J. R. Parker

On intrusion detection and response for mobile ad hoc networks

We present network intrusion detection (ID) mechanisms that rely upon packet snooping to detect aberrant behavior in mobile ad hoc networks. Our extensions, which are applicable to several mobile, ad hoc routing protocols, offer two response mechanisms, passive - to singularly determine if a node is intrusive and act to protect itself from attacks, or active - to collaboratively determine if a node, is intrusive and act to protect all of the nodes of an ad hoc cluster. We have implemented our extensions using the GloMoSim simulator and detail their efficacy under a variety of operational conditions.

Rank and response combination from confusion matrix data

Abstract The use of prior behavior of a classifier, as measured by the confusion matrix, can yield useful information for merging multiple classifiers. In particular, response vectors can be estimated and a ranking of possible classes can be produced which can allow Borda type reconciliation methods to be applied. A combination of real data and the simulation of multiple classifiers is used to evaluate this idea, and to compare with 11 other classifier combination techniques. Millions of classifications were used in the evaluation.

Audio interaction in computer mediated games

The use of sound in an interactive media environment has not been advanced, as a technology, as far as graphics or artificial intelligence. This discussion will explore the use of sound as a way to influence the player of a computer game, will show ways that a game can use sound as input, and will describe ways that the player can influence sound in a game. The role of sound in computer games will be explored some practical design ideas that can be used to improve the current state of the art will be given.

Thresholding using an illumination model

Most grey-level thresholding methods produce good results in situations where the illumination gradient in the original raster image is regular and not too large. In other cases, such as a large linear change in illumination, a satisfactory bi-level image cannot be produced. If the object pixels can be identified in a variety of positions throughout the image, these can be used to construct a surface whose height is related to illumination at each pixel. This estimate can be used to produce a threshold for each pixel. The method described here uses the Shen-Castan edge detector to identify object pixels, and creates a surface using a moving least squares method that can be used to threshold the image.<<ETX>>

Cross-layer analysis for detecting wireless misbehavior

Intrusion Detections Systems(IDSs) in ad hoc net- works monitor other devices for intentional deviation from protocol, i.e., misbehavior. This process is complicated due to limited radio range and mobility of nodes. Unlike conventional IDSs, it is not possible to monitor nodes for long durations. As a result IDSs suffer from a large number of false positives. Moreover other environmental conditions like radio interference and congestion increase false positives, complicating classification of legitimate nodes and attackers. We present a scheme that helps in accurate diagnosis of malicious attacks in ad hoc networks. Our scheme employs cross- layer interactions based on observations at various networking layers to decrease the number of false positives. Our simulations show that our scheme is more effective and accurate than those based on isolated observations from any single layer. I. INTRODUCTION Mobile ad hoc networks (MANETs) are comprised of a dy- namic set of cooperating peers, which share their wireless ca- pabilities with other similar devices to enable communication with devices not in direct radio-range of each other, effectively relaying messages on behalf of others. Conventional methods of identification and authentication are not available, since the availability of a Certificate Authority (CA) or a Key Distribu- tion Centre (KDC) cannot be assumed. Consequently, mobile device identities or their intentions cannot be predetermined or verified. Communication protocols are though designed for fairness in contention resolution provide no enforcement mechanism to ensure it. Protocols are fair to the extent to which the de- vices conform to the protocol specifications. Wireless Medium Access Control(MAC) Protocols like 802.11 that employ dis- tributed contention resolution for gaining access to the shared wireless channel are susceptible to attack from selfish nodes trying to gain an unfair share of the medium. The various networking layers from the lowest physical layer to the application layer were designed for with the tacit assumption that devices comprising the network will be protocol conformant. Herein lie several security threats, some arising from short- comings in the protocols, and others from the lack of con- ventional identification and authentication mechanisms. These inherent properties of ad hoc networks make them vulnerable, and malicious nodes can exploit these vulnerabilities in the networking layers for selfish or even malicious motives. Selfish nodes can slightly deviate from the MAC protocol specifi- cation for contention resolution in order to gain an unfairly large share of the bandwidth. More harmful attacks like packet dropping, routing disruption, jamming attacks or other forms of Denial-of-Service (DOS) at any of the networking layers can severely disrupt MANET communications. Traditionally, intrusion detection involves looking at events and activities in individual layers of the modeled OSI stack. Various pattern matches at the Transport layer, for example, can indicate SYN attacks. However, sophisticated attacks that simultaneously exploit vulnerabilities at multiple layers of the communication proto- cols will be especially hard to detect. By using observations of both external and internal events at multiple layers of the OSI our approach will be to use observations both external and internal from various layers of the OSI stack for a more accurate evaluation of bad nodes and good nodes. In this paper we show the results of looking specifically at malicious RTS activity in the 802.11 MAC layer when combined with packet dropping at the Network layer. Robust IDS and response systems will depend on accurate classification of attacks and identification of attackers. In order for devices to establish and maintain trust relations - and evolve reputations, there is a need to balance the intrusion de- tection effort with the individual nodes primary function. The goal is to maximize the probability that malicious behavior will be correctly detected (True Positives), while minimizing the probability that good nodes will be falsely accused (False Positives).

Automatic computer recognition of printed music

This paper provides an overview to the implementation of Lemon, a complete optical music recognition system. Among the techniques employed by the implementation are: template matching, the Hough transform, line adjacency graphs, character profiles, and graph grammars. Experimental results, including comparisons with commercial systems, are provided.

Extracting vectors from raster images

Abstract It is often true that a user of computer images is interested in only a few kinds of features. In particular, in a class of pictures called line images, the major feature is a line or vector. Raster representations of line images, while common, are quite wasteful of storage and are difficult to manipulate. If the vectors could be extracted reliably from the raster image, then rotation, scaling, plotting, and many other operations could be speeded up enormously.

Algorithm performance contest

This contest involved the running and evaluation of computer vision and pattern recognition techniques on different data sets with known groundwidth. The contest included three areas; binary shape recognition, symbol recognition and image flow estimation. A package was made available for each area. Each package contained either real images with manual groundtruth or programs to generate data sets of ideal as well as noisy images with known groundtruth. They also contained programs to evaluate the results of an algorithm according to the given groundtruth. These evaluation criteria included the generation of confusion matrices, computation of the misdetection and false alarm rates and other performance measures suitable for the problems. The paper summarizes the data generation for each area and experimental results for a total of six participating algorithms.

Voting methods for multiple autonomous agents

The use of many diverse algorithms simultaneously applied to a single problem improves the robustness of the solution. This is certainly true of handprinted character recognition. The problem addressed here is that of combining the results from many agents to give a single result that represents a synthesis of the component agents.

Multiple sensors, voting methods, and target value analysis

Voting techniques for high level sensor/data fusion are explored here, with examples from character recognition and target value analysis. High degrees of reliability can be achieved, and the method can be applied to various kinds of data. The only requirement is that a ranking of the targets be extracted from the sensors.