Intrusion detection system (IDS) is one of the most important security protection mechanisms. Although many IDS commercial products and research projects exist, we still face a serious problem under current systems, a high false positive rate. We observe that current network IDSs don't make full use of the information available from different levels and points of the protected network, and we argue that the utilization of this information is essential. We introduce a new framework for network IDSs based on a network context awareness (NCA) layer as an additional data source to IDSs. We describe the architecture of NCA and methods of how to extract network information into NCA. A correlation engine is presented that works on alerts generated by a specific IDS system (Snort) and NCA information. Our experimental results using simulated attacks show that our proposed solution significantly reduces the false alarm rate and has the potential to greatly improve the efficacy of detecting novel attacks.
{"title":"A correlative context-based framework for network intrusion detection system","authors":"Ye Wang, H. Abdel-Wahab","doi":"10.1109/ISCC.2005.6","DOIUrl":"https://doi.org/10.1109/ISCC.2005.6","url":null,"abstract":"Intrusion detection system (IDS) is one of the most important security protection mechanisms. Although many IDS commercial products and research projects exist, we still face a serious problem under current systems, a high false positive rate. We observe that current network IDSs don't make full use of the information available from different levels and points of the protected network, and we argue that the utilization of this information is essential. We introduce a new framework for network IDSs based on a network context awareness (NCA) layer as an additional data source to IDSs. We describe the architecture of NCA and methods of how to extract network information into NCA. A correlation engine is presented that works on alerts generated by a specific IDS system (Snort) and NCA information. Our experimental results using simulated attacks show that our proposed solution significantly reduces the false alarm rate and has the potential to greatly improve the efficacy of detecting novel attacks.","PeriodicalId":315855,"journal":{"name":"10th IEEE Symposium on Computers and Communications (ISCC'05)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123899677","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Outlier mining is dedicated to finding data objects, which differ significantly from the rest of the data. Outlier mining has been extensively studied in statistics and recently data mining. However, exploring the Web for outliers has received very little attention in the mining community. Web content outliers are documents with 'varying contents ' compared to similar Web documents taken from the same domain. Mining Web content outliers may lead to the identification of competitors and emerging business patterns in electronic commerce. This paper proposes WCOND-mine algorithm for mining Web content outliers using n-grams without a domain dictionary. Experimental results with embedded motifs show that WCOND-mine is capable of finding Web content outliers from Web datasets.
{"title":"WCOND-mine: algorithm for detecting Web content outliers from Web documents","authors":"Malik Agyemang, K. Barker, R. Alhajj","doi":"10.1109/ISCC.2005.155","DOIUrl":"https://doi.org/10.1109/ISCC.2005.155","url":null,"abstract":"Outlier mining is dedicated to finding data objects, which differ significantly from the rest of the data. Outlier mining has been extensively studied in statistics and recently data mining. However, exploring the Web for outliers has received very little attention in the mining community. Web content outliers are documents with 'varying contents ' compared to similar Web documents taken from the same domain. Mining Web content outliers may lead to the identification of competitors and emerging business patterns in electronic commerce. This paper proposes WCOND-mine algorithm for mining Web content outliers using n-grams without a domain dictionary. Experimental results with embedded motifs show that WCOND-mine is capable of finding Web content outliers from Web datasets.","PeriodicalId":315855,"journal":{"name":"10th IEEE Symposium on Computers and Communications (ISCC'05)","volume":"92 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116007073","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Hyperspectral sensors represent the most advanced instruments currently available for remote sensing of the Earth. The high spatial and spectral resolution of the images supplied by systems like the airborne visible infra-red imaging spectrometer (AVIRIS), developed by NASA Jet Propulsion Laboratory, allows their exploitation in diverse applications, such as detection and control of wild fires and hazardous agents in water and atmosphere, detection of military targets and management of natural resources. Even though the above applications require a response in real time, few solutions are available to provide fast and efficient analysis of these types of data. This is mainly caused by the dimensionality of hyperspectral images, which limits their exploitation in analysis scenarios where the spatial and temporal requirements are very high. In the present work, we describe a new parallel methodology which deals with most of the previously addressed problems. The computational performance of the proposed analysis methodology is evaluated using two parallel computer systems, a SGI Origin 2000 shared memory system located at the European Center of Parallelism of Barcelona, and the Thunderhead Beowulf cluster at NASA's Goddard Space Flight Center.
{"title":"On the use of cluster computing architectures for implementation of hyperspectral image analysis algorithms","authors":"D. Valencia, A. Plaza, P. Martínez, J. Plaza","doi":"10.1109/ISCC.2005.114","DOIUrl":"https://doi.org/10.1109/ISCC.2005.114","url":null,"abstract":"Hyperspectral sensors represent the most advanced instruments currently available for remote sensing of the Earth. The high spatial and spectral resolution of the images supplied by systems like the airborne visible infra-red imaging spectrometer (AVIRIS), developed by NASA Jet Propulsion Laboratory, allows their exploitation in diverse applications, such as detection and control of wild fires and hazardous agents in water and atmosphere, detection of military targets and management of natural resources. Even though the above applications require a response in real time, few solutions are available to provide fast and efficient analysis of these types of data. This is mainly caused by the dimensionality of hyperspectral images, which limits their exploitation in analysis scenarios where the spatial and temporal requirements are very high. In the present work, we describe a new parallel methodology which deals with most of the previously addressed problems. The computational performance of the proposed analysis methodology is evaluated using two parallel computer systems, a SGI Origin 2000 shared memory system located at the European Center of Parallelism of Barcelona, and the Thunderhead Beowulf cluster at NASA's Goddard Space Flight Center.","PeriodicalId":315855,"journal":{"name":"10th IEEE Symposium on Computers and Communications (ISCC'05)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128321684","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Most of the current in-network data processing algorithms are modified regression techniques like multidimensional data series analysis. In our opinion, several algorithms developed within the artificial neural-networks tradition can be easily adopted to wireless sensor network platforms and meet the requirements for sensor networks like: simple parallel-distributed computation, distributed storage, data robustness and auto-classification of sensor readings. Lower communication costs and energy savings can be obtained as a consequence of the dimensionality reduction achieved by the neural-networks clustering algorithms. In this paper we present three possible implementations of the ART and FuzzyART neural-networks algorithms, which are unsupervised learning methods for categorization of the sensory inputs. They are tested on a data obtained from a set of several motes, equipped with several sensors each. Results from simulations of deliberately made faulty sensors show the data robustness of these architectures.
{"title":"Distributed data processing in wireless sensor networks based on artificial neural-networks algorithms","authors":"A. Kulakov, D. Davcev","doi":"10.1109/ISCC.2005.52","DOIUrl":"https://doi.org/10.1109/ISCC.2005.52","url":null,"abstract":"Most of the current in-network data processing algorithms are modified regression techniques like multidimensional data series analysis. In our opinion, several algorithms developed within the artificial neural-networks tradition can be easily adopted to wireless sensor network platforms and meet the requirements for sensor networks like: simple parallel-distributed computation, distributed storage, data robustness and auto-classification of sensor readings. Lower communication costs and energy savings can be obtained as a consequence of the dimensionality reduction achieved by the neural-networks clustering algorithms. In this paper we present three possible implementations of the ART and FuzzyART neural-networks algorithms, which are unsupervised learning methods for categorization of the sensory inputs. They are tested on a data obtained from a set of several motes, equipped with several sensors each. Results from simulations of deliberately made faulty sensors show the data robustness of these architectures.","PeriodicalId":315855,"journal":{"name":"10th IEEE Symposium on Computers and Communications (ISCC'05)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126116181","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We revisit the question of how much buffer an IP router should allocate for its droptail FIFO link. For a long time, setting the buffer size to the bitrate-delay product has been regarded as reasonable. Recent studies of interaction between queueing at IP routers and TCP congestion control offered alternative guidelines. First, we explore and reconcile contradictions between the existing rules. Then, we argue that the problem of link buffer sizing needs a new formulation: design a buffer sizing algorithm that accommodates needs of all Internet applications without engaging IP routers in any additional signaling. Our solution keeps network queues short: set the buffer size to 2L datagrams, where L is the number of input links. We also explain how end systems can utilize the network effectively despite such small buffering at routers.
{"title":"Link buffer sizing: a new look at the old problem","authors":"Sergey Gorinsky, A. Kantawala, J. Turner","doi":"10.1109/ISCC.2005.93","DOIUrl":"https://doi.org/10.1109/ISCC.2005.93","url":null,"abstract":"We revisit the question of how much buffer an IP router should allocate for its droptail FIFO link. For a long time, setting the buffer size to the bitrate-delay product has been regarded as reasonable. Recent studies of interaction between queueing at IP routers and TCP congestion control offered alternative guidelines. First, we explore and reconcile contradictions between the existing rules. Then, we argue that the problem of link buffer sizing needs a new formulation: design a buffer sizing algorithm that accommodates needs of all Internet applications without engaging IP routers in any additional signaling. Our solution keeps network queues short: set the buffer size to 2L datagrams, where L is the number of input links. We also explain how end systems can utilize the network effectively despite such small buffering at routers.","PeriodicalId":315855,"journal":{"name":"10th IEEE Symposium on Computers and Communications (ISCC'05)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125360667","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The availability of powerful personal computers and high bandwidth home connectivity is changing the way users cooperate and exchange information on the network. Peer to peer computing is becoming a common paradigm for many distributed applications, allowing for extensive resource sharing and direct communication among peers. Recently, the wide spreading of new wireless communication technologies and personal computing devices, enables the adoption of the P2P paradigm also in mobile environments. However, several questions arise when trying to develop such systems: existing solutions do not address all the requirements of these environments. In this paper we present a framework to develop mobile applications which exploits the P2P paradigm: it is designed to work on J2ME enabled mobile devices, interacting with each other in an ad-hoc fashion. The designed framework is also interoperable with JXTA, a well-known P2P open platform.
{"title":"A JXTA compliant framework for mobile handheld devices in ad-hoc networks","authors":"Mario Bisignano, G. Modica, O. Tomarchio","doi":"10.1109/ISCC.2005.12","DOIUrl":"https://doi.org/10.1109/ISCC.2005.12","url":null,"abstract":"The availability of powerful personal computers and high bandwidth home connectivity is changing the way users cooperate and exchange information on the network. Peer to peer computing is becoming a common paradigm for many distributed applications, allowing for extensive resource sharing and direct communication among peers. Recently, the wide spreading of new wireless communication technologies and personal computing devices, enables the adoption of the P2P paradigm also in mobile environments. However, several questions arise when trying to develop such systems: existing solutions do not address all the requirements of these environments. In this paper we present a framework to develop mobile applications which exploits the P2P paradigm: it is designed to work on J2ME enabled mobile devices, interacting with each other in an ad-hoc fashion. The designed framework is also interoperable with JXTA, a well-known P2P open platform.","PeriodicalId":315855,"journal":{"name":"10th IEEE Symposium on Computers and Communications (ISCC'05)","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121885688","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The aim of this paper is to provide measurement results of data transmission over symmetrical DSL out of all DSL technologies. The paper looks at the symmetrical services with virtual private network (VPN) connections, security and end-to-end quality of service (QoS), thus offering a guideline to service providers and end-users to select the services that best suite their needs. CPEs based on the symmetrical DSL technology are widely deployed, however there are no published results of their performance measurements. Our aim is to fill these gaps, as the work of benchmarking DSL modems with different protocol stacks is of interest to network operators. This article reports upon benchmarking results, i.e., presents a series of measurement results of five CPEs using symmetrical DSL lines for connection to the central office. Throughput, IP packet latency and IP packet-loss statistics of these transceivers are analyzed and compared. Bridged, routed, and PPP configurations are investigated in details. The overhead due to L2TP tunneling, IP security and encryption is measured in case of one modem. FTP file transfer performance is shown for all different protocol stacks. Finally, the maximum distance (loop reach rate) vs. line transmission rate is also indicated for each tested equipments.
{"title":"Benchmarking symmetrical DSL modems with different protocol stacks","authors":"S. Székely, S. Kis","doi":"10.1109/ISCC.2005.38","DOIUrl":"https://doi.org/10.1109/ISCC.2005.38","url":null,"abstract":"The aim of this paper is to provide measurement results of data transmission over symmetrical DSL out of all DSL technologies. The paper looks at the symmetrical services with virtual private network (VPN) connections, security and end-to-end quality of service (QoS), thus offering a guideline to service providers and end-users to select the services that best suite their needs. CPEs based on the symmetrical DSL technology are widely deployed, however there are no published results of their performance measurements. Our aim is to fill these gaps, as the work of benchmarking DSL modems with different protocol stacks is of interest to network operators. This article reports upon benchmarking results, i.e., presents a series of measurement results of five CPEs using symmetrical DSL lines for connection to the central office. Throughput, IP packet latency and IP packet-loss statistics of these transceivers are analyzed and compared. Bridged, routed, and PPP configurations are investigated in details. The overhead due to L2TP tunneling, IP security and encryption is measured in case of one modem. FTP file transfer performance is shown for all different protocol stacks. Finally, the maximum distance (loop reach rate) vs. line transmission rate is also indicated for each tested equipments.","PeriodicalId":315855,"journal":{"name":"10th IEEE Symposium on Computers and Communications (ISCC'05)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128247482","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Multicasting enables efficient usage of network resources in applications that require group communication. In addition to the well known multicast applications, new communication technologies that can benefit from multicast keep emerging. A recent example are the various types of virtual private network (VPN) applications that carry customer traffic over public networks creating the illusion of a private network for each customer. Still, due to the difficulty of aggregating multicast destination addresses, multicasting suffers from the forwarding state scalability problems. In this work we investigate how the problem of multicast state scalability re-emerges in the VPN setting and how it can be effectively addressed there using the MPLS label based forwarding paradigm.
{"title":"Reducing the forwarding state requirements of point-to-multipoint trees using MPLS multicast","authors":"G. Apostolopoulos, Ioana Ciurea","doi":"10.1109/ISCC.2005.132","DOIUrl":"https://doi.org/10.1109/ISCC.2005.132","url":null,"abstract":"Multicasting enables efficient usage of network resources in applications that require group communication. In addition to the well known multicast applications, new communication technologies that can benefit from multicast keep emerging. A recent example are the various types of virtual private network (VPN) applications that carry customer traffic over public networks creating the illusion of a private network for each customer. Still, due to the difficulty of aggregating multicast destination addresses, multicasting suffers from the forwarding state scalability problems. In this work we investigate how the problem of multicast state scalability re-emerges in the VPN setting and how it can be effectively addressed there using the MPLS label based forwarding paradigm.","PeriodicalId":315855,"journal":{"name":"10th IEEE Symposium on Computers and Communications (ISCC'05)","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114618672","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A shared communication medium is characterized by multiple entities that use this medium by reading and writing from and to it. Write operations on the shared communication medium must be coordinated and collision-avoidance schemes are one technique to achieve this; for example time-division multiple access (TDMA). Common solutions for TDMA include descriptive tables or algorithm-based client/server mechanisms. Yet, they are all limited in their expressiveness: at the beginning of the communication period at most one write operation can be scheduled for a specific time slot. In this work, we propose a system that allows for scheduling several write operations for the same time slot but guarantee that at most one will be performed though. It does not deal with scheduling algorithms per se, it deals with describing and implementing a computed schedule. The consequences of this added expressiveness allow for parallel and stateful communication schedules merged and serialized in an ad-hoc way. The contribution is the proposed more-expressive yet still value and time-deterministic way of describing communication schedules for time-triggered communication plus a description of its implementation in an interpreter implemented as infrastructure in RTLinuxPro.
{"title":"Describing multidimensional schedules for media-access control in time-triggered communication","authors":"S. Fischmeister","doi":"10.1109/ISCC.2005.48","DOIUrl":"https://doi.org/10.1109/ISCC.2005.48","url":null,"abstract":"A shared communication medium is characterized by multiple entities that use this medium by reading and writing from and to it. Write operations on the shared communication medium must be coordinated and collision-avoidance schemes are one technique to achieve this; for example time-division multiple access (TDMA). Common solutions for TDMA include descriptive tables or algorithm-based client/server mechanisms. Yet, they are all limited in their expressiveness: at the beginning of the communication period at most one write operation can be scheduled for a specific time slot. In this work, we propose a system that allows for scheduling several write operations for the same time slot but guarantee that at most one will be performed though. It does not deal with scheduling algorithms per se, it deals with describing and implementing a computed schedule. The consequences of this added expressiveness allow for parallel and stateful communication schedules merged and serialized in an ad-hoc way. The contribution is the proposed more-expressive yet still value and time-deterministic way of describing communication schedules for time-triggered communication plus a description of its implementation in an interpreter implemented as infrastructure in RTLinuxPro.","PeriodicalId":315855,"journal":{"name":"10th IEEE Symposium on Computers and Communications (ISCC'05)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126732864","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
An opto-electronic three-stage packet switch architecture is described that plays to the strengths of electronics as a memory technology and to photonics as a communications technology whilst accommodating the relatively slow reconfiguration of current transparent photonic switch technology. The configuration of the photonic centre stage is found by solving an edge-colouring problem on a bipartite graph defined by the traffic. This is simple to implement and the calculation need be repeated only if there are persistent variations in the statistical pattern of the arriving traffic. A major bottleneck is removed by dispensing with a per-time slot scheduler; at the price of only a modest spatial speed-up, which is easy to provide with photonic technology. The architecture and method have been verified by simulation using simple traffic models that capture the non-stationary and bursty nature of real traffic.
{"title":"Flexible bandwidth provision in a sectored packet switch with an optical core","authors":"S. A. Paredes, Srija Srivastava, T. Hall","doi":"10.1109/ISCC.2005.72","DOIUrl":"https://doi.org/10.1109/ISCC.2005.72","url":null,"abstract":"An opto-electronic three-stage packet switch architecture is described that plays to the strengths of electronics as a memory technology and to photonics as a communications technology whilst accommodating the relatively slow reconfiguration of current transparent photonic switch technology. The configuration of the photonic centre stage is found by solving an edge-colouring problem on a bipartite graph defined by the traffic. This is simple to implement and the calculation need be repeated only if there are persistent variations in the statistical pattern of the arriving traffic. A major bottleneck is removed by dispensing with a per-time slot scheduler; at the price of only a modest spatial speed-up, which is easy to provide with photonic technology. The architecture and method have been verified by simulation using simple traffic models that capture the non-stationary and bursty nature of real traffic.","PeriodicalId":315855,"journal":{"name":"10th IEEE Symposium on Computers and Communications (ISCC'05)","volume":"158 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124493285","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: