Current Issue

• 2011, No. 8　Published:25 August 2011 Last issue    Next issue
  Columns in this issue: 论文

• 论文

  Design of a Wireless Sensor Network Management System Based on NETCONF

  WANG Jinyi1,2,YAN Baoping1

  2011, 33(8): 1-7. doi:

  Abstract ( 471 )   PDF (624KB) ( 279 )   　　

  The network management of wireless sensor networks(WSNs) is a new research field. The network management of WSNs will be very different from that of traditional computer networks. However, really little research on it can be found until now. In this paper, some studies on it are summarized and compared. Furthermore, a common network management system design based on the NETCONF protocol is given and is  deeply studied, and then many details with implementation such as data module, agent and the WSNNETCONF protocol are discussed sufficiently. Anyway, it is a good basis for network management systems’ construction.

  A Network Security Situation Awareness Model Based on Stream Cube

  CHENG Wencong1,ZOU Peng2,JIA Yan2

  2011, 33(8): 8-13. doi:

  Abstract ( 433 )   PDF (595KB) ( 402 )   　　

  Network security situation awareness is a new trend of network security monitoring technology. The awareness of the situation is very important to network security. Based on the existing research about data cube, we propose a network security situation awareness model to describe and abstract the multidimensional analysis structure related to the network security situation awareness. We can analyze the network security situation from the aspect of the network security events’ statistical characteristics based on this model and give an instance of the model based on frequency, trend and entropy characteristics. Then we improve the efficiency of the method by studying the correlation of the cells among the neighboring levels in the data cube on the basis of keeping the accuracy of the results. We also prove that we only need to get the lowest level cube’s characteristics from the raw data, and get the higher level cube’s characteristics by an indirect way. Building the practical applications and extensive experiments based on the real network security dataset demonstrates the effectiveness of the proposed model and methods.

  Research of a Gateway Deployment Algorithm for Wireless Mesh Networks Based on the Limited Dominating Set

  JIAN Peng,QI Huamei,CHEN Zhigang

  2011, 33(8): 14-18. doi:

  Abstract ( 459 )   PDF (578KB) ( 416 )   　　

  The gateway in wireless mesh networks always acts as the bottleneck of network performance. Therefore, the deployment of gateways is very important. This paper analyzes the QoS performance of gateways in wireless mesh networks, and proposes a Greedy Algorithm Based on the Limited Dominating Set with a Cost Strategy(Greedy_LDSC). This algorithm improves the cost performance by using a greedy algorithm. In addition, to reduce the cost of the deployed gateway, an Improved Greedy Algorithm Based on the Limited Dominating Set(Greedy_LDSI) is proposed. From the aspect of the cost performance, simulation experiments show that Greedy_LDSC is higher than GREEDY_LDS at the sum of the cost performance of the gateway. In terms of the cost of the gateway deployment, Greedy_LDSI shows better performance than GREEDY_LDS.

  Simulation and Analysis of  LargeScale BGP Prefix Hijacking

  WANG Junqiang1,MAO Yugang2,ZHU Peidong2

  2011, 33(8): 19-26. doi:

  Abstract ( 503 )   PDF (856KB) ( 303 )   　　

  The interdomain routing system based on BGP is the core infrastructure of the Internet. It is also the key to ensuring interconnection and normal operation of the entire network. However, the BGP protocol itself is highly vulnerable to attacks due to the lack of necessary security mechanisms. For example, the BGP prefix hijacking is the one that is difficult to prevent. In recent years, there have been many BGP prefix hijacking incidents that caused serious harms. We have constructed a largescale software simulation environment for interdomain routing systems based on GTNetS, and have made a large number of BGP prefix hijacking tests, and we have studied the factors related to the attack scope of prefix hijacking. The tests show that the damage range caused by the BGP prefix hijacking has direct relationships with the levels and degrees of the AS from which the prefix hijacking is launched.

  Research on the ResourceAwareness P2P Overlay Network and Its Applications Based on Fuzzy Logic

  QIN Yifang,LIN Tao,TANG Hui

  2011, 33(8): 27-32. doi:

  Abstract ( 416 )   PDF (884KB) ( 356 )   　　

  P2P overlay networks are widely used for distributed network management owing to the effective and efficient way they provide that are not otherwise available. However, most of the designs about P2P overlay construction mainly focus on introducing the P2P approaches, lacking a mechanism for overlay selfmanagement. Furthermore, due to the faith of emphasizing equality among participators, peers are tend to be treated equally in the P2P overlay network, which greatly affects the system’s performance. This paper presents a novel approach to address the issue of automating the P2P overlay management with the consideration of the resource availability of each peer. In the system, each participating peer is responsible for the management of certain network equipments. We utilize a policybased management paradigm for overlay and network reconfiguration. The new approach provides a dynamic and autonomic way to manage the P2P overlay network. The simulation results verify the feasibility and effectiveness of our schema.

  A LWAPBased Smooth Handoff  Mechanism for IEEE 802.11 Networks

  PEI WeiJun,CHEN Bing

  2011, 33(8): 33-38. doi:

  Abstract ( 467 )   PDF (1255KB) ( 326 )   　　

  The emergence of packet loss is inevitable because of the BSS handoff in IEEE 802.11 networks, which generates great impact on the network performance and limits the development of WLANs in the mobile environment. In order to reduce packet loss, this paper presents a data link layer smooth handoff mechanism triggered by wireless events. And we realize the scheme on the embedded Linux wireless access point in the user space. The extensive experimental results show that, the method can largely reduce the packet loss ratio and improve the network performance within the permissible delay, without changing the current IEEE 802.11 protocol. The mechanism is independent of the driver, features good portability, so that it can be incrementally added on the existing APs without changing STA, and reduces the upgrade cost.

  On the Analysis and Optimization of  Network Admission Control Systems

  YU Weiwei1,LU Zexin2,KANG Dongming1,WU Jianguo1

  2011, 33(8): 39-44. doi:

  Abstract ( 365 )   PDF (625KB) ( 405 )   　　

  Networks and information systems are now playing more and more important roles in modern society. The network security problem about the system is the chief question which puzzles network managers all the while. The IT industry has brought out the related resolution schemes for this question. The network admission control system developed by several manufacturers can improve network security and reduce network managers’ stress to a certain extent. But in some aspects, the systems look not so funtional and effective, which needs to be enhanced. This article first analyzes the two representative network admission systems, and then gives the optimization project for their flaws. In the optimization project, the resources management system and process procedures will be analyzed, and the function design of the behavior audit and process will be described.

  Vulnerability Tree Modeling for  Host Security Attributes by Efficiency Priority

  LU Zhiyong1,JIANG Liang2,TANG Chaojing2

  2011, 33(8): 45-52. doi:

  Abstract ( 428 )   PDF (1340KB) ( 294 )   　　

  The attack graph, attack tree and attack net are important modeling methods for testing and evaluating network security, but these methods are disordered and short of pertinence when choosing attacks. To overcome these shortages, this paper models the vulnerability tree of the security attributes for each host, taking the network vulnerability as the leaf node and attacks as tree borders. After analyzing the fruit efficiency and time efficiency comprehensively, we present an approach for vulnerability tree modeling of the host security attributes by efficiency priority. Finally, the feasibility and validity of the approach are verified using some practical examples.

  Research and Implementation of an Encryption Mechanism Based on the Public Affairs Toll Platform Packet Interface

  XU Hehe，XIAO Laiyuan

  2011, 33(8): 53-57. doi:

  Abstract ( 403 )   PDF (359KB) ( 259 )   　　

  This paper introduces an encryption mechanism for the public affairs toll platform according to practical requirements. The management mechanism of twostage secret keys, the encryption process and the specific algorithms for the twostage keys have been described in detail. The encryption of the public affairs toll platform packet interface has been realized to perform the toll for remote users. The system gains a high performance in security testing.

  A QoS Scheme of Next Generation Campus Network Based on Traffic Identifications

  LIU Ziyan,HUANG Yicheng,HU Feng

  2011, 33(8): 58-62. doi:

  Abstract ( 420 )   PDF (1012KB) ( 311 )   　　

  The Next Generation Network (NGN) based on softswitch is the trend of the network in the future due to its characteristics of packetizational, open and hierarchical network architecture. The dynamic QoS model of NGN based on traffic identifications in Guizhou University is proposed in this paper. The network model of the next generation campus network of Guizhou University is  established and the QoS performances of the relevant services are simulated in OPNET as well. It is proved that better QoS performance is achieved by the methods of traffic identifications.

  A PseudoRandom Sequence Generating Method Based on Linear Congruence Comparators and Chaotic Systems

  LI Mengting,ZHAO Zemao

  2011, 33(8): 63-69. doi:

  Abstract ( 432 )   PDF (718KB) ( 447 )   　　

  Based on linear congruence theory, a linear congruence comparator constructed by two independent linear congruence generators and a simple comparator are designed. As a disturbance signal, the output sequence of the linear congruence comparator is superimposed to the chaotic orbit to improve its pseudorandomness. The analytical results of the computational complexity that the attacker cracks the seed key by intercepting the output sequence of the linear congruence comparator, the balance, correlation and sensitivity to the initial conditions of chaotic sequence after adding random perturbations, show that the computational complexity features power exponential growth, and the output sequence has forward and backward unpredictability. The key stream generator with a larger key space can generate good pseudorandomness sequences, and effectively overcome the short period problem of the chaotic sequence in the case of finite precision.

  A Trust Management Mechanism Based on Time Decay and Feedback in Web Services

  GONG Wentao1,XIA Lingyun1,HONG Tao2

  2011, 33(8): 70-73. doi:

  Abstract ( 375 )   PDF (507KB) ( 392 )   　　

  Web Services are a new kind of Web application in business. With the development of Web Services there are more and more requesters and services. How to protect the services and how to choose the honest requesters through thousands of requesters are very difficult and important. The existing trust management mechanism cannot publish the dishonest requesters due to its poor identification and punishment functions. In order to solve the issue of lacking effective punishment to malicious requesters in Web Services, this paper proposes a trust management mechanism based on feedback and time decay, which can encourage the requesters to provide honest access behaviors, effectively avoid damaging to the services, and enhance the security of access control in Web Services.

  Research of Embedding onto Exchanged Hypercube Networks

  LIANG Jinye1,LIANG Jiarong2

  2011, 33(8): 74-78. doi:

  Abstract ( 396 )   PDF (425KB) ( 302 )   　　

  In the paper, the problems of hypercube networks and embedding Star networks onto exchanged hypercube networks are studied. Fistly, we assign the embedding function from hypercube networks and Star networks onto exchanged hypercube networks by using graphembedding, whose evaluating quality indexes are analyzed and proved. Next, two strategies are presented on embedding Star networks onto exchanged hypercube networks, i.e., the socalled optimum embedding function and the oddeven embedding function. Based on that, the embedding function with less dilation from Star networks onto another exchanged network is given.

  Analysis and Verification of the FMM Algorithm Based on the Cell/B.E. Processor

  TANG Zhen,ZHANG Zhuo,CHAI Yahui,XU Weimin

  2011, 33(8): 79-83. doi:

  Abstract ( 474 )   PDF (576KB) ( 297 )   　　

  The classical FMM algorithm (Fast Multipole Method) ［1］ is based on the tree structure. It can be used to solve the NBody problem. FMM can reduce the calculation complexity of the NBody problem from O(N2) to O(N) with an arbitrary precision. CPU takes a lot of time in calculating the largescale NBody problem. To accelerate the execution of the algorithm, this paper conducts a study on the implementation of FMM on the Cell/B.E. processor. Firstly, we break FMM into eight core steps according to their functions. Secondly, we classify these eight steps in light of their calculation features. Finally, we choose several representative steps, explain the feasibility of their implementations on Cell/B.E., and introduce their design and implementation methods on Cell/B.E..The result shows that the implementation of the key steps that we selected in FMM obtain a high speedup ratio comparing with CPU.

  Research and Implementation of a Process Checkpoint  Technology That Supports Database Access

  WEI Zhongwei1,CHEN Haitao2,WANG Qiang2,SHEN Zhiyu2

  2011, 33(8): 84-88. doi:

  Abstract ( 412 )   PDF (615KB) ( 333 )   　　

  The existing checkpoint technology does not support the socket connection recovery. It does not combine the process restoration and data recovery either. Therefore, it does not support the program with database applications. This paper addresses the process checkpoint technology that can solve these problems. Before setting the process checkpoints, the database checkpoints are set first, and the system changed number of the database(SCN) is obtained. When programs restart from the checkpoints, the unclosed database handlers are reconnected, and all the tables changed are returned to the database checkpoint. Then the coherence of the data and programs can be ensured. Experimental results indicate that this scheme can be implemented with low expense of the performance.

  Research and Implementation of a Fault Tolerant Compiler Based on GCC

  WANG Fahong1，ZHOU Huiping2，JIA Lili2，HE Tao2

  2011, 33(8): 89-94. doi:

  Abstract ( 597 )   PDF (610KB) ( 276 )   　　

  Compared to the performance, cost, power and flexibility with the  hardware faulttolerant technique, the Software Implemented Hardware Fault Tolerance for COTS microprocessors hava many advantages. The fault tolerant compilation technology, which compiles at the compile time by automatically inserting instructions to achieve fault tolerance, which is easytoimplement, efficient and does not need to rewrite the source code. And  it reduces the burden for the programmer, and makes the  existing programs easytouse. Currently, it is the more active branches in the software fault tolerance research. This paper takes the GNU compiler GCC as a platform, gives an approach of the design and implementation for a faulttolerant compiler which combines with the existing faulttolerant algorithms.

  Research on Parametric Modeling of Airport Virtual Scenes

  WANG Liwen,ZHOU Zhinan

  2011, 33(8): 95-101. doi:

  Abstract ( 465 )   PDF (1532KB) ( 441 )   　　

  With the development and improvement of computer virtual reality and visual simulation technology, improving the fidelity of the visual and visual effects technology in the flight simulator has been widely used. But, airport modeling based on the Multigen Creator and other 3D modeling software has increasingly obvious shortcomings: collecting the airport data manually, handpainting airport topology. As for those problems, this paper introduces a parameter modeling method into airport traffic network 3D modeling, and a new 3D modeling method is proposed, which constraints the relation described by traffic network topology. The system based on this modeling technology has been developed. And the airport network 3D model generated by the system has strong sense of reality and easytobemaintain.

  船舶工业国防科技预研项目 (10J3.1.6)；哈尔滨市科技创新人才研究专项基金资助项目(2008RFQXG025)

  LI Yibing，ZHANG Lixue，MENG Ting

  2011, 33(8): 102-105. doi:

  Abstract ( 381 )   PDF (527KB) ( 402 )   　　

  This paper presents new algorithms on shallow water rendering based on the Irrlicht engine and the GLSL language. Combining the Gestner waves with the dynamic normal mapping based on texture waves,we get realistic water rendering including geometric undulation and ripples of the surface. At the same time, accurate reflection mapping can be obtained by rendering mirror reflection to texture on a per frame basis,compared with environment mapping the distortion resulted by view points is eliminated. Finally, by assigning the Fresnel weights to the material’s alpha channel, we can reduce the CPU and GPU computation load with the use of the refraction texture,and still it produces convincing effects.

  A Color Image Retrieval Method Based on Improved Blocked Color Histograms and Fuzzy Cmeans Clustering

  ZHANG Jing,XU Gaofeng

  2011, 33(8): 106-111. doi:

  Abstract ( 379 )   PDF (1070KB) ( 366 )   　　

  The application of data mining clustering algorithms in contentbased image retrieval can effectively optimize the retrieval speed and effect, to be more specific, fuzzy clustering algorithms fit better the fuzzy characteristics of image retrieval, but affect the retrieval function with a long clustering time, so a color image retrieval method based on improved blocked color histograms and fuzzy cmeans clustering is  proposed. First, each image in the image library is blocked, the improved color characteristic information of each block is extracted; a fuzzy cmeans clustering algorithm is used to cluster color feature vectors, and each cluster center of image class is obtained; finally, the similarity between the sample image and the corresponding categories is calculated, returning the retrieval results according to the size of similarity. The experiments show that the proposed method has a  higher recall rate and a higher precision rate, and less feature dimension of extraction, a shorter clustering time and a quicker retrieval speed.

  An Edge Detection Algorithm Based on Improved Morphologic Operators

  MENG Tingting,YU Liang,LI Shoumin,CHEN Xue

  2011, 33(8): 112-118. doi:

  Abstract ( 447 )   PDF (802KB) ( 348 )   　　

  An edge detection algorithm using improved morphologic operators with multiscale and multistructuring elements is presented in this paper. The competence of antinoise can be improved by the improved morphologic operator when using it to detect image edges. And the use of the idea of multiscale and multistructuring elements can detect more information of edge direction while having better competence of antinoise. The results of experiments show that the algorithm has better competence of antinoise and retains more edge details while detecting more information of edge direction, thus has better applicability.