Visible to the public Biblio

Filters: Keyword is Heuristic algorithms  [Clear All Filters]
2019-08-05
Xia, S., Li, N., Xiaofeng, T., Fang, C..  2018.  Multiple Attributes Based Spoofing Detection Using an Improved Clustering Algorithm in Mobile Edge Network. 2018 1st IEEE International Conference on Hot Information-Centric Networking (HotICN). :242–243.

Information centric network (ICN) based Mobile Edge Computing (MEC) network has drawn growing attentions in recent years. The distributed network architecture brings new security problems, especially the identity security problem. Because of the cloud platform deployed on the edge of the MEC network, multiple channel attributes can be easily obtained and processed. Thus this paper proposes a multiple channel attributes based spoofing detection mechanism. To further reduce the complexity, we also propose an improved clustering algorithm. The simulation results indicate that the proposed spoofing detection method can provide near-optimal performance with extremely low complexity.

2019-05-01
Borra, V. S., Debnath, K..  2018.  Dynamic programming for solving unit commitment and security problems in microgrid systems. 2018 IEEE International Conference on Innovative Research and Development (ICIRD). :1–6.

In order to meet the demand of electrical energy by consumers, utilities have to maintain the security of the system. This paper presents a design of the Microgrid Central Energy Management System (MCEMS). It will plan operation of the system one-day advance. The MCEMS will adjust itself during operation if a fault occurs anywhere in the generation system. The proposed approach uses Dynamic Programming (DP) algorithm solves the Unit Commitment (UC) problem and at the same time enhances the security of power system. A case study is performed with ten subsystems. The DP is used to manage the operation of the subsystems and determines the UC on the situation demands. Faults are applied to the system and the DP corrects the UC problem with appropriate power sources to maintain reliability supply. The MATLAB software has been used to simulate the operation of the system.

2019-04-05
Nan, Z., Zhai, L., Zhai, L., Liu, H..  2018.  Botnet Homology Method Based on Symbolic Approximation Algorithm of Communication Characteristic Curve. 2018 15th IEEE International Conference on Advanced Video and Signal Based Surveillance (AVSS). :1-6.

The IRC botnet is the earliest and most significant botnet group that has a significant impact. Its characteristic is to control multiple zombies hosts through the IRC protocol and constructing command control channels. Relevant research analyzes the large amount of network traffic generated by command interaction between the botnet client and the C&C server. Packet capture traffic monitoring on the network is currently a more effective detection method, but this information does not reflect the essential characteristics of the IRC botnet. The increase in the amount of erroneous judgments has often occurred. To identify whether the botnet control server is a homogenous botnet, dynamic network communication characteristic curves are extracted. For unequal time series, dynamic time warping distance clustering is used to identify the homologous botnets by category, and in order to improve detection. Speed, experiments will use SAX to reduce the dimension of the extracted curve, reducing the time cost without reducing the accuracy.

2019-02-08
Xie, H., Lv, K., Hu, C..  2018.  An Improved Monte Carlo Graph Search Algorithm for Optimal Attack Path Analysis. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :307-315.

The problem of optimal attack path analysis is one of the hotspots in network security. Many methods are available to calculate an optimal attack path, such as Q-learning algorithm, heuristic algorithms, etc. But most of them have shortcomings. Some methods can lead to the problem of path loss, and some methods render the result un-comprehensive. This article proposes an improved Monte Carlo Graph Search algorithm (IMCGS) to calculate optimal attack paths in target network. IMCGS can avoid the problem of path loss and get comprehensive results quickly. IMCGS is divided into two steps: selection and backpropagation, which is used to calculate optimal attack paths. A weight vector containing priority, host connection number, CVSS value is proposed for every host in an attack path. This vector is used to calculate the evaluation value, the total CVSS value and the average CVSS value of a path in the target network. Result for a sample test network is presented to demonstrate the capabilities of the proposed algorithm to generate optimal attack paths in one single run. The results obtained by IMCGS show good performance and are compared with Ant Colony Optimization Algorithm (ACO) and k-zero attack graph.

2019-01-31
Chen, Y., Wu, B..  2018.  An Efficient Algorithm for Minimal Edit Cost of Graph Degree Anonymity. 2018 IEEE International Conference on Applied System Invention (ICASI). :574–577.

Personal privacy is an important issue when publishing social network data. An attacker may have information to reidentify private data. So, many researchers developed anonymization techniques, such as k-anonymity, k-isomorphism, l-diversity, etc. In this paper, we focus on graph k-degree anonymity by editing edges. Our method is divided into two steps. First, we propose an efficient algorithm to find a new degree sequence with theoretically minimal edit cost. Second, we insert and delete edges based on the new degree sequence to achieve k-degree anonymity.

2019-01-21
Fahrbach, M., Miller, G. L., Peng, R., Sawlani, S., Wang, J., Xu, S. C..  2018.  Graph Sketching against Adaptive Adversaries Applied to the Minimum Degree Algorithm. 2018 IEEE 59th Annual Symposium on Foundations of Computer Science (FOCS). :101–112.
Motivated by the study of matrix elimination orderings in combinatorial scientific computing, we utilize graph sketching and local sampling to give a data structure that provides access to approximate fill degrees of a matrix undergoing elimination in polylogarithmic time per elimination and query. We then study the problem of using this data structure in the minimum degree algorithm, which is a widely-used heuristic for producing elimination orderings for sparse matrices by repeatedly eliminating the vertex with (approximate) minimum fill degree. This leads to a nearly-linear time algorithm for generating approximate greedy minimum degree orderings. Despite extensive studies of algorithms for elimination orderings in combinatorial scientific computing, our result is the first rigorous incorporation of randomized tools in this setting, as well as the first nearly-linear time algorithm for producing elimination orderings with provable approximation guarantees. While our sketching data structure readily works in the oblivious adversary model, by repeatedly querying and greedily updating itself, it enters the adaptive adversarial model where the underlying sketches become prone to failure due to dependency issues with their internal randomness. We show how to use an additional sampling procedure to circumvent this problem and to create an independent access sequence. Our technique for decorrelating interleaved queries and updates to this randomized data structure may be of independent interest.
Wang, X., Hou, Y., Huang, X., Li, D., Tao, X., Xu, J..  2018.  Security Analysis of Key Extraction from Physical Measurements with Multiple Adversaries. 2018 IEEE International Conference on Communications Workshops (ICC Workshops). :1–6.
In this paper, security of secret key extraction scheme is evaluated for private communication between legitimate wireless devices. Multiple adversaries that distribute around these legitimate wireless devices eavesdrop on the data transmitted between them, and deduce the secret key. Conditional min-entropy given the view of those adversaries is utilized as security evaluation metric in this paper. Besides, the wiretap channel model and hidden Markov model (HMM) are regarded as the channel model and a dynamic programming approach is used to approximate conditional min- entropy. Two algorithms are proposed to mathematically calculate the conditional min- entropy by combining the Viterbi algorithm with the Forward algorithm. Optimal method with multiple adversaries (OME) algorithm is proposed firstly, which has superior performance but exponential computation complexity. To reduce this complexity, suboptimal method with multiple adversaries (SOME) algorithm is proposed, using performance degradation for the computation complexity reduction. In addition to the theoretical analysis, simulation results further show that the OME algorithm indeed has superior performance as well as the SOME algorithm has more efficient computation.
2018-10-26
Arya, D., Dave, M..  2017.  Security-based service broker policy for FOG computing environment. 2017 8th International Conference on Computing, Communication and Networking Technologies (ICCCNT). :1–6.

With the evolution of computing from using personal computers to use of online Internet of Things (IoT) services and applications, security risks have also evolved as a major concern. The use of Fog computing enhances reliability and availability of the online services due to enhanced heterogeneity and increased number of computing servers. However, security remains an open challenge. Various trust models have been proposed to measure the security strength of available service providers. We utilize the quantized security of Datacenters and propose a new security-based service broker policy(SbSBP) for Fog computing environment to allocate the optimal Datacenter(s) to serve users' requests based on users' requirements of cost, time and security. Further, considering the dynamic nature of Fog computing, the concept of dynamic reconfiguration has been added. Comparative analysis of simulation results shows the effectiveness of proposed policy to incorporate users' requirements in the decision-making process.

2018-09-28
Wei, P., Xia, B., Luo, X..  2017.  Parameter estimation and convergence analysis for a class of canonical dynamic systems by extended kalman filter. 2017 3rd IEEE International Conference on Control Science and Systems Engineering (ICCSSE). :336–340.

There were many researches about the parameter estimation of canonical dynamic systems recently. Extended Kalman filter (EKF) is a popular parameter estimation method in virtue of its easy applications. This paper focuses on parameter estimation for a class of canonical dynamic systems by EKF. By constructing associated differential equation, the convergence of EKF parameter estimation for the canonical dynamic systems is analyzed. And the simulation demonstrates the good performance.

Dem'yanov, D. N..  2017.  Analytical synthesis of reduced order observer for estimation of the bilinear dynamic system state. 2017 International Conference on Industrial Engineering, Applications and Manufacturing (ICIEAM). :1–5.

The problem of analytical synthesis of the reduced order state observer for the bilinear dynamic system with scalar input and vector output has been considered. Formulas for calculation of the matrix coefficients of the nonlinear observer with estimation error asymptotically approaching zero have been obtained. Two modifications of observer dynamic equation have been proposed: the first one requires differentiation of an output signal and the second one does not. Based on the matrix canonization technology, the solvability conditions for the synthesis problem and analytical expressions for an acceptable set of solutions have been received. A precise step-by-step algorithm for calculating the observer coefficients has been offered. An example of the practical use of the developed algorithm has been given.

Helwa, M. K., Schoellig, A. P..  2017.  Multi-robot transfer learning: A dynamical system perspective. 2017 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS). :4702–4708.

Multi-robot transfer learning allows a robot to use data generated by a second, similar robot to improve its own behavior. The potential advantages are reducing the time of training and the unavoidable risks that exist during the training phase. Transfer learning algorithms aim to find an optimal transfer map between different robots. In this paper, we investigate, through a theoretical study of single-input single-output (SISO) systems, the properties of such optimal transfer maps. We first show that the optimal transfer learning map is, in general, a dynamic system. The main contribution of the paper is to provide an algorithm for determining the properties of this optimal dynamic map including its order and regressors (i.e., the variables it depends on). The proposed algorithm does not require detailed knowledge of the robots' dynamics, but relies on basic system properties easily obtainable through simple experimental tests. We validate the proposed algorithm experimentally through an example of transfer learning between two different quadrotor platforms. Experimental results show that an optimal dynamic map, with correct properties obtained from our proposed algorithm, achieves 60-70% reduction of transfer learning error compared to the cases when the data is directly transferred or transferred using an optimal static map.

2018-06-20
Zhou, H., Zhang, W., Wei, F., Chen, Y..  2017.  Analysis of Android Malware Family Characteristic Based on Isomorphism of Sensitive API Call Graph. 2017 IEEE Second International Conference on Data Science in Cyberspace (DSC). :319–327.

The analysis of multiple Android malware families indicates malware instances within a common malware family always have similar call graph structures. Based on the isomorphism of sensitive API call graph, we propose a method which is used to construct malware family features via combining static analysis approach with graph similarity metric. The experiment is performed on a malware dataset which contains 1326 malware samples from 16 different malware families. The result shows that the method can differentiate distinct malware family features and divide suspect malware samples into corresponding families with a high accuracy of 96.77% overall and even defend a certain extent of obfuscation.

2018-06-11
Manishankar, S., Arjun, C. S., Kumar, P. R. A..  2017.  An authorized security middleware for managing on demand infrastructure in cloud. 2017 International Conference on Intelligent Computing and Control (I2C2). :1–5.
Recent increases in the field of infrastructure has led to the emerging of cloud computing a virtualized computing platform. This technology provides a lot of pros like rapid elasticity, ubiquitous network access and on-demand access etc. Compare to other technologies cloud computing provides many essential services. As the elasticity and scalability increases the chance for vulnerability of the system is also high. There are many known and unknown security risks and challenges present in this environment. In this research an environment is proposed which can handle security issues and deploys various security levels. The system handles the security of various infrastructure like VM and also handles the Dynamic infrastructure request control. One of the key feature of proposed approach is Dual authorization in which all account related data will be authorized by two privileged administrators of the cloud. The auto scalability feature of the cloud is be made secure for on-demand service request handling by providing an on-demand scheduler who will process the on-demand request and assign the required infrastructure. Combining these two approaches provides a secure environment for cloud users as well as handle On-demand Infrastructure request.
Luo, X., Chen, K., Pang, G., Shou, L., Chen, G..  2017.  Visible Nearest Neighbor Search for Objects Moving on Consecutive Trajectories. 2017 IEEE International Symposium on Parallel and Distributed Processing with Applications and 2017 IEEE International Conference on Ubiquitous Computing and Communications (ISPA/IUCC). :1296–1303.

A visible nearest neighbor (VNN) query returns the k nearest objects that are visible to a query point, which is used to support various applications such as route planning, target monitoring, and antenna placement. However, with the proliferation of wireless communications and advances in positioning technology for mobile equipments, efficiently searching for VNN among moving objects are required. While most previous work on VNN query focused on static objects, in this paper, we treats the objects as moving consecutively when indexing them, and study the visible nearest neighbor query for moving objects (MVNN) . Assuming that the objects are represented as trajectories given by linear functions of time, we propose a scheme which indexes the moving objects by time-parameterized R-tree (TPR-tree) and obstacles by R-tree. The paper offers four heuristics for visibility and space pruning. New algorithms, Post-pruning and United-pruning, are developed for efficiently solving MVNN queries with all four heuristics. The effectiveness and efficiency of our solutions are verified by extensive experiments over synthetic datasets on real road network.

2018-05-09
Hasan, M. M., Rahman, M. M..  2017.  RansHunt: A Support Vector Machines Based Ransomware Analysis Framework with Integrated Feature Set. 2017 20th International Conference of Computer and Information Technology (ICCIT). :1–7.

Ransomware is one of the most increasing malwares used by cyber-criminals in recent days. This type of malware uses cryptographic technology that encrypts a user's important files, folders makes the computer systems unusable, holds the decryption key and asks for the ransom from the victims for recovery. The recent ransomware families are very sophisticated and difficult to analyze & detect using static features only. On the other hand, latest crypto-ransomwares having sandboxing and IDS evading capabilities. So obviously, static or dynamic analysis of the ransomware alone cannot provide better solution. In this paper, we will present a Machine Learning based approach which will use integrated method, a combination of static and dynamic analysis to detect ransomware. The experimental test samples were taken from almost all ransomware families including the most recent ``WannaCry''. The results also suggest that combined analysis can detect ransomware with better accuracy compared to individual analysis approach. Since ransomware samples show some ``run-time'' and ``static code'' features, it also helps for the early detection of new and similar ransomware variants.

Jin, R., He, X., Dai, H., Dutta, R., Ning, P..  2017.  Towards Privacy-Aware Collaborative Security: A Game-Theoretic Approach. 2017 IEEE Symposium on Privacy-Aware Computing (PAC). :72–83.

With the rapid development of sophisticated attack techniques, individual security systems that base all of their decisions and actions of attack prevention and response on their own observations and knowledge become incompetent. To cope with this problem, collaborative security in which a set of security entities are coordinated to perform specific security actions is proposed in literature. In collaborative security schemes, multiple entities collaborate with each other by sharing threat evidence or analytics to make more effective decisions. Nevertheless, the anticipated information exchange raises privacy concerns, especially for those privacy-sensitive entities. In order to obtain a quantitative understanding of the fundamental tradeoff between the effectiveness of collaboration and the entities' privacy, a repeated two-layer single-leader multi-follower game is proposed in this work. Based on our game-theoretic analysis, the expected behaviors of both the attacker and the security entities are derived and the utility-privacy tradeoff curve is obtained. In addition, the existence of Nash equilibrium (NE) for the collaborative entities is proven, and an asynchronous dynamic update algorithm is proposed to compute the optimal collaboration strategies of the entities. Furthermore, the existence of Byzantine entities is considered and its influence is investigated. Finally, simulation results are presented to validate the analysis.

Hasan, S., Ghafouri, A., Dubey, A., Karsai, G., Koutsoukos, X..  2017.  Heuristics-based approach for identifying critical N \#x2014; k contingencies in power systems. 2017 Resilience Week (RWS). :191–197.

Reliable operation of electrical power systems in the presence of multiple critical N - k contingencies is an important challenge for the system operators. Identifying all the possible N - k critical contingencies to design effective mitigation strategies is computationally infeasible due to the combinatorial explosion of the search space. This paper describes two heuristic algorithms based on the iterative pruning of the candidate contingency set to effectively and efficiently identify all the critical N - k contingencies resulting in system failure. These algorithms are applied to the standard IEEE-14 bus system, IEEE-39 bus system, and IEEE-57 bus system to identify multiple critical N - k contingencies. The algorithms are able to capture all the possible critical N - k contingencies (where 1 ≤ k ≤ 9) without missing any dangerous contingency.

Rahbari, D., Kabirzadeh, S., Nickray, M..  2017.  A security aware scheduling in fog computing by hyper heuristic algorithm. 2017 3rd Iranian Conference on Intelligent Systems and Signal Processing (ICSPIS). :87–92.

Fog computing provides a new architecture for the implementation of the Internet of Things (IoT), which can connect sensor nodes to the cloud using the edge of the network. This structure has improved the latency and energy consumption in the cloud. In this heterogeneous and distributed environment, resource allocation is very important. Hence, scheduling will be a challenge to increase productivity and allocate resources appropriately to the tasks. Programs that run in this environment should be protected from intruders. We consider three parameters as authentication, integrity, and confidentiality to maintain security in fog devices. These parameters have time and computational overhead. In the proposed approach, we schedule the modules for the run in fog devices by heuristic algorithms based on data mining technique. The objective function is included CPU utilization, bandwidth, and security overhead. We compare the proposed algorithm with several heuristic algorithms. The results show that our proposed algorithm improved the average energy consumption of 63.27%, cost 44.71% relative to the PSO, ACO, SA algorithms.

2018-04-04
Xie, D., Wang, Y..  2017.  High definition wide dynamic video surveillance system based on FPGA. 2017 IEEE 2nd Advanced Information Technology, Electronic and Automation Control Conference (IAEAC). :2403–2407.

A high definition(HD) wide dynamic video surveillance system is designed and implemented based on Field Programmable Gate Array(FPGA). This system is composed of three subsystems, which are video capture, video wide dynamic processing and video display subsystem. The images in the video are captured directly through the camera that is configured in a pattern have long exposure in odd frames and short exposure in even frames. The video data stream is buffered in DDR2 SDRAM to obtain two adjacent frames. Later, the image data fusion is completed by fusing the long exposure image with the short exposure image (pixel by pixel). The video image display subsystem can display the image through a HDMI interface. The system is designed on the platform of Lattice ECP3-70EA FPGA, and camera is the Panasonic MN34229 sensor. The experimental result shows that this system can expand dynamic range of the HD video with 30 frames per second and a resolution equal to 1920*1080 pixels by real-time wide dynamic range (WDR) video processing, and has a high practical value.

Nawaratne, R., Bandaragoda, T., Adikari, A., Alahakoon, D., Silva, D. De, Yu, X..  2017.  Incremental knowledge acquisition and self-learning for autonomous video surveillance. IECON 2017 - 43rd Annual Conference of the IEEE Industrial Electronics Society. :4790–4795.

The world is witnessing a remarkable increase in the usage of video surveillance systems. Besides fulfilling an imperative security and safety purpose, it also contributes towards operations monitoring, hazard detection and facility management in industry/smart factory settings. Most existing surveillance techniques use hand-crafted features analyzed using standard machine learning pipelines for action recognition and event detection. A key shortcoming of such techniques is the inability to learn from unlabeled video streams. The entire video stream is unlabeled when the requirement is to detect irregular, unforeseen and abnormal behaviors, anomalies. Recent developments in intelligent high-level video analysis have been successful in identifying individual elements in a video frame. However, the detection of anomalies in an entire video feed requires incremental and unsupervised machine learning. This paper presents a novel approach that incorporates high-level video analysis outcomes with incremental knowledge acquisition and self-learning for autonomous video surveillance. The proposed approach is capable of detecting changes that occur over time and separating irregularities from re-occurrences, without the prerequisite of a labeled dataset. We demonstrate the proposed approach using a benchmark video dataset and the results confirm its validity and usability for autonomous video surveillance.

Rupasinghe, R. A. A., Padmasiri, D. A., Senanayake, S. G. M. P., Godaliyadda, G. M. R. I., Ekanayake, M. P. B., Wijayakulasooriya, J. V..  2017.  Dynamic clustering for event detection and anomaly identification in video surveillance. 2017 IEEE International Conference on Industrial and Information Systems (ICIIS). :1–6.

This work introduces concepts and algorithms along with a case study validating them, to enhance the event detection, pattern recognition and anomaly identification results in real life video surveillance. The motivation for the work underlies in the observation that human behavioral patterns in general continuously evolve and adapt with time, rather than being static. First, limitations in existing work with respect to this phenomena are identified. Accordingly, the notion and algorithms of Dynamic Clustering are introduced in order to overcome these drawbacks. Correspondingly, we propose the concept of maintaining two separate sets of data in parallel, namely the Normal Plane and the Anomaly Plane, to successfully achieve the task of learning continuously. The practicability of the proposed algorithms in a real life scenario is demonstrated through a case study. From the analysis presented in this work, it is evident that a more comprehensive analysis, closely following human perception can be accomplished by incorporating the proposed notions and algorithms in a video surveillance event.

2018-04-02
He, X., Islam, M. M., Jin, R., Dai, H..  2017.  Foresighted Deception in Dynamic Security Games. 2017 IEEE International Conference on Communications (ICC). :1–6.

Deception has been widely considered in literature as an effective means of enhancing security protection when the defender holds some private information about the ongoing rivalry unknown to the attacker. However, most of the existing works on deception assume static environments and thus consider only myopic deception, while practical security games between the defender and the attacker may happen in dynamic scenarios. To better exploit the defender's private information in dynamic environments and improve security performance, a stochastic deception game (SDG) framework is developed in this work to enable the defender to conduct foresighted deception. To solve the proposed SDG, a new iterative algorithm that is provably convergent is developed. A corresponding learning algorithm is developed as well to facilitate the defender in conducting foresighted deception in unknown dynamic environments. Numerical results show that the proposed foresighted deception can offer a substantial performance improvement as compared to the conventional myopic deception.

Baldimtsi, F., Camenisch, J., Dubovitskaya, M., Lysyanskaya, A., Reyzin, L., Samelin, K., Yakoubov, S..  2017.  Accumulators with Applications to Anonymity-Preserving Revocation. 2017 IEEE European Symposium on Security and Privacy (EuroS P). :301–315.

Membership revocation is essential for cryptographic applications, from traditional PKIs to group signatures and anonymous credentials. Of the various solutions for the revocation problem that have been explored, dynamic accumulators are one of the most promising. We propose Braavos, a new, RSA-based, dynamic accumulator. It has optimal communication complexity and, when combined with efficient zero-knowledge proofs, provides an ideal solution for anonymous revocation. For the construction of Braavos we use a modular approach: we show how to build an accumulator with better functionality and security from accumulators with fewer features and weaker security guarantees. We then describe an anonymous revocation component (ARC) that can be instantiated using any dynamic accumulator. ARC can be added to any anonymous system, such as anonymous credentials or group signatures, in order to equip it with a revocation functionality. Finally, we implement ARC with Braavos and plug it into Idemix, the leading implementation of anonymous credentials. This work resolves, for the first time, the problem of practical revocation for anonymous credential systems.

2018-02-27
Huang, J., Hou, D., Schuckers, S..  2017.  A Practical Evaluation of Free-Text Keystroke Dynamics. 2017 IEEE International Conference on Identity, Security and Behavior Analysis (ISBA). :1–8.

Free text keystroke dynamics is a behavioral biometric that has the strong potential to offer unobtrusive and continuous user authentication. Unfortunately, due to the limited data availability, free text keystroke dynamics have not been tested adequately. Based on a novel large dataset of free text keystrokes from our ongoing data collection using behavior in natural settings, we present the first study to evaluate keystroke dynamics while respecting the temporal order of the data. Specifically, we evaluate the performance of different ways of forming a test sample using sessions, as well as a form of continuous authentication that is based on a sliding window on the keystroke time series. Instead of accumulating a new test sample of keystrokes, we update the previous sample with keystrokes that occur in the immediate past sliding window of n minutes. We evaluate sliding windows of 1 to 5, 10, and 30 minutes. Our best performer using a sliding window of 1 minute, achieves an FAR of 1% and an FRR of 11.5%. Lastly, we evaluate the sensitivity of the keystroke dynamics algorithm to short quick insider attacks that last only several minutes, by artificially injecting different portions of impostor keystrokes into the genuine test samples. For example, the evaluated algorithm is found to be able to detect insider attacks that last 2.5 minutes or longer, with a probability of 98.4%.

2018-02-21
Pak, W., Choi, Y. J..  2017.  High Performance and High Scalable Packet Classification Algorithm for Network Security Systems. IEEE Transactions on Dependable and Secure Computing. 14:37–49.

Packet classification is a core function in network and security systems; hence, hardware-based solutions, such as packet classification accelerator chips or Ternary Content Addressable Memory (T-CAM), have been widely adopted for high-performance systems. With the rapid improvement of general hardware architectures and growing popularity of multi-core multi-threaded processors, software-based packet classification algorithms are attracting considerable attention, owing to their high flexibility in satisfying various industrial requirements for security and network systems. For high classification speed, these algorithms internally use large tables, whose size increases exponentially with the ruleset size; consequently, they cannot be used with a large rulesets. To overcome this problem, we propose a new software-based packet classification algorithm that simultaneously supports high scalability and fast classification performance by merging partition decision trees in a search table. While most partitioning-based packet classification algorithms show good scalability at the cost of low classification speed, our algorithm shows very high classification speed, irrespective of the number of rules, with small tables and short table building time. Our test results confirm that the proposed algorithm enables network and security systems to support heavy traffic in the most effective manner.