Pub Date : 2018-11-01DOI: 10.1109/CANDARW.2018.00057
Guillaume Carel, Ryunosuke Isshiki, Takuya Kusaka, Y. Nogami, Shunsuke Araki
The development of the autonomous driving and the connected services severely increase security threats on old automotive technologies that are still present on-board vehicles since the long incremental process were employed. For example, the Controller Area Network (CAN) bus, which was standardized in 1991, can be connected to modern Linux embedded computer nodes where evil attacker might be able to exploit a vulnerability on the nodes. However, it is not easy to implement countermeasures on the CAN bus, since the strict requirements and limited performances of CAN specification. That is one of the major reason for the new standard CAN Flexible Data-rate (CAN FD) has been released in 2012 by Bosch to fill the gap between these challenges and the CAN protocol. In this research, a new simple authentication protocol for CAN FD is proposed, and the protocol is evaluated by experiments. The results show that the proposed protocol prevents infected nodes from usurping identity of a critical node and forge messages, with practical computational complexity on modern low-power embedding boards.
{"title":"Design of a Message Authentication Protocol for CAN FD Based on Chaskey Lightweight MAC","authors":"Guillaume Carel, Ryunosuke Isshiki, Takuya Kusaka, Y. Nogami, Shunsuke Araki","doi":"10.1109/CANDARW.2018.00057","DOIUrl":"https://doi.org/10.1109/CANDARW.2018.00057","url":null,"abstract":"The development of the autonomous driving and the connected services severely increase security threats on old automotive technologies that are still present on-board vehicles since the long incremental process were employed. For example, the Controller Area Network (CAN) bus, which was standardized in 1991, can be connected to modern Linux embedded computer nodes where evil attacker might be able to exploit a vulnerability on the nodes. However, it is not easy to implement countermeasures on the CAN bus, since the strict requirements and limited performances of CAN specification. That is one of the major reason for the new standard CAN Flexible Data-rate (CAN FD) has been released in 2012 by Bosch to fill the gap between these challenges and the CAN protocol. In this research, a new simple authentication protocol for CAN FD is proposed, and the protocol is evaluated by experiments. The results show that the proposed protocol prevents infected nodes from usurping identity of a critical node and forge messages, with practical computational complexity on modern low-power embedding boards.","PeriodicalId":329439,"journal":{"name":"2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW)","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131677031","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-11-01DOI: 10.1109/CANDARW.2018.00062
Wilbert Jethro R. Limjoco, N. Tiglao
Battery-operated Wireless Sensor Networks (WSNs) deployed in wide and remote areas are difficult to maintain as replacing their batteries in such scenarios is a daunting task. Thus, there is a need to make use of self-sustaining energy harvesting sensor nodes. However, the Routing Protocol for Low Power and Lossy Networks (RPL), the de facto standard routing protocol for WSNs, assumes that there is a constant supply of energy for all sensors, and that it does not use energy as its routing metric. Therefore, there is a need to modify RPL to factor in energy in its routing metric to improve the network lifetime. This study addresses this problem by dynamically converting the energy level of a node into an additive penalty to the ETX metric used by RPLs Minimum Rank Hysteresis Objective Function (MRHOF). RPL is modeled using a modified version of the Bellman-Ford algorithm. Assuming we use a lossless channel and we implement aggressive parent-switching, we have found out in our analytical model simulations that the Average Charge Cycle times and Time of First Node Death increase up to 2.5 times longer as compared to standard RPL for a simple, four node diamond topology. There is also the consequence of child nodes being disconnected from the network due to the energy balancing in the parent nodes, which lowers the total Packet Delivery Ratio up to 10% lower than standard RPL for the simple diamond topology. However, this is balanced out by the increase in Sending Rate of the parent nodes by up to 20% due to longer lifetimes. Thus, the total number of packets received from the entire network is up to 8% higher for the experiment topology.
{"title":"An Analytical Model of Energy-Aware RPL for Wireless Sensor Networks","authors":"Wilbert Jethro R. Limjoco, N. Tiglao","doi":"10.1109/CANDARW.2018.00062","DOIUrl":"https://doi.org/10.1109/CANDARW.2018.00062","url":null,"abstract":"Battery-operated Wireless Sensor Networks (WSNs) deployed in wide and remote areas are difficult to maintain as replacing their batteries in such scenarios is a daunting task. Thus, there is a need to make use of self-sustaining energy harvesting sensor nodes. However, the Routing Protocol for Low Power and Lossy Networks (RPL), the de facto standard routing protocol for WSNs, assumes that there is a constant supply of energy for all sensors, and that it does not use energy as its routing metric. Therefore, there is a need to modify RPL to factor in energy in its routing metric to improve the network lifetime. This study addresses this problem by dynamically converting the energy level of a node into an additive penalty to the ETX metric used by RPLs Minimum Rank Hysteresis Objective Function (MRHOF). RPL is modeled using a modified version of the Bellman-Ford algorithm. Assuming we use a lossless channel and we implement aggressive parent-switching, we have found out in our analytical model simulations that the Average Charge Cycle times and Time of First Node Death increase up to 2.5 times longer as compared to standard RPL for a simple, four node diamond topology. There is also the consequence of child nodes being disconnected from the network due to the energy balancing in the parent nodes, which lowers the total Packet Delivery Ratio up to 10% lower than standard RPL for the simple diamond topology. However, this is balanced out by the increase in Sending Rate of the parent nodes by up to 20% due to longer lifetimes. Thus, the total number of packets received from the entire network is up to 8% higher for the experiment topology.","PeriodicalId":329439,"journal":{"name":"2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW)","volume":"68 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128793334","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-11-01DOI: 10.1109/CANDARW.2018.00014
Takahiro Tomita, Jia Lee, T. Isokawa, F. Peper, N. Kamiura, T. Yumoto
This paper presents a cellular automaton-based model for a mechanical computer called 'Turing Tumble' computer. This computer uses mechanical reactions of a ball flowing down and mechanical components (such as gear and ramp) that are configured on the board, for its computation. A group of cells, called a supercell, is defined in the proposed model in order to represent simultaneous state transition of cells for implementing a chain reaction of connected gears. A small element with its memory called Converter is shown for an illustrative example on this model.
{"title":"Cellular Automaton Model for Turing Tumble Mechanical Computer","authors":"Takahiro Tomita, Jia Lee, T. Isokawa, F. Peper, N. Kamiura, T. Yumoto","doi":"10.1109/CANDARW.2018.00014","DOIUrl":"https://doi.org/10.1109/CANDARW.2018.00014","url":null,"abstract":"This paper presents a cellular automaton-based model for a mechanical computer called 'Turing Tumble' computer. This computer uses mechanical reactions of a ball flowing down and mechanical components (such as gear and ramp) that are configured on the board, for its computation. A group of cells, called a supercell, is defined in the proposed model in order to represent simultaneous state transition of cells for implementing a chain reaction of connected gears. A small element with its memory called Converter is shown for an illustrative example on this model.","PeriodicalId":329439,"journal":{"name":"2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123835091","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-11-01DOI: 10.1109/CANDARW.2018.00088
Hiroki Ogawa, Eiji Takimoto, Koichi Mouri, S. Saito
A Third-Party Library(TPL) is often used in developing Android applications, however older TPLs may have vulnerabilities. Hence developers need to keep them in their applications the latest version. Nevertheless, there is a lot of applications using older TPLs. In this paper, we propose a new method which users enable to update TPLs in Android applications. An Android application and TPLs can be converted to smali file which is more of an assembly based language. A smali file can be replaced with another smali file on the same class. Our method takes advantage of its properties and exchanges a vulnerable TPL for an security fixed one. Moreover, we apply it to real applications and evaluate feasibility of it.
{"title":"User-Side Updating of Third-Party Libraries for Android Applications","authors":"Hiroki Ogawa, Eiji Takimoto, Koichi Mouri, S. Saito","doi":"10.1109/CANDARW.2018.00088","DOIUrl":"https://doi.org/10.1109/CANDARW.2018.00088","url":null,"abstract":"A Third-Party Library(TPL) is often used in developing Android applications, however older TPLs may have vulnerabilities. Hence developers need to keep them in their applications the latest version. Nevertheless, there is a lot of applications using older TPLs. In this paper, we propose a new method which users enable to update TPLs in Android applications. An Android application and TPLs can be converted to smali file which is more of an assembly based language. A smali file can be replaced with another smali file on the same class. Our method takes advantage of its properties and exchanges a vulnerable TPL for an security fixed one. Moreover, we apply it to real applications and evaluate feasibility of it.","PeriodicalId":329439,"journal":{"name":"2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW)","volume":"104 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115162520","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-11-01DOI: 10.1109/CANDARW.2018.00053
Kazunori Mikami, K. Ono, J. Nonaka
The computational performance of scientific applications on HPC systems is often much lower than user expectation based on the system's maximum performance specifications. To understand the basis for this performance gap, a multi-perspective evaluation is important. For instance, from the user perspective, correlating the theoretical computation coded as a source program with the actual computation workload produced by the compilers is valuable. From the system perspective, evaluating the characteristics of microarchitecture elements such as processor core and memory is of significance. An open source library called PMlib was developed to address these types of synthetic evaluations. PMlib provides an avenue for reporting the arithmetic/application workload explicitly coded in the source program, as well as the actually executed system workload. It also provides detailed utilization reports of processor-specific hardware including the categorized SIMD instruction statistics, the layered cache hit/miss rate, and the effective memory bandwidth, which are captured via hardware performance counters (HWPC). Using PMlib, users can conduct a synthetic analysis of application performance, and obtain useful feedback for further optimized execution of applications.
{"title":"Performance Evaluation and Visualization of Scientific Applications Using PMlib","authors":"Kazunori Mikami, K. Ono, J. Nonaka","doi":"10.1109/CANDARW.2018.00053","DOIUrl":"https://doi.org/10.1109/CANDARW.2018.00053","url":null,"abstract":"The computational performance of scientific applications on HPC systems is often much lower than user expectation based on the system's maximum performance specifications. To understand the basis for this performance gap, a multi-perspective evaluation is important. For instance, from the user perspective, correlating the theoretical computation coded as a source program with the actual computation workload produced by the compilers is valuable. From the system perspective, evaluating the characteristics of microarchitecture elements such as processor core and memory is of significance. An open source library called PMlib was developed to address these types of synthetic evaluations. PMlib provides an avenue for reporting the arithmetic/application workload explicitly coded in the source program, as well as the actually executed system workload. It also provides detailed utilization reports of processor-specific hardware including the categorized SIMD instruction statistics, the layered cache hit/miss rate, and the effective memory bandwidth, which are captured via hardware performance counters (HWPC). Using PMlib, users can conduct a synthetic analysis of application performance, and obtain useful feedback for further optimized execution of applications.","PeriodicalId":329439,"journal":{"name":"2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW)","volume":"212 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133797930","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-11-01DOI: 10.1109/CANDARW.2018.00035
Masao Yamamoto, Kohta Nakashima, Toshihiro Yamauchi, A. Nagoya, H. Taniguchi
To detect the performance anomaly of a computer, as a structure for continuous performance profiling, decentralization of the performance profiling system using virtual machines has been proposed. Moreover, there have already been evaluation results reported regarding overhead, including data storing, and data sampling stall time. On the other hand, for continuous performance profiling, the continuous processing of performance profiling is needed, including not only data sampling and data storing but also analysis processing. Therefore, first, this paper describes a relationship condition among data sampling time, data storing time, and analysis processing time as the necessary condition for continuous performance profiling on a decentralized performance profiling system. Second, in order to satisfy the relationship condition, we propose a concurrent operation technique as the acceleration method of analysis processing for a decentralized performance profiling system. Finally, this paper presents quantitative evaluations of the proposed method, including the case of a multi-VMM environment.
{"title":"Acceleration of Analysis Processing on Decentralized Performance Profiling System Using Virtual Machines","authors":"Masao Yamamoto, Kohta Nakashima, Toshihiro Yamauchi, A. Nagoya, H. Taniguchi","doi":"10.1109/CANDARW.2018.00035","DOIUrl":"https://doi.org/10.1109/CANDARW.2018.00035","url":null,"abstract":"To detect the performance anomaly of a computer, as a structure for continuous performance profiling, decentralization of the performance profiling system using virtual machines has been proposed. Moreover, there have already been evaluation results reported regarding overhead, including data storing, and data sampling stall time. On the other hand, for continuous performance profiling, the continuous processing of performance profiling is needed, including not only data sampling and data storing but also analysis processing. Therefore, first, this paper describes a relationship condition among data sampling time, data storing time, and analysis processing time as the necessary condition for continuous performance profiling on a decentralized performance profiling system. Second, in order to satisfy the relationship condition, we propose a concurrent operation technique as the acceleration method of analysis processing for a decentralized performance profiling system. Finally, this paper presents quantitative evaluations of the proposed method, including the case of a multi-VMM environment.","PeriodicalId":329439,"journal":{"name":"2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128033720","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-11-01DOI: 10.1109/CANDARW.2018.00015
Jia Lee, F. Peper, K. Leibnitz
Asynchronous cellular automata (ACAs) allow cells to change their states independently at random times. Nevertheless, whenever a cell is activated for state transition, its new state is decided by the state of the cell itself, together with the current states of all neighboring cells. This implies that the cell, from being activated till undergoing a transition, must access every neighbor to acquire their present states and complete all communications in due time. In this paper, we formalize a novel type of ACAs which use asynchronous communicating protocol to exchange states between neighboring cells. This enables a cell in the ACA to change the state based on some preceding states, rather than the current states, of each neighboring cell.
{"title":"Formalization of Asynchronous Cellular Automata Using Asynchronous Protocol for Communications","authors":"Jia Lee, F. Peper, K. Leibnitz","doi":"10.1109/CANDARW.2018.00015","DOIUrl":"https://doi.org/10.1109/CANDARW.2018.00015","url":null,"abstract":"Asynchronous cellular automata (ACAs) allow cells to change their states independently at random times. Nevertheless, whenever a cell is activated for state transition, its new state is decided by the state of the cell itself, together with the current states of all neighboring cells. This implies that the cell, from being activated till undergoing a transition, must access every neighbor to acquire their present states and complete all communications in due time. In this paper, we formalize a novel type of ACAs which use asynchronous communicating protocol to exchange states between neighboring cells. This enables a cell in the ACA to change the state based on some preceding states, rather than the current states, of each neighboring cell.","PeriodicalId":329439,"journal":{"name":"2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125626350","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-11-01DOI: 10.1109/CANDARW.2018.00070
H. Mori
The most important elements in a massive VLSI parallel network are the component of networks. The key in the network is to execute the communication between a lot of nodes faultlessly while securing the scalability. Small World Network is a network which allows communication between two arbitrary nodes where hopping over a small number of nodes is possible, in a network with a huge number of nodes. Each connection path is selected as follows: The first node in the sequence is selected by a random number system by the node, under some constraints, such as choosing the smallest average passing length, or having a large clustering coefficient. There are a lot of examples of the small world network in action today, such as the neuronal connection, the metabolic pathway, social networks, and airline routes. A feature of small-world networks is that average path length is small. Thus the small-world network falls between regular and random networks. We introduced a parallel VLSI architecture featuring a random connection in Small World Network. The lower blocks are used for computation and the upper block is used for connection between every lower block. Both the upper block and lower blocks are randomly rewired using small world connection to get the shortest paths between all node pairs. In general, a link fault might negatively affect network dependability such as the no. of faulty network components, and also negatively affect network scalability such as the segmentation of the entire system, and the no. of faulty network segments. We concluded that small world connection helps to prevent the tendency to have faults.
超大规模集成电路并行网络中最重要的元件是网络组件。网络的关键是在保证可扩展性的同时,保证大量节点之间的通信的无故障执行。小世界网络(Small World Network)是一种网络,它允许任意两个节点之间的通信,其中在具有大量节点的网络中,可以跳过少量节点。每条连接路径的选择方式如下:序列中的第一个节点,在一定的约束条件下,如选择最小的平均传递长度,或具有较大的聚类系数,由节点以随机数系统选择。现在有很多关于小世界网络的例子,比如神经元连接、代谢途径、社会网络和航线。小世界网络的一个特点是平均路径长度很小。因此,小世界网络介于规则网络和随机网络之间。介绍了小世界网络中随机连接的并行VLSI架构。下面的块用于计算,上面的块用于连接每个下面的块。使用小世界连接随机重新连接上下块,以获得所有节点对之间的最短路径。一般情况下,链路故障会对网络的可靠性造成负面影响。故障的网络组件,也会对网络的可扩展性产生负面影响,如整个系统的分段,以及网络的不稳定性。故障网段。我们的结论是,小世界的联系有助于防止犯错的倾向。
{"title":"Fault Tolerance of Small World Network Architecture","authors":"H. Mori","doi":"10.1109/CANDARW.2018.00070","DOIUrl":"https://doi.org/10.1109/CANDARW.2018.00070","url":null,"abstract":"The most important elements in a massive VLSI parallel network are the component of networks. The key in the network is to execute the communication between a lot of nodes faultlessly while securing the scalability. Small World Network is a network which allows communication between two arbitrary nodes where hopping over a small number of nodes is possible, in a network with a huge number of nodes. Each connection path is selected as follows: The first node in the sequence is selected by a random number system by the node, under some constraints, such as choosing the smallest average passing length, or having a large clustering coefficient. There are a lot of examples of the small world network in action today, such as the neuronal connection, the metabolic pathway, social networks, and airline routes. A feature of small-world networks is that average path length is small. Thus the small-world network falls between regular and random networks. We introduced a parallel VLSI architecture featuring a random connection in Small World Network. The lower blocks are used for computation and the upper block is used for connection between every lower block. Both the upper block and lower blocks are randomly rewired using small world connection to get the shortest paths between all node pairs. In general, a link fault might negatively affect network dependability such as the no. of faulty network components, and also negatively affect network scalability such as the segmentation of the entire system, and the no. of faulty network segments. We concluded that small world connection helps to prevent the tendency to have faults.","PeriodicalId":329439,"journal":{"name":"2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW)","volume":"322 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122474465","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-11-01DOI: 10.1109/CANDARW.2018.00084
M. Mimura
Modern http-based malware imitates benign traffic to evade detection. To detect unseen malicious traffic, many methods using machine learning techniques have been proposed. These methods took advantage of the characteristic of malicious traffic, and usually require additional parameters which are not obtained from essential security devices such as a proxy server or IDS (Intrusion Detection System). Thus, most previous methods are not applicable to actual information systems. To tackle a realistic threat, a linguistic-based detection method for proxy logs has been proposed. This method extracts words as feature vectors automatically with natural language techniques, and discriminates between benign traffic and malicious traffic. The previous method generates a corpus from the whole extracted words which contain trivial words. To generate discriminative feature representation, a corpus has to be effectively summarized. This paper extracts important words from proxy logs to summarize the corpus. To define the word importance score, this paper uses term frequency and document frequency. Our method summarizes the corpus and improves the detection rate. We conducted cross-validation and timeline analysis with captured pcap files from Exploit Kit (EK) between 2014 and 2016. The experimental result shows that our method improves the accuracy. The best F-measure achieves 1.00 in the cross-validation and timeline analysis.
{"title":"On the Effectiveness of Extracting Important Words from Proxy Logs","authors":"M. Mimura","doi":"10.1109/CANDARW.2018.00084","DOIUrl":"https://doi.org/10.1109/CANDARW.2018.00084","url":null,"abstract":"Modern http-based malware imitates benign traffic to evade detection. To detect unseen malicious traffic, many methods using machine learning techniques have been proposed. These methods took advantage of the characteristic of malicious traffic, and usually require additional parameters which are not obtained from essential security devices such as a proxy server or IDS (Intrusion Detection System). Thus, most previous methods are not applicable to actual information systems. To tackle a realistic threat, a linguistic-based detection method for proxy logs has been proposed. This method extracts words as feature vectors automatically with natural language techniques, and discriminates between benign traffic and malicious traffic. The previous method generates a corpus from the whole extracted words which contain trivial words. To generate discriminative feature representation, a corpus has to be effectively summarized. This paper extracts important words from proxy logs to summarize the corpus. To define the word importance score, this paper uses term frequency and document frequency. Our method summarizes the corpus and improves the detection rate. We conducted cross-validation and timeline analysis with captured pcap files from Exploit Kit (EK) between 2014 and 2016. The experimental result shows that our method improves the accuracy. The best F-measure achieves 1.00 in the cross-validation and timeline analysis.","PeriodicalId":329439,"journal":{"name":"2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126663801","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-11-01DOI: 10.1109/CANDARW.2018.00024
Yao Hu, M. Koibuchi
A number of small parallel applications run on datacenters and supercomputers simultaneously. Job mapping becomes crucial to improving system utilization and application execution. Fragmentation of unused compute nodes could not be assigned for an incoming job since it may largely harm communication abilities between non-adjacent compute nodes. In this case, however, incoming jobs are likely to be pending on the overloaded system because they have to wait for the release of adjacent occupied compute nodes. In this study, we explore job mapping on random topology for the purpose of improving job scheduling ability. Ideally, a diverse application workload can be better supported disregarding its interconnection network topology with a certain time-space tradeoff. Our simulation results demonstrate that, over 3-D torus interconnection networks, the embedding of random topology performs better than that of 2-D mesh by 84% and seems comparable to that of 3-D mesh in terms of job scheduling performance. Over random topologies, the scheduling performance can be much improved by the embedding of random topologies especially for dealing with dozens of intensively incoming jobs. Overall, job mapping on random guest topology over random host topology presents the best job scheduling performance among all the cases in our evaluation.
{"title":"The Impact of Job Mapping on Random Network Topology","authors":"Yao Hu, M. Koibuchi","doi":"10.1109/CANDARW.2018.00024","DOIUrl":"https://doi.org/10.1109/CANDARW.2018.00024","url":null,"abstract":"A number of small parallel applications run on datacenters and supercomputers simultaneously. Job mapping becomes crucial to improving system utilization and application execution. Fragmentation of unused compute nodes could not be assigned for an incoming job since it may largely harm communication abilities between non-adjacent compute nodes. In this case, however, incoming jobs are likely to be pending on the overloaded system because they have to wait for the release of adjacent occupied compute nodes. In this study, we explore job mapping on random topology for the purpose of improving job scheduling ability. Ideally, a diverse application workload can be better supported disregarding its interconnection network topology with a certain time-space tradeoff. Our simulation results demonstrate that, over 3-D torus interconnection networks, the embedding of random topology performs better than that of 2-D mesh by 84% and seems comparable to that of 3-D mesh in terms of job scheduling performance. Over random topologies, the scheduling performance can be much improved by the embedding of random topologies especially for dealing with dozens of intensively incoming jobs. Overall, job mapping on random guest topology over random host topology presents the best job scheduling performance among all the cases in our evaluation.","PeriodicalId":329439,"journal":{"name":"2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114884269","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: