Computer Engineering & Science

Distributed IncreasingRate DenialofService Attacks Based on an Improved AAR Model

LIU Yun，YIN Jianping，CHENG Jieren，CAI Zhiping

2011, 33(4): 1-7. doi: 10.3969/j.issn.1007130X.2011.

Abstract ( 519 )

PDF (833KB) ( 447 ) 　　

Distributed Increasingrate DenialofService (DIDoS) attacks gradually increase the sending rate of packets to exhaust the victim’s resources slowly, so DIDoS attacks have a higher concealment than the traditional DDoS attacks. How to detect DIDoS attacks as soon as possible is an urgent problem we should study. In view of the characteristics of DIDoS attacks, a novel approach for early detection based on an improved adaptive autoregressive (AAR) model is proposed. In this approach, a set of novel detection features based on the conditional entropy called the Traffic Feature Conditional Entropy (TFCE), are used to reflect the increase of DIDoS attack traffic rate. Then an improved AAR model is used to predict the multistep TFCE values. Finally a trained SVM classifier is adopted to identify the tendency of attacks by classifying the predicted TFCE values. The experimental results demonstrate that our approach can not only guarantee the comparative precision of detection but also detect DIDoS attacks more quickly than some existing approaches.

Design and Implementation of an Authentication Scheme for Trusted Network Connection Based on EAPTLS

CHI Yaping1,YANG Lei1,2,LI Zhaobin1,FANG Yong1

2011, 33(4): 8-12. doi: 10.3969/j.issn.1007130X.2011.

Abstract ( 485 )

PDF (652KB) ( 425 ) 　　

When a terminal access network, a trusted authentication of the terminal platform identity and the platform environment are implemented in the TNC architecture, which ensures the credibility of access terminal. However, the trusted authentication has the oneway limitation that can not guarantee the network server's credibility. EAPTLS is a extended authentication protocol based on 802.1x,which suports mutual authentication.On the basis of analyzing the architecture of TNC and the mutual authentication mechanism of EAPTLS,a mutual authentication scheme used in TNC based on EAPTLS is designed in this paper.The mutual authentication scheme is based on the certificates,the integrity and the trusted environment of platform,both for clients and servers.Finally,the paper implements a twoway trusted authentication scheme between the client and the server on the basis of the open source software FHH@TNC,and proves its validity.

A Worm Dectection System Based on Process Traffic Behaviors

XIAO Fengtao1,WANG Wei2,LIU Bo1,CHEN Xin1

2011, 33(4): 19-24. doi: 10.3969/j.issn.1007130X.2011.

Abstract ( 444 )

PDF (669KB) ( 359 ) 　　

With the propagation speed getting faster and faster, the damages caused by worms are getting more and more serious. To detect worms quickly, three wormrelated process traffic behaviors are described: the total amount of source port in wormlike traffic, the change frequency of source port in wormlike traffic and the ratio of wormlike traffic and total traffic for a single process. And based on the three behaviors, a worm detection system based on process traffic behaviors is presented and its definitions, framework design and key implementation are also introduced. Finally, through experimenting with the worms and normal applications in the real world, the system is proved to be able to detect worms quickly and correctly, and has only few false positives.

Research on the Routing Protocol Simulation in Vehicular Ad Hoc Networks

LI Baozhu，LIU Yue,CHU Guoxin

2011, 33(4): 25-29. doi: 10.3969/j.issn.1007130X.2011.

Abstract ( 489 )

PDF (551KB) ( 660 ) 　　

The paper presents the Vehicular Ad hoc Networks and two typical routing protocols: the tabledriven routing protocol (DSDV) and the Ad hoc Ondemand routing protocol (AODV) in mobile ad hoc networks. And a practical mobility model is used to enable the simulation experiment more veritable. Then NS2, a network simulation tool, is implemented to simulate the two typical routing protocols in ad hoc networks based on Linux,and the simulation results are analyzed and compared. The result is that the AODV and DSDV routing protocols are not suitable for vehicular ad hoc networks, so designing a proper protocol is an urgent problem.

Research of Online Chaotic Image Secure Communications

SHENG Suying1,WU Xinhua2

2011, 33(4): 30-34. doi: 10.3969/j.issn.1007130X.2011.

Abstract ( 423 )

PDF (2738KB) ( 369 ) 　　

An online chaotic image secure communication system with the encryption/decryption method of grey value substituting and position shuffling is designed and implemented for the network, which is realtime and secure for communications. By the use of the Lorenz and Logistic chaotic systems, with a key synchronization scheme, the original image information can be encrypted in a realtime way and the cipher information is transmitted via TCP. With the properties of randomness and its sensitivity on the initial conditions, the encrypted transmitting messages are secure and difficult to be eavesdropped. The implementation method of the system is studied, and the communication results show its security and practicability.

Research on a New Intrusion Protection Model Against the SYN Flood Attacks

ZENG Xiaohui1,2,LENG Ming1,LIU Dongsheng1,LI Ping1,JIN Shiyao2,3

2011, 33(4): 35-39. doi: 10.3969/j.issn.1007130X.2011.

Abstract ( 433 )

PDF (679KB) ( 311 ) 　　

Aiming at the drawbacks of the current SYN flood attack prevention methods, a new intrusion prevention model against the SYN flood attacks is put forward based on the threeway handshake process. When the network system is suffering from the SYN flood attacks, the first handshake requests with the typical SYN flood attack feature will be immediately picked out and abandoned permanently; thereby the attacked system has adequate resources to deal with the new normal network requests. Other first handshake requests with the suspected SYN flood attack feature will be abandoned temporarily, and then adaptive learning module is started to revise the current intrusion patterns. In the end, the SYN Flood attack detection module will be restarted to get the further precise determination based on the updated intrusion patterns. An efficient intrusion prevention system against the SYN Flood attacks is designed and implemented, and the experimental results show that our intrusion prevention system can improve the whole system’s protection capability against the SYN flood attacks.

Research on an Intrusion Detection System Based on the Improved Apriori Algorithm

CUI Guanxun，LI Liang，WANG Keke，NI Wei,GOU Guanglei

2011, 33(4): 40-44. doi: 10.3969/j.issn.1007130X.2011.

Abstract ( 442 )

PDF (824KB) ( 378 ) 　　

On the basis of a deep research and analysis of the Apriori algorithm in association rule mining，some shortages of the algorithm are discovered. The strategy of the join step,the prune step and the method of dealing with the transaction database is improved, which improves the efficiency of the Apriori algorithm both in time and space. An intrusion detection method based on the improved algorithm is proposed. The rule library of the system can be updated automatically. The security and the dependability of the system can be greatly improved. The experimental results of the improved algorithm show that the method improves the production efficiency of frequent item sets and the knowledge rule library.

A Solution to the Node Starvation Problem in a Bufferless Optical Interconnection Network

Xu Weixia,QI Xingyun,DOU Qiang,FENG Quanyou

2011, 33(4): 45-49. doi: 10.3969/j.issn.1007130X.2011.

Abstract ( 428 )

PDF (1069KB) ( 399 ) 　　

Aiming at the node starvation problem in BOIN (Bufferless Optical Interconnection Network), we put forward two routing algorithms, one is avoiding collision to the best, and the other is allowing packet discarding. Based on the fact that the links on the Y direction are idle when packets are being sent to the X direction, the two solutions can send packets out via the idle links when collision occurs. The simulation results show that the two routing algorithms can solve the starvation problem well in the BOIN network.

A DualRail Signal Parallel Routing Method to Counteract DPA Attacks

YUE Daheng,QI Shubo,ZHANG Minxuan

2011, 33(4): 50-55. doi: 10.3969/j.issn.1007130X.2011.

Abstract ( 459 )

PDF (799KB) ( 649 ) 　　

Dualrail precharge logic is an effective technique to counteract differential power analysis (DPA) attacks. The key problem is to guarantee the symmetrical capacitive loads between true and false logics. A dualrail signal parallel routing method based on commercial place&routing EDA is proposed in this paper to get symmetrical capacitive loads. Firstly, the singlerail nets are routed in odd routing tracks by EDA and then dualrail wires are obtained by duplicating and moving the routed wires to the even routing tracks. As a result, each pair of dualrail signal wires has the same routing structure and capacitance. The parallel routing method is implemented in an AES (Advanced Encryption Standard) coprocessor. The experimental results indicate that the capacitances of the dualrail signal wires are perfectly balanced.

Optical NetworkonChip:A Novel OnChip Interconnection Network〖

JI Yongxing,QIAN Yue,CUI Dawei,DOU Wenhua

2011, 33(4): 56-61. doi: 10.3969/j.issn.1007130X.2011.

Abstract ( 582 )

PDF (1383KB) ( 786 ) 　　

As the number of processing cores that are integrated into a chip multiprocessors (CMP) continues to grow ,the traditional electric interconnection cannot meet the demands on interconnection networks .Therefore,the technology of optical interconnection is brought forward. At present, the electrical interconnection network onchip encounters a bottleneck in power, performance, bandwidth and latency, and optical interconnect is introduced into network onchip as a new way of interconnection ,which has incomparable advantages for low power dissipation,high throughput and low latency .This paper introduces the evolution of optical networks on chip,and compares the busbased architecture to torus networks and analyses the topological configuration, routing algorithms and flow control of Optical NetworkonChip(ONoC) . Finally,the prospect of the combination of the optical network onchip and 3D technology,and all optical network onchip are also discussed.

A Study of Virtualization and Operating System Technologies

TAN Yusong,WU Qingbo

2011, 33(4): 62-68. doi: 10.3969/j.issn.1007130X.2011.

Abstract ( 518 )

PDF (560KB) ( 333 ) 　　

With the renaissance of virtualization technology in the recent decade it becomes a hot focus of researchers and companies. The article reviews the development of virtualization technologies from the viewpoint of operating system. Firstly it analyses the connotations of virtualization and operating system and argues the debate between them. It holds that the virtualization and operating system are the double sides of the same sword and they should benefit from each other. The article analyses the characteristics of several key technologies of virtualization and operating system, such as dynamic binary translation, namespace virtualization, resource management, runtime context’s save and restore mechanism, system security and trustiness enhancement. Moreover, it investigates the trend of integrating virtualization and operating systems. It is true that virtualization’s development stimulates the revolution of operating systems.

Hunter: ISAIndependent Binary Level Dynamic Test Generation

LI Gen,LU Kai,ZHANG Ying,LU Xicheng,FENG Hua,ZHANG Wei

2011, 33(4): 69-74. doi: 10.3969/j.issn.1007130X.2011.

Abstract ( 428 )

PDF (1257KB) ( 427 ) 　　

The dynamic test generation approach is becoming increasingly popular to finding security vulnerabilities in software. More and more research institutes and organizations use this approach to find security vulnerabilities in binary code. However, the existing binary level dynamic test generation approaches and tools are not retargetable, and can only find vulnerabilities in binaries for a specific ISA. This paper presents a new binarylevel dynamic test generation technique and a tool, Hunter,which implements this technique. Unlike other such techniques that can operate only on binaries in a specific ISA, Hunter takes the binaries of any ISA as inputs and dynamically generates new inputs that exercise different control paths in the program, which may lead to security vulnerabilities. Hunter defines a meta instruction set architecture(MetaISA); Hunter maps the execution information, which is collected during the binary source code execution, to MetaISA; and symbolic execution, constraint collection and constraint solver operates on MetaISA, thus making these processes ISAindependent.We have implemented our Hunter, retargeted it to 32bit x86, PowerPC and Sparc ISAs, and used it to automatically find the six known bugs in the six benchmarks. Our results indicate that our Hunter can easily be retargeted to any ISA with only a few overheads; and Hunter can effectively find bugs located deep within large applications from their binaries for 32bit x86, PowerPC or Sparc ISA.

A NonBlocking List Mechanism for Event Message Communications

LIU Xiaojian,WU Qingbo,DAI Huadong,REN Yi

2011, 33(4): 75-80. doi: 10.3969/j.issn.1007130X.2011.

Abstract ( 523 )

PDF (812KB) ( 600 ) 　　

It is desirable to facilitate data communications among parallel computation threads without incurring nonessential synchronizations in parallel computing systems. The NonBlocking Buffer(NBB) is such a mechanism. However, the NBB mechanism has several severe drawbacks, including limited buffer size, inconvenient or even infeasible usage in multiple consumers/producers cases. Nonblocking List mechanism(NBL), which can handle these problems gracefully, is described in this article. The algorithms and formal proofs are also presented. Finally, experiments are done to test the validity and performance of the NBL mechanism. The NBL mechanism can be regarded as the linked list version of NBB.

Optimization Design of the NAND Flash Transition Layer Based on the LargeScale NAND Flash

ZHANG Hui1，2,YAN Yihui1，LUO Yu1

2011, 33(4): 81-85. doi: 10.3969/j.issn.1007130X.2011.

Abstract ( 512 )

PDF (622KB) ( 339 ) 　　

Aiming at the limitations of the Flash file system of the NAND Flash Transition Layer(NFTL) on Largescale Nand Flash Memory, the paper analyses the storage mechanism of NFTL, presents an improved algorithm and gives an implementation procedure in detail based on the vxworks embedded system platform. The result shows that the new NFTL greatly increases the the speed of read/write operation and shortens the mount time.

Fast Smoothing of CloudPoints Using Graphics Processors

ZHANG Lianwei1,2,LIU Daxue2,LIU Xiaolin2,LI Yan2,XU Xin2,HE Hangen2

2011, 33(4): 86-92. doi: 10.3969/j.issn.1007130X.2011.

Abstract ( 415 )

PDF (638KB) ( 433 ) 　　

The smoothing of cloud points is an important topic in the field of digital geometry processing. Applications based on huge sampled points require fast processing speed and high quality smoothing quality. The traditional CPU based methods deal with every point in a serial manner which leads to great time consumption. a novel approach using graphics processing units(GPUs) is proposed for cloud points smoothing processors in this paper. Many covariance matrices are organized into a large scale spare matrix that is compressed in several textures. The least eigenvalues and corresponding eigenvectors of the matrices are calculated in pixel programs using GPU which has the powerful parallel processing capability. Then the smoothing speed and normal direction can be determined. Experiments are conducted in a PC with the GeForce 8600GTS graphic card. The results show that the efficiency of smoothing processing is improved greatly by using the GPUbased algorithm. Therefore, they well support the applications of the fast processing of cloud points.

Application of the SelfOrganizing Feature Map (SOFM) Neural Network Model in Weed Identification

WANG Yan,WANG Leiming,SUN Yanming

2011, 33(4): 98-101. doi:

Abstract ( 474 )

PDF (694KB) ( 438 ) 　　

As for the weeds image recognition model, the GSOFM spacial clustering model is developed especially for the shortage that segmentation threshold should be selected on the weeds image segmentation by threshold segmentation, which is combined with the segmentation algorithm of super green features and the SOFM network. This method is an unsupervised learning way without a specified threshold, which realizes the weeds image segmentation via the network’s characteristics of selforganization and competition. However, SOFM spatial clustering is achieved through the two eigenvectors of gray scale and normalization in the super green feature after processing.The experimental results show that the segmentation results have got some certain improvement with the improved GSOFM method, compared with other three kinds of weeds image segmentation algorithms, rising by 25%, 30% and 28% respectively than the HIS threshold segmentation, the super green characteristics segmentation and the double thresholds segmentation. The identification accuracy can reach 94% with this algorithm after denoising which is combined with morphology in the later phase.

Fast MultiThreshold Fuzzy CMeans Image Segmentation Based on Histogram Correlation Constraints

LAI Yueshen,MA Tianming,TIAN Junwei

2011, 33(4): 102-106. doi:

Abstract ( 533 )

PDF (664KB) ( 483 ) 　　

The traditional fuzzy Cmeans (FCM) clustering algorithm has some problems, such as massive calculation and slow operation speed, especially the large amount of data. A fast multithresholds FCM algorithm based on histogram correlation constraints is proposed to control the image distortion due to resampling. Because of the amount of data in the operation has been reduced,the segmentation speed turns faster. In this paper, image segmentation uses the fuzzy techniques of the fuzzy C Means (FCM) algorithm which considers each pixel for the cluster center membership. FCM can achieve multithreshold image segmentation which features good applicability. The experimental results which make it valuable on application shows that the proposed algorithm preserves the effect and costs only 1.4% the time of the traditional FCM.

Application of the SubPixel Edge Detection Algorithm for Measuring the Cutter Parameters

SHANG Yaceng,CHEN Jing,TIAN Junwei

2011, 33(4): 107-109. doi: 10.3969/j.issn.1007

Abstract ( 676 )

PDF (368KB) ( 770 ) 　　

The precision of localizing the traditional edge detection algorithms is very low, and the efficiency of these is very low too, and these algorithms are very sensitive to the noise. It can not meet the demand of industrial production. Because of this, this paper puts forward a subpixel edge detection algorithm based on fitting ——the subpixel edge detection algorithm based on multinomial five times fitting. This algorithm firstly fetches some points near the edge which is waiting for measuring, then tries to get the grey level of these point, and fits to the grey level curve through the multinomial curve five times, and tries to get the point at which the two steps of derivatives of multinomial five times equals zero, and this point is also the subpixel edge position. We carry out the experiment to the cubic polynomial, and compare this algorithm to the subpixel edge detection algorithms which are partly based on two times difference, LOG operator and space square. The result shows that the proposed algorithm has shorter running time and higher efficiency.

A 2.5 Dimension Map Building for Navigation

WEN Bocong,ZHANG Tong

2011, 33(4): 110-114. doi: 10.3969/j.issn.1007130X.2011.

Abstract ( 470 )

PDF (995KB) ( 416 ) 　　

In order that the humanoid robot can walk freely in the real world, including walking up and down stairs, climbing over small obstacles, a method of building a grid map of the robot’s surroundings is proposed. At first the sensor data is used to build and update a 3D occupancy grid and a floor grid. The 3D occupancy grid provides the probabilistic support of the ultimate height map to keep robustness to sensor noise. The floor grid stores the height values of planar surfaces. Then a map for navigation is built under the combination of two grids. Each grid in the map is flagged with floor or obstacle and contains a value telling the height of the floor or the obstacle, and the height information of the floor is precise and that of the obstacle is coarse. Our approach is verified on the platform of simulation and the result proves that the method is able to generate the map for path planning and collision avoidance.

An Analysis of the Search Engine User Behaviors Based on Hadoop

WANG Zhenyu1,GUO Li2

2011, 33(4): 115-120. doi:

Abstract ( 611 )

PDF (712KB) ( 587 ) 　　

Search engine user behaviors analysis is a focus of network information retrieval. It is a method of analyzing the user’s behaviors through clicks to mine useful information to improve search engine’s efficiency and retrieval services. In face of easy expansion and programming bottlenecks in traditional parallel computation models, a massive log data processing model based on Hadoop is given, which improves scalability and easy programming through Hadoop Distributed File System and MapReduce. Moreover, the experiment of analyzing 22 million query logs of the Sogou search engine in one month is carried out based on this model. The analysis result is instructive and meaningful to mastering the user’s behaviors, evaluating and improving the searching and sorting algorithms.

Current Issue

Author center

Review center

Online journal