Abstract: The present disclosure a method for data regulations-aware cloud storage and processing service allocation. Conventional approaches fail to address the technical problem of data placement for storage as well as processing, considering multiple criteria. Further, the conventional approaches fail to address compliance with data regulations, tier pricing policy for multiple Cloud Service Providers (CSPs) which impacts storage and processing center selection and constraint satisfaction. The present disclosure proposes a joint optimization model for the selection of storage and processing services from multiple cloud service providers, taking into practical consideration of data regulations and tiered pricing, which has not been addressed in the prior art. To solve this hard multi-objective combinatorial optimization problem, the present disclosure utilizes a cost-reduction-based algorithm for obtaining optimal solution.

Abstract: This disclosure relates generally to data anonymization using clustering techniques. In Typically, data anonymization using global recoding can overgeneralize the data. However, preservation of information while anonymization the data is of equal importance as obscuring the relevant information that can be used by the attackers. The disclosed method and system utilized attribute taxonomy tree for generalization to optimize the generalization of the records. The disclosed method uses clustering-based approach and after clustering, each cluster is solved independently using ILP model for K-Anonymization. The ILP model is solved by generalizing the value of the attributes. Sometimes, even after clustering the number of possible patterns is large, thus the disclosed method generates patterns on the fly during multiple iterations.

Abstract: The disclosure relates to sequencing of asset segments of privacy policies. The asset segments are sequenced based on a set of constraints. In an embodiment the asset segments are sequenced using a set of pre-defined predecessors and a set of pre-defined successors of each asset segment through a feasible sequence generation technique and a sequence generation technique based on the constraints, wherein the constraints are preferences associated with the source entity and the target entity. Hence the disclosure bridges a communication gap between the source entity and the target entity by optimally displaying the most relevant privacy policy (mapped to the asset segments) based on the constraints associated with the source entity and the target entity. Further the disclosed system also determines a violation factor that represents a conflict between the preferences associated with the source entity and the target entity.

Abstract: This disclosure relates generally to system and method for assessing insider influence on enterprise assets. Existing work focuses on the detection of insider threat and does not consider the influence of an insider on their peers and subordinates. The present disclosure aggregates and preprocesses the enterprise data specific to the individuals received from various sources, and further creates an enterprise graph between entities. Weights of every edge connected between any two entities in the enterprise graph is then calculated. Community of the individuals are detected wherein, relevant insider(s) are identified, and susceptibility of the individuals for probable influence by relevant insider(s) based on the analysis scenarios(s) is calculated. Paths taken by the relevant insider(s) is calculated for estimating probability of data loss.

Abstract: This disclosure relates generally to system and method for classification of sensitive date using federated semi-supervised learning. Federated learning has emerged as a privacy-preserving technique to learn one or more machine learning (ML) models without requiring users to share their data. In federated learning, data distribution among clients is imbalanced resulting with limited data in some clients. The method includes extracting a training dataset from one or more data sources and pre-processing the training dataset into a machine readable form based on associated data type. Further, a federated semi-supervised learning model is iteratively trained based on a model contrastive and distillation learning to classify sensitive data from the unlabeled dataset. Then, sensitive data from a user query is received as input which are classified using the federated semi-supervised learning model.

Abstract: This disclosure relates generally to data anonymization and more particular y risk-aware data anonymization. Conventional data anonymization systems either replace PII/sensitive attributes with random values or shuffles them, that causes huge data distortion affecting the data utility. The goal of publishing data is best achieved when privacy is balanced with utility of data, Moreover, to ensure privacy, assessing the risk of disclosure is important. The proposed system provides a pipeline for analysis of data patterns to understand the associated risk level of re-identification of records. Further, based on the identified risks with the records the system anonymizes the data following a pattern based anonymization approach wherein data is clustered and for each cluster distinct patterns are identified such that the information loss is minimal.

Abstract: This disclosure relates generally to online learning against data poisoning attack. Conventional methods used data sanitization techniques for online learning against data poisoning attack. However, these methods do not remove poisoned data points from training dataset completely. Embodiments of the present disclosure method provide an influence based defense method for secure online learning against data poisoning attack. The method initially filters a subset of poisoned data points in the training dataset for training a machine learning model using data sanitization technique. Further the method computes an influence of the data points and performs an influence minimization based on a predefined threshold. Updated data points for the learning model are generated and used for training the machine learning model. The disclosed method can be used against data poisoning attacks in applications such as spam filtering, malware detection, recommender system and so on.

Abstract: Data-driven applications depend on training data obtained from multiple internal and external data sources. Hence poisoning of the training data can cause adverse effects in the data driven applications. Conventional methods identifies contaminated test samples and avert them from entering into the training. A generic approach covering all data-driven applications and all types of data poisoning attacks in an efficient manner is challenging. Initially, data aggregation is performed after receiving a ML application for testing. A plurality of feature vectors are extracted from the aggregated data and a poisoned data set is generated. A plurality of personas are generated and are further prioritized to obtain a plurality of attack personas. Further, a plurality of security assessment vectors are computed for each of the plurality of attack personas. A plurality of preventive measures are recommended for each of the plurality of attack personas based on the corresponding security assessment vector.

Abstract: Phishing attacks cause financial frauds and credential thefts. The conventional blacklist, whitelist and Machine Learning (ML) based methods fail to provide an accurate detection of phishing attacks. The present disclosure provides a layered approach wherein a URL domain name is compared with blacklist domains and whitelist domains. Further, the URL undergoes Internet Protocol (IP) address checking followed by context checking. A clicked context is verified based on the number of search results from a popular search engine. Otherwise, the typed context is checked for non-ASCII characters in the domain name. Further, the URL is checked for any brand name. Further, the domain is checked for any misspelling. Further, the URL is examined using a Machine Learning (ML) model. Finally, the URL is classified as phishing if a number hits in a popular search engine is less. Here a phishing alert is generated in each layer based on the corresponding decision.

Abstract: Protecting consumer data is a key responsibility of an organization. The method of protection need to compare the data with policy documents. Ontology and a threshold to select an optimal match plays a key role in such comparison. The conventional automatic threshold computation methods are complex and not based on semantic similarity. The present disclosure generates an Entity Relationship (ER) model from an input document and is converted into a first ontology. The first ontology and a second ontology obtained from a relational database are compared by an ontology matching algorithm. Further, the plurality of many to many correspondences are optimized to one to one correspondence by an optimization method. Further, a plurality of optimal one to one correspondence is generated based on a threshold. The threshold is computed based on symmetric and transitive property. Further, semantically similar entities are selected based on the optimal one to one correspondence.

Abstract: Existing data residency compliance techniques suffer from inherent drawbacks to discover the spread of data, understanding the data residency regulations and semantics behind them and most importantly placement of data in cloud datacenters such that it is data residency compliant. Embodiments herein provide a method and system for optimizing placement of data to a cloud datacenter complying data residency regulations. The system selects one serving cloud datacenter for a user center. The selection considers three conflicting objectives such as minimum data placement cost, provide good quality of service (i.e. latency) and to comply with data residency regulations. The system essentially covers data residency compliance problem in three phases namely, violation detection, decision support and recommendation.

Abstract: This disclosure relates to method and system for secure scheduling of workflows and virtual machine utilization in cloud. Scheduling of tasks in workflow comprises of heterogeneous and interdependent computational tasks. The method receives a set of workflows comprising of one or more heterogeneous tasks. Further, a set of parameters are extracted from each heterogeneous task to select a set of optimal VM type combination parameters and a set of security level combination parameters. The method selects the optimized combination of VM types, security service levels and task order. Further, a workflow schedule is generated for the tasks of the selected VM type combinations. The method further performs optimal selection of VM types and security services, with efficient schedule generation, and effectively reuses VM with reduced overall cost without delay in make span. Additionally, the method enhances security model with accurate risk estimation.

Abstract: The present disclosure provides a federated learning based identification of non-malicious classification models where the conventional model fails to perform. Initially, the system receives a local classification model from each of a plurality of clients. Further, a set of one-dimensional arrays are obtained based on a plurality of local classification models associated with the plurality of clients using a flattening technique. Further, a major cluster and a minor cluster are obtained by clustering the set of one-dimensional arrays using a clustering technique. After clustering, a plurality of active classification models are selected based on the major cluster and the minor cluster using an epsilon cluster selection technique. Further, a global classification model is selected from the plurality of active models using a random selection technique. Finally, the selected global classification model is transmitted to each of the plurality of clients.

Abstract: Conventionally, biometric template protection has been achieved to improve matching performance with high levels of security by use of deep convolution neural network models. However, such attempts have prominent security limitations mapping information of images to binary codes is stored in an unprotected form. Given this model and access to the stolen protected templates, the adversary can exploit the False Accept Rate (FAR) of the system. Secondly, once the server system is compromised all the users need to be re-enrolled again. Unlike conventional systems and approaches, present disclosure provides systems and methods that implement encrypted deep neural network(s) for biometric template protection for enrollment and verification wherein the encrypted deep neural network(s) is utilized for mapping feature vectors to a randomly generated binary code and a deep neural network model learnt is encrypted thus achieving security and privacy for data protection.

Abstract: The disclosure relates to a method and a system for sequencing asset segments of privacy policy using optimization techniques. The asset segments are sequenced based on several constraints associated with preferences of a source entity and a target entity. Further the disclosure also determines a target entity violation factor that represents a conflict between the preferences associated with the source entity and the target entity. In an embodiment the disclosed method and system optimally sequences the plurality of asset segments using several optimization techniques that include a basic sequence generation technique, a source entity sequence optimizing technique and a target entity sequence optimizing technique considering constraints. Hence the disclosure bridges a communication gap between several stakeholders by optimally displaying the most relevant privacy policy (mapped to the asset segments) considering the constraints or preferences associated with both the source entity and the target entity.

Abstract: The disclosure herein describes a method and a system for providing data privacy based on customized cookie consent. The proposed customized cookie consent system enables user's data privacy by facilitating the user to customize a plurality of features for each individual cookie, wherein a cookie is customized for multiple features that includes a consent and expiry customization, a drill down at individual cookie, an online masking unmasking cookie data—an offline masking-unmasking cookie data, a consent lineage and a data subject rights for cookie data that further include data access, data portability, right to erasure based on machine learning techniques. Further the customized cookie consent system also provides recommendation for data privacy and obscured cookies using machine learning techniques.

Abstract: Finding optimal solutions to Web Service Location Allocation Problem (WSLAP) using exhaustive algorithms and exact approaches is not practical. Computational time required to solve WSLAP using exact approaches increases exponentially with the problem size. The disclosure herein generally relates to service deployment, and, more particularly, to a method and system for web service location allocation and virtual machine deployment. The system identifies a plurality of web-services that are associated with the WSLAP and then decomposes the WSLAP to a plurality of sub-problems. For each sub-problem, the system determines at least one non-dominating solution, which are then merged to generate the solution for the WSLAP. The generated solution to the WSLAP can be used for perform Virtual Machine (VM) deployment under uncertainties, using a stochastic approach, wherein the uncertainties refer to dynamic change in requirements in terms of parameters such as but not limited to configuration, and cost.

Abstract: This disclosure relates generally to data anonymization using clustering techniques. In Typically, data anonymization using global recoding can overgeneralize the data. However, preservation of information while anonymization the data is of equal importance as obscuring the relevant information that can be used by the attackers. The disclosed method and system utilized attribute taxonomy tree for generalization to optimize the generalization of the records. The disclosed method uses clustering-based approach and after clustering, each cluster is solved independently using ILP model for K-Anonymization. The ILP model is solved by generalizing the value of the attributes. Sometimes, even after clustering the number of possible patterns is large, thus the disclosed method generates patterns on the fly during multiple iterations.

Abstract: Several data breaches are occurring in organizations due to insecure handling security-sensitive data. Conventional methods utilize static analysis tools and fail to capture all security vulnerabilities. The present disclosure identifies a security vulnerability by analyzing a source code. Initially, a System Dependence Graph (SDG) associated with the source code is received. Forward slicing is performed on the SDG and a plurality of forward function nodes are obtained. A plurality of security parameters associated with the security-sensitive variable are obtained. A backward slicing is performed based on a plurality of security parameters to obtain a plurality of backward function nodes. Further, a plurality of common function nodes is obtained from the plurality of forward and the backward function nodes and utilized to generate a plurality of enumerated paths. The enumerated paths are evaluated to obtain a plurality of feasible paths and are further analyzed to identify security vulnerability.

Abstract: This disclosure relates generally to data anonymization and more particular y risk-aware data anonymization. Conventional data anonymization systems either replace PII/sensitive attributes with random values or shuffles them, that causes huge data distortion affecting the data utility. The goal of publishing data is best achieved when privacy is balanced with utility of data, Moreover, to ensure privacy, assessing the risk of disclosure is important. The proposed system provides a pipeline for analysis of data patterns to understand the associated risk level of re-identification of records. Further, based on the identified risks with the records the system anonymizes the data following a pattern based anonymization approach wherein data is clustered and for each cluster distinct patterns are identified such that the information loss is minimal.