Allen Y. Chang

Cost prediction for ray shooting

The ray shooting problem arises in many different contexts. For example, solving it efficiently would remove a bottleneck when images are ray-traced in computer graphics. Unfortunately, theoretical solutions to the problem are not very practical, while practical solutions offer few provable guarantees on performance. In particular, the running times of algorithms used in practice on different data sets vary so widely as to be almost unpredictable.Since theoretical guarantees seem unavailable, we aim at obtaining a simple, easy to compute way of estimating the performance without running the actual algorithm. We propose a very simple cost predictor which can be used to measure the average performance of any ray shooting method based on traversing a bounded-degree space decomposition.We experimentally show that this predictor is accurate for octree-induced decompositions, irrespective of whether or not the bounded-degree requirement is enforced. The predictor has been tested on octrees constructed using a variety of criteria.This establishes a sound basis for comparison and optimization of octrees. It also raises a number of interesting and challenging questions such as how to construct an optimal octree for a given scene using our cost predictor.Since the distribution of rays in a ray-tracing process may differ from the rigid-motion invariant distribution of lines and the corresponding distribution of rays assumed by our cost predictor, we also experimentally confirm that the performance of an octree for an actual ray-tracing computation is well captured by our cost predictor.

Early Warning System for DDoS Attacking Based on Multilayer Deployment of Time Delay Neural Network

Distributed denial of service (DDoS) is one of the most persecution network attack techniques to be confronted in recent years. From the definition of DDoS, thousands of network attacks must initiate simultaneously and continuously to achieve a successful DDoS attacking. Therefore, almost all of the information system cannot survive as they confront the DDoS attacks. Although there are a lot of intrusion detection system (IDS) developed, preventing DDoS attack is still difficult and perplexing. In this paper, an early warning system for detecting DDoS attacking has been mounted to a traditional IDS to form a completely system. This early warning system is developed based on the rationale of time delay neural network. In the networking topology, each node is monitored with the deployment of detectors to establish a multilayer architecture. In addition, the activities of each node will be monitored by their neighboring nodes to check whether it is still survival or not mutually. After then, all of the attacking information will be collected and transferred to the expert module for integrating analysis. As those nodes dispatched on the DMZ or between the first and second layer of firewall face some attacking similar as the pattern of DDoS, the kernel expert module which dispatched behind the second firewall will take some feasible actions and initiate the defense strategies to protect the kernel information system. In the meanwhile, those failed nodes will be restarted and act as the role of vanguard to assure the networking under normal operation.

An improved certificate mechanism for transactions using radio frequency identification enabled mobile phone

Due to rapid advance of the RFID systems, there is sufficient computing power to implement the encryption and decryption required for the authentication during transactions nowadays. In addition, RFID tags have enough capacity to store the corresponding information. Therefore, RFID enabled credit card can be used to improve the potential security issues occurred while using the traditional credit card, however, the limitation of the production cost of RFID tag, its computing power and storage capacity is limited. Thus, it cannot perform sophisticated computation needed for the authentication mechanism, i.e., security technologies adopted from traditional wireless network cannot be transplanted to the contactless RFID transmission directly. Many solutions have been proposed to improve the RFID security issues raised in the research. Most of these studies assume the communication infrastructure between the RFID reader and the back-end database are based wired enterprise networking environment which is usually defined as the secured communication channel. However, there are many applications that users need to use RFID enabled handheld devices such as mobile phones or PDAs to link with the back-end database via wireless communication protocols like GSM, GPRS or wi-fi. These communication channels are exposed to unsafe environments and the security issues must be taken into account. In this paper, we construct an RFID system based on mobile communication devices such as cellular phones. We propose an effective and secured certificate mechanism using mobile devices as RFID readers together with the credit cards containing RFID tags. The result shows it can improve the existing RFID security issues under the premise of safety, efficiency and compatibility of the EPC network.

Optimum tuning of defense settings for common attacks on the web applications

Statistics from various sources indicate that there are roughly 75% cyber attacks occurred in the web applications, and the trend is growing. The unsafe coding of web application or the vulnerability of the application itself is yet to be patched result in a high security risk. In addition to white-box testing to examine the source code, black box testing for vulnerability scan or penetration test, one may choose to setup defense facilities at the front-end of the server - such as: application-layer intrusion prevention system, or application software and hardware firewall to enhance the defense mechanism or to gain more time to patch the vulnerability. This paper presents an optimum tuning method utilizing the application firewall widely used by the modern enterprises. We explore several attacking methods commonly used nowadays, such as the signature of cross-site scripting and SQL injection, and introduce a new method to setup the parameters of the device to strengthen the defense. To enhance the security of the back-end application servers, we use keyword filtering and re-treatment to rule out the blacklist, and to adjust the system settings so that it can effectively block the assaults or reduce the possibility of successful attacks. In addition, we also simulate attacks to web browsing and application through vulnerability scanning tools to test the security of application system and to make sure the necessary defense of the optimum tuning parameters. This concept does produce good results in our implementation of verification tests. It is worth promoting as a reference.

A proxy-based real-time protection mechanism for social networking sites

In the past few years, social networking websites such as Facebook and Myspace become very popular. The usage rage of social networking websites even exceeds that of Google. Followed by the popularity is many potential networking threats. How to prevent and improve these threats to avoid their expansion has become a major challenge.

Search, Identification and Positioning of the Underground Manhole with RFID Ground Tag

Road formation is the basic requirement of modern country. Manholes on the road are the main objects result in uneven surfaces. They are not only the killer of public safety, but also the main cause of national compensation; therefore, it is necessary to implement the underground manhole. However, it is not easy to search for the manhole from underground. Thus, it is essential to develop a set of searching, authentication, and precision positioning technologies. We analyze the pros and cons of metal detection, GPS location and RFID authentication approaches as well as their restrictions, of which the first two can only be used as navigational aids to arrive at the scene. While RFID can help to identify manholes, putting the manhole cover 20 cm below the asphalt concrete (AC) pavement creates more complications. Not only the reading distance is way too long for normal operation, but also the filling through the aquifer, and to avoid metal interference comes from the manholes, traditional RFID reader cannot achieve such purpose. Therefore special design is inevitable. In this paper, we analysis the RFID spectrum as well as the characteristics of binding RFID tags and metal. We than utilize the environmental characteristics of underground manhole, and design a special-purpose RFID tag — Ground Tag, in order to propose an integrated solution for searching, authentication and precision positioning of the underground manhole.

Methods to enhance the performance of Iterated Timing Analysis algorithm

In circuit simulation, Relaxation-based algorithms have been proven to be faster and more flexible than the standard direct approach used in SPICE. ITA (Iterated Timing Analysis) algorithm has even been widely used in industry. This paper describes a new accelerating technique using the latency property of subcircuits and other accelerating methods based on Strength of Signal flow (SSF) for ITA algorithm. The definition of SSF, calculation method, and methods to utilize SSF all have been illustrated clearly. Experimental examples are given to justify the superior property of these proposed methods. A more powerful strategy for enhancing ITA is also designed and carefully justified.

Dynamic intrusion detection system based on feature extraction and multidimensional hidden Markov model analysis

In this paper, a novel intrusion detection system based on diversity timing factor, combining the characteristic of dynamic and static adaption, sniffing from multi-stage and analyzing with multi-dimensional hidden Markov model has been proposed. In the proposed mechanism, detection, expert, and console modules are developed. In which, the detection module is deployed with numbers of independent sensors on each node/device of the network. This module not only takes the responsibility to detect and collect all of the desired information on each different timing period and stage, but also denotes specific weighting function to indicate the significance of possible influence and tune the value according to the frequency and times of the occurrence of security events on each collected data. All of the collected audit data and detected normal/abnormal signals will be transferred to the database of the expert module for further integrated evaluation on those multiple observing factors and processed with synthetic information and associative events analysis based on hidden Markov model algorithm on multidimensional. After then, the fuzzy inferring rule is applied for intrusion recognition and identification. The console module is assigned to manage the performance of the system, control all of the sensors for monitoring security events and generate alerts and offer periodically reports and present proposals for taking suitable response and making optimal decision. Experimental results demonstrate that the proposed IDS mechanism possesses good efficiency and performance.

Plug into the Online Database and Play Mobile Web 2.0

The next generation of open mobile device platforms will use wireless broadband access technology and human-computer interface advances to allow remote plug and play with Web 2.0 applications. A case study of mobile commerce reveals a complete workflow, from user log in to entry creation to barcode scanning.

Cost prediction for ray shooting in octrees

The ray shooting problem arises in many different contexts and is a bottleneck of ray tracing in computer graphics. Unfortunately, theoretical solutions to the problem are not very practical, while practical methods offer few provable guarantees on performance. Attempting to combine practicality with theoretical soundness, we show how to provably measure the average performance of any ray-shooting method based on traversing a bounded-degree spatial decomposition, where the average is taken to mean the expectation over a uniform ray distribution. An approximation yields a simple, easy-to-compute cost predictor that estimates the average performance of ray shooting without running the actual algorithm. We experimentally show that this predictor provides an accurate estimate of the efficiency of executing ray-shooting queries in octree-induced decompositions, irrespective of whether or not the bounded-degree requirement is enforced, and of the criteria used to construct the octrees. We show similar guarantees for decompositions induced by kd-trees and uniform grids. We also confirm that the performance of an octree while ray tracing or running a radio-propagation simulation is accurately captured by our cost predictor, for ray distributions arising from realistic data.