Performance Evaluation of Multi-Stage Change-Point Detection Scheme against DDoS Attacks by Random Scan Worms
|
|
- Lawrence Wiggins
- 8 years ago
- Views:
Transcription
1 Performance Evaluaton of Mult-Stage Change-Pont Detecton Scheme aganst DDoS Attacks by Random Scan Worms Tutomu Murase *, Yuknobu Fukushma **, Masayosh Kobayash *, Sakko Nshmoto **, Ryohe Fumak * and Tokum Yokohra ** * NEC Corporaton, 753 Shmonumabe, Nakahara-ku, Kawasak, Kanagawa, , Japan ** Okayama Unversty, 3-- Tsushma-naka, Okayama, Okayama, 7-853, Japan E-mal: fukusma@cne.okayama-u.ac.p, Tel: , FAX: Abstract- As a promsng approach for large-scale smultaneous events (e.g., DDoS attacks by unknown worms), we have proposed a mult-stage change-pont detecton scheme. In the scheme, the global detector gathers nformaton from dstrbuted change-pont detectors and detects smultaneous occurrence of change-ponts as target events. Because the scheme neglects sporadc false-postve change-ponts, whch are caused by non-target events such as hardware troubles and normal traffc changes, the scheme can acheve low false-postve rate. In the prevous paper, we nvestgated the performance of the scheme aganst DDoS attacks by a real worm, MSBLAST. In ths paper, we nvestgate the performance of the scheme aganst general DDoS attacks wth varous scales and smultanetes. In addton, we nvestgate the effect of the length of detectonperod for the global detector on detecton performance, where the detecton-perod means the perod durng whch the global detector regurarly checks whether or not target events occur. The smulaton results show that () our multstage change-pont detecton scheme acheves lower falsepostve rate than a stand-alone change-pont detector scheme under the constrant that detecton rate must be., (2) even f the length of detecton-perod for the global detector s not approprately set, our scheme can acheve better performance than a stand-alone change-pont detector scheme thanks to flterng effect of the global detector. I. INTRODUCTION Wth the development of the Internet nto a wdely used nformaton exchange nfrastructure, there has been a marked ncrease n malcous actvty. In partcular, largescale smultaneous events, such as dstrbuted denal of servce (DDoS) attacks and worm epdemcs, cause catastrophc damage. A detecton scheme that s capable of detectng these events s requred. Intruson detecton systems (IDSs) are manly used for the detecton of large scale smultaneous events. There are two types of detecton schemes used on IDSs: sgnaturebased schemes [, 2] and change-pont detecton schemes [3-7]. Sgnature-based schemes detect those events wth a sgnature that unquely dentfes a specfc malcous actvty. Ref. [2] proposes a detecton scheme that collects nformaton and performs sgnature-based detecton n a dstrbuted manner. Although sgnature-based schemes can detect known vruses and worms, they cannot detect unknown or novel varants. On the other hand, changepont detecton schemes can detect unknown vruses and worms as a change-pont n a montored metrc, such as traffc rate or the number of accesses to a certan port. However, they may detect change-ponts caused by nontarget events, such as hardware problems and natural traffc changes. Such msdetecton occurs because changepont detecton schemes smply detect change-ponts n a montored metrc and do not take nto account causes of change-ponts. Here, we consder change-ponts caused by non-target events to be false-postve change-ponts. One way to reduce the number of false-postve changeponts s to take nto account the correlaton among multple change-ponts. True-postve change-ponts, whch are caused by target events (.e., DDoS attacks), tend to occur smultaneously and ntensvely n very large numbers, whle false-postve change-ponts tend to occur ndependently. We can exclude false-postve changeponts by excludng those that occur ndependently, based on nformaton gathered from dstrbuted sensor nodes. We call the dstrbuted change-pont detecton scheme as the mult-stage change-pont detecton scheme and call the central devce whch gathers nformaton from dstrbuted change-pont detectors as the global detector. In the prevous study [8], we showed the effectveness of the mult-stage change-pont detecton scheme aganst DDoS attacks by a real worm, MSBLAST. In ths paper, we nvestgate the performance of our scheme aganst DDoS attacks by general random scan worms. The detecton performance of our scheme depends on the followng parameters: the scale of DDoS attacks (.e., the number of subnets that have attack hosts), the smultanety of DDoS attacks (.e., the number of attack hosts that perform an attack behavor at the same tme), and the length of detecton-perod for the global detector where the detecton-perod means the perod durng whch the global detector regurarly checks whether or not target events occur. Thus, we try to answer the followng questons: How much do the scale and the smultanety of DDoS attacks affect the performance of the multstage change-pont detecton scheme? How much does the length of detecton-perod for the global detector affect performance of the mult-stage detecton scheme? We descrbe our mult-stage change-pont detecton scheme n secton II. In secton III, we present our smulaton model and evaluaton results. Secton IV concludes the paper.
2 Local Local Result Global Alert Alert Alert Alert Local Local Network Network Network Network Fg.. Mult-stage change-pont detecton mechansm. II. DETECTION SCHEME FOR LARGE-SCALE SIMULTANEOUS EVENTS A. Mult-Stage Change-Pont Detecton Mechansm We use a mult-stage change-pont detecton mechansm consstng of one global detector (GD) and many local detectors (LDs) to detect large-scale smultaneous events (Fg. ). A local detector s deployed on each montored network and performs change-pont detecton. Whenever a local detector detects a changepont, t nforms the global detector by sendng an alert. The global detector then udges whether large-scale smultaneous events are occurrng based on the aggregated alerts. B. Change-Pont Detecton at Local s For our scheme, we can use any change-pont detecton scheme; we use ChangeFnder [5] here as a change-pont detecton scheme because t detects unknown events as change-ponts mmedately wth on-lne processng. The detecton process of ChangeFnder s as follows. Gven tme seres data of a target metrc, ChangeFnder frst learns the probablty densty functon of the data usng stochastc models. Next, t calculates an outler score for each nput data pont so that data ponts wth lower probablty obtan hgher scores. It then calculates movng averages of outler scores and generates new tme seres data. Then, t agan learns the probablty densty functon for the new tme seres data and outputs an outler score for each data pont of the new tme seres data. We call each data-pont of the new tme seres a change-pont canddate. Fnally, for each change-pont canddate, f ts score s greater than or equal to a predetermned threshold value, then ChangeFnder consders the change-pont canddate to be a change-pont and reports t to the global detector as an alert. On the other hand, when ChangeFnder s not used n a mult-stage change-pont detecton mechansm but used n a standalone way, t consders change-pont canddates wth a large score as an occurrence of target events. Examples of worm detecton usng ChangeFnder are descrbed n [6, 7]. In [6], ChangeFnder mmedately detects the nfecton behavor of MSBLAST by montorng the number of accesses per mnute to port 35. In [7], ChangeFnder mmedately detects LOVGATE, whch was an unknown worm at that tme, by montorng the number of mals sent per mnute. Change-Pont Canddate Score Fg. 2. Detecton of a smurf Mnute attack wth ChangeFnder. Fg. 2 shows another example of the detecton of a Smurf attack by ChangeFnder, whch s a type of DDoS attacks. In the example, we used traffc data ncluded n the 999 DARPA ntruson detecton evaluaton test set []. We used the ICMP traffc volume per mnute over a two-day nterval of the data set; the tme seres data of the frst day only ncludes normal traffc, whle that of the second day ncludes Smurf attack events. The changepont canddate score of the y-axs s normalzed between and 3. In Fg. 2, we can see two change-pont canddates wth hgh scores after the learnng perod. The change-pont canddate at mnute 277 catches the Smurf attack. On the other hand, another change-pont canddate at mnute 933 catches a change n the volume of normal traffc. As shown n Fg. 2, we can easly dstngush the two change-pont canddates descrbed above from the other change-pont canddates usng an approprate predetermned threshold value, and we can easly determne that the two change-pont canddates are change-ponts. However, the exstence of change-ponts such as that at mnute 933 hghlghts the dffculty n classfyng the causes of change-ponts when we use tme seres data that can change due to multple causes. C. Detecton of Large-Scale Smultaneous Events at the Global The global detector checks whether the proporton of local detectors that have sent alerts durng the latest detecton-perod Δ s greater than or equal to a predetermned threshold value. The proporton s expressed as follows: L = A[ t, ]/ L () where t s the tme for the global detector to determne f large-scale smultaneous events are occurrng, A[t,] s set to f local detector sends an alert to the global detector between t-δ and t, and A[t,] s set to otherwse, and L s the total number of local detectors. If the proporton s greater than or equal to the threshold value, the global detector udges that large-scale smultaneous events are occurrng, and otherwse t udges that they are not occurrng. Fg. 3 shows an example of the detecton of large-scale smultaneous events. The threshold value of the global detector s set to.5, and the number of local detectors s four. Although one local detector sends an alert to the global detector durng detecton-perods, 4, and 5, the global detector neglects each alert. That s, the global detector udges that large-scale smultaneous events are
3 not occurrng, because the proporton of local detectors sendng alerts durng each perod s below.5. Ths stuaton s referred to as Undetect. On the other hand, the global detector udges that large-scale smultaneous events are occurrng durng detecton-perods 2 and 3 because the proporton s greater than or equal to.5. Ths stuaton s referred to as Detect. GD Perod Undetect Perod 2 Detect Perod 3 Detect Perod 4 Undetect Alert Perod 5 Undetect III. PERFORMANCE EVALUATION We compare Detecton Rate () and False-Postve Rate () of our mult-stage change-pont detecton scheme wth those of a detecton scheme n whch each LD ndependently determnes occurrence of events n the correspondng subnet. We call the latter scheme the standalone LD scheme. As large-scale smultaneous events, we use DDoS attacks by hosts nfected wth random scan worms. A. Behavor of a Host Infected wth a Random Scan Worm We suppose that a host nfected wth a random scan worm performs TCP SYN flood attack, whch s one of the most common DoS attack, to a certan target host. We consder that an nfected host or an nfecton target host can become abnormal because of an nfecton falure (e.g., RPC falure n the nfecton behavor of MSBLAST [8]). We assume that such host s not able to nfect other hosts and also does not perform DoS attacks. B. Smulaton of DDoS Attacks by Hosts Infected wth Random Scan Worms We smulate DDoS attacks by hosts nfected wth random scan worms as follows. Step-: Smulatng the spread of random scan worms n the Internet usng the modfed Analytcal Actve Worm Propagaton (modfed AAWP) model [8] Step-2: Determnng attack start tme (.e., nfecton tme) of each nfected host that s montored by LDs Step-3: Generatng tme seres data of the number of outgong SYN packets montored by each LD Step-4: Obtanng s and s for our mult-stage change-pont detecton scheme and the standalone LD scheme In Step-, we smulate the spread of random scan worms n the Internet. The modfed AAWP (Analytcal Actve Worm Propagaton) model [8], that s a modfcaton of the AAWP model [], provdes a change n the number of hosts nfected by the worm that employs random scannng. The model uses a dscrete tme and contnuous state determnstc approxmaton model. The model gves the number of nfected hosts at each tme tck, regardng one tme tck as the tme for an nfected worm to compete nfecton. Gven parameters for the nfecton behavor of a host nfected by random scan worms n Table I, our modfed AAWP model expresses the number (n + ) of total nfected hosts at the +st tme tck as follows: n + = ( d p) n α f + γg ( ) (2) where f s the number of nfected hosts that fnd any Fg. 3. Detecton of large-scale smultaneous events by aggregatng nformaton. nfectble host at the th tme tck, g s the number of nfectble hosts that are found by any nfected host at the th tme tck and n = h, whch s the number of nfected hosts at the begnnng of the spread of a worm. In approxmatng the number of nfected/nfectble hosts that become abnormal, we assume that an nfected host fnds at most one nfectble host and an nfectble host s found by at most one nfected host. Thus, f = g. The second term (αf ) n (2) corresponds to the number of nfected hosts that become abnormal because of nfecton falures at the +st tme tck. The thrd term (γg ) n (2) means the number of nfectble hosts that are newly nfected at the +st tme tck. g s expressed as follows: sn g [( ) ][ ( ) = p V n α f β g ] (3) 32 2 = = where. For =, because any hosts are not patched and do not become abnormal, g s expressed as follows. sn g = ( V n )[ ( ) ] (4) 32 2 As shown n (3), g s calculated as the product of the number of nfectble hosts and the probablty that an nfectble host s found by any nfected hosts. The number of nfectble hosts at the th tme tck s calculated as the total number of non-patched hosts mnus the sum of the number (n ) of nfected hosts and the number ( α f + β = LD LD2 LD3 LD4 g = ) of abnormal hosts. Fg. 4 shows an example of the change n the number of hosts nfected by random scan worms, whch are obtaned wth our modfed AAWP model. Because a random scan worm spreads n the Internet n a logstc way, the number of nfected hosts (.e., attack hosts) follows a logstc curve. That s, the ncrease s exponental n the ntal phase and slows down n the later phase because the number of nfecton targets decreases. Usng ths graph, we can derve the nfecton tme (.e., attack start tme) of each nfectble host montored by LDs n Step-2. Frst, we obtan nfecton tme of the th nfected host, t ( V ), whch s an nverse functon of the number of nfected hosts n Fg. 4. We next obtan the nfecton tme of each nfectble host montored by LDs. We set the tme that s unformly selected among t s tme tme tme tme Chage-pont canddate score
4 Notaton V h b c s d p α β γ TABLE I PARAMETERS FOR MODIFIED AAWP MODEL Explanaton Total number of nfectble hosts n the Internet Number of nfected hosts at the begnnng of the spread of a worm Tme to nfect a found vctm host Number of nfecton packets per second Number of hosts scanned by an nfected host per unt tme (= bc) Rate at whch an nfected host s detected on a host and elmnated wthout patchng Rate at whch an nfected or nfectble host becomes unnfectble due to patchng Rate at whch an already nfected host becomes abnormal durng an nfecton behavor Rate at whch a found vctm host becomes abnormal durng an nfecton behavor Infecton success rate to the nfecton tme of such host because any nfected host unformly selects the vctm host. After determnng the attack start tme of each nfectble host montored by LDs, we make tme seres data of the number of outgong SYN packets per mnute montored by each LD n Step-3. As normal traffc, that s, as the number of outgong SYN packets per mnute whch are generated by all the non-nfected hosts n the correspondng subnet, we use the numbers of outgong SYN packets n a vrtual subnet of 5 weekdays n a week ncluded n the 999 DARPA ntruson detecton evaluaton set []. The number of SYN packets per mnute n the dataset ranges between and about 3. As attack traffc, we use the number of outgong SYN packets generated by the attack behavor of an nfected host. The number (a) s dfferent worm by worm. In ths paper, we determned the values by an experment usng a real worm, MSLBAST. In Step-4, we obtan s and s for our mult-stage change-pont detecton scheme and the stand-alone LD scheme based on ther detecton results aganst the number of outgong SYN packets descrbed above. For more nformaton about defntons of and, the reader can refer to [8]. C. Evaluaton Result In our scheme, the number of LDs should be as large as possble. However, due to the lmt of deployment cost, we set the number of LDs to. We assume that each LD montors a subnet wth 256 hosts (Class C network). We set the total number of nfectble hosts (V) to 8,663,863, assumng that 2% [2] of all the hosts n the Internet (433,93,99 [3]) are nfectble. The detecton performance of our scheme depends on the followng parameters: the scale of a DDoS attack (.e., the number of subnets that have attack hosts), the smultanety of a DDoS attack (.e., the number of attack hosts that perform an attack behavor at the same tme), and the length of detecton-perod (Δ) for a global detector. The scale of DDoS attacks depends on the number (e) of subnets that have nfectble hosts. The smultanety of DDoS attacks depends on the worm spread speed (c n Table I). Number of nfected hosts t Tme [s] Fg. 4. Change n the number of hosts nfected by random scan worms Frst, we nvestgate the effect of the scale (e) and the smultanety (c) of DDoS attacks on and. We evaluate our scheme n the followng cases; ) small scale and low smultanety, 2) large scale and low smultanety, and 3) small scale and hgh smultanety. We set e to 5 for large scale DDoS attacks, whle we set e to for small scale DDoS attacks. We set c to (.e., the same spread speed as MSBLAST) for DDoS attacks wth hgh smultanety, whle we set c to 2.75 (.e., one-fourth spread speed of MSBLAST) for DDoS attacks wth low smultanety. We determne parameter values for modfed AAWP model based on MSBLAST s nfecton behavor [8]: b = 5 [s], d =, p =, α =.8, β =.8, γ =.68. We set a to about 7, whch s the same as the number generated by a host nfected by MSBLAST. We set smulaton tme to 32 mn, whch s as long as the one-day data n the 999 DARPA ntruson detecton evaluaton set. We dvde the tme nto two perods: the normal perod 2 mn n duraton and the attack perod, where a random scan worm spreads and the nfected hosts perform an attack behavor, 2 mn n duraton. The duraton of the attack perod s suffcent for all of the montored subnets to be nfected by random scan worms. We set the ntal number of nfected hosts (h) to. In ths evaluaton, we set the length of the detectonperod (Δ) for GD to 5 mn, to catch realstc DDoS attacks, because the duratons of DDoS attacks montored on the Internet from 2 to 23 mostly ranged around 5 mn [9]. We set the detecton cycle of the global detector to mn. The detecton cycles of local detectors (δ) are assumed to be dentcal and are set to mn, because local detectors should perform change-pont detecton several tmes durng a detecton-perod for GD, and because we succeeded n detectng a Smurf attack wth the detecton cycle n Secton II.B. Threshold values of local detectors are assumed to be dentcal. We frst evaluate our mult-stage change-pont detecton scheme when the scale of DDoS attacks s small (e = ) and the smultanety of DDoS attacks s low (c = 2.75). Fgs. 5 and 6 show ROC curves (Recever Operatng Characterstc curves), whch s used as the performance metrc of IDS n Ref. []. The x-axs of ROC curve s the average value of the false-postve rate and the y-axs of that s the average value of the detecton rate. The closer the graph gets to the upper left corner (,), the better a detecton scheme dscrmnates between normal behavor and large-scale smultaneous events. In the fgures, label stand-alone LD shows detecton usng the stand-alone LD scheme and label GD+LD shows detecton usng our mult-stage change-pont detecton scheme. Label th refers to the threshold value of the global detector. In each curve, each plotted pont represents the average value of the detecton rate and the false-postve rate when the local detector s threshold value s set to each value between 2 and 3. As the local
5 detector s threshold value ncreases, the plotted pont moves from the upper rght regon to the lower left regon. Fg. 6 s an enlargement of the upper left corner of Fg % confdence ntervals for s and s of both schemes are very small n all cases. For example, Table II depcts 95% confdence ntervals of s and s for pont A (stand-alone LD scheme) and pont B (our scheme) n Fg. 6. Thus, we only show the average values of s and s, hereafter. In Fg. 6, our scheme wth the global detector s threshold values between.4 and.8 shows better detecton performance compared to the stand-alone LD scheme. We next evaluate the reducton n wth our scheme. Table III shows values when of. s acheved wth each scheme. In the stand-alone LD scheme, the local detectors threshold values are set to 4. In our scheme, the thresholds of local detectors and the global detector are set to 4 and.4, respectvely. Our scheme yelds a lower (.47) compared wth the standalone LD scheme because of the flterng effect aganst false-postve change-ponts at the global detector. Fg. 7 shows ROC curves when the scale of DDoS attacks s large (e = 5) and the smultanety of DDoS attacks s low (c = 2.75). Wth the ncrease n the scale of the attacks, our scheme plots closer to the upper left corner n Fg. 7 than n Fg. 6. Table IV shows values when of. s acheved wth each scheme. In the stand-alone LD scheme, the local detectors threshold values are set to 4. In our scheme, the thresholds of the local detectors and the global detector are set to 8 and.4, respectvely. Our scheme does not yeld any falsepostves. Further, we evaluate our scheme when the scale of DDoS attacks s small (e = ) and the smultanety of DDoS attacks s hgh (c = ). Fg. 8 depcts the change n the numbers of hosts nfected by random scan worms wth hgh/low smultanety. Most of nfectble hosts are ntensvely nfected wthn mnutes (between mnute 2 and mnute 3) n DDoS attacks wth hgh smultanety (c = ) whle most of them are nfected wthn 4 mnutes (between mnute 7 and mnute ) n the attack wth low smultanety (c = 2.5). Fg. 9 shows ROC curves when the scale of DDoS attacks s small (e = ) and the smultanety of DDoS attacks s hgh (c = ). Wth the ncrease n the smultanety of the attacks, our scheme plots closer to the upper left corner n Fg. 9 than n Fg. 6. Table V shows values when of. s acheved wth each scheme. In stand-alone LD scheme, the local detectors threshold values are set to 2. In our scheme, the thresholds of the local detectors and the global detector are set to and.8, respectvely. Our scheme does not yeld any false-postves. Lastly, we nvestgate the effect of the length of the detecton-perod (Δ). Fgs. and show ROC curves when Δ s set to and, respectvely. The scale of DDoS attacks s large (e = 5) and the smultanety of DDoS attacks s hgh (c = ). When the threshold value of GD s.2, our scheme shows worse detecton performance as the length of detecton-perod becomes larger. Ths s because our scheme wth large detecton-perod tends to regard a set of sporadc false-postve change-ponts as DDoS attacks that occur smultaneously. However, when the threshold value of GD s large enough, our scheme can acheve better performance than the stand-alone scheme because flterng effect of GD works well Fg. 5. ROC curve (e =, c = 2.75). A.5. Fg. 6. Enlargement of Fg. 6. TABLE II 95% confdence nterval of s and s for ponts A and B n Fg ± 2. A 6.848± ± 2. B 4.559±.4 TABLE III when of. s acheved (e =, c = 2.75) Stand-alone LD scheme.7 Our scheme.47 IV. CONCLUSIONS In ths paper, we evaluated a mult-stage change-pont detecton scheme aganst DDoS attacks by random scan worms. We showed that the scheme acheves better performance than a stand-alone change-pont detecton scheme aganst DDoS attacks wth varous scales an smultanetes. We also showed that, even f the length of detecton-perod for GD s not approprately set, our scheme can acheves better performance by the flterng effect of GD. In our future work, we plan to propose a scheme that determnes the optmal threshold values for LD and GD. ACKNOWLEDGMENT GD+LD (th=.2) GD+LD (th=.4) GD+LD (th=.6) GD+LD (th=.8) GD+LD (th=.) The authors gratefully acknowledge the contrbuton of Dr. Hdeyuk Shmonsh of System Platforms Research Laboratores n NEC Corporaton, Dr. Ken Yamansh and Mr. Takayuk Nakata of Common Platform Software Research Labs n NEC Corporaton. The authors wsh to thank Dr. Shnsuke Mwa of Natonal Insttuton of Informaton and Communcatons Technology n Japan for provdng a vrus sample. B GD+LD (th=.2) GD+LD (th=.4) GD+LD (th=.6) GD+LD (th=.8) GD+LD (th=.)
6 .95.9 GD+LD (th=.2) GD+LD (th=.4) GD+LD (th=.6) GD+LD (th=.8) GD+LD (th=.) GD+LD (th=.2) GD+LD (th=.4) GD+LD (th=.6) GD+LD (th=.8) GD+LD (th=.).5. Fg.. ROC curve (Δ = ). Fg. 7. ROC curve (e = 5, c = 2.75). TABLE IV WHEN OF. IS ACHIEVED (e = 5, c = 2.75) Number of nfected hosts Stand-alone LD scheme.7 Our scheme Tme [mnute] Fg. 8. Change n the number of hosts nfected by random scan worms (c = : hgh smultanety, c = 2.75: low smultanety) Fg. 9. ROC curve (e =, c = ). TABLE V WHEN OF. IS ACHIEVED (e =, c = ) Stand-alone LD scheme.42 Our scheme REFERENCES GD+LD (th=.2) GD+LD (th=.4) GD+LD (th=.6) GD+LD (th=.8) GD+LD (th=.).5. c= c=2.75 [] M. Roesch, Snort-Lghtweght Intruson Detecton for Networks, n Proc. of Usenx LISA 99 Conf., November 999. [2] V. Yegneswaran, P. Barford and S. Jha, Global Intruson Detecton n the DOMINO Overlay System, n Proc. of Network and Dstrbuted Securty Symposum (NDSS), February GD+LD (th=.2) GD+LD (th=.4) GD+LD (th=.6) GD+LD (th=.8) GD+LD (th=.).5. Fg.. ROC curve (Δ = ). [3] V. Guralnk and J. Srvastava, Event detecton from tme seres data, n Proc. of the ffth ACM SIGKDD Int l Conf. on Knowledge Dscovery and Data Mnng (KDD99), pp , August 22. [4] K. Yamansh and J. Takeuch, A Unfyng Framework for Detectng Outlers and Change-Ponts from Non-statonary Data, n Proc. of the Eghth ACM SIGKDD Int l Conf. on Knowledge Dscovery and Data Mnng (KDD22), pp , 22. [5] J. Takeuch and K. Yamansh, A Unfyng Framework for Detectng Outlers and Change Ponts from Tme Seres, IEEE Tran. on Knowledge and Data Engneerng, Vol. 8, No.4, pp , Aprl 26. [6] K. Yamansh, J. Takeuch and Y. Maruyama, Three Methods for Statstcal Anomaly Detecton, IPSJ Magazne, Vol. 46, No., January 25. [7] K. Yamansh, Applcatons of Data Mnng to Informaton Securty, Journal of Japanese Socety for Artfcal Intellgence, Vol. 2, No. 5, pp , September 26. [8] T. Murase, et al., Performance Evaluaton of a Mult-Stage Network Event Detecton Scheme aganst DDoS Attacks, to be presented at the 7 th Asa-Pacfc Symposum on Informaton and Telecommuncaton Technologes (APSITT), Aprl 28. [9] D. Moore, C. Shannon, D. Brown, G. M. Voelker and S. Savage, Inferrng Internet Denal-of-Servce Actvty, ACM Transactons on Computer Systems, Vol. 24, No. 2, pp. 5-39, May 26. [] MIT Lncoln Laboratory DARPA Intruson Detecton Evaluaton, [] Z. Chan, L. Gao and K. Kwat, Modelng the Spread of Actve Worms, n Proc. of the 22 nd Annual Jont Conference of the IEEE Computer and Communcatons Socetes (INFOCOM), Vol. 3, 89-9, Aprl 23. [2] M. Takahash, J. Murakam, T. Sudou, N. Hrahara and R. Sasak, Behavoural Analyss of Botnet based on Feld Research, Trans. of Informaton Processng Socety of Japan, Vol. 47, No. 8, pp , August 26. [3] Inc. Internet Systems Consortum.
Feature selection for intrusion detection. Slobodan Petrović NISlab, Gjøvik University College
Feature selecton for ntruson detecton Slobodan Petrovć NISlab, Gjøvk Unversty College Contents The feature selecton problem Intruson detecton Traffc features relevant for IDS The CFS measure The mrmr measure
More informationINVESTIGATION OF VEHICULAR USERS FAIRNESS IN CDMA-HDR NETWORKS
21 22 September 2007, BULGARIA 119 Proceedngs of the Internatonal Conference on Informaton Technologes (InfoTech-2007) 21 st 22 nd September 2007, Bulgara vol. 2 INVESTIGATION OF VEHICULAR USERS FAIRNESS
More informationNetwork Security Situation Evaluation Method for Distributed Denial of Service
Network Securty Stuaton Evaluaton Method for Dstrbuted Denal of Servce Jn Q,2, Cu YMn,2, Huang MnHuan,2, Kuang XaoHu,2, TangHong,2 ) Scence and Technology on Informaton System Securty Laboratory, Bejng,
More informationPerformance Analysis of Energy Consumption of Smartphone Running Mobile Hotspot Application
Internatonal Journal of mart Grd and lean Energy Performance Analyss of Energy onsumpton of martphone Runnng Moble Hotspot Applcaton Yun on hung a chool of Electronc Engneerng, oongsl Unversty, 511 angdo-dong,
More informationbenefit is 2, paid if the policyholder dies within the year, and probability of death within the year is ).
REVIEW OF RISK MANAGEMENT CONCEPTS LOSS DISTRIBUTIONS AND INSURANCE Loss and nsurance: When someone s subject to the rsk of ncurrng a fnancal loss, the loss s generally modeled usng a random varable or
More informationTHE DISTRIBUTION OF LOAN PORTFOLIO VALUE * Oldrich Alfons Vasicek
HE DISRIBUION OF LOAN PORFOLIO VALUE * Oldrch Alfons Vascek he amount of captal necessary to support a portfolo of debt securtes depends on the probablty dstrbuton of the portfolo loss. Consder a portfolo
More informationA Hierarchical Anomaly Network Intrusion Detection System using Neural Network Classification
IDC IDC A Herarchcal Anomaly Network Intruson Detecton System usng Neural Network Classfcaton ZHENG ZHANG, JUN LI, C. N. MANIKOPOULOS, JAY JORGENSON and JOSE UCLES ECE Department, New Jersey Inst. of Tech.,
More informationThe Development of Web Log Mining Based on Improve-K-Means Clustering Analysis
The Development of Web Log Mnng Based on Improve-K-Means Clusterng Analyss TngZhong Wang * College of Informaton Technology, Luoyang Normal Unversty, Luoyang, 471022, Chna wangtngzhong2@sna.cn Abstract.
More informationCHOLESTEROL REFERENCE METHOD LABORATORY NETWORK. Sample Stability Protocol
CHOLESTEROL REFERENCE METHOD LABORATORY NETWORK Sample Stablty Protocol Background The Cholesterol Reference Method Laboratory Network (CRMLN) developed certfcaton protocols for total cholesterol, HDL
More informationA graph-theoretic framework for isolating botnets in a network
SECURITY AND COMMUNICATION NETWORKS Securty Comm. Networks (212) Publshed onlne n Wley Onlne Lbrary (wleyonlnelbrary.com)..5 SPECIAL ISSUE PAPER A graph-theoretc framework for solatng botnets n a network
More informationTesting CAB-IDS through Mutations: on the Identification of Network Scans
Testng CAB-IDS through Mutatons: on the Identfcaton of Network Scans Emlo Corchado, Álvaro Herrero, José Manuel Sáz Department of Cvl Engneerng, Unversty of Burgos, Span {escorchado, ahcoso, msaz}@ubu.es
More informationCourse outline. Financial Time Series Analysis. Overview. Data analysis. Predictive signal. Trading strategy
Fnancal Tme Seres Analyss Patrck McSharry patrck@mcsharry.net www.mcsharry.net Trnty Term 2014 Mathematcal Insttute Unversty of Oxford Course outlne 1. Data analyss, probablty, correlatons, vsualsaton
More informationWhat is Candidate Sampling
What s Canddate Samplng Say we have a multclass or mult label problem where each tranng example ( x, T ) conssts of a context x a small (mult)set of target classes T out of a large unverse L of possble
More informationRESEARCH ON DUAL-SHAKER SINE VIBRATION CONTROL. Yaoqi FENG 1, Hanping QIU 1. China Academy of Space Technology (CAST) yaoqi.feng@yahoo.
ICSV4 Carns Australa 9- July, 007 RESEARCH ON DUAL-SHAKER SINE VIBRATION CONTROL Yaoq FENG, Hanpng QIU Dynamc Test Laboratory, BISEE Chna Academy of Space Technology (CAST) yaoq.feng@yahoo.com Abstract
More informationOn-Line Fault Detection in Wind Turbine Transmission System using Adaptive Filter and Robust Statistical Features
On-Lne Fault Detecton n Wnd Turbne Transmsson System usng Adaptve Flter and Robust Statstcal Features Ruoyu L Remote Dagnostcs Center SKF USA Inc. 3443 N. Sam Houston Pkwy., Houston TX 77086 Emal: ruoyu.l@skf.com
More informationThe OC Curve of Attribute Acceptance Plans
The OC Curve of Attrbute Acceptance Plans The Operatng Characterstc (OC) curve descrbes the probablty of acceptng a lot as a functon of the lot s qualty. Fgure 1 shows a typcal OC Curve. 10 8 6 4 1 3 4
More informationSPEE Recommended Evaluation Practice #6 Definition of Decline Curve Parameters Background:
SPEE Recommended Evaluaton Practce #6 efnton of eclne Curve Parameters Background: The producton hstores of ol and gas wells can be analyzed to estmate reserves and future ol and gas producton rates and
More informationProject Networks With Mixed-Time Constraints
Project Networs Wth Mxed-Tme Constrants L Caccetta and B Wattananon Western Australan Centre of Excellence n Industral Optmsaton (WACEIO) Curtn Unversty of Technology GPO Box U1987 Perth Western Australa
More informationRelay Secrecy in Wireless Networks with Eavesdropper
Relay Secrecy n Wreless Networks wth Eavesdropper Parvathnathan Venktasubramanam, Tng He and Lang Tong School of Electrcal and Computer Engneerng Cornell Unversty, Ithaca, NY 14853 Emal : {pv45, th255,
More informationStochastic Protocol Modeling for Anomaly Based Network Intrusion Detection
Stochastc Protocol Modelng for Anomaly Based Network Intruson Detecton Juan M. Estevez-Tapador, Pedro Garca-Teodoro, and Jesus E. Daz-Verdejo Department of Electroncs and Computer Technology Unversty of
More informationAnalysis of Energy-Conserving Access Protocols for Wireless Identification Networks
From the Proceedngs of Internatonal Conference on Telecommuncaton Systems (ITC-97), March 2-23, 1997. 1 Analyss of Energy-Conservng Access Protocols for Wreless Identfcaton etworks Imrch Chlamtac a, Chara
More informationDEFINING %COMPLETE IN MICROSOFT PROJECT
CelersSystems DEFINING %COMPLETE IN MICROSOFT PROJECT PREPARED BY James E Aksel, PMP, PMI-SP, MVP For Addtonal Informaton about Earned Value Management Systems and reportng, please contact: CelersSystems,
More informationA Secure Password-Authenticated Key Agreement Using Smart Cards
A Secure Password-Authentcated Key Agreement Usng Smart Cards Ka Chan 1, Wen-Chung Kuo 2 and Jn-Chou Cheng 3 1 Department of Computer and Informaton Scence, R.O.C. Mltary Academy, Kaohsung 83059, Tawan,
More informationApplication of Multi-Agents for Fault Detection and Reconfiguration of Power Distribution Systems
1 Applcaton of Mult-Agents for Fault Detecton and Reconfguraton of Power Dstrbuton Systems K. Nareshkumar, Member, IEEE, M. A. Choudhry, Senor Member, IEEE, J. La, A. Felach, Senor Member, IEEE Abstract--The
More informationAnswer: A). There is a flatter IS curve in the high MPC economy. Original LM LM after increase in M. IS curve for low MPC economy
4.02 Quz Solutons Fall 2004 Multple-Choce Questons (30/00 ponts) Please, crcle the correct answer for each of the followng 0 multple-choce questons. For each queston, only one of the answers s correct.
More informationAn Alternative Way to Measure Private Equity Performance
An Alternatve Way to Measure Prvate Equty Performance Peter Todd Parlux Investment Technology LLC Summary Internal Rate of Return (IRR) s probably the most common way to measure the performance of prvate
More informationForecasting the Direction and Strength of Stock Market Movement
Forecastng the Drecton and Strength of Stock Market Movement Jngwe Chen Mng Chen Nan Ye cjngwe@stanford.edu mchen5@stanford.edu nanye@stanford.edu Abstract - Stock market s one of the most complcated systems
More information"Research Note" APPLICATION OF CHARGE SIMULATION METHOD TO ELECTRIC FIELD CALCULATION IN THE POWER CABLES *
Iranan Journal of Scence & Technology, Transacton B, Engneerng, ol. 30, No. B6, 789-794 rnted n The Islamc Republc of Iran, 006 Shraz Unversty "Research Note" ALICATION OF CHARGE SIMULATION METHOD TO ELECTRIC
More informationCalculation of Sampling Weights
Perre Foy Statstcs Canada 4 Calculaton of Samplng Weghts 4.1 OVERVIEW The basc sample desgn used n TIMSS Populatons 1 and 2 was a two-stage stratfed cluster desgn. 1 The frst stage conssted of a sample
More informationTraffic State Estimation in the Traffic Management Center of Berlin
Traffc State Estmaton n the Traffc Management Center of Berln Authors: Peter Vortsch, PTV AG, Stumpfstrasse, D-763 Karlsruhe, Germany phone ++49/72/965/35, emal peter.vortsch@ptv.de Peter Möhl, PTV AG,
More informationRecurrence. 1 Definitions and main statements
Recurrence 1 Defntons and man statements Let X n, n = 0, 1, 2,... be a MC wth the state space S = (1, 2,...), transton probabltes p j = P {X n+1 = j X n = }, and the transton matrx P = (p j ),j S def.
More informationLuby s Alg. for Maximal Independent Sets using Pairwise Independence
Lecture Notes for Randomzed Algorthms Luby s Alg. for Maxmal Independent Sets usng Parwse Independence Last Updated by Erc Vgoda on February, 006 8. Maxmal Independent Sets For a graph G = (V, E), an ndependent
More informationNegative Selection and Niching by an Artificial Immune System for Network Intrusion Detection
Negatve Selecton and Nchng by an Artfcal Immune System for Network Intruson Detecton Jungwon Km and Peter Bentley Department of omputer Scence, Unversty ollege London, Gower Street, London, W1E 6BT, U.K.
More informationPAS: A Packet Accounting System to Limit the Effects of DoS & DDoS. Debish Fesehaye & Klara Naherstedt University of Illinois-Urbana Champaign
PAS: A Packet Accountng System to Lmt the Effects of DoS & DDoS Debsh Fesehaye & Klara Naherstedt Unversty of Illnos-Urbana Champagn DoS and DDoS DDoS attacks are ncreasng threats to our dgtal world. Exstng
More informationImproved SVM in Cloud Computing Information Mining
Internatonal Journal of Grd Dstrbuton Computng Vol.8, No.1 (015), pp.33-40 http://dx.do.org/10.1457/jgdc.015.8.1.04 Improved n Cloud Computng Informaton Mnng Lvshuhong (ZhengDe polytechnc college JangSu
More informationAn Analysis of Central Processor Scheduling in Multiprogrammed Computer Systems
STAN-CS-73-355 I SU-SE-73-013 An Analyss of Central Processor Schedulng n Multprogrammed Computer Systems (Dgest Edton) by Thomas G. Prce October 1972 Techncal Report No. 57 Reproducton n whole or n part
More information1.1 The University may award Higher Doctorate degrees as specified from time-to-time in UPR AS11 1.
HIGHER DOCTORATE DEGREES SUMMARY OF PRINCIPAL CHANGES General changes None Secton 3.2 Refer to text (Amendments to verson 03.0, UPR AS02 are shown n talcs.) 1 INTRODUCTION 1.1 The Unversty may award Hgher
More informationAn Interest-Oriented Network Evolution Mechanism for Online Communities
An Interest-Orented Network Evoluton Mechansm for Onlne Communtes Cahong Sun and Xaopng Yang School of Informaton, Renmn Unversty of Chna, Bejng 100872, P.R. Chna {chsun,yang}@ruc.edu.cn Abstract. Onlne
More informationEffective Network Defense Strategies against Malicious Attacks with Various Defense Mechanisms under Quality of Service Constraints
Effectve Network Defense Strateges aganst Malcous Attacks wth Varous Defense Mechansms under Qualty of Servce Constrants Frank Yeong-Sung Ln Department of Informaton Natonal Tawan Unversty Tape, Tawan,
More informationLevel Annuities with Payments Less Frequent than Each Interest Period
Level Annutes wth Payments Less Frequent than Each Interest Perod 1 Annuty-mmedate 2 Annuty-due Level Annutes wth Payments Less Frequent than Each Interest Perod 1 Annuty-mmedate 2 Annuty-due Symoblc approach
More informationProactive Secret Sharing Or: How to Cope With Perpetual Leakage
Proactve Secret Sharng Or: How to Cope Wth Perpetual Leakage Paper by Amr Herzberg Stanslaw Jareck Hugo Krawczyk Mot Yung Presentaton by Davd Zage What s Secret Sharng Basc Idea ((2, 2)-threshold scheme):
More informationTuition Fee Loan application notes
Tuton Fee Loan applcaton notes for new part-tme EU students 2012/13 About these notes These notes should be read along wth your Tuton Fee Loan applcaton form. The notes are splt nto three parts: Part 1
More informationMethodology to Determine Relationships between Performance Factors in Hadoop Cloud Computing Applications
Methodology to Determne Relatonshps between Performance Factors n Hadoop Cloud Computng Applcatons Lus Eduardo Bautsta Vllalpando 1,2, Alan Aprl 1 and Alan Abran 1 1 Department of Software Engneerng and
More informationRisk Model of Long-Term Production Scheduling in Open Pit Gold Mining
Rsk Model of Long-Term Producton Schedulng n Open Pt Gold Mnng R Halatchev 1 and P Lever 2 ABSTRACT Open pt gold mnng s an mportant sector of the Australan mnng ndustry. It uses large amounts of nvestments,
More informationMETHODOLOGY TO DETERMINE RELATIONSHIPS BETWEEN PERFORMANCE FACTORS IN HADOOP CLOUD COMPUTING APPLICATIONS
METHODOLOGY TO DETERMINE RELATIONSHIPS BETWEEN PERFORMANCE FACTORS IN HADOOP CLOUD COMPUTING APPLICATIONS Lus Eduardo Bautsta Vllalpando 1,2, Alan Aprl 1 and Alan Abran 1 1 Department of Software Engneerng
More informationA DYNAMIC CRASHING METHOD FOR PROJECT MANAGEMENT USING SIMULATION-BASED OPTIMIZATION. Michael E. Kuhl Radhamés A. Tolentino-Peña
Proceedngs of the 2008 Wnter Smulaton Conference S. J. Mason, R. R. Hll, L. Mönch, O. Rose, T. Jefferson, J. W. Fowler eds. A DYNAMIC CRASHING METHOD FOR PROJECT MANAGEMENT USING SIMULATION-BASED OPTIMIZATION
More informationAutomated Network Performance Management and Monitoring via One-class Support Vector Machine
Automated Network Performance Management and Montorng va One-class Support Vector Machne R. Zhang, J. Jang, and S. Zhang Dgtal Meda & Systems Research Insttute, Unversty of Bradford, UK Abstract: In ths
More informationA Novel Methodology of Working Capital Management for Large. Public Constructions by Using Fuzzy S-curve Regression
Novel Methodology of Workng Captal Management for Large Publc Constructons by Usng Fuzzy S-curve Regresson Cheng-Wu Chen, Morrs H. L. Wang and Tng-Ya Hseh Department of Cvl Engneerng, Natonal Central Unversty,
More informationHow To Calculate The Accountng Perod Of Nequalty
Inequalty and The Accountng Perod Quentn Wodon and Shlomo Ytzha World Ban and Hebrew Unversty September Abstract Income nequalty typcally declnes wth the length of tme taen nto account for measurement.
More informationAPPLICATION OF PROBE DATA COLLECTED VIA INFRARED BEACONS TO TRAFFIC MANEGEMENT
APPLICATION OF PROBE DATA COLLECTED VIA INFRARED BEACONS TO TRAFFIC MANEGEMENT Toshhko Oda (1), Kochro Iwaoka (2) (1), (2) Infrastructure Systems Busness Unt, Panasonc System Networks Co., Ltd. Saedo-cho
More informationData Broadcast on a Multi-System Heterogeneous Overlayed Wireless Network *
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 24, 819-840 (2008) Data Broadcast on a Mult-System Heterogeneous Overlayed Wreless Network * Department of Computer Scence Natonal Chao Tung Unversty Hsnchu,
More informationEfficient Bandwidth Management in Broadband Wireless Access Systems Using CAC-based Dynamic Pricing
Effcent Bandwdth Management n Broadband Wreless Access Systems Usng CAC-based Dynamc Prcng Bader Al-Manthar, Ndal Nasser 2, Najah Abu Al 3, Hossam Hassanen Telecommuncatons Research Laboratory School of
More informationMulti-sensor Data Fusion for Cyber Security Situation Awareness
Avalable onlne at www.scencedrect.com Proceda Envronmental Scences 0 (20 ) 029 034 20 3rd Internatonal Conference on Envronmental 3rd Internatonal Conference on Envronmental Scence and Informaton Applcaton
More information7.5. Present Value of an Annuity. Investigate
7.5 Present Value of an Annuty Owen and Anna are approachng retrement and are puttng ther fnances n order. They have worked hard and nvested ther earnngs so that they now have a large amount of money on
More informationA cooperative connectionist IDS model to identify independent anomalous SNMP situations
A cooperatve connectonst IDS model to dentfy ndependent anomalous SNMP stuatons Álvaro Herrero, Emlo Corchado, José Manuel Sáz Department of Cvl Engneerng, Unversty of Burgos, Span escorchado@ubu.es Abstract
More informationQOS DISTRIBUTION MONITORING FOR PERFORMANCE MANAGEMENT IN MULTIMEDIA NETWORKS
QOS DISTRIBUTION MONITORING FOR PERFORMANCE MANAGEMENT IN MULTIMEDIA NETWORKS Yumng Jang, Chen-Khong Tham, Ch-Chung Ko Department Electrcal Engneerng Natonal Unversty Sngapore 119260 Sngapore Emal: {engp7450,
More informationCausal, Explanatory Forecasting. Analysis. Regression Analysis. Simple Linear Regression. Which is Independent? Forecasting
Causal, Explanatory Forecastng Assumes cause-and-effect relatonshp between system nputs and ts output Forecastng wth Regresson Analyss Rchard S. Barr Inputs System Cause + Effect Relatonshp The job of
More informationIMPACT ANALYSIS OF A CELLULAR PHONE
4 th ASA & μeta Internatonal Conference IMPACT AALYSIS OF A CELLULAR PHOE We Lu, 2 Hongy L Bejng FEAonlne Engneerng Co.,Ltd. Bejng, Chna ABSTRACT Drop test smulaton plays an mportant role n nvestgatng
More informationEnabling P2P One-view Multi-party Video Conferencing
Enablng P2P One-vew Mult-party Vdeo Conferencng Yongxang Zhao, Yong Lu, Changja Chen, and JanYn Zhang Abstract Mult-Party Vdeo Conferencng (MPVC) facltates realtme group nteracton between users. Whle P2P
More informationEfficient Striping Techniques for Variable Bit Rate Continuous Media File Servers æ
Effcent Strpng Technques for Varable Bt Rate Contnuous Meda Fle Servers æ Prashant J. Shenoy Harrck M. Vn Department of Computer Scence, Department of Computer Scences, Unversty of Massachusetts at Amherst
More informationRisk-based Fatigue Estimate of Deep Water Risers -- Course Project for EM388F: Fracture Mechanics, Spring 2008
Rsk-based Fatgue Estmate of Deep Water Rsers -- Course Project for EM388F: Fracture Mechancs, Sprng 2008 Chen Sh Department of Cvl, Archtectural, and Envronmental Engneerng The Unversty of Texas at Austn
More informationRequIn, a tool for fast web traffic inference
RequIn, a tool for fast web traffc nference Olver aul, Jean Etenne Kba GET/INT, LOR Department 9 rue Charles Fourer 90 Evry, France Olver.aul@nt-evry.fr, Jean-Etenne.Kba@nt-evry.fr Abstract As networked
More informationA DATA MINING APPLICATION IN A STUDENT DATABASE
JOURNAL OF AERONAUTICS AND SPACE TECHNOLOGIES JULY 005 VOLUME NUMBER (53-57) A DATA MINING APPLICATION IN A STUDENT DATABASE Şenol Zafer ERDOĞAN Maltepe Ünversty Faculty of Engneerng Büyükbakkalköy-Istanbul
More informationANALYZING THE RELATIONSHIPS BETWEEN QUALITY, TIME, AND COST IN PROJECT MANAGEMENT DECISION MAKING
ANALYZING THE RELATIONSHIPS BETWEEN QUALITY, TIME, AND COST IN PROJECT MANAGEMENT DECISION MAKING Matthew J. Lberatore, Department of Management and Operatons, Vllanova Unversty, Vllanova, PA 19085, 610-519-4390,
More informationModule 2 LOSSLESS IMAGE COMPRESSION SYSTEMS. Version 2 ECE IIT, Kharagpur
Module LOSSLESS IMAGE COMPRESSION SYSTEMS Lesson 3 Lossless Compresson: Huffman Codng Instructonal Objectves At the end of ths lesson, the students should be able to:. Defne and measure source entropy..
More informationA Study on Secure Data Storage Strategy in Cloud Computing
Journal of Convergence Informaton Technology Volume 5, Number 7, Setember 00 A Study on Secure Data Storage Strategy n Cloud Comutng Danwe Chen, Yanjun He, Frst Author College of Comuter Technology, Nanjng
More informationVoIP Playout Buffer Adjustment using Adaptive Estimation of Network Delays
VoIP Playout Buffer Adjustment usng Adaptve Estmaton of Network Delays Mroslaw Narbutt and Lam Murphy* Department of Computer Scence Unversty College Dubln, Belfeld, Dubln, IRELAND Abstract The poor qualty
More informationRELIABILITY, RISK AND AVAILABILITY ANLYSIS OF A CONTAINER GANTRY CRANE ABSTRACT
Kolowrock Krzysztof Joanna oszynska MODELLING ENVIRONMENT AND INFRATRUCTURE INFLUENCE ON RELIABILITY AND OPERATION RT&A # () (Vol.) March RELIABILITY RIK AND AVAILABILITY ANLYI OF A CONTAINER GANTRY CRANE
More informationA Game-Theoretic Approach for Minimizing Security Risks in the Internet-of-Things
A Game-Theoretc Approach for Mnmzng Securty Rsks n the Internet-of-Thngs George Rontds, Emmanoul Panaouss, Aron Laszka, Tasos Daguklas, Pasquale Malacara, and Tansu Alpcan Hellenc Open Unversty, Greece
More informationA 2 -MAC: An Adaptive, Anycast MAC Protocol for Wireless Sensor Networks
: An Adaptve, Anycast MAC Protocol for Wreless Sensor Networks Hwee-Xan Tan and Mun Choon Chan Department of Computer Scence, School of Computng, Natonal Unversty of Sngapore {hweexan, chanmc}@comp.nus.edu.sg
More informationStudy on Model of Risks Assessment of Standard Operation in Rural Power Network
Study on Model of Rsks Assessment of Standard Operaton n Rural Power Network Qngj L 1, Tao Yang 2 1 Qngj L, College of Informaton and Electrcal Engneerng, Shenyang Agrculture Unversty, Shenyang 110866,
More informationReal-Time Process Scheduling
Real-Tme Process Schedulng ktw@cse.ntu.edu.tw (Real-Tme and Embedded Systems Laboratory) Independent Process Schedulng Processes share nothng but CPU Papers for dscussons: C.L. Lu and James. W. Layland,
More informationdenote the location of a node, and suppose node X . This transmission causes a successful reception by node X for any other node
Fnal Report of EE359 Class Proect Throughput and Delay n Wreless Ad Hoc Networs Changhua He changhua@stanford.edu Abstract: Networ throughput and pacet delay are the two most mportant parameters to evaluate
More informationSmall pots lump sum payment instruction
For customers Small pots lump sum payment nstructon Please read these notes before completng ths nstructon About ths nstructon Use ths nstructon f you re an ndvdual wth Aegon Retrement Choces Self Invested
More informationA hybrid global optimization algorithm based on parallel chaos optimization and outlook algorithm
Avalable onlne www.ocpr.com Journal of Chemcal and Pharmaceutcal Research, 2014, 6(7):1884-1889 Research Artcle ISSN : 0975-7384 CODEN(USA) : JCPRC5 A hybrd global optmzaton algorthm based on parallel
More informationOn the Optimal Control of a Cascade of Hydro-Electric Power Stations
On the Optmal Control of a Cascade of Hydro-Electrc Power Statons M.C.M. Guedes a, A.F. Rbero a, G.V. Smrnov b and S. Vlela c a Department of Mathematcs, School of Scences, Unversty of Porto, Portugal;
More informationAbstract. 260 Business Intelligence Journal July IDENTIFICATION OF DEMAND THROUGH STATISTICAL DISTRIBUTION MODELING FOR IMPROVED DEMAND FORECASTING
260 Busness Intellgence Journal July IDENTIFICATION OF DEMAND THROUGH STATISTICAL DISTRIBUTION MODELING FOR IMPROVED DEMAND FORECASTING Murphy Choy Mchelle L.F. Cheong School of Informaton Systems, Sngapore
More informationAn interactive system for structure-based ASCII art creation
An nteractve system for structure-based ASCII art creaton Katsunor Myake Henry Johan Tomoyuk Nshta The Unversty of Tokyo Nanyang Technologcal Unversty Abstract Non-Photorealstc Renderng (NPR), whose am
More informationPolitecnico di Torino. Porto Institutional Repository
Poltecnco d Torno Porto Insttutonal Repostory [Artcle] A cost-effectve cloud computng framework for acceleratng multmeda communcaton smulatons Orgnal Ctaton: D. Angel, E. Masala (2012). A cost-effectve
More information2. SYSTEM MODEL. the SLA (unlike the only other related mechanism [15] we can compare it is never able to meet the SLA).
Managng Server Energy and Operatonal Costs n Hostng Centers Yyu Chen Dept. of IE Penn State Unversty Unversty Park, PA 16802 yzc107@psu.edu Anand Svasubramanam Dept. of CSE Penn State Unversty Unversty
More informationAn Approach for Detecting a Flooding Attack Based on Entropy Measurement of Multiple E-Mail Protocols
Journal of Appled Scence and Engneerng, Vol. 18, No. 1, pp. 79 88 (2015) DOI: 10.6180/jase.2015.18.1.10 An Approach for Detectng a Floodng Attack Based on Entropy Measurement of Multple E-Mal Protocols
More informationA FEATURE SELECTION AGENT-BASED IDS
A FEATURE SELECTION AGENT-BASED IDS Emlo Corchado, Álvaro Herrero and José Manuel Sáz Department of Cvl Engneerng, Unversty of Burgos C/Francsco de Vtora s/n., 09006, Burgos, Span Phone: +34 947259395,
More informationDesign and Development of a Security Evaluation Platform Based on International Standards
Internatonal Journal of Informatcs Socety, VOL.5, NO.2 (203) 7-80 7 Desgn and Development of a Securty Evaluaton Platform Based on Internatonal Standards Yuj Takahash and Yoshm Teshgawara Graduate School
More informationFREQUENCY OF OCCURRENCE OF CERTAIN CHEMICAL CLASSES OF GSR FROM VARIOUS AMMUNITION TYPES
FREQUENCY OF OCCURRENCE OF CERTAIN CHEMICAL CLASSES OF GSR FROM VARIOUS AMMUNITION TYPES Zuzanna BRO EK-MUCHA, Grzegorz ZADORA, 2 Insttute of Forensc Research, Cracow, Poland 2 Faculty of Chemstry, Jagellonan
More informationOn File Delay Minimization for Content Uploading to Media Cloud via Collaborative Wireless Network
On Fle Delay Mnmzaton for Content Uploadng to Meda Cloud va Collaboratve Wreless Network Ge Zhang and Yonggang Wen School of Computer Engneerng Nanyang Technologcal Unversty Sngapore Emal: {zh0001ge, ygwen}@ntu.edu.sg
More informationTime Domain simulation of PD Propagation in XLPE Cables Considering Frequency Dependent Parameters
Internatonal Journal of Smart Grd and Clean Energy Tme Doman smulaton of PD Propagaton n XLPE Cables Consderng Frequency Dependent Parameters We Zhang a, Jan He b, Ln Tan b, Xuejun Lv b, Hong-Je L a *
More informationLecture 2: Single Layer Perceptrons Kevin Swingler
Lecture 2: Sngle Layer Perceptrons Kevn Sngler kms@cs.str.ac.uk Recap: McCulloch-Ptts Neuron Ths vastly smplfed model of real neurons s also knon as a Threshold Logc Unt: W 2 A Y 3 n W n. A set of synapses
More informationCanon NTSC Help Desk Documentation
Canon NTSC Help Desk Documentaton READ THIS BEFORE PROCEEDING Before revewng ths documentaton, Canon Busness Solutons, Inc. ( CBS ) hereby refers you, the customer or customer s representatve or agent
More informationDamage detection in composite laminates using coin-tap method
Damage detecton n composte lamnates usng con-tap method S.J. Km Korea Aerospace Research Insttute, 45 Eoeun-Dong, Youseong-Gu, 35-333 Daejeon, Republc of Korea yaeln@kar.re.kr 45 The con-tap test has the
More informationA Novel Adaptive Load Balancing Routing Algorithm in Ad hoc Networks
Journal of Convergence Informaton Technology A Novel Adaptve Load Balancng Routng Algorthm n Ad hoc Networks Zhu Bn, Zeng Xao-png, Xong Xan-sheng, Chen Qan, Fan Wen-yan, We Geng College of Communcaton
More informationDynamic Fleet Management for Cybercars
Proceedngs of the IEEE ITSC 2006 2006 IEEE Intellgent Transportaton Systems Conference Toronto, Canada, September 17-20, 2006 TC7.5 Dynamc Fleet Management for Cybercars Fenghu. Wang, Mng. Yang, Ruqng.
More informationFragility Based Rehabilitation Decision Analysis
.171. Fraglty Based Rehabltaton Decson Analyss Cagdas Kafal Graduate Student, School of Cvl and Envronmental Engneerng, Cornell Unversty Research Supervsor: rcea Grgoru, Professor Summary A method s presented
More informationAgile Traffic Merging for Data Center Networks. Qing Yi and Suresh Singh Portland State University, Oregon June 10 th, 2014
Agle Traffc Mergng for Data Center Networks Qng Y and Suresh Sngh Portland State Unversty, Oregon June 10 th, 2014 Agenda Background and motvaton Power optmzaton model Smulated greedy algorthm Traffc mergng
More informationFigure 1. Time-based operation of AIDP.
Adaptve Intruson Detecton & Preventon of Denal of Servce attacs n MANETs Adnan Nadeem Centre for Communcaton Systems Research Unversty of Surrey, UK a.nadeem@surrey.ac.u ABSTRACT Moble ad-hoc networs (MANETs)
More informationPerformance Analysis and Comparison of QoS Provisioning Mechanisms for CBR Traffic in Noisy IEEE 802.11e WLANs Environments
Tamkang Journal of Scence and Engneerng, Vol. 12, No. 2, pp. 143149 (2008) 143 Performance Analyss and Comparson of QoS Provsonng Mechansms for CBR Traffc n Nosy IEEE 802.11e WLANs Envronments Der-Junn
More informationChapter 4 ECONOMIC DISPATCH AND UNIT COMMITMENT
Chapter 4 ECOOMIC DISATCH AD UIT COMMITMET ITRODUCTIO A power system has several power plants. Each power plant has several generatng unts. At any pont of tme, the total load n the system s met by the
More informationA Passive Network Measurement-based Traffic Control Algorithm in Gateway of. P2P Systems
roceedngs of the 7th World Congress The Internatonal Federaton of Automatc Control A assve Network Measurement-based Traffc Control Algorthm n Gateway of 2 Systems Ybo Jang, Weje Chen, Janwe Zheng, Wanlang
More informationManaging Resource and Servent Reputation in P2P Networks
Managng Resource and Servent Reputaton n P2P Networks Makoto Iguch NTT Informaton Sharng Platform Laboratores guch@sl.ntt.co.jp Masayuk Terada NTT DoCoMo Multmeda Laboratores te@mml.yrp.nttdocomo.co.jp
More informationMAC Layer Service Time Distribution of a Fixed Priority Real Time Scheduler over 802.11
Internatonal Journal of Software Engneerng and Its Applcatons Vol., No., Aprl, 008 MAC Layer Servce Tme Dstrbuton of a Fxed Prorty Real Tme Scheduler over 80. Inès El Korb Ecole Natonale des Scences de
More informationUnderstanding the physical and economic consequences of attacks on control systems
I N T E R N A T I O N A L J O U R N A L O F C R I T I C A L I N F R A S T R U C T U R E P R O T E C T I O N 2 ( 2 0 0 9 ) 7 3 8 3 avalable at www.scencedrect.com journal homepage: www.elsever.com/locate/jcp
More information