Current Issue

• 2010, No. 7　Published:25 June 2010 Last issue    Next issue
  Columns in this issue: 论文

• 论文

  Packed PE File Detection Based on Weighted Euclidean Distance Analysis

  CHEN Qin,HUANG Jianjun,CHU Yiping,FANG Haiying

  2010, 32(7): 1-3. doi: 10.3969/j.issn.1007130X.2010.

  Abstract ( 411 )   PDF (362KB) ( 561 )   　　

  More and more malware is appearing on the Internet, the authors of the malware want to gain illegal purposes by inserting malicious code into the users’ computers, such as achieving the users’ names and passwords. In order to prevent computers from being attcked, software analyzers need to analyze the principle of the malware, however, if the malware is packed, it is very difficult to analyze. We must unpack the malware and the first step of unpacking is to detect whether the malware is packed or not. This paper proposes a packed PE file detection method based on a weighted Euclidean distance analysis (PDWED) algorithm by analyzing and comparing the differences between the unpacked and the packed software on the PE header, which includes constructing a vector of 10 elements,distributing weighted value for each element,and calculating the weighted Euclidean distance of the vector. The experimental results show that PDWED can detect whether the software is packed or not quickly and accurately.

  Research on a New IPSec WAN AccelerationCommunication System Based on the TCP Tunnel

  MEI Song

  2010, 32(7): 4-7. doi: 10.3969/j.issn.1007130X.2010.

  Abstract ( 464 )   PDF (572KB) ( 418 )   　　

  This paper discusses the slow speed of the TCP communication in WANs，and analyses the architecture of IPSec. To improve the performance of the TCP communication protected by IPSec in WANs, a new TTAP（TCP Tunnel Acceleration Protocol）is proposed including its structure and procedure. The soft structure of FreeSWAN is improved and the performance test data are presented in order to validate this new protocol. Finally, the performance of the new system is analysed detailedly.

  A Method for Resolveing the Collision of the Intranet IP Addresses in the VPN Applications

  XIAO Ling,LI Zhitang,WANG Meizhen

  2010, 32(7): 8-12. doi: 10.3969/j.issn.1007130X.2010.

  Abstract ( 445 )   PDF (627KB) ( 380 )   　　

  A serious conflict problem of the native IP addresses appears in the largescale applications of the VPN system, which leads to a new compatibility problem of network configuration that only modifies the  compatible native IP address. This paper analyses the effect of the conflict problem that different hosts use the same native IP address and gives a scheme of using the virtual network card address to flag the IPSec policy in a virtual private network, and presents a new Windows VPN architecture applying a virtual network card which can resolve the native IP address conflict problem well and bring about new characteristics of a VPN application.

  A Novel Cooperative Routing Metric over Wireless Mesh Networks

  CHEN Bo1,YANG Shoubao1,PENG Shaoliang2,HU Yun1,HE Weiqing1

  2010, 32(7): 13-15. doi: 10.3969/j.issn.1007130X.2010.

  Abstract ( 517 )   PDF (513KB) ( 374 )   　　

  Considering the broadcast nature of wireless communications and the diversity of transmission, this paper presents a cooperative routing metric (COOPM) for wireless mesh networks. The routing, which is based on COOPM, can make several nodes send data to one node cooperatively, and then it can greatly increase the whole network's throughput and achieve good network capacity.

  A ClockControlled Keystream Generator  Based on LFSR

  XU Qianqian,ZHAO Zemao,LI Mengting

  2010, 32(7): 16-18. doi: 10.3969/j.issn.1007130X.2010.

  Abstract ( 503 )   PDF (350KB) ( 366 )   　　

  A LFSRbased clockcontrolled keystream generator is presented. One LFSR picks up ten LFSRs from fifteen LFSRs whose  spans are all pair wiseprime, and the ten LFSRs will generate ten m sequences, export the sum of the m sequences, so the period of the sequence is extended. Its linear complexity, evenness, autocorrelation and the running features are also analyzed. The result shows the period of sequence produced by this generator reaches 2128and its properties are  also very good. The sequence can be encrypted as the keystream sequence.These msequences are selected randomly by the clockcontrolled mechanism, which increases the number of keystream sequences. In addition, an algorithm is proposed,and the generator is thought to be practical.

  Research on the SRF Spread Model of Friendly Worms

  ZHANG Dianxu1 ,2,ZHANG Yi1,LIU Xiaoyang3,ZENG Xing2,PENG Jun4

  2010, 32(7): 19-22. doi: 10.3969/j.issn.1007130X.2010.

  Abstract ( 457 )   PDF (600KB) ( 369 )   　　

  The technical application of friendly worms is mitigated by a lot of impact when they spread on the network, But the main traffic comes from the scanning stage and the propagation stage.The SRF strategy is proposed,and the strategy can use the strategy of ordering, classification of IP addresses and the RRHl propagation at the scanning stage.Combining with the finite propagation and the frequency sensitive dynamic replication mechanism at the propagation stage and Comparing with the traditional ones, it decreases the traffic about 40 percent at the scanning stage.At the propagation stage,the strategy controls replication accurately, thus makes the traffic controllable.

  Research and Implementation of an Interactive  Learning RIA Platform Based on Silverlight

  CHENG Guoxiong,HU Shiqing

  2010, 32(7): 23-26. doi: 10.3969/j.issn.1007130X.2010.

  Abstract ( 467 )   PDF (650KB) ( 444 )   　　

  To solve the problems of inadequate expression and poor interaction of the current WEBlearning platforms,based on the analysis of RIA (Rich Internet Application) and combines with the technical characteristics of the RIA clients with the ability to describe many media elements, an interactive WEBlearning platform and the related overall architecture are presented. The handwriting and handwriting recognition method in the WEB environment are realized based on Silverlight and the WCF technology. By exploiting the logic control properties of RIA on the client, the object dragging and collision detection functions are carried out, and these functions are used to design the RIA platform for interactive learning systems .The handwriting and handwriting recognition technology not only enhance the interactive experience of learning platforms, but can also be used for remote office and online interactive game development.

  A Hierarchical Mobile IPv6 Optimization Scheme

  LIU Zheng,CAI Ming

  2010, 32(7): 27-29. doi: 10.3969/j.issn.1007130X.2010.

  Abstract ( 403 )   PDF (545KB) ( 311 )   　　

  Mobility without changing the IP address is the key to the mobile IPv6.The key technology for mobile IPv6 is the mobile switching process.How to reduce the switching delay is the standard to measure the function of the mobile IPv6 switch.For this reason,as for the mobile host’s frequent switching in the field network we propose the  Hierarchical Mobile IPv6 to reduce the delay,and expect the  switch of the second layer’s trigger has made rapid switching for mobile IPv6.In this paper,we propose an improved program based on the  fasthierarchical mobile IPv6.First of all,for the delay of fast switching,it introduces the caching mechanism,and then because MAP can not reduce the registration delay when interdomain switching happens,it introduces the concept of functional router.We propose the optimal function of the routing algorithm to reduce the handoff delay and the packet loss rate.The experimental analysis shows that the new method has a high degree of improvement.

  A DisasterRecovery Oriented Failure Detection Algorithm Based on Ring Topology

  WANG Qiang,ZHOU Enqiang,CHEN Haitao,CHEN Weining

  2010, 32(7): 30-34. doi: 10.3969/j.issn.1007130X.2010.

  Abstract ( 380 )   PDF (666KB) ( 396 )   　　

  With the rapid development of information systems in critical applications,their disaster recovery capability becomes a focus point.Failure detection algorithm is one of the crucial techniques in building a disaster recovery system.Fast,efficient and accurate failure detection is the precondition and guarantee for the realization of the disaster recovery effectively.This  paper studies a FDADRBR failure detection algorithm based on ring topology.Our FDADRBR algorithm remedies the deficiencies of ring topology when applied to disaster recovery,and resolves the single failure of the tree topology with less overhead.The experimental results indicate that this algorithm not only has higher accuracy,less network overhead and lower diagnosis latency,but also effectively enhances the failure detection algorithm’s expandability in disaster recovery,and can be used to manage the information systems of disaster tolerance.

  The Model of Application Level Anomaly Detetion

  HU Zhimin1,2，WANG Hongji3

  2010, 32(7): 35-37. doi: 10.3969/j.issn.1007130X.2010.

  Abstract ( 541 )   PDF (368KB) ( 590 )   　　

  The current technique of application level anomaly detection has a bad universal property which is for one type of application level attack.Inspired from the principle of immune cell identifying nonself,a generic model of application level anomaly detection based on negative selection is designed,and the key technologies of implementation are studied.Simulation tests show that the model can detect the application level anomaly of network servers,and has the advantages of good performance,and broad application prospect.

  Analysis and Checking of the NS Security Protocol Based on the Temporal Logic of Action

  HUANG Yiwang1,2，WAN Liang1，LI Xiang1

  2010, 32(7): 38-41. doi: 10.3969/j.issn.1007130X.2010.

  Abstract ( 642 )   PDF (414KB) ( 333 )   　　

  TLA is a logic which combines the temporal logic and the logic of action,describing and validating the concurrent systems with TLA. TLA can express the system and the corresponding properties by adding actions and behaviors.First,this paper introduces the grammer,semantics and simple reasoning rules, and then formally analyzes the NS protocol, and sets up the FSM model, and specifies the model with TLA+, and then checks the corresponding properties with the tool of TLC. The results of checking shows there exists middleman’s replay attack.

  Analysis of the Security Mechanisms for theZigBee Standard Based on AES

  YANG Bin

  2010, 32(7): 42-45. doi: 10.3969/j.issn.1007130X.2010.

  Abstract ( 502 )   PDF (885KB) ( 480 )   　　

  ZigBee is an emerging standard for wireless sensor networks. In order to study the security of the ZigBee standard, this paper analyzes the ZigBee security architecture , security model, key management methods and security mechanisms,and gives the encryption algorithm code to identify.The ZigBee security services can be applied to the MAC layer, network layer and the application layer.There are two types of safe modes:residential mode and commercial mode.There are also three keys:master key, link key and network key. The security of ZigBee depends on the CCM* mode of the AES128.There are also several security scheme:the CTR mode ensures confidentiality,the CBCMAC mode ensures data integrity,and the CCM* mode ensures both of them.We can see that ZigBee is a more secure wireless sensor network standard than others.

  Wireless Packet Service Models and Capacity Dimensioning in Mobile Communication Systems

  LI Ying1,XU Yuru2,FAN Hongda1

  2010, 32(7): 46-48. doi: 10.3969/j.issn.1007130X.2010.

  Abstract ( 359 )   PDF (422KB) ( 382 )   　　

  Packet service models are important to the research on the performance of mobile communication systems, network layout and system evaluation. This paper analyzes the characteristics of the UMTS system with its singleuser service as a reference model .A wireless packet service model is built based on the behavior features of HTTP packet flows. We put forward a capacity dimensioning method for the network planning of 3G systems serving the data services in mobile wireless environments.It is indicated by an instance that the method can easily be implemented and numerically analyzed. The service model is described with finite state machines. It is conducive to wireless resource management and flow control.

  An Approach of Detecting  Distributed LowRate DoS Attack Based on the Congestion Participation Rate

  ZHANG Changwang1,YIN Jianping1,CAI Zhiping1,ZHU En1,CHENG Jieren1,2

  2010, 32(7): 49-52. doi: 10.3969/j.issn.1007130X.2010.

  Abstract ( 397 )   PDF (878KB) ( 416 )   　　

  Distributed Lowrate DenialofService attacks (DLDoS) exploit the vulnerability of the adaptive behaviours exhibited by network protocols and network services. Its attack efficiency and ability of concealment are far higher than the traditional floodingbased DDoS attacks, thus it is harder to detect and defense. In this paper, we first model and formalize the DLDoS attacks, and then propose an approach of detecting DLDoS based on the congestion participation rate (CPR). Experiments and analysis demonstrate that the approach can detect the DLDoS attacks accurately and reduce the false alarm rate drastically.

  Research on the Virtual Technology for High Productive Computer Systems

  LU Kai,CHI Wanqing,LIU Yongpeng,TANG Hongwei

  2010, 32(7): 53-57. doi: 10.3969/j.issn.1007130X.2010.

  Abstract ( 380 )   PDF (974KB) ( 419 )   　　

  The virtual machine technologies are widely used in the fields of server consolidation and security,and easy configuration and management.But virtual machines are not really used on high performance computers,because a virtual machine is not suitable for the architecture of HPC and loses some performance.In this paper we present a virtual machine technology for HPC:HPVZ.The HPVZ technology provides a custom user environment,and also provides security isolation and dynamic migration without much degradation in performance.We carry out a detailed analysis on the performance overhead of our HPVZ framework.Our evaluation shows that  HPVZ can achieve almost the raw performance of HPC.

  An Intelligent I/O Scheduling Algorithm Based on Reinforcement Learning

  LI Qiong,GUO Yufeng,JIANG Yanhuang

  2010, 32(7): 58-61. doi: 10.3969/j.issn.1007130X.2010.

  Abstract ( 414 )   PDF (511KB) ( 370 )   　　

  To improve the I/O service efficiency of RAID and optimize the I/O performance of parallel applications,the paper presents an intelligent I/O scheduling algorithm,RLscheduler,in the RAID controllers based on reinforcement learning.RLscheduler utilizes the Qlearning strategy to implement a selfcontrol and selfoptimization scheduler.The algorithm leverages the scheduling equity,disk seeking time and the I/O access efficiency of the MPI applications.Furthermore,the proposed interleaving organization of multiple Qtables improves the efficiency of the Qtable updating.The experimental results show that,on a largescale parallel system with multiple parallel applications,RLscheduler shortens the average I/O waiting time of parallel applications considerably,thus increases the practical I/O throughput of largescale parallel systems.

  Design and Implementation of a HighPerformance DDR2 Controller

  XIA Jun,PANG Zhengbin,LI Xiaofang,PANG Guoteng,LI Yongjin

  2010, 32(7): 62-64. doi: 10.3969/j.issn.1007130X.2010.

  Abstract ( 360 )   PDF (531KB) ( 332 )   　　

  DDR2 is a new generation of DDR memory technique standard published by JEDEC.This paper lucubrates the characteristics and the standard of DDR2,and presents the design and the implementation of a highperformance DDR2 controller which supports the multibank parallelizing and Openpage scheduling policy.The performance experimental results show the controller can improve memory bandwidth and reduce memory latency effectively.

  Research Development of the Chip MultiProcessor Cache Management

  SUO Guang,YANG Xuejun

  2010, 32(7): 65-68. doi: 10.3969/j.issn.1007130X.2010.

  Abstract ( 525 )   PDF (443KB) ( 596 )   　　

  It is important to design and manage the cache resources in a chip multiprocessor.Currently,mainstream commercial CPUs share their last level cache while the performance of the last level caches has great impact on the CPU performance.Therefore,shared cache management becomes an active research area.In this paper,firstly,we introduce the design challenge of the CMP cache design and the processors from the mainstream vendors.Secondly,we put forward three key technologies of shared cache management: thread scheduling,NUCA and cache partitioning.Finally,we conclude our paper and point out the future trend of the CMP cache design and management.

  Two Leading Zero Detecting Algorithms Based on  FFO

  LI Yuan,NI Xiaoqiang,ZHANG Minxuan

  2010, 32(7): 69-71. doi: 10.3969/j.issn.1007130X.2010.

  Abstract ( 391 )   PDF (645KB) ( 531 )   　　

  Leading Zero Detecting (LZD) is a quite critical step during the procedure of floatingpoint addition operation,and thus the design of a highperformance LZD algorithm is of great significance for improving the overall performance of a floatingpoint adder.In order to reach the demands of highperformance floatingpoint addition operations in 64bit CPU’s floatingpoint units,we design and implement two LZD algorithms based on FFO,and compare the  performances of them.According to the results of logic synthesis, a modified parallel LZD algorithm presented in this paper shows higher performance.Furthermore,by precalculating the amount of bytes in normalized shift operations,this algorithm can also parallelize LZD with coarsegrained byteshifting operations,which further reduces the latency in the critical path of the floatingpoint units.

  Research on the Virtualization of OpenSparc T2

  FENG Hua,TANG Hongwei,LU Kai,LIU Yongpeng

  2010, 32(7): 72-75. doi: 10.3969/j.issn.1007130X.2010.

  Abstract ( 449 )   PDF (735KB) ( 374 )   　　

  OpenSparc T2 is the open version of the Sun UltraSparc T2 processor which provides virtualization support.Beginning with the T2 hardware property,the paper describes the hardware mechanism of the T2 processor that supports virtualization and introduces the system software architecture of the T2 platform.Besides,it individually describes the mechanism of the T2 virtualization from the memory,interrupt,and device viewpoints.