Tae Ho Cho

A knowledge-based simulation environment for hierarchical flexible manufacturing

This article presents an approach to embedding expert systems within an object oriented simulation environment. The basic idea is to create classes of expert system models that can be interfaced with other model classes. An expert system shell is developed within a knowledge-based design and simulation environment which combines artificial intelligence and systems modeling concepts. In the given framework, interruptible and distributed expert systems can be defined as components of simulations models. This facilitates simulation modeling of knowledge-based controls for flexible manufacturing and many other autonomous intelligent systems. Moreover, the structure of a system can be specified using a recursive system entity structure (SES) and unfolded to generate a family of hierarchical structures using an extension of SES pruning called recursive pruning. This recursive generation of hierarchical structures is especially appropriate for design of multilevel flexible factories. The article illustrates the utility of the proposed framework within the flexible manufacturing context.

Simulation of intelligent hierarchical flexible manufacturing: batch job routing in operation overlapping

We present an approach to embedding expert systems within an object-oriented simulation environment that facilitates the creation of classes of expert system model elements that can be interfaced with other model components. Previous work has shown how distributed expert systems can be defined as modular components of simulations models. This article illustrates their usefulness in fractal architectures for flexible manufacturing, as proposed in the literature. Alternate structures (reconfigured structures) of a proposed hierarchical factory architecture can be generated through the recursive pruning process. Such rapid prototyping should greatly enhance the ability to investigate alternative architectural solutions to manufacturing problems in a timely manner.

Fuzzy Adaptive Selection of Filtering Schemes for Energy Saving in Sensor Networks

Sensor networks are often deployed in unattended environments, thus leaving these networks vulnerable to false data injection attacks in which an adversary injects forged reports into the network through compromised nodes, with the goal of deceiving the base station or depleting the resources of forwarding nodes. Several research solutions have been recently proposed to detect and drop such forged reports during the forwarding process. Each design can provide the equivalent resilience in terms of node compromising. However, their energy consumption characteristics differ from each other. Thus, employing only a single filtering scheme for a network is not a recommendable strategy in terms of energy saving. In this paper, we propose a fuzzy-based adaptive filtering scheme selection method for energy saving. A fuzzy rule-based system is exploited to choose one of three filtering schemes by considering the false traffic ratio, the security threshold value, distance, and the detection power of the filtering scheme. The adaptive selection of the filtering schemes can conserve energy, and guarantee sufficient resilience.

A fuzzy-based interleaved multi-hop authentication scheme in wireless sensor networks

In sensor networks, a compromised node can either generate fabricated reports with false votes or inject false votes into real reports, which causes severe damage such as false alarms, energy drain and information loss. An interleaved hop-by-hop authentication (IHA) scheme addresses the former attack by detecting and filtering false reports in a deterministic and hop-by-hop fashion. Unfortunately, in IHA, all en-route nodes must join to verify reports while only a few are necessary to the authentication procedure. In this paper, we propose a fuzzy-based interleaved multi-hop authentication scheme based on IHA. In our scheme, the fuzzy logic system only selects some nodes for verification based on the network characteristics. Moreover, we apply a voting method and a hash-based key assignment mechanism to improve network security. Through performance evaluation, the proposed scheme is found to save up to 13% of the energy consumption and to provide more network protection compared to IHA.

Fuzzy logic based propagation limiting method for message routing in wireless sensor networks

Recent advances in micro sensors and wireless communications have enabled the wireless sensor networks. Also, a number of routing protocols have been proposed for the sensor networks. Especially, the directed diffusion is a data-centric and application-aware routing algorithm in which all communication is processed by the attribute-value pairs of the named data. In the directed diffusion, an interest message is propagated through all the nodes within the network. However, the propagation to all the nodes is inefficient in terms of energy consumption. To solve this problem, we propose a new data propagation method in which the data transmission area is limited according to a threshold value for reducing the energy consumption in the network. The fuzzy rule based system is exploited to determine the threshold value by considering the energy and density of all the deployed nodes.

Fuzzy logic anomaly detection scheme for directed diffusion based sensor networks

The wireless sensor network is rapidly emerging as an important tool for various applications. In this network, where a large subset of the network applications monitors and protects critical infrastructures, security is a particularly important issue. However, ensuring the security in the sensor network is complicated due to limited energy resources. In this paper, a fuzzy logic based anomaly detection scheme which provides the security to the directed diffusion protocol is proposed. The scheme is effective in preventing Denial-of-Service type attacks, which drain the energy resources within the nodes. Fuzzy logic is exploited in order to obtain a high detection rate by considering factors such as the node energy level, neighbor nodes list, message transmission rate, and error rate in the transmission.

Modeling and Simulation for Detecting a Distributed Denial of Service Attack

The attackers on Internet-connected systems we are seeing today are more serious and technically complex than those in the past. So it is beyond the scope of any one system to deal with the intrusions. This paper shows a modeling and simulation of network security in which the multiple IDSes (Intrusion Detection System) and a firewall coordinate by sharing attackers information for the effective detection of the intrusion. Another characteristic in the proposed simulation is the composition of a real intrusion by generating nonabstracted intrusion packets and, accordingly, the construction of nonabstracted version of IDS and firewall model components.

Path renewal method in filtering based wireless sensor networks.

In applications of wireless sensor networks, there are many security issues. Attackers can create false reports and transmit the reports to the networks. These false reports can lead not only false alarms, but also the depletion of limited energy resources. In order to filter out such false reports during the forwarding process, Ye et al. proposed the statistical en-route filtering (SEF). Several research efforts to enhance the efficiency of SEF have been made. Especially, the path selection method proposed by Sun et al. can improve the detection power of SEF by considering the information on the filtering keys of and distances of upstream paths. However, such selection mechanism could lead to favored paths in heavy traffic, which would result in unbalanced energy consumption. In this paper, we propose a path renewal method to provide load balancing for sensor networks in terms of energy consumption. In our method, a node renews its upstream path to save energy resources if the remaining energy of and the communication traffic of the node exceed some threshold values. We show the effectiveness of the proposed method in terms of balanced energy consumption and filtering power by providing simulation results.

An application of blackboard architecture for the coordination among the security systems

Abstract The paper describes the design and implementation of a security architecture for a coordination information system constructed by blackboard architecture (BBA). The need arises for systems to coordinate with one another, to manage diverse attacks across networks and time. The coordination issue is the essential problem since it is beyond the scope of any one intrusion detection system (IDS) to deal with the intrusions. This paper shows a modeling and simulation of network security in which the multiple IDSes and a firewall coordinate by sharing attacker’s information for the effective detection of the intrusion. Another characteristic in the proposed simulation is the composition of a real intrusion by generating non-abstracted intrusion packets and, accordingly, the construction of non-abstracted version of IDS and firewall model components that are closely related to the intrusion packets.

Simulation of Network Security with Collaboration among IDS Models

IDS (Intrusion Detection System) plays a vital role in network security in that it monitors system activities to identity unauthorized use, misuse or abuse of computer and network system. For the simulation of IDS a model has been constructed based on the DEVS (Discrete EVent system Specification) formalism. With this model we can simulate whether the intrusion detection, which is a core function of IDS, is effectively done under various different conditions. As intrusions become more sophisticated, it is beyond the scope of any one IDS to deal with them. Thus we placed multiple IDS agents in the network where the information helpful for detecting the intrusions is shared among these agents to cope effectively with attackers. Each agent cooperates through the BBA (Black Board Architecture) for detecting intrusions. If an agent detects intrusions, it transfers attackers information to a Firewall. Using this mechanism attackers packets detected by IDS can be prevented from damaging the network.