Do not follow where the path may lead; go instead where there is no path and leave a trail. - Ralph Waldo Emerson

Dr. Tirthankar Ghosh

Dr. Tirthankar Ghosh joined the University of West Florida Center for Cybersecurity in August 2018 as the Associate Director and Professor. Dr. Ghosh has an M.S. and Ph.D. in Computer and Electrical Engineering, and he has been active in cybersecurity education and research since 2005. Previous to joining UWF, Dr. Ghosh spent 13 years at St. Cloud State University in Minnesota as a faculty member, developing and leading their cybersecurity curricula. Dr. Ghosh has been active in obtaining grants, both from industry and government, and collaborating with the private and public sectors in providing training and workforce development.

Professional Blog

LinkedIn

Do not follow where the path may lead; go instead where there is no path and leave a trail. - Ralph Waldo Emerson

Education
  • Ph.D. – Electrical Engineering
    • Florida International University, Miami, FL, USA, 2005
  • M.S. – Computer Engineering
    • Florida International University, Miami, FL, USA, 2002
  • B.E. – Electrical Engineering
    • Jadavpur University, Kolkata, India, 1994
Research

Research interests:

  • Network Anomaly Detection
  • Network Behavior Profiling
  • Industrial Control Systems Security


Current and past projects:

Organizational role-based extrusion detection model with profile migration

Developed a model by combining role-based and individual-based profiles, and designed and implemented an algorithm to detect deviations. Four parameters were chosen to represent the profiles, two for each profile: CPU and memory utilization for the individual profile, and the number of processes and network connections for the role-based profile. The deviation is measured by the Kullback-Leibler (K-L) divergence. A prototype of the model was tested with three users belonging to three different roles. The model was divided into three phases: the learning phase, the profile creation phase, and the detection phase. The learning phase described how the data was gathered and saved to create user profiles. The profile creation phase described how individual and role-based baseline profiles were created. Lastly, the detection phase was designed to detect extrusions in real time by measuring deviation from baseline profiles. A profile migration scheme was proposed to import user profiles at various login locations. The project was conducted in the security research lab created with funds from DoD/NSA, and results were published as a journal article in the Transactions on Networks and Communication published by Society of Science and Education (UK).

 

Multi-hop WirelessHART network on a real-life testbed

This project was funded by Emerson Process Management, and was conducted in the embedded systems and wireless sensor network research lab established with funds from Emerson. Advances in WirelessHART standard in industrial control systems have led to performance evaluation and security analysis in both real-world testbeds as well as in controlled lab environments. In this project, months-long experiments with WirelessHART network in a multi-hop setting were conducted in our laboratory. Latency, stability, and reliability were used as metrics to measure performance of individual links and the overall network for five hops and seven hops. We deliberately deviated from following the best practices in designing the topology to study network performance under strained conditions. In addition to using metrics as defined in WirelessHART literature, network stability over multiple hops with single paths was also studied. Our findings showed that having at least one low stability link can have an impact on multi-hop stability, while still maintaining a very high overall network reliability of 99.98% or higher. Details of the experiment along with results and lessons learned was published in the Transactions on Networks and Communications, Society of Science and Education in February 2018.

 

Multi-Stage Detection Technique for DNS-Tunneled Botnets

Botnet communications are obfuscated within legitimate network protocols to avoid detection and remediation. Domain Name Service (DNS) is a protocol of choice to hide communication with Command & Control (C&C) servers, where botmasters tunnel these communications within DNS request and response. Since botnet communications are characterized by different features, botmasters may evade detection methods by modifying some of these features. This project created a multi-staged detection approach for Domain Generation Algorithm (DGA) using domain fluxing, Fast Flux Service Network (FFSN), and encrypted DNS tunneled-based botnets using Zeek (previously called BRO) Network Security Monitor. This approach was able to detect DNS-tunneled botnet communications by analyzing different techniques used to find C&C servers, and also using signature matching technique to detect DNS-tunneled SSH handshake between bots and C&C servers. Results were presented in the CATA 2019 conference in Honolulu, Hawaii.

 

Currently exploring the following areas:

  • Human behavior side of cybersecurity, specifically exploring the possibility of studying the antecedent-behavior-consequence model of cybercriminals.
  • Network anomaly detection using proactive threat hunting utilizing the MITRE ATT&CK Framework.
  • Development of scenario-based learning tools and assessment mapping to NIST NICE knowledge, skills, abilities, and competencies.

 

Publications
  • Multi-stage Detection Techniques for DNS-based Botnets using Bro Scripting, in Proc. of CATA-2019, Honolulu, HI, USA, March 18-20, 2019.
  • Tactics Techniques and Procedures to Augment Cyber Threat Intelligence: A Comprehensive Survey – presented at the ISACA 2019Cybersecurity and Technology Summit (CATS), September 2019.
  • Performance Evaluation of Multi-hop WirelessHART Network on a Real-life Testbed. Transactions on Networks and Communications, Society of Science and Education, vol 6(1), Feb 2018.
  • Security by Practice: Exercises in Network Security and Information Assurance, Lulu Publishing Services, ISBN: 978-1-4834-6165-6, December 2016.
  • An Organizational Role-based Extrusion Detection Model with Profile Migration. Transactions on Networks and Communications, Society of Science and Education, vol 2(5), 2014.
  • Experimenting with Watchdog Implementation on a Real-life Ad-Hoc Network: Monitoring Selfish Behavior. Innovations and Advances in Computer Information Systems, Science, and Engineering (Part 1) by Elleithy, K. and Sobh, T. (ed). Springer. ISBN 978-1-46143534-1, pp 255-266, 2013. (Initial results presented in the International Joint Conferences on Computer, Information, and Systems Sciences, and Engineering (CISSE ’11), December 3-12, 2011).
  • Analyzing Operating Systems’ Behavior to Crafted Packets – Proc. of the International Joint Conferences on Computer, Information, and Systems Sciences, and Engineering (CISSE ’12), December 7-9, 2012.
  • Wireless Body Area Network for Healthcare: A Survey. International Journal of Ad hoc, Sensor & Ubiquitous Computing (IJASUC ), vol. 3(3), June 2012.
  • Advances and Challenges of Wireless Body Area Networks for Healthcare Applications. Proc. of International Conference on Computing, Networking and Communications, Hawaii, USA, Jan 30 – Feb 2, 2012.
  • Modeling Trust in Wireless Ad-Hoc Networks. Novel Algorithms and Techniques in Telecommunications and Networking, by T. Sobh (Ed.). Springer, DOI:1007/978-90-481-3662-9_37, pp. 217-221, 2010.(Initial results presented in the International Joint Conferences on Computer, Information, and Systems Sciences, and Engineering (CISSE ’08), December 5-13, 2008).
  • Routing Table Instability in Real-world Ad-Hoc Network Testbed. Advances in Computer and Information Science and Engineering, by Sobh, T. (Ed). Springer, ISBN 978-1-4020-8740-0, 2008. (Also presented in International Joint Conferences on Computer, Information, and Systems Sciences, and Engineering (CISSE ’07).
  • A Framework for Computing Trust in Mobile Ad Hoc Networks. Mobile and Wireless Network Security and Privacy, by Makki, K., et al (Eds.). Springer, ISBN: 978-0-387-71057-0. July 2007.
  • Security and Privacy for Mobile and Wireless Networks (co-authored with Reiher P, et al.). Mobile and Wireless Network Security and Privacy, by Makki, K., et al (Eds.). Springer, ISBN: 978-0-387-71057-0 July 2007.
  • A Framework for Computing Trust in Mobile Ad Hoc Networks. Proceedings of NSF International Workshop on Research Challenges in Security and Privacy for Mobile and Wireless Networks (WSPWN ’06), held in conjunction with the Applied Computational Electromagnetics Society Conference, March 15-16, Miami, Florida, 2006.
  • Towards Designing a Trusted Routing Solution in Mobile Ad Hoc Networks. ACM Journal “Mobile Networks and Applications (MONET)”, ISSN: 1383-469X, volume 10, number 6, pp: 985 – 995, December 2005.
  • An Overview of Security Issues for Multihop Mobile Ad Hoc Networks. IEC Publications; Network Security: Technology Advances, Strategies, and Change Drivers, ISBN: 0-931695-25-3, 2004.
  • Collaborative Trust-based Secure Routing Against Colluding Malicious Nodes in Multi-hop Ad Hoc Networks. Proceedings of the 29th IEEE Annual Conference on Local Computer Networks (LCN), Nov 16-18, Tampa, USA, 2004.
  • Collaborative Trust-based Secure Routing in Multihop Ad Hoc Networks (co-authored with Pissinou, N.). Proceedings of The Third IFIP-TC6 Networking Conference (Networking '04): Springer Verlag, Series: Lecture Notes in Computer Science, Vol. 3042, pp. 1446 - 1451, Athens, Greece, May 9-14, 2004.
Community Leadership
  • Co-founder of Minnesota Cyber Careers Consortium (MnC3), a state-wide cybersecurity initiative.
  • Co-founder of Greater St Cloud Cybersecurity Consortium, a consortium partnering with Greater St Cloud Development Corporation, DEED, local employers, and five school districts.
  • ABET reviewer for Cybersecurity and Computer Science.
  • Participated in NSF proposal review panels in 2015, 2016, and 2017.
  • Organized three workshops on MN Women in Cybersecurity, each in 2015, 2016, and 2017. Planning for the next on in 2018 to be held on April 21, 2018.
  • Organized MN Day of Cyber with high school and middle school students at the Science Museum of Minnesota on December 16, 2017.
  • Worked as General Chair in WiBAN 2012, International Workshop on Wireless Body Area Networks for mHealth, held in Maui, Hawaii, Jan 30- Feb 2, 2012 Invited to be the Session Chair in IEEE Globecom 2010, Miami, FL, December 6 – 10, 2010.
  • Participated in and invited to lead a discussion session in Oxford Round Table, Oxford, U.K., July 19-24, 2009.
  • Organized the workshop in the International Conference on Scalable Information Systems (Infoscale 2006), Hong, Kong, May 29 – June 1 2006.