As a matter of fact, most attacks are not single attack action. They are multi-step attacks which are composed by a set of attack actions. How to detect multi-step attack is an important aspect of IDS research. The tr...
详细信息
As a matter of fact, most attacks are not single attack action. They are multi-step attacks which are composed by a set of attack actions. How to detect multi-step attack is an important aspect of IDS research. The traditional methods of modeling attack scenario is mainly based on special attack actions. It needs to build a large number of attack models, so that the process is very complex and the models are difficult to maintain. What's more, the detection efficiency is low. In this paper, the authors analyze the insufficiency of the traditional method. Through the study on patterns of the multi-step attack, a detecting and forecasting algorithm based on intrusion intention for multi-step attack is designed. This algorithm give an improvement and expansion of traditional attack modeling method that using Petri Nets. The authors use CTPN to model multi-step attack, and correlate alert records based on it. The method can not only detect multi-step attack, but also forecast the attack which will happen. The algorithm in this paper is more simple and utility than those old methods. In the same time, the experimental results prove the validity of our algorithm.
Differing from existed anomaly detection methods which only dealt with the frequencies of system calls or local variation, the paper puts forward a model named DBCPIDS. It took in both dynamic behavior and character p...
详细信息
Differing from existed anomaly detection methods which only dealt with the frequencies of system calls or local variation, the paper puts forward a model named DBCPIDS. It took in both dynamic behavior and character patterns of programs. In this model, the authors defined the short sequence of system calls as a character pattern if this sequence satisfied the certain support degree, and propose an improved HMM (IHMM) on this basis. When detecting intrusions, firstly, we would judge whether the program trace is matched character patterns. If not, then the authors would use IHMM to detect. The model can not only reflect the global character of the program normal traces, but also pay much attention to the local warp in the execution. The experiments results show that the authors can get higher detection rate and lower false positive rate with DBCPIDS.
Wireless sensor networks often face the critical problem of maintaining the sufficient sensing coverage (QoS) at an application specific level while keeping a small number of nodes active at any time to save energy. T...
详细信息
Wireless sensor networks often face the critical problem of maintaining the sufficient sensing coverage (QoS) at an application specific level while keeping a small number of nodes active at any time to save energy. To solve this problem, the relationship between the desired QoS requirement and the minimum number of active nodes is analyzed without the knowledge of location or directional information in the randomly deployed sensor networks. Based on the analytical results, an energy efficient and location-independent QoS (ELIQoS) protocol is proposed, which selects the minimum number of active nodes based on the nodes' energy without using any location information. Simulation and analysis study demonstrates that the ELIQoS protocol can not only reduce the network consumption and balance the energy dissipation among nodes, but can provide the desired QoS requirement effectively.
One of the major challenges in constructing WSNs is to maintain long network lifetime as well as sufficient sensing area. In this paper, the broad problems of coverage in WSNs are discussed, and coverage protocols dep...
详细信息
One of the major challenges in constructing WSNs is to maintain long network lifetime as well as sufficient sensing area. In this paper, the broad problems of coverage in WSNs are discussed, and coverage protocols dependent on infrastructures (e.g., GPS, directional antennas, etc) or some localization schemes in the existing solutions are identified. To eliminate the reliance on infrastructure, a distributed energy-efficient location-independent coverage protocol (DELIC) is proposed, which aims to preserve coverage based on the local neighborhood information. Comparing its residual energy with its neighborhood, one node can independently make its decision to compete for becoming a working node. The simulation and analysis study demonstrate that the DELIC not only provides the high quality of area coverage and good scalability, but also provides better performance in the energy efficiency. The DELIC outperforms the PEAS, the GAF-like, the sponsor area and OGDC algorithm with respect to the quality of area coverage, total energy-consumption and energy-consumption balance.
A two-level-loops scheduling model, based on mobile agent in grid environment, is composed of a grid task management center, grid resource nodes, grid users, and jobs. According to jobs submitted by grid users, a two-...
详细信息
A two-level-loops scheduling model, based on mobile agent in grid environment, is composed of a grid task management center, grid resource nodes, grid users, and jobs. According to jobs submitted by grid users, a two-level-loops (including super loop and common loop) is dynamically generated by grid task management center. Resource nodes in the two-level-loops are made up of a super loop management node, common loop management nodes, and common loop resource nodes. The self-migration ability of mobile agents is used to keep tasks running normally by the coordination. The event response delay, system reliability, load balance, and running time of jobs are analyzed and simulated. The model can utilize grid resources and balance load.
Enlightened by the behaviors of gregarious ant colonies, an artificial ant movement (AM) model and an adaptive ant clustering (AAC) algorithm for this model are presented. In the algorithm, each ant is treated as an a...
详细信息
Enlightened by the behaviors of gregarious ant colonies, an artificial ant movement (AM) model and an adaptive ant clustering (AAC) algorithm for this model are presented. In the algorithm, each ant is treated as an agent to represent a data object. In the AM model, each ant has two states: sleeping state and active state. In the algorithm AAC, the ant's state is controlled by both a function of the ant's fitness to the environment it locates and a probability function for the ants becoming active. By moving dynamically, the ants form different subgroups adaptively, and consequently the whole ant group dynamically self-organizes into distinctive and independent subgroups within which highly similar ants are closely connected. The result of data objects clustering is therefore achieved. This paper also present a method to adaptively update the parameters and the ants' local movement strategies which greatly improve the speed and the quality of clustering. Experimental results show that the AAC algorithm on the AM model is much superior to other ant clustering methods such as BM and LF in terms of computational cost, speed and quality. It is adaptive, robust and efficient, and achieves high autonomy, simplicity and efficiency. It is suitable for solving high dimensional and complicated clustering problems.
Ant-based evolutional algorithms has been widely applied to kinds of combinatorial optimization problems. In this paper, we first present an ant colony algorithm for association rule discovery (RA3). A digraph is cons...
详细信息
Ant-based evolutional algorithms has been widely applied to kinds of combinatorial optimization problems. In this paper, we first present an ant colony algorithm for association rule discovery (RA3). A digraph is constructed where attributes and attribute values correspondingly represent the super-vertices and sub-vertices. Ant couples separately search and excavate the frequent items from the digraph which could be constructed as the double rules' antecedents or rules' consequents. Then, the double rules could be selected or removed by their qualities. This algorithm could extract association rules efficiently on several standard data bases. Compared with classical Apriori and FP-growth algorithms, the results indicate that our algorithm is able to discover association rules quickly with better accuracy than other methods.
Large-scale software development typically requires participation of multiple people. One motivation of the participants to collaborate with others is to maximize the profit they may gain from the software development...
详细信息
Large-scale software development typically requires participation of multiple people. One motivation of the participants to collaborate with others is to maximize the profit they may gain from the software development. Therefore, the collaborative relations between the participants should be established through negotiation in order to ensure that all the participants can gain profit. Traditional software process modeling approaches model software collaboration as a set of rules or transactions. When entry criteria are satisfied or operations are explicitly invoked, the collaborations will take place necessarily and are performed in a predefined manner. Negotiation issues are mostly overlooked by these approaches. A negotiation-based approach for software process collaboration is proposed, In this approach, software process is modeled as a group of independent, autonomous, rational, and collaborative process agents. The collaborative relations between the process agents are established through negotiation. Using this approach, software organizations can carry out software development more efficiently and effectively.
In this paper, we propose TA-MAC, a traffic load adaptive Medium Access Control protocol for wireless sensor network. TA-MAC modified the contention window mechanism of S-MAC. It adjusts the initial contention window ...
详细信息
In this paper we propose a mobile-agent-based web service composition (MAWSC) model for the dynamic web service composition (WSC). As compared with the traditional WSC models, our model avoids bottleneck of data trans...
详细信息
暂无评论