Computer Engineering & Science

Research on the Key Technology of Trusted Compiler

HE Yanxiang1,2,LIU Tao1,WU Wei1

2010, 32(8): 1-6. doi: 10.3969/j.issn.1007130X.2010.

Abstract ( 400 )

PDF (919KB) ( 718 ) 　　

The trustworthy of software mainly depends on the trustworthy of source codes. Some factors including defects,errors and program faults in the source codes,virus from outside and malicious codes etc decide the trustworthy of software, so guaranteeing the trustworthy of software from aspect of source code is one of the most important methods for ensuring the trustworthy of software. As a kind of the most important system software, the trustworthy of compiler plays a critical role in the whole computer system. The software program can only be executed after compiled by compiler, so if the compiler can not be trusted, the trustworthy of executable code outputted can not be guaranteed. The key technologies and thoughts for developing trusted compiler are discussed in this paper.

Adaptive Channel Assignment Based on Local Information in Wireless Mesh Networks

WANG Qinqi1,LI Hongjian1,HE Xingui2,XU Ming1

2010, 32(8): 7-10. doi: 10.3969/j.issn.1007130X.2010.

Abstract ( 380 )

PDF (599KB) ( 272 ) 　　

The channel assignment problem can heavily impact the performance of multiradio multichannel wireless mesh networks. Many channel assignment algorithms are proposed, whereas most of them need the whole network topology or the flow model, which is hard to obtain in the distributed networks. Based on the above analysis, in this paper, we propose the local information based channel assignment (LICA) strategy, which means, by using the heuristic information of local topology and channel usage of all the neighborhood nodes, it allocates the channel resources on each node dynamically. The result shows that algorithm LICA can significantly improve the endtoend throughput and channel utilization in lower time complexity and also has better expansibility.

Flow Size Distribution Estimation of theSubpopulations from Random Packet Sampling

ZHANG Hai1,2，ZHU Xuyang2，GUO Wenming2

2010, 32(8): 11-13. doi: 10.3969/j.issn.1007130X.2010.

Abstract ( 408 )

PDF (432KB) ( 331 ) 　　

The random packet sampling is the most common sampling method in network management and measurement. Previous work focuses on estimating the flow size distribution for the complete population of flows from the random packet sampling data. However, there are a number of network applications which focus on the flow size distribution of a particular subpopulation. In this paper, we divide the complete pupulation of flows into two subsets：a subpopulation S and its complementary set . We propose an algorithm for estimating the flow size joint distribution of Sand using the TCP protocol imformation from the random sampling data. Experiments are conducted with the real network traces. The results show that the proposed method restores the original characteristics of the flow size distribution of subpopulations under the complete population of flows. Our algorithm also impoves the accuracy of flow size distribution estimation of subpopulations by using the TCP protocol imformation.

A SelfCertified MultiProxy Signcryption Scheme Without Trustworthy System Authority

YU Huifang1,ZHAO Haixing2,WANG Zhicang1,QIAO Xiaoni3

2010, 32(8): 14-16. doi: 10.3969/j.issn.1007130X.2010.

Abstract ( 381 )

PDF (337KB) ( 324 ) 　　

By applying the concept of selfcertified signcryption to multiproxy signature,a new selfcertified multiproxy signcryption scheme without trustworthy system authority is constructed, and its security relies on the hardness of discrete logarithm problems in the finite field. The new scheme has the merits of selfcertified signcryption; moreover, an original signcryter can authorize a group of proxy signcrypters, and the multiproxy signcryption is generated by the cooperation of all the proxy signcrypters. The constructed algorithm is a secure and practical multiproxy signcryption scheme which has lower computation complexity and higher communication efficiency.

WDawgMatch:An Accurate MultiPattern MatchingAlgorithm in Intrusion Detection Systems

NING Zhuo,GONG Jian

2010, 32(8): 17-21. doi: 10.3969/j.issn.1007130X.2010.

Abstract ( 371 )

PDF (536KB) ( 365 ) 　　

The traditional multipattern matching algorithms like AC,BM do not meet the requirements of online outoforder stream reassembly when NIDS detects attack signature matches within packet payloads. As a famous accurate multipattern matching algorithm, DawgMatch is generally used in NIDS as it can get the digests of the segment being scanned.Unfortunately,though it promotes the space usage by a 2tuple indexing factor with the help of the DAWA automaton, its matching speed still can not catch up with the need of online linear detection.To promote the performance of DawgMathch,we design a new algorithm WDawgMach based on it. WDawgMach makes use of weighted edges to eliminate the back trace problem of DawgMatch to achieve the linear matching speed.The performance analysis and experience shows that,by sacrificing the preprocessing time,WDawgMach improves the worst time complexity of DawgMatch and makes it comparable to algorithm AC.

A Novel Threshold Multisecret Sharing Scheme

YANG Jie,LI Jiguo

2010, 32(8): 22-23. doi: 10.3969/j.issn.1007130X.2010.

Abstract ( 392 )

PDF (309KB) ( 316 ) 　　

This scheme is a threshold scheme for the secret restorer. Secret data cannot be restored by attackers although they may have stolen enough subsecrets. Therefore,this scheme is safer than traditional threshold schemes.In addition,this scheme can not only efficiently detect the fraud and cheatings conducted by secret dealers and other participants,accomplishing new members’ entering and leaving without redistributing the subsecrets,but restore all the secrets at one time.

Identifying the P2P Flow Based on Traffic and Payload Characteristics

JIAO Xiaojiao,ZHONG Cheng,YANG Liu,LIU Yongnian

2010, 32(8): 24-28. doi: 10.3969/j.issn.1007130X.2010.

Abstract ( 401 )

PDF (516KB) ( 545 ) 　　

The existing P2P network flow identification methods are analyzed in this paper. The data structure of P2P flow identification is first designed. Secondly, during the traffic identification stage, the packets of TCP and UDP are captured on the transport layer, and the P2P flow of the TCP/UDP traffic is identified according to the main traffic characteristics of the P2P flow on the transport layer. Thirdly, during the payload characteristics identification stage, the database of payload characteristics is updated periodically, the payload characteristics are precisely identified from the P2P flow distinguished on the traffic identification stage, and the payload characteristics are also identified from the missed traffic on the traffic identification stage. Fourthly, during the pattern matching procedure, the value of the fingerprint function is applied to improve the speed of flow identification. Finally, an algorithm for identifying accurately the new and encrypted P2P flow and its name is presented. The experiments show that the presented algorithm can identify and classify the P2P flow more effectively.

Design and Implementation of a 3GPacketFiltering Algorithm Based on FPGA

ZHANG Xiaoxiao，HUANG Jie

2010, 32(8): 29-31. doi: 10.3969/j.issn.1007130X.2010.

Abstract ( 365 )

PDF (509KB) ( 334 ) 　　

Based on the FPGA platform, a system is designed which captures and filters data packets in the PS of the TDSCDMA core network. And a high speed strategy ，which takes advantage of the Bloom filter and other algorithms，is proposed to filter data packets with the Hash algorithm , the strategy is implemented with Verilog. Finally,the programme downloaded to the FPGA development board is tested. When the users supervised obey the uniform distribution in a largescale way,it can process the GTP packets in a linear rate and filter the packets of the specified users.

The Hidden Correspondence AlgorithmDesign Based on Watermarking

LIANG Qiang1,QIU Zhihong2,ZHANG Aike2

2010, 32(8): 32-35. doi: 10.3969/j.issn.1007130X.2010.

Abstract ( 327 )

PDF (458KB) ( 331 ) 　　

This paper studies the watermarking technology by the realization difficulty and the value in the audio information.After analyzing and contrasting with the algorithm of hiding information in the audio.We discuss the hidden correspondence code strategy,propose an information hiding encoding algorithm based on the mix pattern audio signal.In this paper we give the code process to cover the radius, the cover code and the related definitions and the information hiding code correlation theorems at first,and theoretically analyze the hiding correspondence code strategy’s feasibility and the steps.Besides,we demonstrate the principle and method of this encoding algorithm in detail. Finally,we take a section of audio information as the example,elaborate the hidden correspondence algorithm to realize the method and the coding steps.Finally,from the algorithm’s spectral analysis,the hiding information inserting quantity and the sense of audio effect,we test the algorithm’s performance,which indicates that the algorithms hidden information embeding quantity may reach 2.1×103bps.

The Formalization Description of the DolevYao Intruder Model

TANG Zhengyi，LI Xiang

2010, 32(8): 36-38. doi: 10.3969/j.issn.1007130X.2010.

Abstract ( 708 )

PDF (372KB) ( 367 ) 　　

Model Checking can verify security protocols automatically.It is an efficient formal method. But there lacks a general method to build the intruder model.It leads to the decrease of the automation degree of model checking. This paper gives a formalization description method of the DolevYao intruder model wich is most widely used in security protocols analysis.According to this method, we can use an arbitrary modeling language to build the DolevYao intruder model by rote.It greatly decreases the components of artificial analysis. Meanwhile,we use this method to verify two security protocols with different goals.It proves that our method is generalpurpose.

A Suite of Precise and Efficient Analyzing Techniques for Application Protocols

MU Qiao

2010, 32(8): 39-45. doi: 10.3969/j.issn.1007130X.2010.

Abstract ( 421 )

PDF (1122KB) ( 480 ) 　　

The paper collects and summarizes the protocol analysis method used currently, and introduces a new suite of analyzing techniques which are divided into 4 levels and 12 sorts. We can assort the application data including the unrecognizable data running on the Internet into different kinds of protocols efficiently and precisely using these techniques. For those encrypted or masked packets, the techniques may finish the analysis task without decryption or any other complicated calculation. Once they have been classified as protocols, network traffic control could be done easily.

A Dynamic Time Division Multiple Access Protocol for Airborne Networks

HAN Yong1,CHEN Qiang2,WANG Jianxin2

2010, 32(8): 46-49. doi: 10.3969/j.issn.1007130X.2010.

Abstract ( 382 )

PDF (591KB) ( 350 ) 　　

Airborne network is a new sort of Ad hoc network, in which the nodes move fleetly and the topology changes rapidly. We describe a dynamic TDMA protocol for airborne networks. It can support unicast and broadcast synchronously, and use the RTS/CTS control packet to solve the hidden terminal problem. The new protocol divides the frame into two parts: the contention slots in the front and the data slots in the back. Every node uses the control minislots to contend the corresponding data slot to send a packet. At the same time it can apply for the idle or failing slots, and use the eliminate packet to solve the potential deadlock. Consequently, it will realize efficient bandwidth utilization. Finally, we used QualNet to simulate the new dynamic TDMA protocol and testify the superior performance of the new protocol.

Intrusion Detection Methods Based on PCA and Fuzzy Integration

ZHANG Ruixia，WANG Yong

2010, 32(8): 50-51. doi: 10.3969/j.issn.1007130X.2010.

Abstract ( 378 )

PDF (353KB) ( 306 ) 　　

In order to solve the detection performance,training time and detection time,an intrusion detection method using fuzzy integration based on two different Principal Component Analyses（PCA）feature analyses is presented. Firstly, two different PCAs is applied to network intrusion feature extraction. Then, an initial intrusion detection result is done by two KNN classifiers. The two classifiers can overcome the shortcomings of each other.The last step is to form the final result by fusing these results using fuzzy integration. Experiments have been done on the datasets in KDD99,and the results show that the method is effective and the intrusion detection’s total performance is improved.

Research and Application of the Security DomainDivision Technique in the EGovernment System

WANG Miao，LING Jie ，HAO Yanjun

2010, 32(8): 52-55. doi: 10.3969/j.issn.1007130X.2010.

Abstract ( 514 )

PDF (495KB) ( 396 ) 　　

In view of the problem of lacking interoperability in the process of security domain division, this paper presents a new method for the division of the Egovernment system. There establishes three level index system of asset classification and an assets value similarity index system of the egovernment system based on the similarity value of the assets, and uses a fuzzy clustering method and Matlab to divide the security domain in a particular egovernment system based on the three levels index system of asset classification and the assets value similarity index system of egovernment system.

Research of the Node Localization AlgorithmBased on Machine Learning for Cellular Networks

WANG Luda1,GAO Shouping1,FANG Fang1,2 ,LI Yumin1

2010, 32(8): 56-59. doi: 10.3969/j.issn.1007130X.2010.

Abstract ( 481 )

PDF (798KB) ( 684 ) 　　

Cellular communication systems aim at achieving complex largescale monitoring and tracing applications in wider fields, which is based on mobile station nodes localization. By studying the existing node localization technologies, this paper analyses the current several classical machine learning algorithms purposefully, and proposes a cellular communication system node localization algorithm based on machine learning, using it as a centralized coordinate algorithm of distributed node localization. Through simulation and theoretical analysis, it proves that the node localization algorithm in cellular communication systems based on machine learning can resolve the border problem and the coverage hole problem in the traditional algorithms based on signal parameters, and its overall function is better than the traditional algorithms based on signal parameters and GPSone in terms of average error, standard deviation and the accuracy rate of distributed localization as well as the cost superior to the traditional location algorithm based on signal parameters.

An Automatic Panoramic Images Mosaic Algorithm with Precise Matching

ZOU Beiji,RUAN Peng,XIANG Yao,HE Jiabei

2010, 32(8): 60-63. doi: 10.3969/j.issn.1007130X.2010.

Abstract ( 474 )

PDF (566KB) ( 497 ) 　　

This paper proposes an automatic panoramic images mosaic algorithm, which achieves precise feature filtering and feature matching, as well as the autosorting and autostitching of the input images. Firstly this algorithm detects the SIFT(Scale Invariant Feature Transform) feature points of the input images, and searches all the initial features of the images to be matched by the Kd tree, after filtering the initial feature points by the Euclidean distance ratio and the Median Filter algorithm, gets the precise feature points with the RANSAC(RANdom SAmple Consensus) algorithm; and calculates the single relation matrix between the images, on the basis of this, completes the image sorting and image registration, then achieves the panoramic images mosaic. The experimental results show that compared to RANSAC with the Euclidean distance ratio, the algorithm can have higher accuracy, better panorama images mosaic and good robustness.

A New Approach to the SVG Vectorization Representation of Raster Images

HU Weijun1,LIU Xin2,LU Yongliang1,HE Kun1

2010, 32(8): 64-66. doi: 10.3969/j.issn.1007130X.2010.

Abstract ( 428 )

PDF (523KB) ( 283 ) 　　

Based on the image representation with polygons,a new approach to the SVG vectorization representation of raster images is proposed. First, the original raster image is segmented into a number of polygon areas based on color, and each polygon is combined by several equal size element blocks of the similar color. Then, the border vertex of the polygon is optimized. Finally, the SVG code is used to describe the raster image based on the shape and color of polygons. The approach that uses vector graphics to describe raster images proved to be good with a relatively small storage space, zooming without serrated edges, and little deformation.

A Method of Experimental Defect Rejection Based on the Hough Transform

CHEN Su1,LIN Jiayu2

2010, 32(8): 67-70. doi: 10.3969/j.issn.1007130X.2010.

Abstract ( 512 )

PDF (579KB) ( 479 ) 　　

In experimental tests, apart from obtaining the normal data with allowable errors, the experimenters usually get some unexpected wrong data called “defect marks”. Following the routine method of experimental data processing, the method of bad point exclusion based on automatic programming is seldom taken into consideration by experimenters. This article presents a new method based on the Hough transform to reject bad points. The method is fit for processing data with linear characteristics and can be extended to deal with the data that is possible to be translated into a linear form through functional transformations; curved lines, which can well be processed by the Hough transformation, can be its application too. Simulation experiments and practical applications manifest that the method raised in this paper performs robustly.

Road Extraction from High Resolution SAR Images Based on the Directional ROEWA Detector

WU Yuhao,CHEN Tianze,SU Yi

2010, 32(8): 71-74. doi: 10.3969/j.issn.1007130X.2010.

Abstract ( 542 )

PDF (1003KB) ( 294 ) 　　

The ROEWA (Ratio Of Exponentially Weighted Averages) edge detector has been widely used in the extraction of the step edges in SAR images. The detector can only get the edge intensity, but it can not get the edge direction. A modified ROEWA edge detector is proposed to gain the edge direction with directional templates. After edge detection, a new edge selecting algorithm and a fast Hough transformation are proposed based on the edge direction, which can gain the straight lines in the images. The simulated result experiments the accuracy and the efficiency of the algorithm proposed, and the speckle noise is suppressed.

A Study of the Denoising Method for the Heidelberg Retina Tomograph 3D Point Cloud

MA Caihong1,CHENG Yu1,HE Mingguang2,ZENG Yangfa2,LIU Dongfeng1

2010, 32(8): 75-77. doi: 10.3969/j.issn.1007130X.2010.

Abstract ( 402 )

PDF (793KB) ( 353 ) 　　

The noises, which come from the 3D Point Cloud data obtained by the Heidelberg Retina Tomograph (HRT), can be smoothed effectively by a bilateral filtering algorithm. This algorithm can retain the graph feature information while denoising, but the execution time of this algorithm increases greatly with the increase of the iteration number, so that this algorithm can not be applied to the diagnostic practice. The mean neighborhood method can also smooth the graph through the average value processing to a point's Z coordinate of a certain neighborhood, and selecting different weights according to the distance from the target point, but the effect is not better than using the bilateral filtering algorithm. So this paper presents the mean neighborhood method to perform preprocessing by bilateral filtering denoising. We find our method can significantly reduce the computing time.

Current Issue

Author center

Review center

Online journal