Bijan Raahemi

Knowledge sharing in dynamic virtual enterprises: A socio-technological perspective

The success of a virtual enterprise depends largely on the effective collaboration of its members in orchestrating their knowledge, skills, core competences and resources, in order to enhance competitive capabilities and respond better to business opportunities. In this paper we address the challenges of knowledge sharing in dynamic virtual enterprises. We take a socio-technological approach by proposing a human-centered knowledge sharing solution and architecture. Specifically, we propose a knowledge resource space model to represent heterogeneous knowledge resources, both explicit and implicit. We then introduce a knowledge sharing community model and adopt an agent based solution to perform the functions of knowledge sharing among members of a dynamic virtual enterprise. Our solution incorporates the concepts of agent society and semantic ontology. Knowledge sharing in dynamic virtual enterprises is performed with three types of ties: knowledge agent to knowledge agent, knowledge agent to knowledge item, and knowledge item to knowledge item. We measure agent-to-agent ties by preference correlation using the contribution degree of one agent to another and the preference similarity degree between two agents. We define a semantic view to show agent-to-item ties and use semantic links in the knowledge resource space model to reflect item-to-item ties. We also elaborate the co-evolution mechanism of collective intelligence across enterprises throughout the lifecycle of a dynamic virtual enterprise. A case study is presented to validate our approach.

Peer-to-Peer Traffic Identification by Mining IP Layer Data Streams Using Concept-Adapting Very Fast Decision Tree

We apply streaming data mining techniques, and in particular, concept-adapting very fast decision tree (CVFDT) to identify peer-to-peer (P2P) applications in Internet traffic, as the Internet data flows dynamically in large volumes (streaming data), and in P2P applications, new communities of peers often attend and old communities of peers often leave, requiring the identification methods to be capable of coping with concept drift, and updating the model incrementally. We captured Internet traffic at a main gateway router, performed pre-processing on the captured data, selected the most significant attributes, and prepared a training data stream to which the CVFDT model was applied. We tested our approach on a data stream with 3.5 million P2P and NonP2P traffic records. The results show that our approach can effectively deal with dynamic nature of streaming data and detect the changes in communities of peers. The classification accuracy is higher than 95%, and the method is well-scalable in both time and space complexities, making it competent for large-scale dynamic data. We extracted attributes only from the IP layer, eliminating the privacy concern associated with the techniques that use deep packet inspection.

Peer-to-Peer IP Traffic Classification Using Decision Tree and IP Layer Attributes

We present a new approach using data-mining technique and, in particular, decision tree to classify peer-to-peer (P2P) traffic in IP networks. We captured the Internet traffic at a main gateway router, performed preprocessing on the data, selected the most significant attributes, and prepared a training-data set to which the decision-tree algorithm was applied. We built several models using a combination of various attribute sets for different ratios of P2P to non-P2P traffic in the training data. We observed that the accuracy of the model increases significantly when we include the attributes “Src IP addr” and “Dst IP addr” in building the model. By detecting communities of peers, we achieved classification accuracy of higher than 98%. Consequently, we recommend that: (a) the classification must be done within the authority of the Internet service providers (ISP) in order to detect communities of peers, and (b) the decision tree needs to be frequently trained to ensure the fairness and correctness of the classification algorithm. Our approach is based only on information in the IP layer, eliminating the privacy issues associated with deep-packet inspection.

A fast anomaly detection system using probabilistic artificial immune algorithm capable of learning new attacks

In this paper, we propose anomaly based intrusion detection algorithms in computer networks using artificial immune systems, capable of learning new attacks. Unique characteristics and observations specific to computer networks are considered in developing faster algorithms while achieving high performance. Although these characteristics play a key role in the proposed algorithms, we believe they have been neglected in the previous related works. We evaluate the proposed algorithms on a number of well-known intrusion detection datasets, as well as two new real datasets extracted from the data networks for intrusion detection. We analyze the detection performance and learning capabilities of the proposed algorithms, in addition to performance criteria such as false alarm rate, detection rate, and response time. The experimental results demonstrate that the proposed algorithms exhibit fast response time, low false alarm rate, and high detection rate. They can also learn new attack patterns, and identify them the next time they are introduced to the network.

Classification of Peer-to-Peer traffic using incremental neural networks (Fuzzy ARTMAP)

We present application of data mining, and in particular, fuzzy ARTMAP neural networks, in classification of peer-to-peer (P2P) traffic in IP networks. We captured Internet traffic at a main gateway router, performed pre-processing on the data, selected the most significant attributes, and prepared a training data set to which the fuzzy ARTMAP algorithms were applied. Fuzzy ARTMAP is an incremental learning classifier suitable for mining stream of data. We built several models using incremental and non-incremental approaches for different sizes of the training data set. We observed that when the size of the training set is relatively small, incremental learning has better performance than non-incremental algorithm. This highlights the efficiency of the incremental learning classifier in stream data mining applications where memory size is usually limited. Our approach relies only on the IP header of the packets, eliminating the privacy concern associated with the techniques that use deep packet inspection.

Improving linear discriminant analysis with artificial immune system-based evolutionary algorithms

Mapping techniques based on the linear discriminant analysis face challenges when the class distribution is not Gaussian. While using evolutionary algorithms may resolve some of the issues associated with non-Gaussian distribution, the solutions provided by evolutionary algorithms may get trapped in local optimum. In this paper, we propose a hybrid approach using evolutionary algorithms to improve the accuracy of linear discriminant analysis. We apply combinations of the artificial immune system and fuzzy-based fitness function to address the cases with non-Gaussian distribution classes, and at the same time, evade local optimum of the search space. The transformation matrix computed by fuzzy-based evolutionary algorithms is used during the preprocessing step of the classification process to map the original dataset into a new space. The proposed methods are evaluated on datasets selected from UCI, as well as a network dataset collected from real traffic on the Internet. We measure five different indexes, namely mutual information, Dunn, SD, isolation and DB indexes to evaluate the extent of the separation of the samples before and after the proposed mapping is performed. The mapped datasets are then fed to some different classifiers. Then, accuracy of the pre-processing methods are observed on different classifiers (with and without proposed mapping). The experimental results demonstrate that the fuzzy fitness-based evolutionary methods outperform other previously published techniques in terms of efficiency and accuracy.

A framework for SIP intrusion detection and response systems

One of the main goals of moving to Next Generation Networks (NGN) is an integrated access to multimedia services like VoIP, and IPTV. The primary signaling protocol in these multimedia services is Session Initiation Protocol (SIP). This protocol, however, is vulnerable against attacks, which may reduce the Quality of Service (QoS), an important feature in NGN services. One of the most frequent attacks is Denial of Service (DoS), which can easily be generated but its detection is not trivial. In this paper, a framework is proposed to detect Denial of Service attacks and other forms of intrusions, then generate responses accordingly. Our proposed detection engine combines the specification- and anomaly-based intrusion detection techniques. The experimental results demonstrates that the proposed approach can successfully be employed to detect intruders and limit their access. Detection rates and false alarms are reported based on prepared labeled dataset from the actual test-bed

Exploiting unlabeled data to improve peer-to-peer traffic classification using incremental tri-training method

Unlabeled training examples are readily available in many applications, but labeled examples are fairly expensive to obtain. For instance, in our previous works on classification of peer-to-peer (P2P) Internet traffics, we observed that only about 25% of examples can be labeled as “P2P”or “NonP2P” using a port-based heuristic rule. We also expect that even fewer examples can be labeled in the future as more and more P2P applications use dynamic ports. This fact motivates us to investigate the techniques which enhance the accuracy of P2P traffic classification by exploiting the unlabeled examples. In addition, the Internet data flows dynamically in large volumes (streaming data). In P2P applications, new communities of peers often join and old communities of peers often leave, requiring the classifiers to be capable of updating the model incrementally, and dealing with concept drift. Based on these requirements, this paper proposes an incremental Tri-Training (iTT) algorithm. We tested our approach on a real data stream with 7.2 Mega labeled examples and 20.4 Mega unlabeled examples. The results show that iTT algorithm can enhance accuracy of P2P traffic classification by exploiting unlabeled examples. In addition, it can effectively deal with dynamic nature of streaming data to detect the changes in communities of peers. We extracted attributes only from the IP layer, eliminating the privacy concern associated with the techniques that use deep packet inspection.

Learning on Class Imbalanced Data to Classify Peer-to-Peer Applications in IP Traffic using Resampling Techniques

In many applications, one class of data is presented by a large number of examples while the other only by a few. For instance, in our previous works on identification of peer-to-peer (P2P) Internet traffics, we observed that only about 30% of examples can be labeled as “P2P” using a port-based heuristic rule, and even fewer examples can be labeled in the future as more and more P2P applications use dynamic ports. In this paper, the effect of three resampling techniques on balancing the class distribution in training C4.5 and neural networks for identifying P2P traffic is studied. The experimental data were captured at our campus gateway. Nine datasets with different percentages of “P2P” examples and six datasets of different sizes with an actual percentage of about 30% of “P2P” examples are used in the experiments. The results show that resampling techniques are effective and stable, and random over-sampling is a quite good choice for P2P traffic identification considering a combination of the classification performance and time complexity.

Error correction on 64/66 bit encoded links

The IEEE 802.3ae task force adopted a 64b/66b encoding scheme for 10 Gb Ethernet, where each 64-bit word is scrambled using a self-synchronous scrambler with polynomial x58+x39+1. Because of its acceptable run length and low overhead, the 64b/66b encoding is also a candidate encoding scheme for high speed inter-shelf, chip-to-chip, and backplane interconnections. While scrambling facilitates data synchronization, a self-synchronous scrambler has the disadvantage of duplicating errors, i.e. every transmission error results, after descrambling, in two or more additional errors. There is, however, no provision in the IEEE 802.3ae for single or multiple error correction of 64b/66b encoded links. We propose a fast and efficient error-correction scheme that can be used in conjunction with the 64b/66b encoding in products where intra-board or inter-shelf interconnections of high speed elements are required. The proposed algorithm takes into account the duplication of errors through computing the position of such errors, and generating a syndrome table accordingly. The algorithm also accounts for errors which cross the codeword boundaries entering into the next codeword (carry over errors). The proposed algorithm is 64-bit aligned, compatible with the structure of 10 GbE specified in the IEEE 802.3. Moreover, the algorithm is general; it is applicable to M-bit encoded links, where M is any arbitrary number of bits in an encoded codeword, and the self-synchronous scrambler could be of any polynomial. We specify the functional blocks of the algorithm including error control blocks at the transmitter and receiver, the buffer structure to store the code words, the CRC computation algorithm, a syndrome table, and a comparator to compare the calculated syndrome with the syndrome table in order to detect and correct single bit errors. We also perform a simulation with exhaustive test vectors (all possible errors) to demonstrate that the algorithm detects and corrects all single-bit errors on a 64/66 bit encoded links