Manpyo Hong

Real-time scheduling of tasks that contain the external blocking intervals

Distributed systems, where the processes send and receive their messages remotely, are generally based on the message communications. The execution of a process is blocked until the process receives a response from an other process for a requested message. In this paper, we propose two real-time scheduling methods for the tasks with blocking intervals. It is proven that every task set that is schedulable by Mings method is also schedulable by one of the proposed methods. Also, the simulation shows that the schedulable ratios of task sets by the proposed methods are much higher than that obtained by Mings method.

Polynomial-based key management for secure intra-group and inter-group communication

Abstract Secure group communication has become an important issue in many applications. Both intra-group and inter-group multicast traffic must be protected by shared secret keys. In order to communicate securely in the same group and among different groups, we employed a polynomial P to achieve efficient intra-group key refreshment and generated a polynomial H ( x ) to create an inter-group key. Proposed polynomial-based key management schemes have the following advantages: (1) Group members and the group controller can share the intra-group key without any encryption/decryption. (2) When the members of the group get changed, the group controller needs to update and distribute the renewed group keys. The proposed mechanism can reduce the number of re-keying messages. (3) The proposed mechanism lessens the storage overhead of group members and the group controller by adopting a polynomial-based key management scheme. (4) As compared with previous approaches, the group controller does not need to broadcast heavy messages which are necessary for creating an inter-group key. Hence, it introduces only a small amount of broadcast traffic to the group members. The analysis of the proposed mechanism is conducted to demonstrate the improvements.

A comprehensive categorization of DDoS attack and DDoS defense techniques

Distributed Denial of Service (DDoS) attack is the greatest security fear for IT managers. With in no time, thousands of vulnerable computers can flood victim website by choking legitimate traffic. Several specific security measurements are deployed to encounter DDoS problem. Instead of specific solution, a comprehensive DDoS cure is needed which can combat against the previously and upcoming DDoS attack vulnerabilities. Development of such solution requires understanding of all those aspects which can help hacker to activate zombies and launch DDoS attack. In this paper, we comprehensively analyzed the DDoS problem and we proposed a simplified taxonomy to categorize the attack scope and available defense solutions. This taxonomy can help the software developers and security practitioners to understand the common vulnerabilities that encourage the attackers to launch DDoS attack.

Fast file-type identification

This paper proposes two techniques to reduce the classification time of content-based file type identification. The first is a feature selection technique, which uses a subset of highly-occurring byte patterns in building the representative model of a file type and classifying files. The second is a content sampling technique, which uses a subset of file content in obtaining its byte-frequency distribution. Our initial experiments show that the proposed approaches are promising even the simple 1-gram features are used for the classification.

On Improving the Accuracy and Performance of Content-Based File Type Identification

Types of files (text, executables, Jpeg images, etc.) can be identified through file extension, magic number, or other header information in the file. However, they are easy to be tampered or corrupted so cannot be trusted as secure ways to identify file types.In the presence of adversaries, analyzing the file content may be a more reliable way to identify file types, but existing approaches of file type analysis still need to be improved in terms of accuracy and speed. Most of them use byte-frequency distribution as a feature in building a representative model of a file type, and apply a distance metric to compare the model with byte-frequency distribution of the file in question. Mahalanobis distance is the most popular distance metric. In this paper, we propose 1) the cosine similarity as a better metric than Mahalanobis distance in terms of classification accuracy, smaller model size, and faster detection rate, and 2) a new type-identification scheme that applies recursive steps to identify types of files. We compare the cosine similarity to Mahalanobis distance using Wei-Hen Li et al.s single and multi-centroid modeling techniques, which showed 4.8% and 13.10% improvement in classification accuracy (single and multi-centroid respectively). The cosine similarity showed reduction of the model size by about 90% and improvement in the detection speed by 11%. Our proposed type identification scheme showed 37.78% and 31.47% improvement over Wei-Hen Lis single and multi-centroid modeling techniques respectively.

Fast content-based file type identification

Digital forensic examiners often need to identify the type of a file or file fragment based on the content of the file. Content-based file type identification schemes typically use a byte frequency distribution with statistical machine learning to classify file types. Most algorithms analyze the entire file content to obtain the byte frequency distribution, a technique that is inefficient and time consuming. This paper proposes two techniques for reducing the classification time. The first technique selects a subset of features based on the frequency of occurrence. The second speeds up classification by randomly sampling file blocks. Experimental results demonstrate that up to a fifteen-fold reduction in computational time can be achieved with limited impact on accuracy.

Collaborative Peer to Peer Defense Mechanism for DDoS Attacks

Abstract Distributed Denial of Service (DDoS) attacks are the most common and easiest attacks to propagate over internet. It causes a high degree of destruction to the network and systems resources. The destructive nature of DDoS attacks force security engineers to design defense solutions which can detect and take counter actions to defend against such attacks. In this paper, we investigated the packet flood attacks and presented a collaborative peer to peer defense mechanism. The proposed solution detects the attack at victim edge router and sends the alert messages to its neighboring nodes which allow them to proactively defend themselves. Simulation results shows the e_ciency of the solution with less false positives at victim edge router and less damage to the network due to proactive defense approach.

Content-based File-type Identification Using Cosine Similarity and a Divide-and-Conquer Approach

Identifying the file type (TXT, EXE, JPEG, etc.) is important for computer security applications such as computer forensics, steganalysis, and antivirus programs. The common approach for this is to use file extensions, magic numbers, or other header information. However, these are susceptible to tampering or corruption; for instance, the file extension can be easily spoofed and the magic numbers can be obfuscated. A more reliable approach may be to analyze the file content instead of using only the tip of the information (metadata). This paper proposes two methods based on the file content. First, we use the cosine distance as a similarity metric when comparing the file content rather than the Mahalanobis distance that is popular and has been used by the other related approaches. The cosine similarity (unlike the Mahalanobis distance) retains the classification accuracy on a small number of highly frequent byte patterns which leads to a smaller model size and faster detection rate. Second, we decompose the identification procedure into two steps by taking the divide and conquer: in the first step, the similar files in terms of byte pattern frequencies are grouped into several clusters. In the next step, the cluster which contains different file types is fed to the neural network in order for finer classification. The experiments showed that the classification followed by clustering leads to higher accuracies.

Optimal Scheduling Algorithms in WDM Optical Passive Star Networks

All-to-all broadcast scheduling problems are considered in WDM optical passive star networks where k wavelengths are available in the network. It is assumed that each node has exactly one tunable transmitter and one fixed tuned receiver. All transmitters can tune to k different wavelengths, and have the same tuning delay δ to tune from one wavelength to another. In this paper, we take δ to be a nonnegative integer which can be expressed in units of packet durations. When all-to-all broadcasts are scheduled periodically in the network, the lower bounds are established on the minimum cycle length depending on whether each node sends packets to itself or not. And then, we present optimal scheduling algorithms in both cases for arbitrary number of wavelengths and for arbitrary value of the tuning delay.

Biologically Inspired Computer Virus Detection System

There have been many researches in Computer Science that their fundamental ideas were based on Biology. Genetic algorithm and neural network are best-known paradigms in this category. Recently, many ideas from immune system have been used in detecting computer virus and worm. Since the first computer virus has been found, scanning detection has been used as a primarily method in virus detection systems. As computer viruses and worms become more complex and sophisticated, the scanning detection method is no longer able to detect various forms of viruses and worms effectively. Many anti-virus researchers proposed various detection methods including artificial immune system to cope with these characteristics of computer viruses and worms. This paper discusses the principle of artificial immune system and proposes artificial immune based virus detection system that can detect unknown viruses.