Computational Intelligence and Security

The performance of public-key cryptosystems is mainly appointed by the underlying finite field arithmetic. Among the basic arithmetic operations over finite field, the multiplicative inversion is the most time consuming operation. In this paper, a fast inversion algorithm over

GF

(2

m

) with the polynomial basis representation is proposed. The proposed algorithm executes in about 27.5% or 45.6% less iterations than the extended binary gcd algorithm (EBGA) or the montgomery inverse algorithm (MIA) over

GF

(2

163

), respectively. In addition, we propose a new hardware architecture to apply for low-complexity systems. The proposed architecture takes approximately 48.3% or 24.9% less the number of reduction operations than [4] or [8] over

GF

(2

239

), respectively. Furthermore, it executes in about 21.8% less the number of addition operations than [8] over

GF

(2

163

).

ID-based public key cryptosystem can be a good alternative for certificate-based public key setting. The protocol for fair exchange of signatures can be widely used in signing digital contracts, e-payment and other electronic commerce. This paper proposes an efficient ID-based verifiably encrypted signature scheme from pairings. Using this new scheme as kernel, we provide an efficient ID-based optimistic fair signature exchange protocol. We offer arguments for the fairness, efficiency and security proof of our new protocol. Our new protocol provides an efficient and secure solution for the problem of fair exchange of signatures in ID-based cryptosystem.

In this paper, we present an attack to break WEP that avoids weak IVs used in the FMS attack. Our attack is a known IV attack that doesn’t need the specific pattern of the IVs. This attack transforms most IVs of WEP into weak IVs. If we attempt to avoid all weak IVs used in our attack, the rate at which IVs are avoided is too large to use practical. When using a 128-bit session key, the efficiency of our attack is 2

72.1

in the most effective case. This implies that our attack can recover a 128-bit session key within realistically possible computational times.

Fast realization of RSA algorithm by hardware is a significant and challenging task. In this paper an ameliorative Montgomery algorithm that makes for hardware realization to actualize the RSA algorithm is proposed. This ameliorative algorithm avoids multiplication operation, which is easier for hardware realization. In the decryption and digital signature process, a combination of this ameliorative Montgomery algorithm and the Chinese remainder theorem is applied, which could quadruple the speed of the decryption and digital signature compared to the encryption. Furthermore, a new hardware model of the encryption kernel based on the ameliorative Montgomery is founded whose correctness and feasibility is validated by Verilog HDL in practice.

In this paper, we focus on the Condorcet voting scheme in which each voter votes with the full order of the candidates according to preference, and the result of the election is determined by one-on-one comparisons between each candidate. We propose the Condorcet electronic voting scheme that is secure, universally verifiable and satisfying one-on-one comparison privacy. Furthermore the result of the election can be determined without revealing the order of the candidates which each voter specified. We use a matrix to represent the order of all the candidates according to preference, and satisfy one-on-one comparison privacy using homomorphic property.

In this paper, the distribution of the shortest linear recurring sequences in

Z

/(

p

) is studied. It is found that the shortest linear recurrent length is always equal to

n

/ 2 when

n

is even and is always equal to

n

/ 2+1 when

n

is odd for any sequence whose length is

n

. In other words, the shortest linear recurring length is always equal to the half of the length of the given sequence. The probability of finding the distribution of the shortest linear recurring length of two sequences in

Z

/ (

p

) field is also given.

In this paper we show that the new Cellular Automata Cryptosystem (CAC) is insecure and can be broken by chosen-plaintexts attack with little computation. We also restore the omitted parts clearly by deriving the rotating number

δ

of plaintext bytes and the procedure of Major CA. The clock circle Δ of Major CA and the key S

N

are also attacked.

When considering information security and privacy issues most of the attention has previously focussed on data protection and the privacy of personally identifiable information (PII). What is often overlooked is consideration for the operational and transactional data. Specifically, the security and privacy protection of metadata and metastructure information of computing environments has not been factored in to most methods. Metadata, or data about data, can contain many personal details about an entity. It is subject to the same risks and malicious actions personal data is exposed to. This paper presents a new perspective for information security and privacy. It is termed Meta Privacy and is concerned with the protection and privacy of information system metadata and metastructure details. We first present a formal definition for meta privacy, and then analyse the factors that encompass and influence meta privacy. In addition, we recommend some techniques for the protection of meta privacy within the information systems. Further, the paper highlights the importance of ensuring all informational elements of information systems are adequately protected from a privacy perspective.

In [7] Vaudenay demonstrated side-channel attacks on CBC-mode encryption, exploiting a “valid padding” oracle. His work showed that several uses of CBC-mode encryption in well-known products and standards were vulnerable to attack when an adversary was able to distinguish between valid and invalid ciphertexts. In [2][5] [6], Black, Paterson,Taekeon et al.generalized these attacks to various padding schemes of CBC-mode encryption and multiple modes of operation. In this paper, we study side-channel attacks on the CFB, CBC| CBC, CFB|CFB, CBC|CBC|CBC, CFB|CFB|CFB modes under the error oracle models, which enable an adversary to determine the correct message with knowledge of ciphertext. It is shown that an attacker can exploit an oracle to efficiently extract the corresponding position plaintext bits of any block if the target plaintext contains some fixed bits in a known position of one block.

The stability of the linear complexity of the generalized self-shrinking sequences over GF(2) with period

N

=2

n

− − 1

is investigated. The main results follow: The linear complexity of the periodic sequences obtained by either deleting or inserting one symbol within one period are discussed, and the explicit values for the linear complexity are given.

We generalize the idea of constructing codes over a finite field

F

q

by evaluating a certain collection of polynomials at elements of an extension field of

F

q

. Our approach for extensions of arbitrary degrees is different from the method in [3]. We make use of a normal element and circular permutations to construct polynomials over the intermediate extension field between

F

q

and

F

$_{q^{t}}$

denoted by

F

$_{q^{s}}$

where

s

divides

t

. It turns out that many codes with the best parameters can be obtained by our construction and improve the parameters of Brouwer’s table [1]. Some codes we get are optimal by the Griesmer bound.

Each multimedia content can exist in different versions, e.g. different compression rates. Thus, cryptographic hash functions cannot be used for multimedia content identification or verification as they are sensitive to bit flips. In this case, perceptual hash functions that consider perceptual similarity apply. This article describes some of the different existing approaches for video data. One algorithm based on spatio-temporal color difference is investigated. The article shows how this method can be improved by using a simple similarity measure. We analyze the performance of the new method and compare it with the original method. The proposed algorithm shows increased reliability of video identification both in robustness and discriminating capabilities.

We present a simple secure software smartcard that can be immunized against offline dictionary attack when the adversary captures the device. The proposed scheme also provides proactive security for the device’s private key, i.e., proactively updates to the remote server and device to eliminate any threat of offline dictionary attacks due to previously compromised devices.

The representation problem based on factoring gives rise to alternative solutions to a lot of cryptographic protocols in the literature. Fischlin applies the problem to identification and (blind) signatures. Here we show some flaw of Fischlin’s schemes and present the revision.

We analyze the relationship and subtle difference between the notion of certificateless public key cryptography (CL-PKC) and identity-based schemes without a trusted private key generator (PKG), then propose a certificateless threshold signature scheme based on bilinear pairings. The proposed scheme is robust and existentially unforgeable against adaptive chosen message attacks under CDH assumption in the random oracle model.

Traditional certificate based cryptosystem requires high maintenance cost for certificate management. Although, identity based cryptosystem reduces the overhead of certificate management, it suffers from the drawback of key escrow. Certificateless cryptosystem combines the advantages of both certificate based and identity based cryptosystems as it avoids the usage of certificates and does not suffer from key escrow. In this paper, we propose a pairing based certificateless signature scheme that is efficient than the existing scheme.

Restrictive blind signatures allow a recipient to receive a blind signature on a message not know to the signer but the choice of message is restricted and must conform to certain rules. Partially blind signatures allow a signer to explicitly include necessary information (expiration date, collateral conditions, or whatever) in the resulting signatures under some agreement with receiver. Restrictive partially blind signatures incorporate the advantages of these two blind signatures. The existing restrictive partially blind signature scheme was constructed under certificate-based (CA-based) public key systems. In this paper we follow Brand’s construction to propose the first identity-based (ID-based) restrictive blind signature scheme from bilinear pairings. Furthermore, we first propose an ID-based restrictive partially blind signature scheme, which is provably secure in the random oracle model.

We propose a new method for verifying bad signature in a batch instance of DSA-type digital signatures when there is one bad signature in the batch. The proposed method can verify and identify a bad signature using two modular exponentiations and

$n + 3\sqrt{n}/2$

modular multiplications where

n

is the number of signatures in the batch instance. Simulation results show our method reduces considerably the number of modular multiplications compared with the existing methods.

A secure group signature is required to be anonymous, that is, given two group signatures generated by two different members on the same message or two group signatures generated by the same member on two different messages, they are indistinguishable except for the group manager. In this paper we prove the equivalence of a group signature’s anonymity and its indistinguishability against chosen ciphertext attacks if we view a group signature as an encryption of member identity. Particularly, we prove ACJT’s group signature is IND-CCA2 secure, so ACJT’s scheme is anonymous in the strong sense. The result is an answer to an open question in literature.

In this paper, we present a method of running-mode to analyze the fairness of two-party optimistic fair exchange protocols. After discussing the premises and assumptions of analysis introduced in this technique, we deduce all the possible running modes that may cause attack on the protocols. Then we illustrate our technique on the Micali’s Electronic Contract Signing Protocol (ECS1), and the checking results show that there are three new attacks on the protocol.

Very recently, Byun and Lee suggested two provably secure group Diffie-Hellman key exchange protocols using

n

participant’s distinct passwords. Unfortunately, the schemes were found to be flawed by Tang and Chen. They presented two password guessing attacks such as off-line and undetectable on-line dictionary attacks by malicious insider attacker. In this paper, we present concrete countermeasures for two malicious insider attacks, and modify the two group Diffie-Hellman key exchange protocols to be secure against malicious insider password guessing attacks. Our countermeasures do not require additional round costs, hence they are efficient.

In this paper we show that three potential security vulnerabilities exist in the strong password-only authenticated key exchange scheme due to Jablon. Two standardised schemes based on Jablon’s scheme, namely the first password-based key agreement mechanism in ISO/IEC FCD 11770-4 and the scheme BPKAS-SPEKE in IEEE P1363.2 also suffer from some of these security vulnerabilities. We further show that other password-based key agreement mechanisms, including those in ISO/IEC FCD 11770-4 and IEEE P1363.2, also suffer from these security vulnerabilities. Finally, we propose means to remove these security vulnerabilities.

LKH(Logical Key Hierarchy) is a basic method in secure multicast group rekeying. It does not distinguish the behavior of group members even they have different probabilities (join or leave). When members have diverse changing probability or different changing mode, the gap between LKH and the optimal rekeying algorithm will become bigger. If the probabilities of members have been known, LKH can be improved someway, but it can not be known exactly the changing probabilities of members. Based on the basic knowledge of group members’ behavior (ex. active or inactive), the active members and inactive members are partitioned in the new method, and they are set on the different location in logical key tree firstly. Then the concept “Dirty Path” is introduced in order to reduce the repeat rekeying overhead in the same path. All these can decrease the number of encryptions in the Group Manager and the network communication overhead. The simulation results indicate that the new method has a better improvement over traditional LKH method even if the multicast group members’ behavior could be distinguished “approximately”.

Blind signature allows the user to obtain a signature of a message in a way that the signer learns neither the message nor the resulting signature. Recently a lot of signature or encryption schemes are provably secure with random oracle, which could not lead to a cryptographic scheme secure in the standard model. Therefore designing efficient schemes provably secure in the standard model is a central line of modern cryptography. Followed this line, we proposed an efficiently blind signature without using hash function. Based on the complexity of

q

-SDH problem, we present strict proof of security against one more forgery under adaptive chosen message attack in the standard model. A full blind testimony demonstrates that our scheme bear blind property. Compared with other blind signature schemes, we think proposed scheme is more efficient. To the best of our knowledge, our scheme is the first blind signature scheme from pairings proved secure in the standard model.

In this paper, based on bilinear pairings, we would like to construct an identity based proxy signature scheme and an identity based proxy signcryption scheme without secure channel. We also analyze the two proposed schemes from efficiency point of view and show that they are more efficient than the existed ones. What’s more, our proposed schemes satisfy all of the security requirements to proxy signature and proxy signcryption schemes assuming the CDH problem and BDH problem are hard to solve.

This paper designs a secure identity-based threshold signcryption scheme from the bilinear pairings. The construction is based on the recently proposed signcryption scheme of Libert and Quisquater [6]. Our scheme not only has the properties of identity-based and threshold, but also can achieve semantic security under the Decisional Bilinear Diffie-Hellman assumption. It can be proved secure against forgery under chosen message attack in the random oracle model. In the private key distribution protocol, we adopt such method that the private key associated with an identity rather than the master key is shared. In the threshold signcryption phase, we provide a new method to check the malicious members. This is the first identity-based threshold signcryption scheme that can simultaneously achieve both semantic security and others security, such as unforgeability, robustness, and non-repudiation.

A token based single sign-on protocol for distribution systems is proposed in this paper. When a user

C

logs on a system, a centralized authentication server

A

will authenticate

C

and issue

C

a token which is signed by

A

and includes a session key generated by

A

as well as a time stamp.

C

can use the token to access any application server

S

.

S

will send the

C

’s request to the

A

. Then

A

will verify the validity of the token. There are two advantages of this protocol: 1) Time synchronization between severs

S

and the user

C

is not necessary. 2) All authentication state information such as session key is stored in the token rather than in the memory of

A

, thus the performance of

A

can be promoted effectively.We have used SVO logic to do formal analysis of this protocol.

A new threshold RSA signature scheme is presented, which is based on a newly proposed simple secret sharing algorithm. The private key of RSA algorithm is divided into

N

pieces, and each piece is delivered to different participant. In order to digitally sign a message, each participant should calculate the partial signature for the message by using its own piece of shadow. Any

K

or greater than

K

participants out of

N

can combine the partial signatures to form a complete signature for the message. At the phase of signature combination, each participant’s partial secret (shadow) is not necessary to expose to others and the RSA private key is not required to reconstruct, thus the secret of the private key will not be exposed. Besides, fast computation and simple operation are also the features of this scheme.

In this paper we propose two compilers which are designed to transform a group key exchange protocol secure against any passive adversary into an authenticated group key exchange protocol with key confirmation which is secure against any passive adversary, active adversary, or malicious insider. We show that the first proposed compiler gives protocols that are more efficient than those produced by the compiler of Katz and Yung.

In this paper, we introduce the definition of

insiderimpersonation

-

MIM attack

for tripartite key agreement schemes and show that almost all of the proposed schemes are not secure under this attack. We present a new protocol which is much more efficient than the existential secure protocol [13] in terms of computational efficiency and transmitted data size. Moreover, our protocol is the first scheme for

multiple keys

which means that not only a large number of keys but also various kinds of keys can be generated by applying our scheme.

Many single points of failure exist in an intrusion detection system (IDS) based on a hierarchical architecture that does not have redundant communication lines and the capability to dynamically reconfigure relationships in the case of failure of key components. To solve this problem, we propose an IDS inspired by the human immune system based upon several mobile agents. The mobile agents act similarly to white blood cells of the immune system and travel from host to host in the network to detect any intrusions. As in the immune system, intrusions are detected by distinguishing between "self" and "non-self", or normal and abnormal process behavior respectively. In this paper we present our model, and show how mobile agent and artificial immune paradigms can be used to design efficient intrusion detection systems. We also discuss the validation of our model followed by a set of experiments we have carried out to evaluate the performance of our model using realistic case studies.

In the long term usage of the network, users will form certain types of habit according to their specific characteristics, individual hobbies and given restrictions. On the burst-out of worms, the overwhelming flow caused by random scanning will temporarily alter the behavior representation of users. Therefore, it is reasonable to conclude that the statistics and classification of the user habit can contribute to the detection of worms. On the basis of analysis about both users and worms, we construct the model of user-habit and propose a new approach for the early warning of worms. This paper possesses strong direction significance due to its broad applicability since extended models can be derived from the model proposed in this paper.

During the last few years, the number of Internet worms and viruses has significantly increased. For the fast detection of Internet worms/viruses, the signature-based scheme with TCAM is necessary for the network intrusion detection system (NIDS). However, due to the limit of the TCAM size, all the signatures of Internet worms/viruses cannot be stored. Hence, we propose a two-phase content inspection algorithm which can support a large number of long signatures at TCAM. From the simulation results, it is shown that our algorithm for TCAM provides a fast virus-detection capability at line rate of 10Gbps (OC192).

Real-Time intrusion detection system (IDS) based on traffic analysis is one of the highlighted topics of network security researches. Restricted by computer resources, real-time IDS is computationally infeasible to deal with gigantic operations of data storage and analyzing in real world. As a result, the sampling measurement technique in a high-speed network becomes an important issue in this topic. Sampling distance analysis of gigantic data mining for IDS is shown in this paper. Based on differential equation theory, a quantitative analysis of the effect of IDS on the network traffic is given firstly. Secondly, a minimum delay time of IDS needed to detect some kinds of intrusions is analyzed. Finally, an upper bound of the sampling distance is discussed. Proofs are given to show the efficiency of our approach.

Security is a major issue in today’s communication networks. Designing Network Intrusion Detection systems (NIDS) calls for high performance circuits in order to keep up with the rising data rates. Offloading software processing to hardware realizations is not an economically viable solution and hence hardware-software based hybrid solutions for the NIDS scenario are discussed in literature. By deploying processing on both hardware and software cores simultaneously by using a novel Intelligent Rule Parsing algorithm, we aim to minimize the number of packets whose waiting time is greater than a predefined threshold. This fairness criterion implicitly ensures in obtaining a higher throughput as depicted by our results.

Traditional Intrusion Detection System (IDS) focus on low-level attacks or anomalies, and too many alerts are produced in practical application. Based on the D-S Evidence Theory and its data fusion technology, a novel detection data fusion model-IDSDFM is presented. By correlating and merging alerts of different types of IDSs, a set of alerts can be partitioned into different alert tracks such that the alerts in the same alert track may correspond to the same attack. On the base of it, the current security situation of network is estimated by applying the D-S Evidence Theory, and some IDSs in the network are dynamically adjusted to strengthen the detection of the data which relate to the attack attempts. Consequently, the false positive rate and the false negative rate are effectively reduced, and the detection efficiency of IDS is improved.

In the present network security management, improvements in the performances of Intrusion Detection Systems(IDSs) are strongly desired. In this paper, we propose a network anomaly detection technique which can learn a state of network traffic based on per-flow and per-service statistics. These statistics consist of service request frequency, characteristics of a flow and code histogram of payloads. In this technique, we achieve an effective definition of the network state by observing the network traffic according to service. Moreover, we conduct a set of experiments to evaluate the performance of the proposed scheme and compare with those of other techniques.

In this paper, we propose an intrusion detection and prevention system using sensor objects that are a kind of trap and are accessible only by the programs that are allowed by the system. Any access to the sensor object by disallowed programs or any transmission of the sensor object to outside of the system is regarded as an intrusion. In such case, the proposed system logs the related information on the process as well as the network connections, and terminates the suspicious process to prevent any possible intrusion. By implementing the proposed method as Loadable Kernel Module (LKM) in the Linux, it is impossible for any process to access the sensor objects without permission. In addition, the security policy will be dynamically applied at run time. Experimental results show that the security policy is enforced with negligible overhead, compared to the performance of the unmodified original system.

This paper presents a new statistical model for detecting signs of abnormality in static-priority scheduling networks with differentiated services at connection levels on a class-by-class basis. The formulas in terms of detection probability, miss probability, probabilities of classifications, and detection threshold are proposed.

Security and privacy are two primary concerns in RFID adoption. In this paper we focus on security issues in general and data tampering in particular. Here we present a conceptual framework to detect and identify data tampering in RFID tags. The paper surveys the existing literature and proposes to add a tamper detection component in the existing RFID middleware architecture. The tamper detection component is supported by mathematical algorithm to embed and extract secret information which can be employed to detect data tampering.

Recent works have shown that Internet traffics are self- similar over several time scales from microseconds to minutes. On the other hand, the dramatic expansion of Internet applications give rise to a fundamental challenge to the network security. This paper presents a statistical analysis of the Internet traffic Histogram Feature Vector, which can be applied to detect the traffic anomalies. Besides, the Variant Packet Sending-interval Link Padding based on heavy-tail distribution is proposed to defend the traffic analysis attacks in the low or medium speed anonymity system.

Since the surveillance cameras are usually covering wide area, human faces appear quite small. Therefore, their features are not identifiable and their skin color varies easily even under the stationary lighting conditions so that the face region cannot be detected. To emphasize the detection of small faces in the surveillance systems, this paper proposes the three stage algorithm: a head region is estimated by the DCFR(Detection of Candidate for Face Regions) scheme in the first stage, the face region is searched inside the head region using the MCC(major color component) in the second stage and its faceness is tested by the LDA(Linear Discriminant Analysis) scheme in the third stage. The MCC scheme detects the face region using the features of a face region with reference to the brightness and the lighting environment and the LDA scheme considers the statistical features of a global face region. The experimental results have shown that the proposed algorithm shows the performance superior to the other methods’ in detection of small faces.

Optical flow and background subtraction are important methods for detecting motion in video sequences. This paper integrates the advantages of these two methods. Firstly, proposes a high precise algorithm for optical flow computation with analytic wavelet and M-estimator to solve the optical flow restricted equations. Secondly, introduces the extended accumulative optical flow and also provides its computational strategies, then obtains a robust motion detection algorithm. Furthermore, combines a background subtraction algorithm based on the double background model with the extended accumulative optical flow to give an abnormity alarm in time. All obvious proofs of experiments show that, our algorithm can precisely detect moving objects, no matter slow or little, preferably solve the occlusions as well as give an alarm fast.

One of problems of virus throttling algorithm, a worm early detection technique to reduce the speed of worm spread, is that it is too sensitive to burstiness in the number of connection requests. The algorithm proposed in this paper reduces the sensitivity and false alarm with weighted average queue length that smoothes sudden traffic changes. Based on an observation that normal connection requests passing through a network has a strong locality in destination IP addresses, the proposed algorithm counts the number of connection requests with different destinations, in contrast to simple length of delay queue as in the typical throttling algorithm. The queue length measuring strategy also helps reduce worm detection time and false alarm.

We propose a binary rewriting system called Kimchi that modifies binary programs to protect them from format string attacks in runtime. Kimchi replaces the machine code calling conventional

printf

with code calling a safer version of

printf

,

safe_printf

, that prevents its format string from accessing arguments exceeding the stack frame of the parent function. With the proposed static analysis and binary rewriting method, it can protect binary programs even if they do not use the frame pointer register or link the

printf

code statically. In addition, it replaces the

printf

calls without extra format arguments like

printf(buffer)

with the safe code

printf(”%s”, buffer)

, which are not vulnerable, and reduces the performance overhead of the patched program by not modifying the calls to

printf

with the format string argument located in the read-only memory segment, which are not vulnerable to the format string attack.

This article presents a masquerade detection system based on principal component analysis (PCA) and radial basics function (RBF) neural network. The system first creates a profile defining a normal user’s behavior, and then compares the similarity of a current behavior with the created profile to decide whether the input instance is valid user or masquerader. In order to avoid overfitting and reduce the computational burden, user behavior principal features are extracted by the PCA method. RBF neural network is used to distinguish valid user or masquerader after training procedure has been completed by unsupervised learning and supervised learning. In the experiments for performance evaluation the system achieved a correct detection rate equal to 74.6% and a false detection rate equal to 2.9%, which is consistent with the best results reports in the literature for the same data set and testing paradigm.

Anomaly detection has emerged as an important approach to computer security. In this paper, a new anomaly detection method based on Hidden Markov Models (HMMs) is proposed to detect intrusions. Both system calls and return addresses from the call stack of the program are extracted dynamically to train and test HMMs. The states of the models are associated with the system calls and the observation symbols are associated with the sequences of return addresses from the call stack. Because the states of HMMs are observable, the models can be trained with a simple method which requires less computation time than the classical Baum-Welch method. Experiments show that our method reveals better detection performance than traditional HMMs based approaches.

Network intrusion detection system (NIDS) is an active field of research. With the rapidly increasing network speed, the capability of the NIDS sensors limits the ability of the system. The problem is more serious for the backbone network intrusion detection system (BNIDS). In this paper, we apply parallel optimization technologies to BNIDS using 4-way SMP server as the target system. After analyzing and testing the defects of the existed system in common use, the optimization policies of using fine-grained schedule mechanism at connection level and avoiding lock operations in thread synchronization are issued for the improved system. Through performance evaluation, the improved system shows more than 25 percent improvement in CPU utilization rate compared with the existed system, and good scalability.

Correlation of intrusion alerts is a major technique in attack detection to build attack scenario. Rule-based and data mining methods have been used in some previous proposals to perform correlation. In this paper we integrate two complementary methods and introduce fuzzy clustering in the data mining method. To determine the fuzzy similarity coefficients, we introduce a hierarchy measurement and use weighted average to compute total similarity. This mechanism can measure the semantic distance of intrusion alerts with finer granularity than the common similarity measurement . The experimental results in this paper show that using fuzzy clustering method can reconstruct attack scenario which are wrecked by missed attacks.

CBR is one of the most important artificial intelligence methods. In this paper, it is introduced to detect the variation of known attacks and to reduce the false negative rate in rule based IDS. After briefly describes the basic process of CBR and the methods of describing case and constructing case base by rules of IDS, this paper focuses on the CBR engine. A new CBR engine adapting to IDS is designed because the common CBR engines cannot deal with the specialties of intrusion cases in IDS. The structure of the new engine is described by class graph, and the core class as well as the similarity algorithm adopted by it is analyzed. At last, the results of testing the new engine on Snort are shown, and the validity of the engine is substantiated.

Application of agent technology in Intrusion Detection Systems (IDSs) has been developed. Intrusion Detection (ID) agent technology can bring IDS flexibility and enhanced distributed detection capability. However, the security of the ID agent and methods of collaboration among ID agents are important problems noted by many researchers. In this paper, coordination among the intrusion detection agents by BlackBoard Architecture (BBA), which transcends into the field of distributed artificial intelligence, is introduced. A system using BBA for information sharing can easily be expanded by adding new agents and increasing the number of BlackBoard (BB) levels. Moreover the subdivided BB levels enhance the sensitivity of ID. This paper applies fuzzy logic to reduce the false positives that represent one of the core problems of IDS. ID is a complicated decision-making process, generally involving enormous factors regarding the monitored system. A fuzzy logic evaluation component, which represents a decision agent model of in distributed IDSs, considers various factors based on fuzzy logic when an intrusion behavior is analyzed. The performance obtained from the coordination of an ID agent with fuzzy logic is compared with the corresponding non-fuzzy type ID agent.

The current grid security research efforts focus on static scenarios where access depends on the identity of the subject. They do not address access control issues for pervasive grid applications where the access privileges of a subject not only depend on their identity but also on their current context (i.e. current time, location, system resources, network state, etc). Our approach complements current authorization mechanisms by dynamically granting permission to users based on their current context. The underlying dynamic and context aware access control model extends the classic role based access control, while retaining its advantages (i.e. ability to define and manage complex security policies). The major strength of our proposed model is its ability to make access control decision dynamically according to the context information. Its dynamic property is particularly useful for pervasive grid applications.

The Canetti-Krawczyk (CK) model is a formal method to design and analyze of key agreement protocols, and these protocols should have some desirable security attributes. In this paper, the relationship between the CK model and the desirable security attributes for a key agreement protocol is analyzed. The conclusions indicate that: (1) protocols designed and proved secure by the CK model offer almost all the security attributes, such as perfect forward secrecy (PFS), loss of information, known-key security, key-compromise impersonation and unknown key-share, but the attribute of key control; (2) loss of information and key-compromise impersonation can be guaranteed by the first requirement of the security definition (SK-security) in the CK model, while PFS and known-key security by the second requirement, and unknown key-share can be ensured by either the requirement. Thereafter, the advantages and disadvantages of the CK model are presented.

Flooding-based distributed denial-of-service (DDoS) attack presents a very serious threat to the stability of the Internet. In this paper, we propose a novel global defense architecture to protect the entire Internet from DDoS attacks. This architecture includes all the three parts of defense during the DDoS attack: detection, filtering and traceback, and we use different agents distributed in routers or hosts to fulfill these tasks. The superiority of the architecture that makes it more effective includes: (

i

) the attack detection algorithm as well as attack filtering and traceback algorithm are both network traffic-based algorithms; (

ii

) our traceback algorithm itself also can mitigate the effects of the attacks. Our proposed scheme is implemented through simulations of detecting and defending SYN Flooding attack, which is an example of DDoS attack. The results show that such architecture is much effective because the performance of detection algorithm and traceback algorithm are both better.

We give a variant of Poly1305 MAC and prove its security viewing this MAC as a Carter-Wegman MAC. The proposed variant not only keeps all the good properties of the Poly1305, but also makes Poly1305 deterministic.

This paper focuses on covert channel identification in a nondiscretionary secure system. The properties of covert channels are analyzed by channel types. Information flow characteristics are utilized to optimize channel identification with the Share Resource Matrix method adopted for demonstration, and a general framework for channel identification founded on information flow analysis is presented. At last, timing channels are also discussed.

This paper considers a real-time risk assessment method for information systems and networks based on observations from networks sensors such as intrusion detection systems. The system risk is dynamically evaluated using hidden Markov models, providing a mechanism for handling data from sensors with different trustworthiness in terms of false positives and negatives. The method provides a higher level of abstraction for monitoring network security, suitable for risk management and intrusion response applications.

As demands for secure communication bandwidth grow, efficient processing of cryptographic server at the host has become a constraint that prevents the achievement of acceptable secure services at large e-commerce and e-governments. To overcome this limitation, this paper proposes an innovative design in cryptographic server architecture, which based on the hardware of high performance and programmable secure crypto module. The architecture provides a well scalability framework by using a general device API, as well as obtains high performance by carrying cryptography computations in parallel between crypto chips in crypto modules. The system is implemented on an IBM Services345 and hardware of crypto modules. Preliminary measurements are also performed to study the trade-off between numbers of crypto modules parallel computing and performance of generate 1024-bit RSA digital signature. Results indicate that the system implemented by the architecture with high performance and scalability.

Survivability should be considered beyond security for networked information systems, which emphasizes the ability of continuing providing services timely in malicious environment. As an open complex system, networked information system is presented by a service-oriented hierarchical structure, and fault scenarios are thought of as stimulations that environment impact on systems while changes of system services’ performance as system reaction. Survivability test is done according to a test scheme which is composed of events, atomic missions, fault scenarios and services. Survivability is computed layer by layer based on the result of survivability test through three specifications (resistance, recognition and recovery). This computation method is more practicable than traditional state-based method for it converts direct defining system states and computing state transition into a layered computation process.

To evaluate the security situation of Windows systems for different users on different security attributes, this paper proposes a quantitative assessment method based on vulnerability relationship graph (VRG) and an index-based assessment policy. Through introducing the correlative influences of vulnerabilities, VRG can be used to scientifically detect high risk vulnerabilities which can evoke multistage attacks although their threats on surface are very little. Analysis of 1085 vulnerabilities indicates that for trusted remote visitors, the security of Windows systems is lower while for distrusted remote visitors, they are relatively secure. But there is no obvious difference of the security risk on confidentiality, authenticity and availability of Windows systems. In several known versions, the security of Windows NT is almost lowest.

In a (

t

,

n

)-threshold multi-secret sharing scheme, at least

t

or more participants in

n

participants can reconstruct

p

(

p

≥ 1) secrets simultaneously through pooling their secret shadows. Pang

et al

. proposed a multi-secret sharing scheme using an (

n

+

p

– 1)th degree Lagrange interpolation polynomial. In their scheme, the degree of the polynomial is dynamic; with the increase in the number of the shared secrets

p

, the Lagrange interpolation operation becomes more and more complex, at the same time, computing time and storage requirement are large. Motivated by these concerns, we propose an alternative (

t

,

n

)-threshold multi-secret sharing scheme based on Shamir’s secret sharing scheme, which uses a fixed

n

th degree Lagrange interpolation polynomial and has the same power as Pang

et al

.’s scheme. Furthermore, our scheme needs less computing time and less storage requirement than Pang

et al

.’s scheme.

A sensor network consists of a large number of small sensor nodes with wireless networking. An attacker can easily insert forged messages in wireless networking environment. Therefore, broadcast authentication mechanisms are necessary for a base station to broadcast the same messages to many sensor nodes. The famous broadcast authentication mechanisms,

TESLA

,

μTESLA

, and

Multilevel μ

TESLA

, are adaptable. We observe these mechanisms and point out problems of

Multilevel μ

TESLA

with regard to efficiency and scalability. Subsequently, we propose

Efficient Two-level μ

TESLA

to mitigate the problems.

This paper presents a color image authentication algorithm based on convolutional coding. The message of each pixel is convolutional encoded with the encoder. After the process of parity check and block interleaving, the redundant bits are offset embedded in the image. The tamper can be detected and restored without accessing the original image. The experimental results show that the authentication algorithm based on convolutional coding has a good performance in the tamper detection, localization and the image reconstruction.

For high data rate, new MAC mechanisms such as Block Ack in IEEE 802.11e and frame aggregation in IEEE 802.11n are being currently discussed and these mechanisms need short response time in each MPDU processing. In this paper, we propose a design of cipher engine for IEEE 802.11i to support these new mechanisms. We reduce the processing overhead of RC4 key scheduling by means of using the dual S-Box scheme. In CCMP design, parallel structure is proposed, and as a result, we reduce the processing time to 1/2 in comparison with the sequential structure and the response time independent of the size of the payload and only dependent on the clock frequency. In addition, we can expect to decrease power consumption in CMOS design process because the clock frequency reduces to 1/5 and the area doubles compared to the typical designs.

In this paper, we first construct a security model for delegation-by-warrant ID-based proxy signcryption schemes and formalize notions of security for them. To the best of our knowledge, no related work has been done. Then we present such a scheme based on the bilinear pairings, and show that it is provably secure in the random oracle model. Specifically, we prove its semantic security under the DBDH assumption and its unforgeability under the BDH assumption.

The security requirements in the software life cycle has received some attention recently. However, it is not yet clear how to build security requirements. This paper describes and illustrates a process to build application specific security requirements from state transition diagrams at the security threat location. Using security failure data, we identify security threat locations which attackers could use to exploit software vulnerabilities. A state transition diagram is constructed to be used to protect, mitigate, and remove vulnerabilities relative to security threat locations. In the software development process, security requirements are obtained from state transition diagrams relative to the security threat location.

The iSCSI protocol is becoming an important protocol to enable remote storage access through the ubiquitous TCP/IP networks. This paper analyzes the security and performance characteristics of the iSCSI protocol, points out the limitation of the security iSCSI scheme based on IPSec, and presents the security iSCSI scheme based on SSH. With application of SSH port forwarding, a secure tunnel can be built in TCP layer to ensure the security of iSCSI session. Experiments show that throughput of the security iSCSI based on SSH rises up 20% and CPU utilization greatly lowers 50% with the same encryption algorithm, compared with the security iSCSI based on IPSec. So the performance of the security iSCSI based on SSH is obviously superior to the one based on IPSec.

Trust has been recognized as an important factor for scheduling in Grid. With a trust-aware model, task scheduling is crucial to achieving high performance. In this paper, a trust model adapted to the Grid environment is proposed and a scheduling algorithm based on the trust mechanism is developed. In the trust model, trust value is computed based on the execution experiences between users and resources. Based on the trust model Min-min algorithm are enhanced to ensure the resource and application security during the scheduling. Simulation results indicate that the algorithm can remarkably lessen the risks in the task scheduling, improve the load balance and decrease the completion time of tasks, therefore it is an efficient scheduling algorithm in trust aware Grid system.

The RFID (Radio Frequency Identification) technology has drawn much attention for not only its efficiency in inventory and production management, such as WMS, ERP, but also its significant potential for improving our daily lives. Also mobile phone combined RFID reader will popular and widely using device in our ubiquitous society. Mobile RFID technology holds great promise, but it also raises significant security and privacy concerns for the ubiquitous world. This paper suggests a new architecture for mobile RFID service, which support secure RFID service and uses the privacy aware access control for collection or gathering of tagged information in RFID system.

In recent years, network worms that had a dramatic increase in the frequency and virulence of such outbreaks have become one of the major threats to the security of the Internet. This paper provides a worm propagation model based on the SEIR deterministic model. The model adopts the birth rate and death rate so that it can provide a more realistic portrait of the worm propagation. In the process of defending worm, dynamic quarantine strategy, dynamic infecting rate and removing rate are adopted. The analysis shows that the worm propagation speed can be efficiently reduced to give people more precious time to defend it. So the negative influence of the worm can be reduced. The simulation results verify the effectiveness of the model.

AAA (Authentication, Authorization, and Accounting) is an effective component in IP network to control and manage network entities. It has been widely used in IPv4 network and will continuously play an important role in IPv6 network. This paper proposes a new extensible AAA infrastructure which is performed within the CNGI (China Next Generation Internet) project and has the following merits: (1) provide a uniform AAA mechanism; (2) support user roaming in global IPv6 network; (3) introduce for the first time the concepts of both PDN (Personal Domain Name) and DDN (Device Domain Name), to assign and manage the lengthy and complex IPv6 addresses. We discuss and implement the concrete procedures of this infrastructure, and then point out it is a suitable solution for IPv6 network to obtain enhanced level of security.

The IEEE 802.11i is the security standard to solve the security problems of WLAN, in which, the protocol 4-way handshake plays a very important role in the authentication and key agreement process. In this paper, we analyzed the security of protocol 4-way handshake with the Canetti-Krawczyk (CK) model, a general framework for constructing and analyzing authentication protocols in realistic models of communication networks. The results show that 4-way handshake protocol can not only satisfy the definition of Session Key security defined in the CK model, but also the universal composition security, a stronger definition of security. So it can be securely used as the basic model of the authentication and key agreement of WLAN.

In wireless sensor network security is as important as performance and energy efficiency for many applications. In a recently proposed key pre-distribution scheme suitable for power and resource constrained sensor nodes, a common key is guaranteed to be found between two nodes wanting to communicate and mutual authentication is supported. However, it has a shortcoming that the time overhead is high for performing LU decomposition required in the key pre-distribution step. This paper proposes a new scheme which significantly reduce the overhead by avoiding the LU decomposition. The proposed scheme requires O(

k

) time complexity to find a common key while the earlier schemes of different approaches require O(

k

2

) when there exist

k

keys to compare. The proposed scheme thus displays a significant improvement in the performance and energy efficiency of the sensor nodes.

Considering the PKI (public key infrastructure) interoperability problem, we bring out a VBCA (virtual bridge certificate authority) model and detail the construction, maintenance and usage of the model. Two basic tools are used: one is the well-exploited threshold signature technique and the other is a data structure that is called DsCert (double signature certificate). Benefit from these tools, one can use the VBCA to bridge two trust points, and then end entities relying on these points can establish trust relationship. A VBCA model is featured by local CA (certificate authority) autonomy, democratic decision, and efficient path processing. This model overcomes the BCA (bridge certificate authority) compromise problem and removes the cross certificates among trust domains.

Usually, information security management practices do not explicitly take account of weak signals, factors that lie below the detection surface, which may, however, constitute a huge security threat. This study analyses what kinds of weak signals are present in information security, followed by a discussion on their detection. Responses to weak signals are also considered as well as certain privacy concerns related to the issue. These issues are of great urgency not only for government officials responsible of public security and dealing with the current wave of terrorism, but also to corporate information security and top managers running the day to day business of their companies.

This paper presents a policy-driven trust management framework (PDTM) which is composed of five interfaces to feature the fully decentralized and policy-driven framework. The transmission interface allows trust instances to be exchanged between principals. The trust induction interface encapsulates the evaluation of policies and answers queries made against these policies. The trust management interface allows the trust instances including collection, storage and retrieval to be downloaded from small mobile devices, where resources are limited. The policy inquiry interface is designed to facilitate communication between strangers, so that unknown policies can be discovered through a query-based process. The trust agent interface, on the other hand, is designed to automate communication between strangers.

This paper proposes a security assessment method of information system based on mixed methods of constructing weights of criteria, which indicate how to evaluate the overall security of information system in a synthetic and quantitative way from the aspect of confidentiality, integrity, availability and controllability of the information system security.

Ting-Yi Chang et al.(2005) have proposed an efficient (t, n) threshold verifiable multi-secret sharing (VMSS) scheme, which is more secure than the one adopted in Lin and Wu (1999) and it can provide more efficient performance than the other VMSS schemes in terms of computational complexity. However, this paper will show that Chang et al.’s scheme is in fact insecure by presenting a conspiracy attack on it. Furthermore, a more secure scheme is proposed.

In 1998, Yi et al. proposed an authenticated key transport protocol for providing secure communications between the base station and the mobile user based on DSA signature scheme. Unfortunately, Laih and Chiou soon showed that Yi et al.’s scheme suffered from the forgery attack which an intruder can forge a valid certificate of a legal user. In this article, we present a simpler attack on Yi et al.’s scheme than that of Laih and Chiou. Furthermore, we also propose an improvement to repair Yi et al.’s scheme. The security of our proposed improvement is also based on DSA signature scheme.

Much of the earlier work presented in the area of on-line flow diagnosis focuses on knowledge based and qualitatively reasoning principles and attempts to present possible root causes and consequences in terms of various measured data. However, forecasting flow is an un-measurable operating variable in diagnosis processes that define the state of the network. Forecasting flow essentially characterize the efficiency and really need to be known in order to diagnose possible malfunction and provide a basis for deciding on appropriate action to be taken by network manager. This paper proposes a novel flow-predictable system (FPS) based on fuzzy neural network. The features of dynamic trends of the network flow are extracted using a decision matrix transform and a qualitative interpretation, and then are used as inputs in the neural network, so that it can be used to fit the smooth curves perfectly. It is adopts to deal with the mapping relation and categorizing the network faults. The experiment system implemented by this method shows the proposed system is an open and efficient flow-fault forecast engine.

In this paper, we present a rule-based approach to fine-grained data-dependent access control for database systems. Authorization rules in this framework are described in a logical language that allows us to specify policies systematically and easily. The language expresses authorization rules based on the values, types, and semantics of data elements common to the relational data model. We demonstrate the applicability of our approach by describing several data-dependent policies using an example drawn from a medical information system.

The authenticated multiple-key agreement protocol provides two entities to authenticate each other and establish multiple common keys in a two-pass interaction, a protocol without using a conventional hash function simplifies its security assumption on only public hard problem. In 2004, Chien and Jan proposed an authenticated multiple-key agreement protocol to overcome the shortcomings that break the previous variants. This paper shows that Chien and Jan’s scheme has a weakness that is vulnerable to forgery. To remedy this weakness, we improve Chien and Jan’s scheme such that the newly improved scheme has authenticated property and does not significantly affect the efficiency of the original scheme. Compared to the previous schemes, our improved method also achieves better key utilization.

The large-scale network security events are becoming a major threat to internet. How to quickly detect and effectively control the network security events’ spreading has become the research focus among network security experts. By combining active topology measurement with distributed anomaly detection, a large-scale network security events’ discovery and cooperative system is proposed, which focuses on macroscopical alert analysis, control point selection, creating control suggestion etc. After the process of visualization, it exhibits preferable application effect. The experimental result proved that it offers administrators the direct decisive advice to prevent network security event from overspreading.

Hiding secret message in an image has received significant attention that it will not arise attackers’ suspicion. Recently

,

VQ-based compression domain is frequently employed. Although some hiding schemes are VQ-based compression domain, their hiding capacities are limited. To increase the hiding capacity, this paper applies codewords grouping concept to design an adaptive capacity hiding scheme. Based on our scheme, more bits can be embedded into single VQ index only if its degradation caused by replacing other codeword is less than the predefined threshold. The advantages of this proposed scheme are the higher capacity exploration on secret embedding, and acceptable stability on the display of stego-images.

Reversible data hiding has drawn intensive attention recently. Reversibility means to embed data into digital media and restore the original media from marked media losslessly. Reversible data hiding technique is desired in sensitive applications that require no permanent loss of signal fidelity. In this paper, we exploit statistical property of wavelet detail coefficients and propose a novel reversible data hiding for digital image by modifying integer wavelet coefficients slightly to embed data. Our algorithm doesn’t need any lossless compression technique and provides several embedding modes for choice according to capacity and visual quality requirement. Experimental results show that our algorithm achieves high capacity while keeping low distortion between marked image and the original one.

This paper presents a steganographic algorithm in digital images to embed a hidden message into cover images. This method is able to provide a high quality stego image in spite of the high capacity of the concealed information. In our method, the number of insertion bits into each pixel is different according to each pixel’s characteristics. That is, the number of insertion bit is dependent on whether the pixel is an edge area or smooth area. We experimented on various images to demonstrate the effectiveness of the proposed method.

The Multimedia Messaging System allows a user of a mobile phone to send messages containing multimedia objects, such as images, audio or video clips. MMS has very quickly gained the popularity of SMS among mobile users. Alongside, the need for a secure communication became more imperative. Hiding information, especially in images has been an attractive solution for secret communication. In this paper we examine the possibilities for the use of steganography within a multimedia message. The most widely known algorithms for steganography are presented and discussed. Their application in a mobile environment is analyzed and a theoretical evaluation is given.

We propose an error concealment method for robust video transmission based on watermarking technique. In this method, the motion vector information is used as the watermark and embedded in the transform coefficients before quantization. A proper embedding algorithm is designed with the characteristics of the video coder taken into consideration, so that the embedding watermark has little influence on the video quality and the coding efficiency. At the decoder, the extracted watermark is used to effectively detect errors and restore the corrupted motion vectors. Then the restored motion vectors are utilized in error concealment. Simulation results demonstrate the advantages of the proposed method in error prone environment. The proposed method is applicable to all the block-transform based video coding schemes.

Watermarking techniques can be applied in many applications, such as copyright protection, authentication, fingerprinting, and data hiding. Each different purpose of usability requires different approaches and schemes. In this paper, we present the framework of combining the Advanced Encryption Standard (AES) with watermarking techniques for hiding secret information in digital images. This framework can also be customized for other type of multimedia objects.

In this paper, an image hiding method which used for hiding one secret image into multiple open images is addressed. The method is roughly divided into three steps. First, based on the correlations analysis, different bit planes of a secret image are hided into different bit planes of those different open images. Second, a group of new hiding images is obtained by image fusion method, and then we get a new image by taking the “Exclusive-NOR” operation on these images. At last, the final hiding result is obtained by hiding the image obtained in above steps into certain open image. The experimental result shows the effectiveness of the method.

Synchronization attack is one of the key issues of digital audio watermarking. In this paper, a robust digital audio watermarking algorithm in DWT (Discrete Wavelet Transform) and DCT (Discrete Cosine Transform) domain is presented, which can resist synchronization attack effectively. The features of the proposed algorithm are as follows: (1)More steady synchronization code and new embedded strategy are adopted to resist the synchronization attack effectively. (2)The multi-resolution characteristics of DWT and the energy- compression characteristics of DCT are combined to improve the transparency of digital watermark. (3)The algorithm can extract the watermark without the help of the original digital audio signal.

In this paper, a novel semi-fragile watermarking adapted to MPEG-2 video is proposed. It is achieved by using the hybrid watermarking method which is implemented by the combination of the robust watermark applied in DCT and spatial domain and the fragile watermark applied in motion vector. The proposed method can not only detect attacks but also localize them. Besides, it can distinguish malicious attacks such as frame dropping or swapping from non-malicious tempers like re-compression. This method satisfies invisibility and does not need the original information for the watermark detection.

A novel robust watermarking algorithm is presented using multiresolution representation of quasi-uniform cubic B-spline curves. The 4×4 blocks of host image are reindexed into 1-D in Hilbert scanning order. Every two neighbor blocks from Hilbert sequence are selected, and part pixels in this two blocks are taken as control points by Hilbert scanning order to define a couple of quasi-uniform cubic B-spline curves. The wavelet-based multiresolution representations of quasi-uniform B-spline curves are carried out and the low-resolution control points of quasi-uniform B-spline curves are modified according to a binary watermark. Experimental results show that this scheme is strongly against the attacks of filtering, JPEG compression and translation.

In this paper, we describe various watermarking techniques for secure user verification in the remote, multimodal biometric systems employing both fingerprint and face information, and compare their effects on user verification and watermark detection accuracies quantitatively. To evaluate the performance of watermarking for multimodal biometric systems, we first consider possible two scenarios – embedding facial features into a fingerprint image and embedding fingerprint features into a facial image. Additionally, to evaluate the performance of dual watermarking for secure biometric systems, we consider another two scenarios – with/without considering the characteristics of the fingerprint in embedding the dual watermark. Based on the experimental results, we confirm that embedding fingerprint features into a facial image can provide superior performance in terms of the user verification accuracy. Also, the dual watermarking with considering the characteristics of the fingerprint in embedding the dual watermark can provide superior performance in terms of the watermark detection accuracy.

Video watermarking hides information (e.g. ownership, recipient information, etc) into video contents. In this paper, we propose an auto-correlation based video watermarking scheme to resist geometric attack (rotation, scaling, translation, and mixed) for H.264 (MPEG-4 Part 10 Advanced Video Coding) compressed video contents. To embed and detect maximal watermark, we use natural image statistics based on independent component analysis. We experiment with the standard images and video sequences, and the result shows that our video watermarking scheme is more robust against geometric attacks (rotation with 0-90 degree, scaling with 75-200%, and 50%~75% cropping) than Wiener based watermarking schemes.

Digital watermarking is a copyright protection technique that has been developed in response to the rapid growth of networking and internet technology. Possessing also validation capabilities, it is superior to most forms of traditional network safety methods based on encryption and so has attracted widespread attention in recent years. At present, two common forms of watermarking techniques are in use: robust watermarking and fragile watermarking. While the former technique is highly robust, it sorely lacks the capability to recognize forged signals. The latter technique, on the contrary, though being highly sensitive to signal authenticity is overly vulnerable to normal signal processing. This paper introduces a digital watermarking technique (algorithm) that is based on wavelet packages. By embedding the watermarks in the middle-frequency segment of the wavelet package, this new technique possesses all the desirable properties of the previous algorithms, as indicate by experimental results.

In this paper we propose a technique to embed a digital watermark containing copyright information into a spectral images. The watermark is embedded by modifying the singular values in PCA/DWT domain of the spectral images. After modification the image is reconstructed by inverse processing, thus containing the watermark. We provide analysis of watermark’s robustness against attacks. The attacks include lossy compression and median filtering. Experimental results indicate that the watermark algorithm performs well in robustness.

In this paper, we propose a new restoration method for electronic text document images using erasable watermarks. In restoration application, finding sufficient number of low-distortion pixels in a block to embed sufficient information bits and their blind detection is difficult. In the proposed method, an erasable watermark is embedded in each block of a text document image for restoration of the original character sequence. The embedding process introduces some background noise; however the content in the document can be read or understood by the user, because human vision has the inherent capability to recognize various patterns in the presence of noise. After verifying the content of each block, the original image can be restored at the blind detector for further use and analysis. Using the proposed method, it is possible to restore the original character sequence after multiple alterations like character deletion, insertion, substitution and block swapping.

The CBT method that is a dual shared tree enables both a transmitter and a recipient to exchange data through the shortest route to the center core. This method is used to solve the expansion problem of multicast by using a core. However, the current Multimedia Routing Method that involves a packet switching of Best-Effort method tries to transmit only single packet; thus, it causes congestion of data around a core and RP. As for a solution of this problem, the thesis suggests the RED algorithm applied Anycast method. The Anycast Protocol is a way to transfer a packet to an optimal server or a host that is able to redistribute the packet to the most adjacent router or Anycast group members who have Anycast address. Likewise, Anycast redistributes a packet of a core, then again redistributes it to any adjacent router and transmits the packet to an optimal host. In order to redistribute a packet of Core, RED Algorithm is adopted to disperse traffic congestion around the core.

A single web service is most likely inadequate to serve the customers’ business needs; it takes a selection of various web services composed together to form a business process. The cost is the primary concern of many business processes. In this paper, we propose a new solution using Genetic Algorithm (GA) in cost-reduction driven web service selection. GA is utilized to optimize business process composed of many service agents (SAg), each of which corresponds to a collection of available web services provided by multiple service providers to perform a specific function. Service selection is an optimization process with taking into account the relationships among the services. Better performance has been gotten using GA in the paper than using local service selection strategy.

The applications of pervasive computing in smart home constitute a hot research topic. It is time for the concept of the connected home to become a reality. In this paper, we present a pervasive computing application platform, MacroOS. MacroOS is built on the ensemble of multiple technologies and some novel pervasive computing technologies. It consists of micro embedded operating system which supports wireless network sensors, pervasive network which supports various communication protocol and context middleware which meets the requirement of context awareness and context management. Furthermore, based on the MacroOS platform, we implement successful demonstration applications in smart home system.

Multicast server replication effectively utilizes the network resources and improves the performance of the clients. Selection of servers in such environments decides the quality of services. In this paper, we provide a frame to select replicated servers with genetic algorithm. A two-level coding scheme is developed to represent a server selection candidate to chromosome efficiently. In the coding process, a method based on Dijkstra’s algorithm and random disturbance is designed that ensures generating a valid multicast tree. We discuss two options of genetic operators, namely crossover and mutation only at the first level code (GA1) or two levels (GA2). GA2 offers higher heritability and locality, but it requires more techniques to guarantee the validity of offspring. Extensive simulations demonstrate that both GA1 and GA2 outperform other heuristics. Particularly, GA2 is superior to GA1 in the complex network.

This paper presents a novel methodology, called COPP, to estimate available bandwidth over a given network path. We first present a rigorous definition of available bandwidth, from which the novel two-steps estimating methodology, e.g. partial and final step, can be derived. In partial step, COPP deploys a particular probe scheme, namely chirp of packet pairs, which is composed of several packet pairs with decremental inter-packet spacing. After each chirp is sent, a partial estimate can be obtained and equal to the weighted average of all turning bandwidth within the chirp. In the second step, the final estimate is the weighted amount of all partial results of all chirps in a measurement episode. Additionally, we develop a heuristic though efficient rule to determine whether a packet pair is turning point. Finally, the evaluation of COPP in various simulations shows that COPP can provide accurate results with relatively less overhead while adapt to network variations rapidly.

The unresponsive flows to the network congestion control are dangerous to the equilibrium and the Quality-of-Service (QoS) of the whole Internet. In this paper, a new network queue management algorithm- CCU (Compare and Control Unresponsive flows) is proposed in order to strengthen the robustness of Internet against unresponsive flows. As a sort of active queue management (AQM) algorithm, CCU relies on the detection and punishment of unresponsive flow and gets the elastics control of unresponsive flows, which benefit the buffer queue with the high performance. Via the comparison and evaluation experiments, it has been proved that CCU can detect and restrain unresponsive flows more accurately compared to other AQM algorithms.

This research tested a different approach to Secure RBAC in a post 911 environment. In order to defend the United States against enemies foreign and domestic; it is crucial that combat forces are equipped with the best communication equipment available. 21 years technology experience in a military environment supports this research and contributes an ideology that could revolutionize the government communication process. The “Mobile Secure Role Base Access Control” (MS-Ro-BAC) Network is a system designed to access secure global databases via wireless communication platforms [2]. This research involved the development of a (MS-Ro-BAC) Database, for wireless vs. wired access connectivity. Proprietary software was developed for authenticating with the server system. 40 database access scenarios were tested during day and night hours, for performance. The Iridium Satellite gateway was ineffective as a communication service to efficiently access the database in a global strategic environment.

XML is rapidly becoming one of the most widely adopted technologies for information exchange and representation on the World Wide Web. However, the large part of data is still stored in a relational database and we need to convert those relational data into an XML document. There are existing approaches such as NeT and CoT to convert relational models to XML models but those approaches only consider explicit referential integrities. In this paper, we suggest an algorithm to reflect implicit referential integrities to the conversion. The proposed algorithm provides several good points such as improving semantic information extraction and conversion, securing sufficient referential integrity of the target databases, and so on.

Distributed information retrieval searches information among many disjoint databases or search engine results and merge of retrieved results into a single result list that a person can browse easily. How to merge the results returned by selected search engine is an important subproblem of the distributed information retrieval task, because every search engine has its own calculation or definition about relevance of documents and has different overlap range. This article presents a fuzzy integral algorithm to solve the merging results problem. We have also a procedure for adjusting fuzzy measure parameters by training. Compared to the method of relevance scores fusion and Borda count fusion, our approach has the excellent ability to balance between chore effects and dark horse effects. The experiments on web show that our approach gets better ranked results (more useful documents on top ranked).

This paper describes the Next Generation PARLAY X with QoS / QoE in Next Generation Network (NGN). PARLAY has introduced the architecture for the development and deployment of services by service providers over 3G network. But the existing PARLAY X does not provide the open Application Programming Interface (API) for QoS / QoE. Therefore, to solve this issue, this paper suggests the PARLAY X with QoS / QoE. The object of this paper is to support the architecture and the API of the network service for QoS / QoE in NGN. The PARLAY X can provide users with QoS / QoE in network according to the detected context such as location and speed and user’s preference. The architecture of the Next Generation PARLAY X is comprised of the functions for context-awareness, adaptation, and personalization.

In order to provide QoS-guaranteed real-time multimedia services, establishment of QoS-guaranteed per-class-type end-to-end session and connection is essential. Although the many researches for QoS-guarantee have been applying to the provider’s network, these have not been completely guaranteeing the end-to-end QoS yet. The topic of the end-to-end QoS-guarantee is still an open issue. In this paper, we propose a platform supporting real-time multimedia services of a higher quality between end-users. To guarantee the QoS between end-users, we use the SDP/SIP, RSVP-TE and CAC. The SDP/SIP establishes end-to-end sessions that guarantee the users’ demanded QoS. The RSVP-TE and CAC establish the QoS-guaranteed path between edge nodes on network for the established session through SDP/SIP. The proposed platform can apply to not only the existing IP-based network but also the wired/wireless convergence network of near future.

The “Knowledge Management System” has been introduced for the necessity of convenient communication and productivity improvement; the existing legacy systems have limitations such as the low effectiveness in information sharing and such functions. This study developed an enhanced construction information management system which improved the functions of storing, searching, and sharing of the information. The proposed “Knowledge Document Management (KDM) Portal” can perform Knowledge management through various access methods. Personal files can be managed with a file viewer and advanced viewer functions. The system also enables a ‘quick search’ using a highlighting system within the text-file search.

This paper proposes a new event correlation technique, which integrates the increment hypothesis updating (IHU) technique with the codebook approach. The technique allows multiple simultaneous independent faults to be identified when the system’s codebook only includes the codes of the single fault and lacks the information of prior fault probability and the conditional probability of fault lead to symptoms occur. The method utilizes the refined IHU technique to create and update fault hypotheses that can explain these events, and ranks these hypotheses by the codebook approach. The result of event correlation is the hypothesis with maximum hamming distance to the code of the received events. Simulation shows that this approach can get a high accuracy and a fast speed of correlation even if the network has event loss and spuriousness.

Recently, wavelet transform and information fusion have been used in face recognition to improve the performance. In this paper, we propose a new face recognition method based on wavelet transform and support vector machine-based fusion scheme. Firstly, an image is decomposed with wavelet transform to three levels. Then, Fisherface method is applied to three low-frequency sub-images respectively. Finally, the individual classifiers are fused using the support vector machines. Experimental results show that the proposed method outperforms the best individual classifiers and the direct Fisherface method on original images.

This paper presents a novel dynamic face and fingerprint fusion system for identity authentication. To solve the face pose problem in dynamic authentication system, multi-route detection and parallel processing technology are used in this system. A multimodal part face recognition method based on principal component analysis (MMP-PCA) algorithm is adopted to perform the face recognition task. Fusion of face and fingerprint by SVM (Support Vector Machine) fusion strategy which introduced a new normalization method improved the accuracy of identity authentication system. Furthermore, key techniques such as fast and robust face detection algorithm and dynamic fingerprint detection and recognition method based on gray-Level histogram statistic are accepted to guarantee the fast and normal running. Practical results on real database proved that this authentication system can achieve better results compared with face-only or fingerprint-only system. Consequently, this system indeed increases the performance and robustness of identity authentication systems and has more practicability.

We describe a technique for image verification by use of real-time joint transform correlation with scanning technique. The described method is independent of a spatial light modulator (SLM) in the Fourier plane which has limitations for applying to robust systems. The system is a hybrid processing combined of optical and electronic methods. The system also can perform real-time correlation without SLM at Fourier plane. We develop the theory of the technique and evaluate a performance of the method by estimating the correlation between an authentic fingerprint image and the distorted fingerprints image. Also, we present computer simulation result to demonstrate the validity of the idea.

This paper proposes a novel revocable two-factor authentication approach which combines user-specific tokenized pseudo-random bit sequence with biometrics data via a logic operation. Through the process, a distinct binary code per person, coined as bio-Bit, is formed. There is no deterministic way to acquire bio-Bit without having both factors. This feature offers an extra protection layer against biometrics fabrication since bio-Bit authenticator is replaceable via token replacement. The proposed method also presents functional advantages of obtaining zero equal error rate and yielding a clean separation between the genuine and imposter populations. Thereby, false accept rate can be eradicated without suffering from the increased occurrence of false reject rate.

In current critical area models, it is generally assumed that the defect outlines to be circular and the conductors to be rectangle or merge of rectangles. However, real extra defects and conductors associated with optimal layout design exhibit a great variety of shapes. Based on mathematical morphology, a new critical area computational method is presented, which can be used to estimate critical area of short circuit in semiconductor manufacturing. The results of experiment on the 4*4 shift memory layout show that the new method predicts the critical areas practicably. These results suggest that proposed method could provide a new approach for the yield perdition.

In this paper, a robust lane detection approach, that is primary and essential for driver assistance systems, is proposed to handle the situations where the lane boundaries in an image have relatively weak local contrast, or where there are strong distracting edges. The proposed lane detection approach makes use of a deformable template model to the expected lane boundaries in the image, a maximum a posteriori (MAP) formulation of the lane detection problem, and a particle swarm optimization algorithm to maximize the posterior density. The model parameters completely determine the position of the vehicle inside the lane, its heading direction, and the local structure of the lane. Experimental results reveal that the proposed method is robust against noise and shadows in the captured road images.

The recognition of vowels in Chinese speech is very important for Chinese speech recognition and understanding. However, it is rather difficult and there has been no efficient method to solve it yet. In this paper, we propose a new approach to the recognition of Chinese vowels via the support vector machine (SVM) with the Mel-Frequency Cepstral Coefficients (MFCCs) as the vowel’s features. It is shown by the experiments that this method can reach a high recognition accuracy on the given vowels database and outperform the SVM with the Linear Prediction Coding Cepstral (LPCC) coefficients as the vowel’s features.

A simple and efficient image vector quantizer (VQ) based on a classification in the DCT domain is presented. Each 8×8 image block is quantized with ordinary VQ (OVQ) or transformed VQ (TVQ), which is determined by the three low-frequency DCT coefficients. Experimental results show that the proposed approach can achieve promising performance.

The removing of specular highlight spots has been the hotspot in the field of computer vision. A variety of methods have been designed to remove the specular on the surface of the objects. Unfortunately few paper on removal of (specular) highlight spots on the metal surface have been reported. Since the region of highlight spots on metal surface is much larger than that of non-metal, it is harder to remove them. We propose a novel Inpainting with Multi-Sources-Flashing method to resolve the problem. The outcome of the experiments demonstrate that the light-spots on the surface of the metal objects with complex texture are removed effectively, and the physical property of the surface maintains well. The pyramid structure of our algorithm flow makes the innovation function efficiently.

Component detectors can accurately locate facial components, and component-based approaches can be used to build detectors that can handle partial occlusions. This paper proposes a face detection and verification method using component-based online learning. The main difference from previously reported component-based approaches is the use of online learning, which is ideal for highly repetitive tasks. This results in faster and more accurate face detection, because system performance improves with continued use. Further, uncertainty is added by calculating the standard deviation of face components and their relations.

This paper presents the improved algorithm according to image compression technology to pledge the real time of the image transmission and gain the high compression ratio under the image quality. The improved SPIHT image coding algorithm based on fast lifting wavelet transform presents fast lifting wavelet transform to improve trasform course, because of many consecutive zero appearing in SPIHT quantification coding, adopting the simultaneous encoding of entropy and SPIHT. Entropy coding adopts run-length-changeable coding. Experiment results show that encoding by this method can improve PSNR and efficiency. This method can apply in the image data transmission and storage of remote image surveillance systems.

The objective of this study is to make stereo image coding more efficient by estimating the characteristics of stereo residual. The proposed method is based on the embedded zerotree wavelet algorithm, which is modified to improve its performance for stereo residual images by determining the thresholds during the dominant pass and the repetition times of the subordinate passes dynamically by considering the edge tendency of the input image. The experimental results show that the proposed method provides better performance than the conventional coder for the processing of stereo residuals.

In this paper, we propose a simple method for designing

M

-channel near-prefect-reconstruction (NPR) cosine-modulated filter banks (FBs). By employing the Parks-McClellan algorithm in constructing the prototype filter, an ideal magnitude response of the filter is achieved. Furthermore, the transition band of the prototype filter is constrained in such a way that it follows a cosine function. As a result, the FBs are approximately power complementary and therefore possess the NPR property. There are two main advantages in our proposed method. The first one is that no objective function in the optimization is explicitly required and the second one is that the resulting prototype filter is a global optimal solution. Compared with the traditional design method using general optimization methodology, the proposed method here is very simple and efficient. In addition, the stopband attenuation of the resulting FB is significantly higher than those offered by the traditional methods.

In this paper, we propose a novel fast motion estimation algorithm based on successive elimination algorithm (SEA), which can dramatically reduce complexity of the variable block size motion estimation by removing the unnecessary computation of SAD in H.264 encoder. The proposed method, which accumulates current sum norms and pre-computed SAD for the bigger block sizes than 4×4 drives tighter bound in the inequality than an ordinary SEA depending on the availability of SAD. Experimental results explain that our method reduces computation complexity. In addition, the proposed method is an extended version of the rate constrained block matching for variable block-sized applications. It surely works on variable block-based motion estimation with just a little degradation.

In wavelet-based video coding with motion-compensated lifting, efficient compression is achieved by exploiting motion-compensated temporal filtering (MCTF). The performance of a 3D wavelet video codec is greatly dependent on the efficient of MCTF. In this paper, an adaptive motion-compensated temporal filter scheme is proposed for wavelet video coding. Our method focused to control the level number of the temporal decomposition by detecting the number of the un-connection pixels in low-pass frame to avoid the inefficiency of MCTF while scene changing quickly. Moreover, this method has most useful features of predictive wavelet codecs, such as multiple reference frame and bi-directional prediction. Our experimental results show that, compared with the conventional MCTF, the proposed scheme has better coding performance for most sequences.

A new snake-based algorithm is presented to segment objects from a pair of stereo images. The proposed algorithm is built upon a new energy function defined in the disparity space in such a way to successfully locate the boundary of an object found in a stereo image pair. The distinction of our algorithm comes from its superb segmentation capability even when the objects in the image are occluded and the background behind them is cluttered. The computer simulation shows out-performing results over the well-known conventional snake algorithm in terms of segmentation accuracy.

The traditional methods of optical flow estimation have some problems, such as huge computation cost for the inverse of time-varying Hessian matrix, aperture phenomena for the points with 1D or little texture and drift phenomena with long sequences. A novel nonrigid object tracking algorithm based on inverse component uncertainty factorization subspace constraints optical flow is proposed in this paper, which resolves the above problems and achieves fast, robust and precise tracking. The idea of inverse Component is implemented in each recursive estimation procedure to make the algorithm fast. Uncertainty factorization is used to transform the optimization problem from a hyper-ellipse space to a hyper-sphere space. SVD is correspondingly performed to involve the subspace constraints. The proposed algorithm has been evaluated by both the standard test sequence and the consumer USB camera recorded sequence. The potential applications vary from articulated automation to structure from motion.

In order to improve target localization accuracy and conserve node power simultaneously, a multi-objective accelerated ant colony optimization algorithm is presented to deal with the problem of node selection in the sensors network. On the base of it, the interacting multiple model algorithm (IMM) is introduced to track bearings-only maneuvering target, and simulation results show that the proposed algorithm not only has better tracking performance, but also meets the needs of conserving battery power of node.

This paper shows that an algorithm technique involving image classification and valley-edge based image segmentation is a highly efficient way of delineating densely packed rock fragments. No earlier work on segmentation of rock fragments has exploited these two building blocks for making robust segmentation. Our method has been tested experimentally for different kinds of closely packed fragment images which are difficult to detect by ordinary edge detections. The reason for the powerfulness of the technique is that image classification (knowledge of scale) and image segmentation are highly cooperative processes. Moreover, valley-edge detection is a nonlinear filter picking up evidence of valley-edge by only considering the strongest response for a number of directions. As tested, the algorithm can be applied into other applications too.

In this paper, we investigate the problem of how to quantize the wavelet coefficients in the lowest frequency subband with non-uniform scalar method. A novel wavelet image coding algorithm based on non-uniform scalar quantization is proposed. This algorithm adopts longer step to quantize the wavelet coefficients in the lowest frequency subband and uses shorter step for other ones. According as the results of the experiment we design a coding approach by using two labels 0 or 1 to code a coefficient bit of decimal plane. Experiment results have shown the proposed scheme improves the performance of wavelet image coders. In particular, it will get better coding gain in the low bit rate image coding.

Nematodes are primitive organisms which nonetheless devour many of the essential resources that are critical for human beings. For effective and quick inspection and quarantine, we propose a general image based system for quantitatively characterizing and identifying nematodes. We also describe the key methods ranging from gray level image acquisition and processing to information extraction for automated detection and identification. The main contributions of this paper are not only presenting a framework of the system architecture, but also giving detail analysis and implementation of each system component with instance of

Caenorhabditis elegans

. Therefore with a little modification, this system can be applied to other nematode species discrimination and analysis.

In this paper, we propose a novel blind adaptive multiuser detector using the recursive least squares (RLS) algorithm based on singular value decomposition (SVD) for code division multiple access systems. The new presented algorithm can overcome the disadvantages of numerical instability and divergence of the conventional RLS algorithm. Simulation results show that the novel SVD-based RLS algorithm is superior to the conventional RLS algorithm in convergence rate, numerical stability and robustness.

In this paper, we presented a new wavelet-based digital image stabilization (DIS) algorithm on the motion estimation for the stabilization of the 2-axes rotation sight system. In proposed algorithm, we first estimate the local motion defined in terms of translational motion vector by using fine-to-coarse (FtC) multi-resolution motion estimation (MRME). Next, we estimate the global motion defined as the rotational motion parameters such as the rotational center and angular frequency by using the vertical and horizontal component in wavelet domain. The rotational center and angular frequency are estimated from the local motion field and the special subset of the motion vector respectively. The experimental results show the improved stabilization performance compared with the conventional digital image stabilization algorithm.

Hough Transform (HT) is a powerful tool to detect straight lines in noisy images since it is a voting method. However, there is no effective way to detect line segments and dominate points, which are more important in pattern recognition and image analysis. In this paper, we propose a simple way to detect lines segments and dominate points simultaneously in binary images based on HT using generalized labelling. The new framework firstly detects straight lines using HT and then labels each black point of the image by considering the discrete errors of HT. Finally, the connectivity among the points having the same labels is checked in order to reduce the effect of noises and detect line segments properly. The experimental results show that our new framework is an powerful and effective way to detect line segments and dominate points in noisy binary images.

Auto image segmentation can segment the image without operators interfering and is an important technique in the image processing. The Boltzmann-Color-Image-Segmentation (BCIS), which could control the degree of segmentation by adjusting the temperature parameter, is designed based on the Boltzmann-theory and the Metropolis-rule in the paper. Then the criterion function of image segmentation, which could balance between the number of segmented region and the affinity of the segmented image with the original image, is presented. Based the BCIS and Criterion function, the auto color image segmentation is schemed out by using the artificial immune algorithm. Experiments showed that the color image segmentation algorithm, which we designed in the paper, had the good capabilities.

This paper proposes a novel digital auto-focusing algorithm using image fusion, which restores an image with out-of-focus objects. Instead of designing an image restoration filter for auto-focusing, we propose an image fusion-based auto-focusing algorithm by fusing multiple, restored images based on regularized iterative restoration. The proposed auto-focusing algorithm consists of (i)

sum-modified-Laplacian (SML)

for obtaining salient focus measure, (ii) iterative image restoration, (iii)

auto focusing error metric (AFEM)

for optimal restoration(iv)

soft decision fusion and blending (SDFB)

which enables smooth transition across region boundaries. By utilizing restored images at consecutive levels of iteration, the soft decision fusion and blending algorithm can restore images with multiple, out-of-focus objects. An

auto-focusing error metric

is used to provide an appropriate termination point for iterative restoration.

A fast algorithm based on depth discontinuity and occlusion analysis is presented for ray-space interpolation. Feature points at depth discontinuity regions in the top and bottom line of sparse epipolar plane image (EPI) is first extracted, and their directions are determined by multiple epipolar matching method. Each of the feature points grows in the nearby epipolar lines until the direction of the grown feature point departures from the direction of the initial point, which means that occlusion occurs or the feature point is in fact a noise. Finally, directional interpolation is implemented within the regions segmented by the feature points. Experimental results show that the new method runs much faster than the pixel matching based and block matching based interpolation methods, additionally, the quality of interpolated EPIs and the rendered arbitrary viewpoint images obtained by the new method is also much better than that of the other two methods.

Novel independent component analysis(ICA) algorithm based on non-parametric density estimation—generalized

k

-nearest neighbor(GKNN) estimation is proposed using a linear ICA neural network. The proposed GKNN density estimation is directly evaluated from the original data samples, so it solves the important problem in ICA: how to choose nonlinear functions as the probability density function(PDF) estimation of the sources. Moreover the GKNN-ICA algorithm is able to separate the hybrid mixtures of source signals using only a flexible model and it is completely blind to the sources. It provides the way to wider applications of ICA methods to real world signal processing. Simulations confirm the effectiveness of the proposed algorithm.

This paper presents a fast stereo matching algorithm using SUSAN window. The response of SUSAN window is used to calculate the dissimilarity cost. From this dissimilarity cost, an initial match can be found. Then, with this initial match, a dynamic programming algorithm searches for the best path of two scan lines. Since the proposed dissimilarity cost calculation method is very simple, and does not make use of any complicated mathematic formula, its running time is almost as same as SAD in the fixed window. In addition, the proposed matching algorithm only has two control parameters, bright threshold and occlusion penalty, which make it to be easily optimized.

In this paper, an efficient adaptive de-blocking algorithm is proposed to reduce blocking artifacts. Blocking artifacts are modeled as step functions and then the image blocks are divided into three categories: smooth blocks, texture blocks and edge blocks. For smooth blocks, the expression of amplitude of blocking artifacts is educed firstly in our algorithm, and then the adaptive smooth filter according to the amplitude of blocking artifacts and the smooth degree function is proposed to reduce blocking artifacts. For the texture blocks and edge blocks, the Sigma filter is used to smooth the block boundaries. The experiment results show that the proposed algorithm reduces the blocking artifacts effectively and preserves the original edges faithfully.

We describe a novel technique called Analytic Boosted Cascade Detector (ABCD) to automatically locate features on the human face. ABCD extends the original Boosted Cascade Detector (BCD) in three ways: (i) a probabilistic model is included to connect the classifier responses with the facial features; (ii) a features location method based on the probabilistic model is formulated; (iii) a selection criterion for face candidates is presented. The new technique melts face detection and facial features location into a unified process. It outperforms Average Positions (AVG) and Boosted Classifiers + best response (BestHit). It also shows great speed superior to the methods based on nonlinear optimization, e.g. AAM and SOS.

Phase field models provide a well-established framework for the mathematical description of free boundary problems for image segmentation. In phase field models interfaces represent edges of jacquard images and the determination of the edges of jacquard images is the main goal of image segmentation. In this paper, the phase field model was applied to segment and recognize pattern structures of jacquard images. The segmentation was performed in two major steps. Firstly, a pattern extraction and representation was performed by an adaptive mesh generation scheme. For the conjugate gradient method has been successfully used in solving the symmetric and positive definite systems obtained by the finite element approximation of energy functionals, a novel conjugate gradient algorithm was adapted to the minimization of energy functional of discrete phase model. Experimental results show efficiency of our approach.

The scaling behavior has been discovered in the past decade, which has provided hope that mathematical models can be found to describe the nature of the traffic. Similarly to long-range dependence (LRD), nonstationarity is also one of vital characteristics of network traffic. In this paper, a novel traffic model is proposed based on that the traffic aggregation behavior is abstracted in hierarchical way. The traffic model is focused on the burst traffic rate. Firstly, the burst size of output aggregated flow by edge device of a network domain is derived by pseudo queue system methods. And, the nonstationarity of input traffic is developed by a generalized fractal Gaussian noise process, which is constructed by a large number of train traffic series. They are Poisson arrival and their lifetime is exponential distribution. The model has a good performance of fitting to real traffic data within multi-scale for long time, which is illuminated by simulated results.

A new method for digital image scrambling transformation, namely Magic Cube Transformation, was proposed and its principle was introduced. Combined with the Logistic mapping in non-linear dynamics system, an image encrypting and decrypting algorithm based on Magic Cube Transformation was designed. A natural chaotic sequence was created with the key. The image matrix was transformed with this chaotic sequence, using the Magic Cube Transformation. Then an encrypted image was resulted. The decrypting operation was the reverse process of encryption. The experimental results indicate that the proposed algorithm can get satisfying effect. Finally, the characteristics of the algorithm were summarized and the aspects of the subsequent work were prospected.

Compared with spatial domain motion compensated temporal filtering (MCTF) scheme, in-band MCTF scheme needs more coding bits for motion information since the motion estimation (ME) and motion compensation (MC) are implemented on each spatial subband. Therefore, how to employ motion prediction and coding is a key problem to improve the coding efficiency of in-band MCTF. In this paper, we proposed an efficient level-by-level modebased motion prediction and coding scheme for in-band MCTF. In our scheme, three motion prediction and coding modes are introduced to exploit the subband motion correlation at different resolution as well as the spatial motion correlation in the high frequency subband. To tradeoff the complexity and the accuracy of block-based motion search, a jointly rate-distortion criterion is proposed to decide a set of optimized motion vector for three spatial high frequency subbands at the same level. By the rate-distortion optimized mode selection engine, the proposed scheme can improve the coding efficiency about 0.6db for 4CIF sequence.

Adaptive sampling is an interesting tool to eliminate noise, which is one of the main problems of Monte Carlo global illumination algorithms. We investigate the Tsallis entropy to do adaptive sampling. Implementation results show that adaptive sampling based on Tsallis entropy consistently outperforms the counterpart based on Shannon entropy.

Network forensic plays an important role in the modern network environment for computer security, but it has become a time-consuming and daunting task due to the sheer amount of data involved. This paper proposes a new method for constructing incremental fuzzy decision trees based on network service type to reduce the human intervention and time-cost, and to improve the comprehensibility of the results. At the end of paper, we discuss the performance of the forensic system and present the result of experiments.

This paper deals with the problem of robust reliable control design for a class of fuzzy uncertain systems with time-varying delay. The system under consideration is more general than those in other existent works. A reliable fuzzy control design scheme via state feedback is proposed in terms of linear matrix inequality (LMI). The asymptotic stability of the closed-loop system is achieved for all admissible uncertainties as well as actuator faults. A numerical example is presented for illustration.

Taxonomies are exploited to generate improved decision trees. Experiments show very considerable improvements in tree simplicity can be achieved with little or no loss of accuracy.

The issues of trust are especially of great importance in peer-to-peer electronic online communities [5]. One way to address these issues is to use community-based reputations to help estimate the trustworthiness of peers. This paper presents a reputation-based trust supporting framework which includes a mathematical trust model, a decentralized trust data dissemination scheme and a distributed implementation algorithm of the model over a structured P2P network. In our approach, each peer is assigned a unique trust value, computed by aggregating the similarity-filtered recommendations of the peers who have interacted with it. The similarity between peers is computed by a novel simplified method. We also elaborate on decentralized trust data management scheme ignored in existing solutions for reputation systems. Finally, simulation-based experiments show that the system based on our algorithm is robust even against attacks from groups of malicious peers deliberately cooperating to subvert it.

An automatic classification system of Korean traditional music is proposed using robust multi-feature clustering method. The system accepts query sound and automatically classifies input query into one of the six Korean traditional music categories. This paper focuses on the feature optimization method to alleviate system uncertainty problem due to the different query patterns and lengths, and consequently increase the system stability and performance. In order to fit this needs, a robust feature optimization method called multi-feature clustering (MFC) based on VQ and SFS feature selection is proposed. Several pattern classification algorithms are tested and compared in terms of the system stability and classification accuracy.

Many secure electronic payment protocols have been proposed, most of which are based on public key cryptograph. These protocols, however, are not suitable for mobile network due to the limitations of mobile environments, such as limited computation capability of mobile devices, limited bandwidth, etc. In this paper, we propose a private and efficient payment protocol for mobile network, which only involves symmetric key algorithm, such as symmetric encryption, hash function and keyed hash function. All these operations can be implemented on mobile devices feasibly. The proposed protocol also achieves completely privacy protection of buyers, which is one of the important requirements in mobile commerce. First, the identity of the buyer is protected from the merchant. Second, the transaction privacy of the buyer, such as what the buyer buys, and whom the buyer buys from, are also protected from any other parties and financial institutions. By giving a security analysis, we show that our protocol satisfies all security requirements in electronic payment.

To protect the privacy of proxy blind signature holders from dissemination of signatures by verifiers, this paper introduces universal designated-verifier proxy blind signatures. In a universal designated-verifier proxy blind signature scheme, any holder of a proxy blind signature can convert the proxy blind signature into a designated-verifier signature. Given the designated-signature, only the designated-verifier can verify that the message was signed by the proxy signer, but is unable to convince anyone else of this fact. This paper also proposes an ID-based universal designated-verifier proxy blind signature scheme from bilinear group-pairs. The proposed scheme can be used in E-commerce to protect user privacy.

This paper presents an efficient control approach for the elevator group control system. The essential of the method used is based on an operation strategy with a talented algorithm. In order to analyze the performance of the presented system, the control method was evaluated by considering different performance characteristics in the elevator group control system. The results of the presented method compared with the results of the area weight algorithm.

Next generation military communication system (NGMCS) is described as a kind of typical information communication networks (ICN), and primary requirement and evaluation criterion of NGMCN architecture are summarized briefly. Then a general architecture model for NGMCN, composed of four sections, application, system, technology, and equipment, is set up based on vector space and Fuzzy Sets theory. Further the modeling method is presented with the discussions in detail on fuzzy sets and fuzzy relations associated with the architecture model.

Network worms, very similar to viruses, are malicious programs that use vulnerabilities in software to spread between computers that are somehow connected using a computer network.

We remind that a computer should be understood broadly – in the near future, a worm might infect a mobile phone as easily as it now infects a personal desktop computer.

We have proposed a modular architecture for an early warning system. We also implemented a prototype system consisting of several detection and analysis modules. While the prototype was limited in nature, it meets the most of the requirements we have set for such a system.

Character skeleton plays a significant role in character recognition. This paper presents a novel algorithm based on multiscale approach to extract skeletons of printed and hand-written characters. The development of the method is inspired by some desirable characteristics of the modulus minima of wavelet transform. Namely, the local minima of wavelet transform are scale-independent and locate at the medial axis of the symmetrical contours of character stroke. Thus it is particularly suitable for characterizing the inherent skeletons of character strokes. The proposed skeletonization algorithm contains two major steps. First, by thresholding for the modulus minima of wavelet transform, the modulus minima points underlying the character strokes are extracted as the primary skeletons. Based on these primary skeletons, the modulus minima points are being eventually computed as the final skeleton by iteratively performing wavelet transform. The skeleton form the proposed method can be exactly located on the central line of the stroke, and the artifacts and branches of skeletons from traditional methods can be avoided. We tested the algorithm on handwritten and printed character images. Experimental results indicate that the proposed algorithm is applicable to not only binary image but also gray-level image.

In this paper, we discuss the application of a two weights neural network (TWNN) to the channel equalization problem. In particular, the purpose of the paper is to improve the previously developed TWNN equalizer with training using K-means and LMS methods; reducing the TWNN network size by considering a lesser number of TWNN kernels, and developing new techniques for determining channel order which is required to specify the structure of an TWNN equalizer. A linear regression model was used for estimating the channel order. The basic idea of reducing the network size is to select the centers, based on the channel lag. This work includes the comparison of the limits of mean square error (MSE) convergence of both a linear equalizer and an TWNN equalizer. mean square error.

Accurate spatial prediction of mineral deposit locations is essential for the mining industry. The integration of Geographic Information System (GIS) data with soft computing techniques can improve the accuracy of the prediction of mineral prospectivity. But uncertainty still exists. Uncertainties always exist in GIS data and in the processing required to make predictions. Quantification of uncertainty in mineral prospectivity prediction can support decision making in regional-scale mineral exploration. This research deals with these uncertainties. In this study, interval neutrosophic sets are combined with existing soft computing techniques to express uncertainty in the prediction of mineral deposit locations.

Fingerprinting schemes are important techniques for protection of intellectual property. However, the previous schemes have some trust assumption made on the registration center, meanwhile they always consider the collusion between the registration and the merchant, also the buyer. To overcome those disadvantages, an anonymous fingerprinting scheme using a modification of Schnorr ring signature is presented. When a buyer wants to buy digital goods, he can sign the text

m

that describes the deal on behalf of the ring, which can bring fully anonymity and unlinkability. Once redistributing fingerprinted copies, a merchant still could trace the buyer with a slightly different version.

Fingerprinting schemes use digital watermarks to determine originators of unauthorized/pirated copies. Multiple users may collude and collectively escape identification by creating an average or median of their individually watermarked copies. Previous fingerprint code design including ACC (anti-collusion code) cannot support large number of users, and we present a practical solution, which defines scalability over existing codebook generation scheme. To increase the robustness over average and median attack, we design a scalable ACC scheme using a Gaussian distributed random variable. We experiment with our scheme using human visual system based watermarking scheme, and the simulation results with standard test images show good collusion detection performance over average and median collusion attacks.

In this paper, a new public-key broadcast encryption scheme, which is asymmetric and without involvement of trusted third parties, is proposed by using the “subset-cover” framework and the identity-based encryption scheme of Boneh and Franklin. This scheme is the first concrete construction of an asymmetric identity-based public-key broadcast encryption that does not rely on trusted agents and the costly Oblivious Polynomial Evaluation mechanism. Moreover, this novel work contains other desirable features, such as efficient encryption and decryption, low memory requirements, traitor tracing, asymmetry and non-repudiation. The tracing algorithm of this system is more efficient than that of the previous ones.

In this paper, we propose a novel solution called

joint encryption

, in which audio and video data are scrambled efficiently by using modified phase scrambling, modified motion vector, and wavelet tree shuffling. Experimental results indicate that the proposed joint encryption technique is very simple to implement, has no adverse impact on error resiliency and coding efficiency, and produces level of security.

In this paper, we will present the design and implementation of the crypto coprocessors which can be used for providing the RFID security. By analyzing the power consumption characteristics of our crypto coprocessors, we can see which crypto algorithms can be used for highly resource constrained applications such as RFID. To provide the security mechanism such as integrity and authentication between the RFID tag and the RFID reader, crypto algorithm or security protocol should be implemented at the RFID tag and reader. Moreover, the security mechanism in the RFID tag should be implemented with low power consumption because the resources of RFID tag are highly constrained, that is, the RFID tag has low computing capability and the security mechanism which operates in the RFID tag should be low power consumed. After investigating the power consumption characteristics of our designed crypto processors, we will conclude which crypto algorithm is suitable for providing the security of RFID systems.

In this paper, we presents HyperSausage Neuron based on the High-Dimension Space(HDS), and proposes a new algorithm for speaker independent continuous digit speech recognition. At last, compared to HMM-based method, the recognition rate of HyperSausage Neuron method is higher than that of in HMM-based method.

A new scheme integrating variable-rate channel coding with the multilayered space-time trellis codes (ML-STTC), is proposed to compensate for the performance loss due to the limited diversity gain of the firstly-detected layer in the group interference suppression and cancellation algorithm at the receiver. In the proposed scheme, the code rate of the channel coding in each layer is adaptive to the diversity gain of this layer, with intent to guarantee the performance of the first layer which suffers from diversity loss. In this way, the error propagation is reduced and the overall performance is improved.

A new hiding scheme of digital image is introduced in this paper, which is robust to image processing such as JPEG compression, median filtering, adding Gauss noise, cropping, and histogram equalization. In this paper, we embed watermark into DWT domain, using integer modulo, retrieval of embedded watermark does not need original image.

We propose an extension of sequential point trees, a data structure that allows adaptive rendering of point clouds completely on the graphics processor (GPU). Using a sequential level-of-detail selection, we exploited the programmable graphics pipeline for rendering of large data sets. By adding position and radius of parent node to all points in the sequence, hole and overdraw problems of the sequential point trees technique were resolved, and as a result better image quality and rendering performance were achieved.

In this paper, we introduce the notion of vector-valued multiresolution analysis. We discuss the existence of biorthogonal multiple vector-valued wavelets. An algorithm for constructing a class of compactly supported biorthogonal multiple vector-valued wavelets associated with the biorthogonal multiple vector-valued scaling functions is presented by using multiresolution analysis and matrix theory.

This paper suggests a prototype system for visualization and analysis of anatomic shape and functional features of the hippocampus. Based on the result of MR-SPECT multi-modality image registration, anatomical and functional features of hippocampus are extracted from MR and registered SPECT images, respectively. The hippocampus is visualized in 3D by applying volume rendering to hippocampus volume data extracted from the MR image with color coded by registered SPECT image. In order to offer the objective and quantitative data concerning to the anatomic shape and functional features of the hippocampus, the geometric volume and the SPECT intensity histogram of hippocampus regions are automatically measured based on the MR and the registered SPECT image, respectively. We also propose a new method for the analysis of hippocampal shape using an integrated Octree-based representation, consisting of meshes, voxels, and skeletons.

Although studies regarding the classification and analysis of source-level vulnerabilities in operating systems are not direct and practical solutions to the exploits with which computer systems are attacked, it is important that these studies supply the elementary technology for the development of effective security mechanisms. Linux systems are widely used on the Internet and in intra-net environments. However, researches regarding the fundamental vulnerabilities in the Linux kernel have not been satisfactorily conducted. In this paper, characteristic classification and correlation analysis of source-level vulnerabilities in the Linux kernel, open to the public and listed on the SecurityFocus site for the 6 years from 1999 to 2004, are presented. This study will enable Linux kernel maintenance groups to understand the wide array of vulnerabilities, to analyze the characteristics of the attack abusing vulnerabilities, and to prioritize their development effort according to the impact of these vulnerabilities on the Linux systems.