Apostolos Dailianas

Comparison of automatic video segmentation algorithms

While several methods of automatic video segmentation for the identification of shot transitions have been proposed, they have not been systematically compared. We examine several segmentation techniques across different types of videos. Each of these techniques defines a measure of dissimilarity between successive frames which is then compared to a threshold. Dissimilarity values exceeding the threshold identify shot transitions. The techniques are compared in terms of the percentage of correct and false identifications for various thresholds, their sensitivity to the threshold value, their performance across different types of video, their ability to identify complicated transition effects, and their requirements for computational resources. Finally, the definition of a priori set of values for the threshold parameter is also examined. Most techniques can identify over 90% of the real shot transitions but have a high percentage of false positives. Reducing the false positives was a major challenge, and we introduced a local filtering technique that was fairly effective.

MarketNet: market-based protection of information systems

This paper describes novel market-based technologies for systematic, quantifiable and predictable protection of information systems against attacks. These technologies, incorporated in the MarketNet system, use currency to control access to information systems resources and to account for their use. Clients wishing to access a resource must pay in currency acceptable to the domain that owns the resource. An attacker must thus pay to access the resources used in an attack. Therefore, the opportunities to attack and the damage that can be caused are strictly limited by the budget available to the attacker. A domain can control its exposure to attacks by setting the prices of critical resources and by limiting the currency that it makes available to potential attackers. Currency carries unique identifiers, enabling a domain to pinpoint the sources of attacks. Currency also provides a resource-independent instrumentation to monitor and correlate access patterns and to detect intrusion attacks through automated, uniform statistical analysis of anomalous currency flows. These mechanisms are resource-independent, and admit unlimited scalability for very large systems consisting of federated domains operated by mutually distrustful administrations. They uniquely establish quantifiable and adjustable limits on the power of attackers; enable verifiable accountability for malicious attacks; and admit systematic, uniform monitoring and detection of attacks.

MarketNet: protecting access to information systems through financial market controls

Abstract This paper describes novel market-based technologies that uniquely establish quantifiable and adjustable limits on the power of attackers, enable verifiable accountability for malicious attacks, and admit systematic and uniform monitoring and detection of attacks. These technologies, incorporated in the MarketNet system, establish a financial economy to regulate the trade and use of access rights in information systems. Resources are instrumented to use currency for access control and monitoring, establishing accountability in their use. Domains control access to their resources through resource prices and budgets available to clients. Domains control and fine tune their exposure to attacks; adjust this exposure in response to emerging risks; detect intrusion attacks through automated, uniform statistical analysis of currency flows; and tune their exposure to resource unavailability by purchasing protection through financial-like instruments.

MarketNet: market-based protection of network systems and services-an application to SNMP protection

This paper describes novel protection technologies, developed by the MarketNet project at Columbia University, that shifts power from attackers to defenders, giving the defenders control over the exposure to attacks and over detectability and accountability of attackers. MarketNet uses market-based techniques to regulate access to resources. Access to a resource must be paid-for with currency issued by its domain. Domains can control the power of attackers by limiting the budgets allocated to them, and control the exposure of resources by setting their prices, effectively providing a quantifiable access control mechanism. Domains can monitor currency flows and use uniform resource-independent statistical algorithms to correlate and detect access anomalies indicating potential attacks. Currency is marked with unique identifiers that permit domains to establish verifiable accountability in accessing their resources. Domains control and fine tune their exposure to attacks; adjust this exposure in response to emerging risks; detect intrusion attacks through automated, uniform statistical analysis of currency flows; and establish coordinated response to attacks. MarketNet mechanisms unify and kernelize global information systems protection by containing all protection logic in a small core of software components. The paper presents the architecture and operation of MarketNet along with the design and implementation of the main architectural components. The paper illustrates the application of MarketNet to the protection of the simple network management protocol (SNMP) and compares it with the security features offered by SNMPv3.

MarketNet: Using Virtual Currency to Protect Information Systems

This paper describes novel market-based technologies for systematic, quantifiable and predictable protection of information systems against attacks. These technologies, incorporated in the MarketNet system, use currency to control access to information systems resources and to account for their use. Clients wishing to access a resource must pay in currency acceptable to the domain that owns it. An attacker must thus pay to access the resources used in an attack. Therefore, the opportunities to attack and the damage that can be caused are strictly limited by the budget available to the attacker. A domain can control its exposure to attacks by setting the prices of critical resources and by limiting the currency that it makes available to potential attackers. Currency carries unique identifiers, enabling a domain to pinpoint the sources of attacks. Currency also provides a resource-independent instrumentation to monitor and correlate access patterns and to detect intrusion attacks through automated, uniform statistical analysis of anomalous currency flows. These mechanisms are resource-independent, and admit unlimited scalability for very large systems consisting of federated domains operated by mutually distrustful administrations. They uniquely establish quantifiable and adjustable limits on the power of attackers; enable verifiable accountability for malicious attacks; and admit systematic, uniform monitoring and detection of attacks.

Design of real-time admission control algorithms with priority support

A multimedia ATM network is shared by media channels with different performance requirements and traffic characteristics. To make efficient use of network resources, the quality of service provided to the users should be as close as possible to their requirements. A scheme with two levels of cell loss priority within each channel is proposed. Priorities are assigned and enforced by the network locally at each switch along the path of a connection. The assignment, which can be different for the same connection at two different switches, is also dynamic; it is updated every time a connection is set up or one is terminated. Algorithms used by the network to decide the fraction of cells of each stream assigned to each cell loss priority level, along with a simple mechanism to enforce the desired priority assignment and a real-time admission control algorithm, with decision time of very few milliseconds even for thousands of heterogeneous sources are presented.

Real-time admission control algorithms with delay and loss guarantees in ATM networks

A multimedia ATM network is shared by media streams with different performance requirements. For media streams such as file transfer, the preservation of bursts and the provision of guarantees for loss probability at the burst level is of primary importance, while for media streams such as voice, loss guarantees at the cell level are sufficient. Continuous media have stringent delay jitter requirements. Finally, some applications require loss-free transmission. In this paper a complete traffic management scheme for multimedia ATM networks is introduced. At the connection setup time, the user can choose between a loss-free connection, or a connection with loss probability guarantees, either at the cell level or at the burst level. Independent of the kind of service chosen, the network also provides strict delay jitter guarantees. A connection admission control algorithm is developed for the proposed scheme. The algorithm takes into account the statistical multiplexing of the sources and focuses on scalability with the number of sources and real-time execution (few milliseconds even for thousands of sources).