liu.seSök publikationer i DiVA
Ändra sökning
Avgränsa sökresultatet
1234567 101 - 150 av 452
RefereraExporteraLänk till träfflistan
Permanent länk
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Träffar per sida
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sortering
  • Standard (Relevans)
  • Författare A-Ö
  • Författare Ö-A
  • Titel A-Ö
  • Titel Ö-A
  • Publikationstyp A-Ö
  • Publikationstyp Ö-A
  • Äldst först
  • Nyast först
  • Skapad (Äldst först)
  • Skapad (Nyast först)
  • Senast uppdaterad (Äldst först)
  • Senast uppdaterad (Nyast först)
  • Disputationsdatum (tidigaste först)
  • Disputationsdatum (senaste först)
  • Standard (Relevans)
  • Författare A-Ö
  • Författare Ö-A
  • Titel A-Ö
  • Titel Ö-A
  • Publikationstyp A-Ö
  • Publikationstyp Ö-A
  • Äldst först
  • Nyast först
  • Skapad (Äldst först)
  • Skapad (Nyast först)
  • Senast uppdaterad (Äldst först)
  • Senast uppdaterad (Nyast först)
  • Disputationsdatum (tidigaste först)
  • Disputationsdatum (senaste först)
Markera
Maxantalet träffar du kan exportera från sökgränssnittet är 250. Vid större uttag använd dig av utsökningar.
  • 101.
    Estévez, Alberto García
    et al.
    Universidad de Alcala de Henares, Spain .
    Carlsson, Niklas
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Geo-location-aware Emulations for Performance Evaluation of Mobile Applications2014Ingår i: Wireless On-demand Network Systems and Services (WONS 2014), IEEE , 2014, s. 73-76Konferensbidrag (Refereegranskat)
    Abstract [en]

    This paper presents the design of a simple emulation framework for performance evaluation and testing of mobile applications. Our testbed combines production hardware and software to allow emulation of realistic and repeatable mobility scenarios, in which the mobile user can travel long distances, while being served by an application server. The framework allows (i) geo-location information, (ii) client network conditions such as bandwidth and loss rate, as well as (iii) the application workload to be emulated synchronously. To illustrate the power of the framework we also present the design, proof-of-concept implementation, and evaluation of a geo-smart scheduler for application updates in smartphones. This geo-smart scheduler reduces the average download time by using a network performance map to schedule the downloads when at places with relatively good conditions. Our trace-driven evaluation of the geo-smart scheduler, illustrates the workings of the emulation framework, and the potential of the geo-smart scheduler.

  • 102.
    Etminani, Kobra
    et al.
    Ferdowsi University of Mashhad, Iran.
    Naghibzadeh, Mahmoud
    Ferdowsi University of Mashhad, Iran.
    Peña, Jose M.
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    DemocraticOP: A Democratic way of aggregating Bayesian network parameters2013Ingår i: International Journal of Approximate Reasoning, ISSN 0888-613X, E-ISSN 1873-4731, Vol. 54, nr 5, s. 602-614Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    When there are several experts in a specific domain, each may believe in a different Bayesian network (BN) representation of the domain. In order to avoid having to work with several BNs, it is desirable to aggregate them into a single BN. One way of finding the aggregated BN is to start by finding the structure, and then find the parameters. In this paper, we focus on the second step, assuming that the structure has been found by some previous method.

    DemocraticOP is a new way of combining experts’ parameters in a model. The logic behind this approach is borrowed from the concept of democracy in the real world. We assume that there is a ground truth and that each expert represents a deviation from it - the goal is to try to find the ground truth based on the experts’ opinions. If the experts do not agree, then taking a simple average of their opinions (as occurs in classical aggregation functions such as LinOP and LogOP) is flawed. Instead, we believe it is better to identify similar opinions through clustering, and then apply averaging, or any other aggregation function, over the cluster with the highest number of members to obtain the aggregated parameters that are closest to the ground truth. In other words, respect the majority as is done in democratic societies instead of averaging over all experts’ parameters. The new approach is implemented and tested over several BNs with different numbers of variables and parameters, and with different numbers of experts. The results show that DemocraticOP outperforms two commonly used methods, LinOP and LogOP, in three key metrics: the average of absolute value of the difference between the true probability distribution and the one corresponding to the aggregated parameters, Kullback-Leibler divergence, and running time.

  • 103.
    Fakhraee Seyedabad, Ali
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Using Semi-supervised Clustering for Neurons Classification2013Självständigt arbete på avancerad nivå (masterexamen), 20 poäng / 30 hpStudentuppsats (Examensarbete)
    Abstract [en]

    We wish to understand brain; discover its sophisticated ways of calculations to invent improved computational methods. To decipher any complex system, first its components should be understood. Brain comprises neurons.

    Neurobiologists use morphologic properties like “somatic perimeter”, “axonal length”, and “number of dendrites” to classify neurons. They have discerned two types of neurons: “interneurons” and “pyramidal cells”, and have a consensus about five classes of interneurons: PV, 2/3, Martinotti, Chandelier, and NPY. They still need a more refined classification of interneurons because they suppose its known classes may contain subclasses or new classes may arise. This is a difficult process because of the great number and diversity of interneurons and lack of objective indices to classify them.

    Machine learning—automatic learning from data—can overcome the mentioned difficulties, but it needs a data set to learn from. To meet this demand neurobiologists compiled a data set from measuring 67 morphologic properties of 220 interneurons of mouse brains; they also labeled some of the samples—i.e. added their opinion about the sample’s classes.

    This project aimed to use machine learning to determine the true number of classes within the data set, classes of the unlabeled samples, and the accuracy of the available class labels. We used K-means, seeded K-means, and constrained K-means, and clustering validity techniques to achieve our objectives. Our results indicate that: the data set contains seven classes; seeded K-means outperforms K-means and constrained K-means; chandelier and 2/3 are the most consistent classes, whereas PV and Martinotti are the least consistent ones.

  • 104.
    Filipsson, Johan
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Integrationskatalog - teknisk dokumentation av ett integrerat system2013Självständigt arbete på grundnivå (högskoleexamen), 10,5 poäng / 16 hpStudentuppsats (Examensarbete)
    Abstract [sv]

    Systemintegration är arbetet med att få IT-system att samarbeta med varandra. Inomsystemintegration finns det idag ett glapp mellan den tekniska dokumentationen och den tekniskalösningen vilket försvårar arbetet med att ta fram och underhålla integrerade system. För att underlättadetta skapades på uppdrag av Ipendo Systems en databasmodell för att kunna lagra tekniskdokumentation om integrationssystem. Lösningen implementerades i Microsoft SQL Server. Underarbetet utvecklades stöd för hämtning av data från integrationsplattformen BizTalk. Utöver dettautvecklades också möjlighet att hantera supportärenden och hämta in incidenter från externa system. Föratt kunna hantera databasen på ett enkelt sätt så utvecklades en prototyp av ett administratörsgränssnittför enklare insättning av data och hantering av databasen.

  • 105.
    Flod, Linus
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Informationssäkerhet i arkitekturbeskrivningar: En studie i hur säkerhetsfunktioner kan beskrivas med hjälp av vyer2012Självständigt arbete på avancerad nivå (masterexamen), 20 poäng / 30 hpStudentuppsats (Examensarbete)
    Abstract [en]

    Information security is an essential part of all information systems; especially in large organizations and companies dealing with classified material. Every large information system has an architecture that includes many parts that together form an Enterprise Architecture. The aim of this thesis is to study how to describe several security functions in an Enterprise Architecture and also how to ensure accountability between requirements and the implementation of the security functions. The description is for stakeholders on a conceptual level rather than a technical level. The study has been carried out by comparing the theoretical framework that has been formed by a study of the literature, and the empirical framework that has been formed by a group discussion and interviews with Information Security Consultants from Combitech AB. The process of the study was to obtain a theoretical background about Enterprise Architectures and then generate prototypes that could be tested in the interviews. The tests gave suggestions regarding how to change the prototypes to find the optimal way to describe security functions on a conceptual level.

    The final result of this study is to use integrated views for each security function. The integrated view should include: an identifier, a brief description of the security function, the requirements and a picture or use case. For the accountability, the requirements are numbered and displayed in the picture, in this way the stakeholder can see how the requirements are fulfilled.

  • 106.
    Forsgren, Mikael
    et al.
    Östergötlands Läns Landsting, Centrum för kirurgi, ortopedi och cancervård, Radiofysikavdelningen US.
    Weber, Patrick
    Linköpings universitet, Institutionen för klinisk och experimentell medicin, Reumatologi. Linköpings universitet, Hälsouniversitetet. Östergötlands Läns Landsting, Hjärt- och Medicincentrum, Reumatologiska kliniken i Östergötland.
    Janzén, David
    Linköpings universitet, Institutionen för klinisk och experimentell medicin, Cellbiologi. Linköpings universitet, Hälsouniversitetet.
    Dahlqvist Leinhard, Olof
    Linköpings universitet, Centrum för medicinsk bildvetenskap och visualisering, CMIV. Linköpings universitet, Institutionen för medicin och hälsa, Medicinsk radiofysik. Linköpings universitet, Hälsouniversitetet.
    Lundberg, Peter
    Linköpings universitet, Centrum för medicinsk bildvetenskap och visualisering, CMIV. Linköpings universitet, Institutionen för medicin och hälsa, Medicinsk radiofysik. Linköpings universitet, Institutionen för medicin och hälsa, Medicinsk radiologi. Linköpings universitet, Hälsouniversitetet. Östergötlands Läns Landsting, Centrum för kirurgi, ortopedi och cancervård, Radiofysikavdelningen US.
    Pena, José
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Cedersund, Gunnar
    Linköpings universitet, Institutionen för klinisk och experimentell medicin, Cellbiologi. Linköpings universitet, Hälsouniversitetet.
    Bayesian mixed-effect modeling of contrast agent data for decision-support when diagnosing diffuse liver disease2012Konferensbidrag (Övrigt vetenskapligt)
  • 107.
    Freire, Juliana
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan. University of Utah.
    Provenance management for data exploration2010Ingår i: Proceedings of the Seventh International Conference on Data Integration in the Life Sciences / [ed] Patrick Lambrix and Graham Kemp, Springer Verlag , 2010, s. 1-2Konferensbidrag (Refereegranskat)
    Abstract [en]

    Computing has been an enormous accelerator to science and industry alike and it has led to an information explosion in many different fields. The unprecedented volume of data acquired by sensors, derived by simulations and analysis processes, and shared on the Web opens up new opportunities, but it also creates many challenges when it comes to managing and analyzing these data.

  • 108.
    Freire, Sergio Miranda
    et al.
    Linköpings universitet, Institutionen för medicinsk teknik, Medicinsk informatik. Linköpings universitet, Tekniska högskolan.
    Sundvall, Erik
    Linköpings universitet, Institutionen för medicinsk teknik, Medicinsk informatik. Linköpings universitet, Tekniska högskolan.
    Karlsson, Daniel
    Linköpings universitet, Institutionen för medicinsk teknik, Medicinsk informatik. Linköpings universitet, Tekniska högskolan.
    Lambrix, Patrick
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Performance of XML Databases for Epidemiological Queries in Archetype-Based EHRs2012Ingår i: Proceedings Scandinavian Conference on Health Informatics 2012, Linköping: Linköping University Electronic Press, 2012, s. 51-57Konferensbidrag (Refereegranskat)
    Abstract [en]

    There are very few published studies regarding the performance of persistence mechanisms for systems that use the openEHR multi level modelling approach. This paper addresses the performance and size of XML databases that store openEHR compliant documents. Database size and response times to epidemiological queries are described. An anonymized relational epidemiology database and associated epidemiological queries were used to generate openEHR XML documents that were stored and queried in four opensource XML databases. The XML databases were considerably slower and required much more space than the relational database. For population-wide epidemiological queries the response times scaled in order of magnitude at the same rate as the number of records (total database size) but were orders of magnitude slower than the original relational database. For individual focused clinical queries where patient ID was specified the response times were acceptable. This study suggests that the tested XML database configurations without further optimizations are not suitable as persistence mechanisms for openEHR-based systems in production if population-wide ad hoc querying is needed.

  • 109.
    Freire, Sergio Miranda
    et al.
    Linköpings universitet, Institutionen för medicinsk teknik. Linköpings universitet, Tekniska fakulteten. Departamento de Tecnologia da Informação e Educação em Saúde, Universidade do Estado do Rio de Janeiro, Rio de Janeiro, RJ, Brazil.
    Teodoro, Douglas
    Departamento de Tecnologia da Informação e Educação em Saúde, Universidade do Estado do Rio de Janeiro, Rio de Janeiro, RJ, Brazil .
    Wei-Kleiner, Fang
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Sundvall, Erik
    Linköpings universitet, Institutionen för medicinsk teknik, Medicinsk informatik. Linköpings universitet, Tekniska fakulteten. Region Östergötland.
    Karlsson, Daniel
    Linköpings universitet, Institutionen för medicinsk teknik, Medicinsk informatik. Linköpings universitet, Tekniska fakulteten.
    Lambrix, Patrick
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Comparing the Performance of NoSQL Approaches for Managing Archetype-Based Electronic Health Record Data2016Ingår i: PLoS ONE, ISSN 1932-6203, E-ISSN 1932-6203, Vol. 11, nr 3, artikel-id e0150069Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    This study provides an experimental performance evaluation on population-based queries of NoSQL databases storing archetype-based Electronic Health Record (EHR) data. There are few published studies regarding the performance of persistence mechanisms for systems that use multilevel modelling approaches, especially when the focus is on population-based queries. A healthcare dataset with 4.2 million records stored in a relational database (MySQL) was used to generate XML and JSON documents based on the openEHR reference model. Six datasets with different sizes were created from these documents and imported into three single machine XML databases (BaseX, eXistdb and Berkeley DB XML) and into a distributed NoSQL database system based on the MapReduce approach, Couchbase, deployed in different cluster configurations of 1, 2, 4, 8 and 12 machines. Population-based queries were submitted to those databases and to the original relational database. Database size and query response times are presented. The XML databases were considerably slower and required much more space than Couchbase. Overall, Couchbase had better response times than MySQL, especially for larger datasets. However, Couchbase requires indexing for each differently formulated query and the indexing time increases with the size of the datasets. The performances of the clusters with 2, 4, 8 and 12 nodes were not better than the single node cluster in relation to the query response time, but the indexing time was reduced proportionally to the number of nodes. The tested XML databases had acceptable performance for openEHR-based data in some querying use cases and small datasets, but were generally much slower than Couchbase. Couchbase also outperformed the response times of the relational database, but required more disk space and had a much longer indexing time. Systems like Couchbase are thus interesting research targets for scalable storage and querying of archetype-based EHR data when population-based use cases are of interest.

  • 110.
    Fuchs, Adel
    et al.
    Jerusalem Coll Technol, Israel.
    Stulman, Ariel
    Jerusalem Coll Technol, Israel.
    Gurtov, Andrei
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska fakulteten.
    Hardening Opportunistic HIP2017Ingår i: PROCEEDINGS OF THE 20TH ACM INTERNATIONAL CONFERENCE ON MODELLING, ANALYSIS AND SIMULATION OF WIRELESS AND MOBILE SYSTEMS (MSWIM17), ASSOC COMPUTING MACHINERY , 2017, s. 123-127Konferensbidrag (Refereegranskat)
    Abstract [en]

    As mobile and multi-homed devices are becoming ubiquitous, the need for a dynamic, yet secure communication protocol is unavoidable. The Host Identity Protocol (HIP) was constructed to meet this requirement; to provide significantly more secure mobility and multi-homing capabilities. HIP opportunistic mode, which is to be used when other, more trusted mechanisms are lacking, is based on a leap of faith (LoF) paradigm. In this paper, we analyze different Man in the middle (MiTM) attacks which might occur under this LoF, and propose a set of tweaks for hardening opportunistic HIP (HOH) that strengthen opportunistic modes security.

  • 111.
    Färnqvist, Tommy
    et al.
    Linköpings universitet, Institutionen för datavetenskap, Programvara och system. Linköpings universitet, Tekniska fakulteten.
    Heintz, Fredrik
    Linköpings universitet, Institutionen för datavetenskap, Artificiell intelligens och integrerade datorsystem. Linköpings universitet, Tekniska fakulteten.
    Lambrix, Patrick
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Mannila, Linda
    Åbo Academy, Finland.
    Wang, Chunyan
    Linköpings universitet, Institutionen för datavetenskap.
    Supporting Active Learning by Introducing an Interactive Teaching Tool in a Data Structures and Algorithms2016Ingår i: Proceedings of the 47th ACM Technical Symposium on Computer Science Education (SIGCSE 2016), ACM Publications, 2016, s. 663-668Konferensbidrag (Refereegranskat)
    Abstract [en]

    Traditionally, theoretical foundations in data structures and algorithms (DSA) courses have been covered through lectures followed by tutorials, where students practise their understanding on pen-and-paper tasks. In this paper, we present findings from a pilot study on using the interactive e-book OpenDSA as the main material in a DSA course. The goal was to redesign an already existing course by building on active learning and continuous examination through the use of OpenDSA. In addition to presenting the study setting, we describe findings from four data sources: final exam, OpenDSA log data, pre and post questionnaires as well as an observation study. The results indicate that students performed better on the exam than during previous years. Students preferred OpenDSA over traditional textbooks and worked actively with the material, although a large proportion of them put off the work until the due date approaches.

  • 112.
    Färnqvist, Tommy
    et al.
    Linköpings universitet, Institutionen för datavetenskap, Programvara och system. Linköpings universitet, Tekniska fakulteten.
    Heintz, Fredrik
    Linköpings universitet, Institutionen för datavetenskap, Artificiell intelligens och integrerade datorsystem. Linköpings universitet, Tekniska fakulteten.
    Lambrix, Patrick
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Mannila, Linda
    Åbo Academy, Finland.
    Wang, Chunyan
    Linköpings universitet, Institutionen för datavetenskap.
    Supporting Active Learning Using an Interactive Teaching Tool in a Data Structures and Algorithms Course2015Ingår i: Proceedings of 5:e Utvecklingskonferensen för Sveriges ingenjörsutbildningar (UtvSvIng), 2015, s. 76-79Konferensbidrag (Övrigt vetenskapligt)
    Abstract [en]

    Traditionally, theoretical foundations in data structuresand algorithms (DSA) courses have been covered throughlectures followed by tutorials, where students practise theirunderstanding on pen-and-paper tasks. In this paper, we presentfindings from a pilot study on using the interactive e-bookOpenDSA as the main material in a DSA course. The goal was toredesign an already existing course by building on active learningand continuous examination through the use of OpenDSA. Inaddition to presenting the study setting, we describe findings fromfour data sources: final exam, OpenDSA log data, pre- and postcourse questionnaires as well as an observation study. The resultsindicate that students performed better on the exam than duringprevious years. Students preferred OpenDSA over traditionaltextbooks and worked actively with the material, although alarge proportion of them put off the work until the due dateapproaches.

  • 113.
    Förstner, Johannes
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Optimizing Queries in Bayesian Networks2012Självständigt arbete på avancerad nivå (masterexamen), 20 poäng / 30 hpStudentuppsats (Examensarbete)
    Abstract [en]

    This thesis explores and compares different methods of optimizing queries in Bayesian networks. Bayesian networks are graph-structured models that model probabilistic variables and their influences on each other; a query poses the question of what probabilities certain variables assume, given observed values on certain other variables. Bayesian inference (calculating these probabilities) is known to be NP-hard in general, but good algorithms exist in practice.

    Inference optimization traditionally concerns itself with finding and tweaking efficient algorithms, and leaves the choice of algorithms' parameters, as well as the construction of inference-friendly Bayesian network models, as an exercise to the end user. This thesis aims towards a more systematic approach to these topics: We try to optimize the structure of a given Bayesian network for inference, also taking into consideration what is known about the kind of queries that are posed.

    First, we implement several automatic model modifications that should help to make a model more suitable for inference. Examples of these are the conversion of definitions of conditional probability distributions from table form to noisy gates, and divorcing parents in the graph. Second, we introduce the concepts of usage profiles and query interfaces on Bayesian networks and try to take advantage of them. Finally, we conduct performance measurements of the different options available in the used library for Bayesian networks, to compare the effects of different options on speedup and stability, and to answer the question of which options and parameters represent the optimal choice to perform fast queries in the end product.

    The thesis gives an overview of what issues are important to consider when trying to optimize an application's query performance in Bayesian networks, and when trying to optimize Bayesian networks for queries.

    The project uses the SMILE library for Bayesian networks by the University of Pittsburgh, and includes a case study on script-generated Bayesian networks for troubleshooting by Scania AB.

  • 114.
    Gabrielsson, Philip
    et al.
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Jalal Sliwa, Enas
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Säkerhetsanalys kring användning av mobilapplikationsteknik i Kriminalvårdens klientsystem2014Självständigt arbete på grundnivå (kandidatexamen), 10,5 poäng / 16 hpStudentuppsats (Examensarbete)
    Abstract [sv]

    Kriminalvården är den myndighet i Sverige som ansvarar för fängelser, häkten och frivård. Myndigheten har länge känt ett behov att inom flera verksamheter kunna få tillgång till delmängder av deras klientsystem i ett mobilt och uppkopplat format.

    Det största hindret i deras fall med mobilitet och applikationsteknik var säkerheten. Därför genomfördes en riskanalys med hänsyn till frivården och mobilapplikationsteknik.

    För att välja en lämplig och passande riskanalysmetod jämförde vi ett antal metoder. Det visade sig att metoden CORAS passade bäst. När vi väl genomfört riskanalysen med CORAS försökte vi sedan matcha åtgärderna mot de olika mobilplattformarnas egenskaper för att se hur de kan fullfölja åtgärderna. Mobilplattformarna vi undersökte var Android, Windows Phone 8 och iOS. Resultatet av riskanalysen och jämförelsen av plattformar kan ligga som grund till beslut hos Kriminalvården.

  • 115.
    Gao, Haichang
    et al.
    Xidian Univ, Peoples R China.
    Wang, Ping
    Xidian Univ, Peoples R China.
    Yan, Jeff
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska fakulteten.
    Tang, Mengyun
    Xidian Univ, Peoples R China.
    Cao, Fang
    Xidian Univ, Peoples R China.
    Extended Security Analysis of Hollow Captchas2018Ingår i: Journal of Internet Technology, ISSN 1607-9264, E-ISSN 2079-4029, Vol. 19, nr 4, s. 1075-1088Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    Text-based Captchas are now most widely used security technology for differentiating between computers and humans. Hollow Captchas have emerged as one of the latest designs, and they have been deployed by more and more major companies. Besides Yahoo!, Tencent, Sina, China Mobile and Baidu, some other websites, especially for higher security requirement shopping websites are also using this scheme. A main feature of such schemes is to use contour lines to form connected hollow characters with the aim of improving security and usability simultaneously. It is hard for standard techniques to segment and recognize such connected characters, which are however easy for human eyes. In this paper, we provide a systematic security analysis of hollow Captchas. We show that with a simple but novel attack, we can break most hollow Captchas with a relatively high success rate, including those deployed by the major companies. Our attack for the first time combines segmentation and recognition in a single step. We also discuss lessons and guidelines for designing better Captchas.

  • 116.
    Gao, Zhiming
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik.
    Reducing the Search Space of Ontology Alignment Using Clustering Techniques2017Självständigt arbete på avancerad nivå (masterexamen), 20 poäng / 30 hpStudentuppsats (Examensarbete)
    Abstract [en]

    With the emerging amount of information available in the internet, how to make full use of this information becomes an urgent issue. One of the solutions is using ontology alignment to aggregate different sources of information in order to get comprehensive and complete information. Scalability is a problem regarding the ontology alignment and it can be settled down by reducing the search space of mapping suggestions. In this paper we propose an automated procedure mainly using different clustering techniques to prune the search space. The main focus of this paper is to evaluate different clustering related techniques to be applied in our system. K-means, Chameleon and Birch have been studied and evaluated, every parameter in these clustering algorithms is studied by doing experiments separately, in order to find the best clustering setting to the ontology clustering problem. Four different similarity assignment methods are researched and analyzed as well. Tfidf vectors and cosine similarity are used to identify the similar clusters in the two ontologies, experiments about threshold of cosine similarity are made to get the most suitable value.

    Our system successfully builds an automated procedure to generate reduced search space for ontology alignment, on one hand, the result shows that it reduces twenty to ninety times of comparisons that the ontology alignment was supposed to make, the precision goes up as well. On the other hand, it only needs one to two minutes of execution time, meanwhile the recall and f-score only drop down a little bit. The trade- off is acceptable for the ontology alignment system which will take tens of minutes to generate the ontology alignment of the same ontology set. As a result, the large scale ontology alignment becomes more computable and feasible.

  • 117.
    Gill, Phillipa
    et al.
    University of Toronto.
    Arlitt, Martin
    HP Labs, Palo Alto.
    Carlsson, Niklas
    Linköpings universitet, Tekniska högskolan. Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik.
    Mahanti, Anirban
    NICTA.
    Williamson, Carey
    University of Calgary.
    Characterizing Organizational Use of Web-Based Services: Methodology, Challenges, Observations, and Insights2011Ingår i: ACM TRANSACTIONS ON THE WEB, ISSN 1559-1131, Vol. 5, nr 4Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    Todays Web provides many different functionalities, including communication, entertainment, social networking, and information retrieval. In this article, we analyze traces of HTTP activity from a large enterprise and from a large university to identify and characterize Web-based service usage. Our work provides an initial methodology for the analysis of Web-based services. While it is nontrivial to identify the classes, instances, and providers for each transaction, our results show that most of the traffic comes from a small subset of providers, which can be classified manually. Furthermore, we assess both qualitatively and quantitatively how the Web has evolved over the past decade, and discuss the implications of these changes.

  • 118.
    Gopinathan, Ajay
    et al.
    University of Calgary, Canada.
    Carlsson, Niklas
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska fakulteten.
    Li, Zongpeng
    University of Calgary, Canada.
    Wu, Chuan
    University of Hong Kong, Peoples R China.
    Revenue-maximizing and Truthful Online Auctions for Dynamic Spectrum Access2016Ingår i: 2016 12TH ANNUAL CONFERENCE ON WIRELESS ON-DEMAND NETWORK SYSTEMS AND SERVICES (WONS), IEEE , 2016, s. 1-8Konferensbidrag (Refereegranskat)
    Abstract [en]

    Secondary spectrum auctions have been suggested as a strategically robust mechanism for distributing idle spectrum to competing secondary users. However, previous work on such auction design have assumed a static auction setting, thus failing to fully exploit the inherently time-varying nature of spectrum demand and utilization. In this paper, we address this issue from the perspective of the primary user who wishes to maximize the auction revenue. We present an online auction framework that dynamically accepts bids and allocates spectrum. We prove rigorously that our online auction framework is truthful in the multiple dimensions of bid values, as well as bid timing parameters. To protect against unbounded loss of revenue due to latter bids, we introduce controlled preemption into our mechanism. We prove that preemption, coupled with the technique of inflating bids artificially, leads to an online auction that guarantees a 1/5-fraction of the optimal revenue as obtained by an offline adversary. Since the previous guarantee holds only for the optimal channel allocation, we further provide a greedy channel allocation scheme which provides scalability. We prove that the greedy scheme also obtains a constant competitive revenue guarantee, where the constant depends on the parameter of the conflict graph.

  • 119.
    Gurtov, Andrei
    et al.
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska fakulteten.
    Koskela, Joakim
    Aalto Univ, Finland.
    Korzun, Dmitry
    Petrozavodsk State Univ, Russia.
    Cyclic ranking in single-resource peer-to-peer exchange2018Ingår i: Peer-to-Peer Networking and Applications, ISSN 1936-6442, E-ISSN 1936-6450, Vol. 11, nr 3, s. 632-643Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    Peer-to-peer (P2P) sharing systems use incentives for resource exchange to encourage cooperation and ensure fairness. In bilateral strategies, such as BitTorrent Tit-for-Tat or deficit-based FairTorrent, individual decisions of peers utilize direct observations. It may result in low performance and unfair treatment. In this paper, we study a novel exchange strategy that applies Cyclic Ranking (CR). In addition to direct observations, a peer utilizes provision cycles-a shared history of effective exchanges. The PageRank algorithm runs for the locally collected cycles and computes the numerical ranks to estimate the reputation. The CR strategy incrementally augments known incentive-aware strategies. For evaluation we implement CR-BitTorrent and CR-FairTorrent variants. Our simulation model captures the dependence on network bandwidth and the number of seeders as well as selfishness and stability of the participants. The initial experiments show improved fairness and download times, compared to the original BitTorrent and FairTorrent. The performance of selfish and unstable peers decreases by as much as 50%. The CR strategy suits well in environments where direct reciprocity has shown little effect. Contrasted to existing solutions, the CR strategy rewards longevity and stability of peers.

  • 120.
    Gurtov, Andrei
    et al.
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska fakulteten.
    Liyanage, Madhusanka
    Centre for Wireless Communications, University of Oulu, Finland.
    Korzun, Dmitry
    Petrozavodsk State University, Petrozavodsk, Kareliya Republits, Russia.
    Secure Communication and Data Processing Challenges in the Industrial Internet2016Ingår i: Baltic Journal of Modern Computing, ISSN 2255-8942, E-ISSN 2255-8950, Vol. 4, nr 4, s. 1058-1073Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    The next industrial revolution is foreseen to happen with upcoming Industrial Internet that combines massive data collected by industrial sensors with data analysis for improving the efficiency of operations. Collecting, pre-processing, storing and analyzing such real-time data is a complex task with stringent demands on communication intelligence, QoS and security. In this paper we outline some challenges facing the Industrial Internet, namely integration with 5G wireless networks, Software Defined Machines, ownership and smart processing of digital sensor data. We propose a secure communication architecture for the Industrial Internet based on Smart Spaces and Virtual Private LAN Services. It is a position paper, describing state-of-the-art and a roadmap for future research on the Industrial Internet.

  • 121.
    Gurtov, Andrei
    et al.
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska fakulteten.
    Polishchuk, Tatiana
    Linköpings universitet, Institutionen för teknik och naturvetenskap, Kommunikations- och transportsystem. Linköpings universitet, Tekniska fakulteten.
    Wernberg, Max
    Linköpings universitet, Institutionen för teknik och naturvetenskap, Kommunikations- och transportsystem. Linköpings universitet, Tekniska fakulteten.
    Controller-Pilot Data Link Communication Security2018Ingår i: Sensors, ISSN 1424-8220, E-ISSN 1424-8220, Vol. 18, nr 5, artikel-id 1636Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    The increased utilization of the new types of cockpit communications, including controller pilot data link communications (CPDLC), puts the airplane at higher risk of hacking or interference than ever before. We review the technological characteristics and properties of the CPDLC and construct the corresponding threat model. Based on the limitations imposed by the system parameters, we propose several solutions for the improved security of the data messaging communication used in air traffic management (ATM). We discuss the applicability of elliptical curve cryptography (ECC), protected aircraft communications addressing and reporting systems (PACARs) and the Host Identity Protocol (HIP) as possible countermeasures to the identified security threats. In addition, we consider identity-defined networking (IDN) as an example of a genuine security solution which implies global changes in the whole air traffic communication system.

  • 122.
    Gustafsson, Josef
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik.
    Certificate Transparency in Theory and Practice2016Självständigt arbete på avancerad nivå (masterexamen), 20 poäng / 30 hpStudentuppsats (Examensarbete)
    Abstract [en]

    Certificate Transparency provides auditability to the widely used X.509 Public Key Infrastructure (PKIX) authentication in Transport Layer Security (TLS) protocol. Transparency logs issue signed promises of inclusions to be used together with certificates for authentication of TLS servers. Google Chrome enforces the use of Certificate Transparency for validation of Extended Validation (EV) certificates. This thesis proposes a methodology for asserting correct operation and presents a survey of active Logs. An experimental Monitor has been implemented as part of the thesis. Varying Log usage patterns and metadata about Log operation are presented, and Logs are categorized based on characteristics and usage. A case of mis-issuance by Symantec is presented to show the effectiveness of Certificate Transparency.

  • 123.
    Gustafsson, Josef
    et al.
    Linköpings universitet.
    Hiran, Rahul
    Linköpings universitet, Institutionen för datavetenskap. Linköpings universitet, Tekniska fakulteten.
    Krishnamoorthi, Vengatanathan
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska fakulteten.
    Carlsson, Niklas
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska fakulteten.
    The hidden mailman and his mailbag: Routing path analysis from a European perspective2017Ingår i: 2017 IEEE International Conference on Communications (ICC) / [ed] Debbah M.,Gesbert D.,Mellouk A., IEEE, 2017, s. 1-7Konferensbidrag (Refereegranskat)
    Abstract [en]

    The postal system is often used as an analogy when describing Internet routing. However, in addition to similarities, there are some significant differences. First, and most importantly, the Autonomous Systems (ASes) that operate the routers along the end-to-end path of a packet can often inspect and manipulate the packet and its content. Second, due to lack of secure routing mechanisms, packet paths can be diverted through additional non-trusted ASes. Although we often know the first network we connect through and the service that we access, we seldom know the networks that forward our packets. We can think of these networks as hidden mailmen. To better understand these networks and their potential access to information, we characterize the ASes along the paths of typical Internet packets between European example clients and the most popular web domains. We also identify ASes and countries with higher path coverage and investigate if there are differences in the HTTPS usage among paths that may take additional detours. Our results highlight the role played by North American (typically US-based) ASes and glean insights into how vulnerable the detoured traffic is to man-in-the-middle attacks compared to regular traffic.

  • 124.
    Gustafsson, Josef
    et al.
    Linköpings universitet.
    Overier, Gustaf
    Linköpings universitet.
    Arlitt, Martin
    University of Calgary, Calgary, Canada.
    Carlsson, Niklas
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska fakulteten.
    A first look at the CT landscape: Certificate transparency logs in practice2017Ingår i: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) / [ed] Uhlig S.,Amann J.,Kaafar M.A., 2017, Vol. 10176, s. 87-99Konferensbidrag (Refereegranskat)
    Abstract [en]

    Many of today’s web-based services rely heavily on secure end-to-end connections. The “trust” that these services require builds upon TLS/SSL. Unfortunately, TLS/SSL is highly vulnerable to compromised Certificate Authorities (CAs) and the certificates they generate. Certificate Transparency (CT) provides a way to monitor and audit certificates and certificate chains, to help improve the overall network security. Using an open standard, anybody can setup CT logs, monitors, and auditors. CT is already used by Google’s Chrome browser for validation of Extended Validation (EV) certificates, Mozilla is drafting their own CT policies to be enforced, and public CT logs have proven valuable in identifying rogue certificates. In this paper we present the first large-scale characterization of the CT landscape. Our characterization uses both active and passive measurements and highlights similarities and differences in public CT logs, their usage, and the certificates they include. We also provide insights into how the certificates in these logs relate to the certificates and keys observed in regular web traffic.

  • 125.
    Harjula, Erkki
    et al.
    University of Oulu, Finland.
    Gurtov, Andrei
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska fakulteten. ITMO University, Russia.
    Koskela, Timo
    University of Oulu, Finland.
    Ojala, Timo
    University of Oulu, Finland.
    Ylianttila, Mika
    University of Oulu, Finland.
    Energy-aware load monitoring for improving battery life of mobile peer-to-peer nodes2016Ingår i: SUSTAINABLE COMPUTING-INFORMATICS and SYSTEMS, ISSN 2210-5379, Vol. 12, s. 43-54Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    In this article, we propose an energy -aware load monitoring model, called e-Mon, for enabling energy aware load balancing in Peer-to-Peer (P2P) systems. P2P is a scalable and self-organizing technology for utilizing computational resources of the end-user devices for the benefit of a computing system. In P2P systems, the need for fair balance of load is crucial since the end-users need to be incentivized to participate in the system. The short battery life, caused by additional strain on the computational resources of the end-user devices, is a significant negative incentive factor for mobile end-users of current P2P systems. The e-Mon model, proposed in this article, enables moving load from energy-critical to less energy-critical nodes in P2P systems. This is done by including the energy status of a peer node as one of the factors defining a nodes load. The model helps saving the energy of mobile P2P nodes, particularly in cases when the remaining battery capacity is low. The article provides a thorough energy efficiency evaluation demonstrating that e-Mon can significantly improve the battery life of mobile nodes by improving the quality and fairness of load balance between heterogeneous nodes. With a proper selection of a load balancing model for the application scenario, e-Mon is shown to achieve up to 470% battery life extension compared to the case with traditional load balancing with no battery monitoring. (C) 2016 Elsevier Inc. All rights reserved.

  • 126.
    Hartig, Olaf
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska fakulteten.
    Foundations of RDF* and SPARQL*: (An Alternative Approach to Statement-Level Metadata in RDF)2017Ingår i: Proceedings of the 11th Alberto Mendelzon International Workshop on Foundations of Data Management and the Web 2017 / [ed] Juan Reutter, Divesh Srivastava, Juan Reutter, Divesh Srivastava , 2017, Vol. 1912, artikel-id 12Konferensbidrag (Refereegranskat)
    Abstract [en]

    The standard approach to annotate statements in RDF with metadatahas a number of shortcomings including data size blow-up and unnecessarilycomplicated queries. We propose an alternative approach that is based on nestingof RDF triples and of query patterns. The approach allows for a more compactrepresentation of data and queries, and it is backwards compatible with the standard.In this paper we present the formal foundations of our proposal and ofdifferent approaches to implement it. More specifically, we formally capture thenecessary extensions of the RDF data model and its query language SPARQL,and we define mappings based on which our extended notions can be convertedback to ordinary RDF and SPARQL. Additionally, for such type of mappings wedefine two desirable properties, information preservation and query result equivalence,and we show that the introduced mappings possess these properties.

  • 127.
    Hartig, Olaf
    et al.
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska fakulteten. Hasso Plattner Institute, University of Potsdam, Potsdam, Germany.
    Bull-Aranda, Carlos
    Informatics Department, Universidad Técnica Federico Santa María, Valparaíso, Chile.
    Bindings-restricted triple pattern fragments2016Ingår i: On the Move to Meaningful Internet Systems: OTM 2016 Conferences, Springer Berlin/Heidelberg, 2016, Vol. 10033, s. 762-769Konferensbidrag (Refereegranskat)
    Abstract [en]

    The Triple Pattern Fragment (TPF) interface is a recent proposal for reducing server load in Web-based approaches to execute SPARQL queries over public RDF datasets. The price for less overloaded servers is a higher client-side load and a substantial increase in network load (in terms of both the number of HTTP requests and data transfer). In this paper, we propose a slightly extended interface that allows clients to attach intermediate results to triple pattern requests. The response to such a request is expected to contain triples from the underlying dataset that do not only match the given triple pattern (as in the case of TPF), but that are guaranteed to contribute in a join with the given intermediate result. Our hypothesis is that a distributed query execution using this extended interface can reduce the network load (in comparison to a pure TPF-based query execution) without reducing the overall throughput of the client-server system significantly. Our main contribution in this paper is twofold: we empirically verify the hypothesis and provide an extensive experimental comparison of our proposal and TPF.

  • 128.
    Hartig, Olaf
    et al.
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska fakulteten.
    Curé, Olivier
    Université Paris-Est Marne la Vallée Paris, France.
    Semantic Data Management in Practice2017Ingår i: WWW '17 Companion: Proceedings of the 26th International Conference on World Wide Web Companion, 2017, International World Wide Web Conferences Steering Committee , 2017, s. 901-904Konferensbidrag (Refereegranskat)
    Abstract [en]

    After years of research and development, standards and technologiesfor semantic data are suciently mature to be usedas the foundation of novel data science projects that employsemantic technologies in various application domains such asbio-informatics, materials science, criminal intelligence, andsocial science. Typically, such projects are carried out bydomain experts who have a conceptual understanding of semantictechnologies but lack the expertise to choose and toemploy existing data management solutions for the semanticdata in their project. For such experts, including domainfocuseddata scientists, project coordinators, and projectengineers, our tutorial delivers a practitioner's guide to se-mantic data management. We discuss the following importantaspects of semantic data management and demonstratehow to address these aspects in practice by using mature,production-ready tools: i) storing and querying semanticdata; ii) understanding, iii) searching, and iv) visualizingthe data; v) automated reasoning; vi) integrating externaldata and knowledge; and vii) cleaning the data.

  • 129.
    Hartig, Olaf
    et al.
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska fakulteten.
    Perez, Jorge
    University of Chile, Chile; Chilean Centre Semant Web Research, Chile.
    LDQL: A query language for the Web of Linked Data2016Ingår i: Journal of Web Semantics, ISSN 1570-8268, E-ISSN 1873-7749, Vol. 41Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    The Web of Linked Data is composed of tons of RDF documents interlinked to each other forming a huge repository of distributed semantic data. Effectively querying this distributed data source is an important open problem in the Semantic Web area. In this paper, we propose LDQL, a declarative language to query Linked Data on the Web. One of the novelties of LDQL is that it expresses separately (i) patterns that describe the expected query result, and (ii) Web navigation paths that select the data sources to be used for computing the result. We present a formal syntax and semantics, prove equivalence rules, and study the expressiveness of the language. In particular, we show that LDQL is strictly more expressive than all the query formalisms that have been proposed previously for Linked Data on the Web. We also study some computability issues regarding LDQL. We first prove that when considering the Web of Linked Data as a fully accessible graph, the evaluation problem for LDQL can be solved in polynomial time. Nevertheless, when the limited data access capabilities of Web clients are considered, the scenario changes drastically; there are LDQL queries for which a complete execution is not possible in practice. We formally study this issue and provide a sufficient syntactic condition to avoid this problem; queries satisfying this condition are ensured to have a procedure to be effectively evaluated over the Web of Linked Data. (C) 2016 Elsevier B.V. All rights reserved.

    Publikationen är tillgänglig i fulltext från 2018-10-29 15:19
  • 130.
    Hartig, Olaf
    et al.
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska fakulteten. University of Potsdam, Germany.
    Pirro, Giuseppe
    Italian National Research Council ICAR CNR, Italy.
    SPARQL with property paths on the Web2017Ingår i: Semantic Web, ISSN 1570-0844, E-ISSN 2210-4968, Vol. 8, nr 6, s. 773-795Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    Linked Data on the Web represents an immense source of knowledge suitable to be automatically processed and queried. In this respect, there are different approaches for Linked Data querying that differ on the degree of centralization adopted. On one hand, the SPARQL query language, originally defined for querying single datasets, has been enhanced with features to query federations of datasets; however, this attempt is not sufficient to cope with the distributed nature of data sources available as Linked Data. On the other hand, extensions or variations of SPARQL aim to find trade-offs between centralized and fully distributed querying. The idea is to partially move the computational load from the servers to the clients. Despite the variety and the relative merits of these approaches, as of today, there is no standard language for querying Linked Data on theWeb. A specific requirement for such a language to capture the distributed, graph-like nature of Linked Data sources on the Web is a support of graph navigation. Recently, SPARQL has been extended with a navigational feature called property paths (PPs). However, the semantics of SPARQL restricts the scope of navigation via PPs to single RDF graphs. This restriction limits the applicability of PPs for querying distributed Linked Data sources on the Web. To fill this gap, in this paper we provide formal foundations for evaluating PPs on the Web, thus contributing to the definition of a query language for Linked Data. We first introduce a family of reachability-based query semantics for PPs that distinguish between navigation on the Web and navigation at the data level. Thereafter, we consider another, alternative query semantics that couples Web graph navigation and data level navigation; we call it context-based semantics. Given these semantics, we find that for some PP-based SPARQL queries a complete evaluation on the Web is not possible. To study this phenomenon we introduce a notion of Web-safeness of queries, and prove a decidable syntactic property that enables systems to identify queries that areWeb-safe. In addition to establishing these formal foundations, we conducted an experimental comparison of the context-based semantics and a reachability- based semantics. Our experiments show that when evaluating a PP-based query under the context-based semantics one experiences a significantly smaller number of dereferencing operations, but the computed query result may contain less solutions.

  • 131.
    Hartig, Olaf
    et al.
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska fakulteten.
    Pérez, Jorge
    Department of Computer Science, Universidad de Chile, Chile.
    An Initial Analysis of Facebook’s GraphQL Language2017Ingår i: Proceedings of the 11th Alberto Mendelzon International Workshop on Foundations of Data Management and the Web. / [ed] Juan Reutter, Divesh Srivastava, Juan Reutter, Divesh Srivastava , 2017, Vol. 1912, artikel-id 11Konferensbidrag (Refereegranskat)
    Abstract [en]

    Facebook’s GraphQL is a recently proposed, and increasingly adopted,conceptual framework for providing a new type of data access interface on theWeb. The framework includes a new graph query language whose semantics hasbeen specified informally only. The goal of this paper is to understand the propertiesof this language. To this end, we first provide a formal query semantics.Thereafter, we analyze the language and show that it has a very low complexityfor evaluation. More specifically, we show that the combined complexity ofthe main decision problems is in NL (Nondeterministic Logarithmic Space) and,thus, they can be solved in polynomial time and are highly parallelizable.

  • 132.
    Hartig, Olaf
    et al.
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska fakulteten.
    Tamer Ozsu, M.
    University of Waterloo, Canada.
    Walking Without a Map: Ranking-Based Traversal for Querying Linked Data2016Ingår i: SEMANTIC WEB - ISWC 2016, PT I, Springer-Verlag New York, 2016, Vol. 9981, s. 305-324Konferensbidrag (Refereegranskat)
    Abstract [en]

    The traversal-based approach to execute queries over Linked Data on the WWW fetches data by traversing data links and, thus, is able to make use of up-to-date data from initially unknown data sources. While the downside of this approach is the delay before the query engine completes a query execution, user perceived response time may be improved significantly by returning as many elements of the result set as soon as possible. To this end, the query engine requires a traversal strategy that enables the engine to fetch result-relevant data as early as possible. The challenge for such a strategy is that the query engine does not know a priori which of the data sources discovered during the query execution will contain result-relevant data. In this paper, we investigate 14 different approaches to rank traversal steps and achieve a variety of traversal strategies. We experimentally study their impact on response times and compare them to a baseline that resembles a breadth-first traversal. While our experiments show that some of the approaches can achieve noteworthy improvements over the baseline in a significant number of cases, we also observe that for every approach, there is a non-negligible chance to achieve response times that are worse than the baseline.

  • 133.
    Hashemian, Raoufehsadat
    et al.
    University of Calgary Calgary, Canada.
    Carlsson, Niklas
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska fakulteten.
    Krishnamurthy, Diwakar
    University of Calgary, Calgary, Canada.
    Arlitt, Martin
    University of Calgary Calgary, Canada.
    IRIS: Iterative and Intelligent Experiment Selection2017Ingår i: ICPE ’17 Proceedings of the 8th ACM/SPEC on International Conference on Performance Engineering, ACM , 2017, s. 143-154Konferensbidrag (Refereegranskat)
    Abstract [en]

    Benchmarking is a widely-used technique to quantify the performance of software systems. However, the design and implementation of a benchmarking study can face several challenges. In particular, the time required to perform a benchmarking study can quickly spiral out of control, owing to the number of distinct variables to systematically examine. In this paper, we propose IRIS, an IteRative and Intelligent Experiment Selection methodology, to maximize the information gain while minimizing the duration of the benchmarking process. IRIS selects the region to place the next experiment point based on the variability of both dependent, i.e., response, and independent variables in that region. It aims to identify a performance function that minimizes the response variable prediction error for a constant and limited experimentation budget. We evaluate IRIS for a wide selection of experimental, simulated and synthetic systems with one, two and three independent variables. Considering a limited experimentation budget, the results show IRIS is able to reduce the performance function prediction error up to 4:3 times compared to equal distance experiment point selection. Moreover, we show that the error reduction can further improve through system-specific parameter tuning. Analysis of the error distributions obtained with IRIS reveals that the technique is particularly effective in regions where the response variable is sensitive to changes in the independent variables

  • 134.
    Hashemian, Raoufehsadat
    et al.
    University of Calgary, Canada.
    Krishnamurthy, Diwakar
    University of Calgary, Canada.
    Arlitt, Martin
    HP Labs, Palo alto, CA, USA.
    Carlsson, Niklas
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Characterizing the Scalability of a Web Application on a Multi-core Server2014Ingår i: Concurrency and Computation: Practice and Experience, ISSN 1532-0626, Vol. 26, nr 12, s. 2027-2052Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    The advent of multi‒core technology motivates new studies to understand how efficiently Web servers utilize such hardware. This paper presents a detailed performance study of a Web server application deployed on a modern eight‒core server. Our study shows that default Web server configurations result in poor scalability with increasing core counts. We study two different types of workloads, namely, a workload with intense TCP/IP related OS activity and the SPECweb2009 Support workload with more application‒level processing. We observe that the scaling behaviour is markedly different for these workloads, mainly because of the difference in the performance of static and dynamic requests. While static requests perform poorly when moving from using one socket to both sockets in the system, the converse is true for dynamic requests. We show that, contrary to what was suggested by previous work, Web server scalability improvement policies need to be adapted based on the type of workload experienced by the server. The results of our experiments reveal that with workload‒specific Web server configuration strategies, a multi‒core server can be utilized up to 80% while still serving requests without significant queuing delays; utilizations beyond 90% are also possible, while still serving requests with ‘acceptable’ response times.

  • 135.
    Hashemian, Raoufehsadat
    et al.
    University of Calgary, Alberta, Canada .
    Krishnamurthy, Diwakar
    University of Calgary, Alberta, Canada .
    Arlitt, Martin
    HP Labs, Palo Alto, California, USA .
    Carlsson, Niklas
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Improving the Scalability of a Multi-core Web Server2013Ingår i: ICPE '13 Proceedings of the 4th ACM/SPEC International Conference on Performance Engineering, Association for Computing Machinery (ACM), 2013, s. 161-172Konferensbidrag (Refereegranskat)
    Abstract [en]

    Improving the performance and scalability of Web servers enhances user experiences and reduces the costs of providing Web-based services. The advent of Multi-core technology motivates new studies to understand how efficiently Web servers utilize such hardware. This paper presents a detailed performance study of a Web server application deployed on a modern 2 socket, 4-cores per socket server. Our study show that default, "out-of-the-box" Web server configurations can cause the system to scale poorly with increasing core counts. We study two different types of workloads, namely a workload that imposes intense TCP/IP related OS activity and the SPECweb2009 Support workload, which incurs more application-level processing. We observe that the scaling behaviour is markedly different for these two types of workloads, mainly due to the difference in the performance characteristics of static and dynamic requests. The results of our experiments reveal that with workload-specific Web server configuration strategies a modern Multi-core server can be utilized up to 80% while still serving requests without significant queuing delays; utilizations beyond 90% are also possible, while still serving requests with acceptable response times.

  • 136.
    Hedlund, Tim
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Design and Proof-of-Concept Implementation of Proxy-based Stream Handling for an Enterprise Service Bus2014Självständigt arbete på avancerad nivå (magisterexamen), 20 poäng / 30 hpStudentuppsats (Examensarbete)
    Abstract [en]

    Traffic for real-time entertainment applications has increased over the past years and now holds one of the largest portions of the traffic on the Internet. This trend has been spotted by Ida Infront who wishes to integrate and support a streaming protocol in their Enterprise Service Bus (ESB). This thesis first surveys three streaming protocols and techniques (SIP, RTSP and HTTP-base streaming) in terms of general usage areas and suitability for integration with the company ESB.

    Second, this thesis investigates how these protocols can be implemented using a proxy-based design together with the ESB. After describing one design alternative for each protocol, the thesis finally presents a proof-of-concept implementation of an RTSP proxy. The proxy is implemented and tested for performance and added packet jitters under different loads.

    The main contribution of the thesis is a reverse RTSP proxy application that integrates with the ESB and offers both routing and logging functionalities. In tests where we put the proxy under load we see that the CPU and memory usage is low and that the bottleneck appears to be the network bandwidth. But we also see a small added jitter that potentially could scale and must be taken into account when using such a proxy application.

  • 137.
    Heintz, Fredrik
    et al.
    Linköpings universitet, Institutionen för datavetenskap, KPLAB - Laboratoriet för kunskapsbearbetning. Linköpings universitet, Tekniska högskolan.
    Dragisic, Zlatan
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Semantic Information Integration for Stream Reasoning2012Ingår i: Proceedings of the 15th International Conference on Information Fusion (FUSION), Linköping: Linköping University Electronic Press, 2012Konferensbidrag (Övrigt vetenskapligt)
    Abstract [en]

    The main contribution of this paper is a practicalsemantic information integration approach for stream reasoningbased on semantic matching. This is an important functionality for situation awareness applications where temporal reasoning over streams from distributed sources is needed. The integration is achieved by creating a common ontology, specifying the semantic content of streams relative to the ontology and then use semantic matching to find relevant streams. By using semantic mappings between ontologies it is also possible to do semantic matching over multiple ontologies. The complete stream reasoning approach is integrated in the Robot Operating System(ROS) and used in collaborative unmanned aircraft systems missions.

  • 138.
    Henziger, Eric
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik.
    The Cost of Confidentiality in Cloud Storage2018Självständigt arbete på avancerad nivå (masterexamen), 20 poäng / 30 hpStudentuppsats (Examensarbete)
    Abstract [en]

    Cloud storage services allow users to store and access data in a secure and flexible manner. In recent years, cloud storage services have seen rapid growth in popularity as well as in technological progress and hundreds of millions of users use these services to store thousands of petabytes of data. Additionally, the synchronization of data that is essential for these types of services stands for a significant amount of the total internet traffic. In this thesis, seven cloud storage applications were tested under controlled experiments during the synchronization process to determine feature support and measure performance metrics. Special focus was put on comparing applications that perform client side encryption of user data to applicationsthat do not. The results show a great variation in feature support and performance between the different applications and that client side encryption introduces some limitations to other features but that it does not necessarily impact performance negatively. The results provide insights and enhances the understanding of the advantages and disadvantages that come with certain design choices of cloud storage applications. These insights will help future technological development of cloud storage services.

  • 139.
    Herzog, Almut
    et al.
    Linköpings universitet, Tekniska högskolan. Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik.
    Shahmehri, Nahid
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    A usability study of security policy management2006Ingår i: Security and Privacy in Dynamic Environments. Proceedings of the 21st International Information Security Conference (IFIP TC-11) (SEC’06), 2006, s. 296-306Konferensbidrag (Övrigt vetenskapligt)
    Abstract [en]

    The Java Security Manager is one major security feature of the Java programming language. However, in many Java applications the Security Manager is not enabled because it slows execution time. This paper explores the performance of the Java Security Manager in depth, identifies the permissions with the worst performance and gives advice on how to use the Security Manager in a more efficient way.

    Our performance test shows that the CPU execution time penalty varies between 5% and 100% per resource access statement. This extreme range is due to the fact that some resource accesses are costly (such as file and socket access) and therefore hide the performance penalty for the access control check almost completely. The time penalty is much more noticeable with access to main memory resources (such as Java objects).

    In order to achieve reasonable response times, it is of utmost importance to tune garbage collection because the Java Security Manager creates short-lived objects during its permission check. Also, the order of permissions in the policy file can be important.

  • 140.
    Herzog, Almut
    et al.
    Linköpings universitet, Tekniska högskolan. Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik.
    Shahmehri, Nahid
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Usability and security of personal firewalls2007Ingår i: International Information Security Conference IFIP TC-11,2007, New York, NY, USA: Springer Verlag , 2007, s. 37-Konferensbidrag (Refereegranskat)
  • 141.
    Herzog, Almut
    et al.
    Linköpings universitet, Tekniska högskolan. Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik.
    Shahmehri, Nahid
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Usability and security of personal firewalls2007Ingår i: New Approaches for Security, Privacy and Trust in Complex Environments, Springer Berlin/Heidelberg, 2007, s. 37-48Kapitel i bok, del av antologi (Övrigt vetenskapligt)
    Abstract [en]

    Effective security of a personal firewall depends on (1) the rule granularity and the implementation of the rule enforcement and (2) the correctness and granularity of user decisions at the time of an alert. A misconfigured or loosely configured firewall may be more dangerous than no firewall at all because of the user’s false sense of security. This study assesses effective security of 13 personal firewalls by comparing possible granularity of rules as well as the usability of rule set-up and its influence on security.

    In order to evaluate usability, we have submitted each firewall to use cases that require user decisions and cause rule creation. In order to evaluate the firewalls’ security, we analysed the created rules. In addition, we ran a port scan and replaced a legitimate, network-enabled application with another program to assess the firewalls’ behaviour in misuse cases. We have conducted a cognitive walkthrough paying special attention to user guidance and user decision support.

    We conclude that a stronger emphasis on user guidance, on conveying the design of the personal firewall application, on the principle of least privilege and on implications of default settings would greatly enhance both usability and security of personal firewalls.

  • 142.
    Herzog, Almut
    et al.
    Linköpings universitet, Tekniska högskolan. Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik.
    Shahmehri, Nahid
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Usable Set-up of Runtime Security Policies2007Ingår i: International Symposium on Human Aspects of Information Security and Assurance,2007, Emerald Group Publishing Limited, 2007, s. 394-407Konferensbidrag (Refereegranskat)
  • 143.
    Herzog, Almut
    et al.
    Linköpings universitet, Tekniska högskolan. Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik.
    Shahmehri, Nahid
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Usable set-up of runtime security policies2007Ingår i: Information Management & Computer Security, ISSN 0968-5227, Vol. 15, nr 5, s. 394-407Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    Purpose: This paper aims to present concrete and verified guidelines for enhancing the usability and security of software that delegates security decisions to lay users and captures these user decisions as a security policy.

    Design/methodology/approach: This work is an exploratory study. The authors hypothesised that existing tools for runtime set-up of security policies are not sufficient. As this proved true, as shown in earlier work, they apply usability engineering with user studies to advance the state-of-the-art.

    Findings: Little effort has been spent on how security policies can be set up by the lay users for whom they are intended. This work identifies what users want and need for a successful runtime set-up of security policies.

    Practical implications: Concrete and verified guidelines are provided for designers who are faced with the task of delegating security decisions to lay users.

    Originality/value: The devised guidelines focus specifically on the set-up of runtime security policies and therefore on the design of alert windows.

  • 144.
    Herzog, Almut
    et al.
    Linköpings universitet, Tekniska högskolan. Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik.
    Shahmehri, Nahid
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    User help techniques for usable security2007Ingår i: Proceedings of the 1st Symposium on Computer Human Interaction for Management of Information Technology (CHIMIT’07) ACM Press, Boston, MA, USA, New York: ACM , 2007Kapitel i bok, del av antologi (Övrigt vetenskapligt)
    Abstract [en]

    There are a number of security-critical applications such as personal firewalls, web browsers and e-mail clients, whose users have little or no security knowledge and are easily confused, even frustrated by menus, messages or dialog boxes that deal with security issues.

    While there are evaluations of existing applications and proposals for new approaches or design guidelines for usable security applications, little effort has been invested in determining how applications can help users in security decisions and security tasks. The purpose of this work is to analyse conventional and security-specific user help techniques with regard to their usefulness in supporting lay users in security applications.

    We analyse the following help techniques: online documentation, context-sensitive help, wizards, assistants, safe staging and social navigation, and complement these with the tempting alternative of built-in, hidden security. Criteria for the analysis are derived from the type of user questions that can arise in applications and from definitions of when a security application can be called usable.

    Designers of security applications can use our analysis as general recommendations for when and how to use and combine user help techniques in security applications, but they can also use the analysis as a template. They can instantiate the template for their specific application to arrive at a concrete analysis of which user help techniques are most suitable in their specific case.

  • 145.
    Herzog, Almut
    et al.
    Linköpings universitet, Tekniska högskolan. Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik.
    Shahmehri, Nahid
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Duma, Claudiu
    Linköpings universitet, Tekniska högskolan. Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik.
    An ontology for information security2009Ingår i: Techniques and applications for advanced information privacy and security: emerging organizational, ethical and human issues / [ed] Nemadi H, Information Science Reference , 2009, 1, s. 278-301Kapitel i bok, del av antologi (Övrigt vetenskapligt)
    Abstract [en]

    Advances in technology are causing new privacy concerns as an increasing number of citizens are engaging in online activities.

    Techniques and Applications for Advanced Information Privacy and Security: Emerging Organizational, Ethical, and Human Issues provides a thorough understanding of issues and concerns in information technology security. An advanced reference source covering topics such as security management, privacy preservation, and authentication, this book outlines the field and provides a basic understanding of the most salient issues in privacy concerns for researchers and practitioners.

    Show more Show less

  • 146.
    Herzog, Almut
    et al.
    Linköpings universitet, Tekniska högskolan. Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik.
    Shahmehri, Nahid
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Duma, Claudiu
    Linköpings universitet, Tekniska högskolan. Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik.
    An ontology of information security2007Ingår i: International Journal of Information Security and Privacy, ISSN 1930-1650, Vol. 1, nr 4, s. 1-23Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    We present a publicly available, OWL-based ontology of information security which models assets, threats, vulnerabilities, countermeasures and their relations. The ontology can be used as a general vocabulary, roadmap, and extensible dictionary of the domain of information security. With its help, users can agree on a common language and definition of terms and relationships. In addition to browsing for information, the ontology is also useful for reasoning about relationships between its entities, for example, threats and countermeasures. The ontology helps answer questions like: Which countermeasures detect or prevent the violation of integrity of data? Which assets are protected by SSH? Which countermeasures thwart buffer overflow attacks? At the moment, the ontology comprises 88 threat classes, 79 asset classes, 133 countermeasure classes and 34 relations between those classes. We provide the means for extending the ontology, and provide examples of the extendibility with the countermeasure classes ‘memory protection’ and ‘source code analysis’. This article describes the content of the ontology as well as its usages, potential for extension, technical implementation and tools for working with it.

  • 147.
    Hiran, Rahul
    et al.
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Carlsson, Niklas
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
    Gill, Phillipa
    University of Toronto, Canada.
    Characterizing Large-scale Routing Anomalies: A Case Study of the China Telecom Incident2013Ingår i: Passive and Active Measurement / [ed] Matthew Roughan, Rocky Chang, Springer Berlin/Heidelberg, 2013, s. 229-238Konferensbidrag (Refereegranskat)
    Abstract [en]

    China Telecom’s hijack of approximately 50,000 IP prefixes in April 2010 highlights the potential for traffic interception on the Internet. Indeed, the sensitive nature of the hijacked prefixes, including US government agencies, garnered a great deal of attention and highlights the importance of being able to characterize such incidents after they occur. We use the China Telecom incident as a case study, to understand (1) what can be learned about large-scale routing anomalies using public data sets, and (2) what types of data should be collected to diagnose routing anomalies in the future. We develop a methodology for inferring which prefixes may be impacted by traffic interception using only control-plane data and validate our technique using data-plane traces. The key findings of our study of the China Telecom incident are: (1) The geographic distribution of announced prefixes is similar to the global distribution with a tendency towards prefixes registered in the Asia-Pacific region, (2) there is little evidence for subprefix hijacking which supports the hypothesis that this incident was likely a leak of existing routes, and (3) by preferring customer routes, providers inadvertently enabled interception of their customer’s traffic.

  • 148.
    Hiran, Rahul
    et al.
    Linköpings universitet, Institutionen för datavetenskap. Linköpings universitet, Tekniska fakulteten.
    Carlsson, Niklas
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska fakulteten.
    Shahmehri, Nahid
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska fakulteten.
    Collaborative framework for protection against attacks targeting BGP and edge networks2017Ingår i: Computer Networks, ISSN 1389-1286, E-ISSN 1872-7069, Vol. 122, s. 120-137Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    This paper presents the design and data-driven overhead analysis of PrefiSec, a distributed framework that helps collaborating organizations to effectively maintain and share network information in the fight against miscreants. PrefiSec is a novel distributed IP-prefix-based solution, which maintains information about the activities associated with IP prefixes (blocks of IP addresses) and autonomous systems (AS) and enables efficient sharing of this information between participants. Within PrefiSec, we design and evaluate simple and scalable mechanisms that help to protect against prefixisubprefix attacks and interception attacks, and enable sharing of prefix related information related to a wide range of edge-based attacks, such as spamming and scanning. We also include an evaluation of which ASes need to collaborate, to what extent the size and locality of ASes matter, and how many ASes are needed to achieve good efficiency in detecting anomalous route announcements. Public wide-area BGP-announcements, traceroutes, and simulations are used to estimate the overhead, scalability, and alert rates. Our results show that PrefiSec helps improve system security, and can scale to large systems. (C) 2017 Elsevier B.V. All rights reserved.

    Publikationen är tillgänglig i fulltext från 2019-04-22 11:10
  • 149.
    Hiran, Rahul
    et al.
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska fakulteten.
    Carlsson, Niklas
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska fakulteten.
    Shahmehri, Nahid
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska fakulteten.
    Crowd-based Detection of Routing Anomalies on the Internet2015Ingår i: Proc. IEEE Conference on Communications and Network Security (IEEE CNS), Florence, Italy, Sept. 2015., IEEE Computer Society Digital Library, 2015, s. 388-396Konferensbidrag (Refereegranskat)
    Abstract [en]

    The Internet is highly susceptible to routing attacks and there is no universally deployed solution that ensures that traffic is not hijacked by third parties. Individuals or organizations wanting to protect themselves from sustained attacks must therefore typically rely on measurements and traffic monitoring to detect attacks. Motivated by the high overhead costs of continuous active measurements, we argue that passive monitoring combined with collaborative information sharing and statistics can be used to provide alerts about traffic anomalies that may require further investigation. In this paper we present and evaluate a user-centric crowd-based approach in which users passively monitor their network traffic, share information about potential anomalies, and apply combined collaborative statistics to identify potential routing anomalies. The approach uses only passively collected round-trip time (RTT) measurements, is shown to have low overhead, regardless if a central or distributed architecture is used, and provides an attractive tradeoff between attack detection rates (when there is an attack) and false alert rates (needing further investigation) under normal conditions. Our data-driven analysis using longitudinal and distributed RTT measurements also provides insights into detector selection and the relative weight that should be given to candidate detectors at different distances from the potential victim node.

  • 150.
    Hiran, Rahul
    et al.
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska fakulteten.
    Carlsson, Niklas
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska fakulteten.
    Shahmehri, Nahid
    Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska fakulteten.
    Does Scale, Size, and Locality Matter?: Evaluation of Collaborative BGP Security Mechanisms2016Ingår i: 2016 IFIP NETWORKING CONFERENCE (IFIP NETWORKING) AND WORKSHOPS, IEEE , 2016, s. 261-269Konferensbidrag (Refereegranskat)
    Abstract [en]

    The Border Gateway Protocol (BGP) was not designed with security in mind and is vulnerable to many attacks, including prefix/subprefix hijacks, interception attacks, and imposture attacks. Despite many protocols having been proposed to detect or prevent such attacks, no solution has been widely deployed. Yet, the effectiveness of most proposals relies on largescale adoption and cooperation between many large Autonomous Systems (AS). In this paper we use measurement data to evaluate some promising, previously proposed techniques in cases where they are implemented by different subsets of ASes, and answer questions regarding which ASes need to collaborate, the importance of the locality and size of the participating ASes, and how many ASes are needed to achieve good efficiency when different subsets of ASes collaborate. For our evaluation we use topologies and routing information derived from real measurement data. We consider collaborative detection and prevention techniques that use (i) prefix origin information, (ii) route path updates, or (iii) passively collected round-trip time (RTT) information. Our results and answers to the above questions help determine the effectiveness of potential incremental rollouts, incentivized or required by regional legislation, for example. While there are differences between the techniques and two of the three classes see the biggest benefits when detection/prevention is performed close to the source of an attack, the results show that significant gains can be achieved even with only regional collaboration.

1234567 101 - 150 av 452
RefereraExporteraLänk till träfflistan
Permanent länk
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf