Without considering security, existing message scheduling mechanisms may expose critical messages to malicious threats like confidentiality attacks. Incorporating confidentiality improvement into message scheduling, this paper investigates the problem of scheduling aperiodc messages with time-critical and security-critical requirements. A risk-based security profit model is built to quantify the security quality of messages; and a dynamic programming based approximation algorithm is proposed to schedule aperiodic messages with guaranteed security performance. Experimental results illustrate the efficiency and effectiveness of the proposed algorithm.
To fight against malicious codes of P2P networks, it is necessary to study the malicious code propagation model of P2P networks in depth. The epidemic of malicious code threatening P2P systems can be divided into the active and passive propagation models and a new passive propagation model of malicious code is proposed, which differentiates peers into 4 kinds of state and fits better for actual P2P networks. From the propagation model of malicious code, it is easy to find that quickly making peers get their patched and upgraded anti-virus system is the key way of immunization and damage control. To distribute patches and immune modules efficiently, a new exponential tree plus (ET+) and vaccine distribution algorithm based on ET+ are also proposed. The performance analysis and test results show that the vaccine distribution algorithm based on ET+ is robust, efficient and much more suitable for P2P networks.
Quorum systems have been used to solve the problem of data consistency in distributed fault-tolerance systems. But when intrusions occur, traditional quorum systems have some disadvantages. For example, synchronous quorum systems are subject to DOS attacks, while asynchronous quorum systems need a larger system size (at least 3f+1 for generic data, and f fewer for self-verifying data). In order to solve the problems above, an intrusion-tolerance quorum system (ITQS) of hybrid time model based on trust timely computing base is presented (TTCB). The TTCB is a trust secure real-time component inside the server with a well defined interface and separated from the operation system. It is in the synchronous communication environment while the application layer in the server deals with read-write requests and executes update-copy protocols asynchronously. The architectural hybridization of synchrony and asynchrony can achieve the data consistency and availability correctly. We also build two kinds of
ITQSes based on TTCB, i.e., the symmetrical and the asymmetrical TTCB quorum systems. In the performance evaluations, we show that TTCB quorum systems are of smaller size, lower load and higher availability.
It is known that centers, widths, and weights are three mainly considered factors in constructing a radial basis function (RBF) network. This paper aims at constructing a compact RBF network with two main steps. In the first step, the coarse clusters computed from triangle inequalities are refined to obtain the locations of centers by the defined maximum degree spanning tree (MDST). Meanwhile the coarse widths are obtained. In the second step, a learning algorithm referred to as anisotropic gradient descent method is presented to further refine the above coarse widths. Experiments of the proposed algorithm show its great performance in times series prediction and classification.
The margin maximization problem in digital subscriber line (DSL) systems is investigated. The particle swarm optimization (PSO) theory is applied to the nonconvex margin optimization problem with the target power and rate constraints. PSO is a new evolution algorithm based on the social behavior of swarms, which can solve discontinuous, nonconvex and nonlinear problems efficiently. The proposed algorithm can converge to the global optimal solution, and numerical example demonstrates that the proposed algorithm can guarantee the fast convergence within a few iterations.
A novel multi-view 3D face registration method based on principal axis analysis and labeled regions orientation called local orientation registration is proposed. The pre-registration is achieved by transforming the multi-pose models to the standard frontal model’s reference frame using the principal axis analysis algorithm. Some significant feature regions, such as inner and outer canthus, nose tip vertices, are then located by using geometrical distribution characteristics. These regions are subsequently employed to compute the conversion parameters using the improved iterative closest point algorithm, and the optimal parameters are applied to complete the final registration. Experimental results implemented on the proper database demonstrate that the proposed method significantly outperforms others by achieving 1.249 and 1.910 mean root-mean-square measure with slight and large view variation models, respectively.
A method for moving object recognition and tracking in the intelligent traffic monitoring system is presented. For the shortcomings and deficiencies of the frame-subtraction method, a redundant discrete wavelet transform (RDWT) based moving object recognition algorithm is put forward, which directly detects moving objects in the redundant discrete wavelet transform domain. An improved adaptive mean-shift algorithm is used to track the moving object in the follow up frames. Experimental results show that the algorithm can effectively extract the moving object, even though the object is similar to the background, and the results are better than the traditional frame-subtraction method. The object tracking is accurate without the impact of changes in the size of the object. Therefore the algorithm has a certain practical value and prospect.
A new vertical handoff decision algorithm is proposed to maximize the system benefit in heterogeneous wireless networks which comprise cellular networks and wireless local area networks (WLANs). Firstly the block probability, the drop probability and the number of users in the heterogeneous networks are calculated in the channel-guard call admission method, and a function of the system benefit which is based on the new call arrival rate and the handoff call arrival rate is proposed. Then the optimal radius of WLAN is obtained by using simulation annealing (SA) method to maximize the benefit. All the nodes should handoff from cellular network to WLAN if they enter WLAN’s scope and handoff fromWLAN to cellular network if they leave the scope. Finally, the algorithm in different new call arrival rates and handoff call arrival rates is analyzed and results show that it can achieve good effects.
A new incremental clustering framework is presented, the basis of which is the induction as inverted deduction. Induction is inherently risky because it is not truth-preserving. If the clustering is considered as an induction process, the key to build a valid clustering is to minimize the risk of clustering. From the viewpoint of modal logic, the clustering can be described as Kripke frames and Kripke models which are reflexive and symmetric. Based on the theory of modal logic, its properties can be described by system B in syntax. Thus, the risk of clustering can be calculated by the deduction relation of system B and proximity induction theorem described. Since the new proposed framework imposes no additional restrictive conditions of clustering algorithm, it is therefore a universal framework. An incremental clustering algorithm can be easily constructed by this framework from any given nonincremental clustering algorithm. The experiments show that the lower the a priori risk is, the more effective this framework is. It can be demonstrated that this framework is generally valid.
Mobile ad hoc networking (MANET) has become an exciting and important technology in recent years, because of the rapid proliferation of wireless devices. Mobile ad hoc networks is highly vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, and lack of centralized monitoring and management point. The traditional way of protecting networks with firewalls and encryption software is no longer sufficient and effective for those features. A distributed intrusion detection approach based on timed automata is given. A cluster-based detection scheme is presented, where periodically a node is elected as the monitor node for a cluster. These monitor nodes can not only make local intrusion detection decisions, but also cooperatively take part in global intrusion detection. And then the timed automata is constructed by the way of manually abstracting the correct behaviours of the node according to the routing protocol of dynamic source routing (DSR). The monitor nodes can verify the behaviour of every nodes by timed automata, and validly detect real-time attacks without signatures of intrusion or trained data. Compared with the architecture where each node is its own IDS agent, the approach is much more efficient while maintaining the same level of effectiveness. Finally, the intrusion detection method is evaluated through simulation experiments.
Current grid authentication frameworks are achieved by applying the standard SSL authentication protocol (SAP). The authentication process is very complicated, and therefore, the grid user is in a heavily loaded point both in computation and in communication. Based on identity-based architecture for grid (IBAG) and corresponding encryption and signature schemes, an identity-based authentication protocol for grid is proposed. Being certificate-free, the authentication protocol aligns well with the demands of grid computing. Through simulation testing, it is seen that the authentication protocol is more lightweight and efficient than SAP, especially the more lightweight user side. This contributes to the larger grid scalability.
Modern battlefield doctrine is based on mobility, flexibility, and rapid response to changing situations. As is well known, mobile ad hoc network systems are among the best utilities for battlefield activity. Although much research has been done on secure routing, security issues have largely been ignored in applying mobile ad hoc network theory to computer technology. An ad hoc network is usually assumed to be homogeneous, which is an irrational assumption for armies. It is clear that soldiers, commanders, and commanders-in-chief should have different security levels and computation powers as they have access to asymmetric resources. Imitating basic military rank levels in battlefield situations, how multilevel security can be introduced into ad hoc networks is indicated, thereby controlling restricted classified information flows among nodes that have different security levels.
Heterogeneous computing is one effective method of high performance computing with many advantages. Task scheduling is a critical issue in heterogeneous environments as well as in homogeneous environments. A number of task scheduling algorithms for homogeneous environments have been proposed, whereas, a few for heterogeneous environments can be found in the literature. A novel task scheduling algorithm for heterogeneous environments, called the heterogeneous critical task (HCT) scheduling algorithm is presented. By means of the directed acyclic graph and the gantt graph, the HCT algorithm defines the critical task and the idle time slot. After determining the critical tasks of a given task, the HCT algorithm tentatively duplicates the critical tasks onto the processor that has the given task in the idle time slot, to reduce the start time of the given task. To compare the performance of the HCT algorithm with several recently proposed algorithms, a large set of randomly generated applications and the Gaussian elimination application are randomly generated. The experimental result has shown that the HCT algorithm outperforms the other algorithm.
With the advent of large-scale and high-speed IPv6 network technology, an effective multi-point traffic sampling is becoming a necessity. A distributed multi-point traffic sampling method that provides an accurate and efficient solution to measure IPv6 traffic is proposed. The proposed method is to sample IPv6 traffic based on the analysis of bit randomness of each byte in the packet header. It offers a way to consistently select the same subset of packets at each measurement point, which satisfies the requirement of the distributed multi-point measurement. Finally, using real IPv6 traffic traces, the conclusion that the sampled traffic data have a good uniformity that satisfies the requirement of sampling randomness and can correctly reflect the packet size distribution of full packet trace is proved.
Satellite link characteristics drastically degrade transport control protocol (TCP) performance. An efficient performance enhancing scheme is proposed. The improvement of TCP performance over satellite-based Internet is accomplished by protocol transition gateways at each end of a satellite link. The protocol which runs over a satellite link executes the receiver-driven flow control and acknowledgements- and timeouts-based error control strategies. The validity of this TCP performance enhancing scheme is verified by a series of simulation experiments. Results show that the proposed scheme can efficiently enhance the TCP performance over satellite-based Internet and ensure that the available bandwidth resources of the satellite link are fully utilized.
The reconfigurable cryptographic chip is an integrated circuit that is designed by means of the method of reconfigurable architecture, and is used for encryption and decryption. Many different cipher algorithms can be flexibly implemented with the aid of a reconfigurable cryptographic chip and can be used in many fields. This article takes an example for the SHA-1/224/256 algorithms, and then designs a reconfigurable cryptographic chip based on the thought and method of the reconfigurable architecture. Finally, this paper gives the implementation result based on the FPGA of the family of Stratix II of Altera Corporation, and presents a good research trend for resolving the storage in hardware implementation using FPGAs.
For the problem of large network load generated by the Gnutella resource-searching model in Peer to Peer (P2P) network, a improved model to decrease the network expense is proposed, which establishes a cluster in P2P network, auto-organizes logical layers, and applies a hybrid mechanism of directional searching and flooding. The performance analysis and simulation results show that the proposed hierarchical searching model has availably reduced the generated message load and that its searching-response time performance is as fairly good as that of the Gnutella model.
Function S-rough sets (function singular rough sets) is defined on a -function equivalence class [?]. Function S-rough sets is the extension form of S-rough sets. By using the function S-rough sets, this paper gives rough law generation model of a-function equivalence class, discussion on law mining and law discovery in systems, and application of law mining and law discovery in communication system. Function S-rough sets is a new theory and method in law mining research.
Routes in an ad hoc network may fail frequently because of node mobility. Stability therefore can be an important element in the design of routing protocols. The node escape probability is introduced to estimate the lifetime and stability of link between neighboring nodes and the escape probability based routing (EPBR) scheme to discover stable routes is proposed. Simulation results show that the EPBR can discover stable routes to reduce the number of route rediscovery, and is applicable for the situation that has highly dynamic network topology with broad area of communication.
It is a challenging problem to provide quality-of-service (QoS) guarantees in next generation high-speed network, and the QoS routing is one of the key issues of the problem. For the problem of multi-constrained QoS routing in high-speed network, especially under the inaccurate link state information, the success ratio of the different constraint combination is analyzed statistically, and a constraint analysis method based on the computer simulation is proposed. Furthermore, the approximately equal loose-tight order relation between each two constraints is constructed, and then an algorithm based on the experimental analysis is presented. Finally, the simulation result demonstrates that the algorithm has the higher success ratio, and the theoretical analysis proves its correctness and universality.
In wireless ad hoc network environments, every link is wireless and every node is mobile. Those features make data lost easily as well as multicasting inefficient and unreliable. Moreover, Efficient and reliable multicast in wireless ad hoc network is a difficult issue. It is a major challenge to transmission delays and packet losses due to link changes of a multicast tree at the provision of high delivery ratio for each packet transmission in wireless ad hoc network environment. In this paper, we propose and evaluate Reliable Adaptive Multicast Protocol (RAMP) based on a relay node concept. Relay nodes are placed along the multicast tree. Data recovery is done between relay nodes. RAMP supports a reliable multicasting suitable for mobile ad hoc network by reducing the number of packet retransmissions. We compare RAMP with SRM (Scalable Reliable Multicast). Simulation results show that the RAMP has high delivery ratio and low end-to-end delay for packet transmission.
Aiming at the research that using more new knowledge to develope knowledge system with dynamic accordance, and under the background of using Fuzzy language field and Fuzzy language values structure as description framework, the generalized cell Automation that can synthetically process fuzzy indeterminacy and random indeterminacy and generalized inductive logic causal model is brought forward. On this basis, a kind of the new method that can discover causal association rules is provded. According to the causal information of standard sample space and commonly sample space, through constructing its state (abnormality) relation matrix, causal association rules can be gained by using inductive reasoning mechanism. The estimate of this algorithm complexity is given,and its validity is proved through case.