Tuhin Paul scite author profile

Tuhin Paul

5Publications

21Citation Statements Received

0Citation Statements Given

How they've been cited

How they cite others

Affiliations

Indian Space Research Organisation, Indian Institute of Space Science and Technology, Amrita Vishwa Vidyapeetham University

Publications

Order By: Most citations

Packet Inspection for Unauthorized OS Detection in Enterprises

Tyagi

Paul

Manoj

et al. 2015

IEEE Secur. Privacy

View full text Add to dashboard Cite

Many recent malware implementations employ virtual machines to carry out malicious activities. ese are hard to detect because antivirus software running in the native OS can't detect virtual machines' system states. An approach that uses TCP SYN packets for OS fi ngerprinting can detect the presence of unauthorized OSs.M any modern malware implementations carry out their activities using virtual machines to escape detection from antivirus so ware running on the host OS. 1 is malware can also be used as part of a botnet to transfer information from the infected machine to a command-and-control center. Such malware is hard to detect because the context data and state of the programs run by a virtual machine can't be accessed by antivirus so ware installed on the native OS.Due to increasing OS vulnerabilities, enterprise network administrators must regularly perform OS audits. ese help determine various services running on different systems and identify OSs with aws that might cause vulnerabilities in the enterprise network. Audits also help in con guring network-based intrusion detection systems and maintaining an adaptive enterprise security policy. If OSs' virtual machines di er from the native OSs, these malicious OSs can be identi ed and the infected machines can be cleaned. Although various RFCs specify de nitions and interpretations of different TCP/IP packet elds, 2-7 many fail to specify a standard set of initial values for these elds. As a consequence, developers of various OSs implement the protocol stack with di erent initial values for these elds.Similar to the way a human ngerprint serves as a tool to uniquely identify a person, an OS can be uniquely identi ed on a network by its packet ngerprint. Packet ngerprints are derived from the implementation dissimilarities of various OSs' communication protocols. By analyzing initial values of certain protocol ags, options, packet elds, and data in the packets that a host sends over a network, we can determine the OS installed in a host. If the OS determined from the packet generated by an enterprise host di ers from the original OS installed in the host machine, an unauthorized OS is likely present. An unauthorized OS might have been installed either by a malicious user without obtaining permission from a network administrator or by a virtual machine installed by malware over a native host OS.In this article, we present an approach to passively ngerprint OSs using the information available from TCP packets as well as a system to use this approach to detect unauthorized OSs in an enterprise network. For more information on related work in OS ngerprinting, see the sidebar. Figure 1 shows the outline of our proposed system. e enterprise network connects to the Internet through a rewall that is typically combined with a router. e enterprise router captures outgoing TCP SYN packets from the network, which are forwarded to an OS ngerprinting analyzer that extracts and analyzes their headers. Our OS ngerprinting analyzer applies a Euclidean distance estimation algo...

show abstract

Fast-flux botnet detection from network traffic

Paul

Tyagi

Manoj

et al. 2014

View full text Add to dashboard Cite

Miniaturized High-Power Beam Steering Network Using Novel Nonplanar Waveguide Butler Matrix

Paul

Harinath

Garg

et al. 2021

IEEE Microw. Wireless Compon. Lett.

View full text Add to dashboard Cite

A novel HTTP botnet traffic detection method

Tyagi

Paul

Manoj

et al. 2015

View full text Add to dashboard Cite

X-Band Self Biased MMIC Amplifier Using 250nm GaAs pHEMT Process

Paul

Harinath

Garg

2017

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Tuhin Paul

Packet Inspection for Unauthorized OS Detection in Enterprises

Fast-flux botnet detection from network traffic

Miniaturized High-Power Beam Steering Network Using Novel Nonplanar Waveguide Butler Matrix

A novel HTTP botnet traffic detection method

X-Band Self Biased MMIC Amplifier Using 250nm GaAs pHEMT Process

Contact Info

Product

Resources

About