.
  • Thumbnail Image
    PublicationEmbargo
    PharmaGo-An Online Pharmaceutical Ordering Platform
    (IEEE, 2022-01-11) Gamage, R. G; Bandara, N. S; Diyamullage, D. D; Senadeera, K. U; Abeywardena, K. Y; Amarasena, N.
    Pharmacy services are a paramount important pillar of health. People must keep social distance due to the COVID-19 pandemic, hence the availability of online services to give medicine is vital. Due to the quarantine measures implemented in and by various countries to prevent the virus’s breaking out and online pharmacies have become an exceptionally popular way to obtain accurate medication. Currently, in Sri Lanka, there are a few mobile applications separately owned by each of the pharmacies to provide online pharmaceutical services for their customers. But all the medicines the customer needs might not be available in a single pharmacy. PharmaGo provides with its cooperation to the customers to get medicines of his necessity at a single pharmacy, as against avoiding him roaming from pharmacy to pharmacy. Similarly, pharmacy owners can read the prescription by using image processing mechanisms and doubtlessly identify the required medicines. In addition, the system analyzes previous sales records and provides predictions regarding the future demand for drugs to the pharmacy owners. PharmaGo includes a highly trained AI-powered medical chatbot to guide the customers throughout the process. PharmaGo provides a reliable platform for both pharmacy users and pharmacists to fulfill the unique needs of pharmacy services.
  • Thumbnail Image
    PublicationEmbargo
    NoFish; total anti-phishing protection system
    (IEEE, 2020-12-10) Atimorathanna, D. N; Ranaweera, T. S; Pabasara, R. A. H. D; Perera, J. R; Abeywardena, K. Y
    Phishing attacks have been identified by researchers as one of the major cyber-attack vectors which the general public has to face today. Although many vendors constantly launch new anti-phishing products, these products cannot prevent all the phishing attacks. The proposed solution, “NoFish” is a total anti-phishing protection system created especially for end-users as well as for organizations. This paper proposes a machine learning & computer vision-based approach for intelligent phishing detection. In this paper, a realtime anti-phishing system, which has been implemented using four main phishing detection mechanisms, is proposed. The system has the following distinguishing properties from related studies in the literature: language independence, use of a considerable amount of phishing and legitimate data, real-time execution, detection of new websites, detecting zero hour phishing attacks and use of feature-rich classifiers, visual image comparison, DNS phishing detection, email client plugin and especially the overall system is designed using a level-based security architecture to reduce the time-consumption. Users can simply download the NoFish browser extension and email plugin to protect themselves, establishing a relatively secure browsing environment. Users are more secure in cyberspace with NoFish which depicts a 97% accuracy level.