Research Collaborations

Academic and research collaboration is a very valuable tool that not only accelerates the progress but also enhances the quality of the work and extends the repertoire of the partners. Academic collaboration is beneficial to the faculty in learning new teaching tools, and to the students in increasing the breadth of their knowledge and learning different approaches to solving a problem. I have got many opportunities to work collaboratively with senior professors, scientists and brilliant students from various prestigious national and international institutes as part of continuing my master research work. This collaborative environment and activities have taught me various research approaches which uplifted me to contribute significant research results in the field of information security and forensics. Following is the listing of research institutes where I am associated with.

1. Resource Center for Cyber Forensics (RCCF)
2. Centre for Development of Advanced Computing (CDAC) Trivandram
3. National Institute of Technology, Karnataka (NITK), Surathkal
4. Information Security Research Lab (ISRL),
5. Adi Shankara Institute of Engineering and Technology (ASIET), Cochin, Kerala
6. Prince Sattam Bin Abdulaziz University (PSAU), Kingdom of Saudi Arabia.

Title of Research Work: Digital Forensic Exploration Framework for Email & Instant Messaging Applications
 
Abstract

Email applications are foremost and extensively used electronic communication methods in this era of information explosion. These applications are generally used to exchange of information using several frontend applications from various service providers by its users. Most of the Email clients have now moved to a secured platform using SSL or TLS security for their communications. Cybercriminals and terrorists have also started using this mode of exchanging information for their malevolent transactions. Forensic investigators face greater difficulty and many challenges in tracing crucial forensic information as well as in regenerating actual message from network packets as communication is encrypted end-to-end from such communication sessions. These challenges seriously affect in procuring substantial evidence against such criminals from their working environments. This paper introduces a vibrant forensic exploration and architectural framework, which not only decrypt any communication or network session but also reconstruct actual message contents of webmail applications. The proposed framework can be effectively used in proxy servers and individual computers and aims to perform forensic reconstruction followed by the analysis of webmail clients. This forensic framework is equipped with high-speed packet capturing hardware, a well-designed packet-manipulating algorithm; brilliantly regenerates message contents over regular as well as SSL encrypted SMTP, POP3 protocols and catalyze forensic presentation procedure for prosecution of cyber criminals by producing solid evidence of their transactions in accordance with court of law of specific countries.

    • Year: 2016-2017
    • Place of Development and Execution: Prince Sattam Bin Abdulaziz University-Kingdom of Saudi Arabia,
    • Status: Finished
Title of Research Work: Level Based Anomaly Detection of MR Images of Brain

Abstract

Medical imaging technology plays a crucial role in the visualization and analysis of the human body with unprecedented accuracy and resolution. Analyzing the multimodal for disease-specific information across patients can reveal important similarities between patients, hence their underlying diseases and potential treatments. Classification of MR brain images as normal or abnormal with information about the level at which it lies is a very important task for further processing, which is helpful for the diagnosis of diseases. This paper focuses on the abnormality detection of brain MR images using search and retrieval technique performed on similar anatomical structure images. Similar anatomical structure images are retrieved using the Modified Local Binary Pattern (MOD-LBP) features of the query and target images and the level of the image is identified. The query image is compared with images in the same level and classification is done using the SVM classifier. The result reveals that the classification accuracy is improved significantly when the query image is compared with similar anatomical structure images.

    • Year: 2015-2016
    • Place of Development and Execution: ASIET Kalady.
    • Status: Completed
  • Publications:

Abraham Varghese, Manesh T,  “Level-Based Anomaly Detection of Brain MR Images Using Modified Local Binary Pattern” International Symposium on Intelligent Systems Technologies and Applications (ISTA’15), Springer . Aug 2015 Cochin. Indexing expecting in ISI Thomson Reuters, Scopus, Google Scholar, etc.

Download from Springer

Title of Research Work:   Developing Network Forensic Investigation Tool of FTP and Peer-to-Peer Protocols

Abstract

Network forensics is the process of capturing information that moves over a network and trying to gather forensic information from it. It is an art of discovery and retrieval of information about network events. Present networks carry a large volume of data as network packets, so managing the storage of packets, categorizing, analyzing and subsequent packet processing are found to be tedious processes in forensic investigation. This project aims to introduce an integrated technique to be used for inspecting, reordering and reconstructing the contents of packets in a network session for the forensic investigation of file transfer protocols like FTP and P2P. A typical network forensic investigation process should observe the stored packet information when suspicious activity is reported. The process should collect adequate supporting evidence from stored packets by recreating the original data, files, and messages sent or received by each user. Thus suspicious user activities can be found by monitoring the packets in offline. The proposed method can be used for reordering packets and reconstructing the files or documents to execute forensic investigation and to create necessary evidence against any illegal network-related events. Hence the proposed method helps in content level analysis of packets passing through the network based on FTP and P-2-P protocols and reports any deceptive network activities in such environments.

    • Year: 2010-2012
    • Place of Development and Execution: NITK Surathkal, Resource Center for Cyber Forensics (RCCF),
    • Status: Completed
  • Publications:

Manesh T, B. Brijith, and Mahendra Prathap Singh, “An Improved Approach towards Network forensic Investigation  of HTTP and FTP Protocols”, International Conference on Parallel, Distributed Computing technologies and Applications, Springer (Tirunelveli), September 2011

Download From Springer

Title of Research Work:  Developing Network Forensic Investigation Tool for P2P Protocol

Abstract

Online sharing of digital assets have now become common in the internet by its increased number of users over a decade drastically. There are many online sharing resources which offer huge storage. These facilities tend the internet users to upload and download pirated software, movies and other similar digital assets which violates all copyrights. The P2P protocol is working behind such online sharing websites and resources. The cyber cell is very active now in various parts of the country to trace and fraudulent sharing of files when reported. So it is necessary to have an efficient mechanism to find the actual content which is being uploaded or downloaded from a particular machine as part of network forensic investigation. Usually, P2P websites and services are blocked in enterprises and educational institutions to avoid sharing of unwanted digital assets and also to increase internet bandwidth. The proposed novel technique is based on network forensics which can be used for content level observation of P2P Bit Torrent protocol and regenerate original malicious content or session between malicious users for their prosecution in the court.

    • Year: 2013-2014
    • Place of Development and Execution: ASIET Kalady. Resource Center for Cyber Forensics (RCCF),
    • Status: Completed
  • Publications:

Manesh T, M Mohammed T , “Forensic Investigation Framework for P2P Protocol”  in an IEEE  International Conference on Control, Instrumentation, Communication & Computational Technologies held at Nural  Islam Univesrity, Nagorcoil, Tamilnadu,India, July 2014

Download from IEEE

Title of Research Work:  Forensic Investigation Framework for Tracing and Reporting Digital Crimes in Computer Networks

Abstract

The forensic investigation in computer networks is the process of capturing information that moves over a network and trying to gather some forensic information from it and also called network forensics. It is an art of discovery and retrieval of information about network events. Present networks carry a large volume of data as network packets, so managing the storage of packets, categorizing, analyzing and subsequent packet processing are found to be tedious processes in forensic investigation. This research work aims to introduce an integrated technique to be used for inspecting, reordering and reconstructing the contents of packets in a network session for forensic investigation of protocols for Email (SMTP, POP3, and IMAP), Webmail (Gmail and Yahoo), Chat and Instant Messaging (MSN, Google Talk and ICQ), Video upload and download stream using HTTP, Upload and download sessions using SFTP, Content retrieval from Skype Conversation and VoIP protocols.  A typical network forensic investigation process should observe the stored packet information when suspicious activity is reported. The process should collect adequate supporting evidence from stored packets by recreating the original data, files, and messages sent or received by each user. Thus suspicious user activities can be found by monitoring the packets in offline. The proposed research work is also targeting in developing an efficient network packet reconstruction algorithm to execute forensic investigation functionalities and to create necessary evidence against any illegal network-related events. Hence the proposed methodology in the research helps in content level analysis of packets passing through the network and reports any deceptive network activities in computing environments suitable for enterprises and institutions. The expected experimental results of the proposed framework might improve the performance of network forensic investigation in terms of packet reordering and reconstruction time and in handling a wide range of protocols.

    • Year: 2014-2015
    • Place of Development and Execution: PSAU  -Kingdom of Saudi  Arabia. 
    • Status: Completed
  •  
  •  
  • Publications                                                                                                      Manesh T, Muhemmed  ” VoIP Forensic Framework” published in International Journal of Advanced Computer Science and Applications (ISI Thomson Reuters indexed), Vol 1, Issue 1, Feb 2016

 Download from IJACSA

Title of Research Work:  Developing Network Forensic Investigation Tool  Skype  Communication

Abstract

Skype is a secure internet telephonic application which establishes a connection between its clients through a peer-to-peer architecture. The connection between Skype client to its server and other clients uses an encrypted channel that uses Transport Layer Security (TLS) protocol. At the same time, the connection between Skype client and Public Switch Telephone Network (PSTN) gateway is accomplished through the unencrypted digital channel using Voice over Internet Protocol (VoIP). The encrypted channels in Skype communication make forensic analysis frameworks to work badly in decrypting the traffic and procuring critical forensic details of the network stream against intruders and cybercriminals. Furthermore, policy violations and unbound usage of Skype VoIP communication over PSTN users waste the network bandwidth. Here we propose a sophisticated Skype forensic framework that collects forensic information by decrypting the Skype client-server communication along with recreating voice content in the Skype to PSTN VoIP communication. We also propose an efficient packet reconstruction algorithm powered by time stamping technique for regenerating malicious content from payloads of the Skype network stream followed by supporting the prosecution of policy violators and cyber criminals in the court of law.

    • Year: 2014-2015
    • Place of Development and Execution: Prince Sattam Bin Abdulaziz University-Kingdom of Saudi Arabia, Resource Center for Cyber Forensics (RCCF),
    • Status: Completed
  • Publications:

Manesh T,  “Forensic Framework for Skype Communication” , International Symposium on Intelligent Systems Technologies and Applications (ISTA’15), Springer . Aug 2015 Cochin

Download from Springer

Title of Research Work:  SQL Injection Attack Detection and Mitigation

Abstract

Web applications are becoming an important part of our daily life. So attacks against them also increase rapidly. Of these attacks, a major role is held by SQL injection attacks (SQLIA). This paper proposes a new method for preventing SQL injection attacks in JSP web applications. The basic idea is to check before execution, the intended structure of the SQL query. For this, we use semantic comparison. Our focus is on stored procedure attack in which query will be formed within the database itself and so difficult to extract that query structure for validation.

    • Year: 2013-2014
    • Place of Development and Execution: Resource Center for Cyber Forensics (RCCF), ASIET Kalady.
    • Status: Completed
  • Publications:

Mannadan S, Manesh, T; Paul, Varghese, “A Method Of Detecting SQL Injection Attack To Secure Web Applications”  in International Journal of Intelligent Systems Design and Applications during Nov- 2012 (IJDPS) Vol.3, No.6,pp 1-8,DOI : 10.5121/ijdps.2012.3601 November 2012

Download from IJDPS

Title of Research Work:  SQL Injection Attack Solutions

Abstract

Web applications are becoming an important part of our daily life. So attacks against them also increases rapidly. Of these attacks, a major role is held by SQL Injection Attacks (SQLIA). This attack is launched through specially crafted user inputs and target web applications that used backend databases. Characteristics feature of this attack is that, it will change the intended query structure. To avoid this type of attack, the best solution is to do not allow user to enter any part of the SQL query directly. In work, we describe SQL Injection attack, various types and a detailed review of its solution techniques.

    • Year: 2013-2014
    • Place of Development and Execution:  RCCF CDAC Trivandram, ASIET  Kalady.
    • Status: Completed
  • Publications:

Mannadan S, Manesh, T, Varghese Paul, “SQL Injection Attack Solutions: A Review”, in International Journal of Scientific & Engineering         Research, Volume 4, Issue 8,ISSN 2229-5518, August 2013.

Download from International Journal of Scientific & Engineering Research

Title of Research Work:  Image Authentication Techniques 

Abstract

Image hashing is an authentication technique which constructs a short sequence from the image to represent its contents. This method proposes an image hash which is generated from local features such as Haralick features and MOD-LBP features and global features such as luminance and chrominance characteristics of the image which are computed from Zernike moments. Sender generates the hash from image features and attaches it with the image to be sent. The hash is analyzed at the receiver to examine whether the image is authentic or not. The proposed method detects image forgery and locates the forged regions of the image. The proposed hash is robust to common content preserving modifications such as JPEG image compression, addition of noise, brightness and contrast adjustments, scaling, slight rotation and small cropping and it is sensitive to malicious manipulations. The performances of the hashes generated from each local feature combined with global features, and both local features combined with global features are analyzed.

    • Year: 2013-2014
    • Place of Development and Execution:  PSAU-Kingdom of Saudi Arabia, ASIET Kalady.
    • Status: Completed
  • Publications:

Abraham Varghese, Manesh T, “Image Authentication by Content Preserving Robust Image Hashing Using Local and Global Features” , International Conference on Information and Communication Technologies (Elsevier Procedia Computer Science ) at CUSAT, Cochin , Dec 2014

Download from Elsevier

Title of Research Work:  Developing Network Forensic Investigation Tool for HTTPS Protocol

Abstract

Nowadays a large amount of personal and business transactions are done electronically through secured internet communication with HTTPS Protocol. The internet offers computer users access to a wealth of information and reaches into the heart of many organizations. In this context, there are many possibilities for having different malicious activities or attacks that may occur through the HTTPS protocol. Usually, it is very difficult to see or recreate HTTPS network sessions to verify its content as part of the forensic analysis. Network analysts must be able to see and test the packet data when malicious network usage is identified and produce actual session by recreating the original data between users as part of forensic analysis. So we need an efficient forensic system to perform this kind of content analysis. The proposed novel technique can be used for content level observation of HTTPS protocol and regenerate original malicious HTTPS session between users for network forensic investigations.

    • Year: 2011-2012
    • Place of Development and Execution: RCCF CDAC Trivandram, ASIET  Kalady.
    • Status: Completed
  • Publications:

Manesh T , Bhraguram T M, R Rajaram, Bhadran V K ,”Network Forensic Investigation of HTTPS  Protocol”, International Journal Modern Research(IJMER) during OCT 2013

Download from IJMER