April 24 - 26, 2008
Hanwha Resort Haeundae, Busan, Korea
|Incremental learning method in traffic anomaly detection systems
|Dr. Byeong Ho Kang
Professor, University of Tasmania, Australia
|Summary of his talk
|Traffic anomaly detection is a standard task for network administration and security systems. Traffic anomaly is caused by mechanical faults, fraudulent behaviour or human errors. Anomaly detection is about how to detect the faults or fraud from normal situation (Hodge and Austin, 2004). As people share more information across Internet, many approaches have been proposed to automate this task.
Many of these approaches attempt to develop a sophisticated model to represent the full range of normal traffic behaviour. As well as this, the model can be used to identify anomalies. However, it is not easy to develop such model because it requires large amount of training data and it does not guarantee that data set covers all normal and abnormal patterns in the domain. In addition to this, it is more difficult because the domain itself changes rapidly, changing hardware and software.
In this talk, a different approach using incremental knowledge acquisition method known as Ripple Down Rules will be introduced as a solution for the development and maintenance of domain model. RDR assumes that the current model detecting anomaly is always incomplete and should be updated on the fly. Therefore, human experts should be able to reconstruct or update the domain model again for newly identified abnormal cases. This seems to be obvious but traditional expert system studies have shown that this can not be easily done, known as ¡®knowledge acquisition bottleneck¡¯. The main problem is how the system can validate and verify the changes for the new cases.
RDR has been used in various expert system developments and has proven that it can maintain domain knowledge well regardless of the amount of domain knowledge. It proposed a new mechanism that ensures the verification and validation process while it is learning a new model. The evaluation study shows that it performs as the conventional system does while it provides a new function, updating a domain model in real time.
|Multi-Source Information Fusion
An Overview in the Context of Information Security and Assurance
|Dr. Belur V. Dasarathy
Information Fusion Technologies Consultant
Editor-in-Chief, Information Fusion
|Summary of his talk
|This lecture will offer an introductory overview of the evolving field of Information Fusion with a view to delineate its role in the context of Information Security and Assurance, the theme of the conference. The presentation will start with a brief introduction to the field of multi-sensor, multi-source information fusion and underlying taxonomies touching upon the three facets of architectures, algorithms, and applications. The Information Security and Assurance Issues have been addressed in the Information Fusion domain as an intrusion detection problem. Accordingly, the talk will discuss the role of information fusion in enhancing the performance of intrusion detection systems as one among the more popular and upcoming application areas.
Design in 3G Wireless Networks and Beyond
Professor & Dean,
College of Electrical Engineering & Computer Science,
Computer & IT Center,
National Ilan University, I-Lan, Taiwan, RO
of his talk
explosive development of internet and wireless communication has
made personal communication more convenient. People can use a handy
wireless device to transfer different kinds of data such as voice
data, text data, and multimedia data. It is obvious that the increasing
use of IP based technology would be the trend for the mobile communication
Multimedia streaming, video conferencing, and on-line interactive
3D games are expected to attract an increasing number of users
in the future. Such bandwidth is not sufficient for these applications
and would be the major challenge for wireless networks.
Although the traditional layered protocol stacks have been used
for many years, they are not suitable for the next generation
wireless network and the mobile system. Due to the time varying
transmission of the wireless channel and the dynamic resource
requirements of different application, the traditional approach
to the mobile multimedia communication is full of challenges to
meet the user requirement on performance and efficiency.
Cross-layer design is a new research topic that actively exploits
the dependence between different protocol layers to obtain performance
gains. We performed a survey and introduced the cross-layer issues
in four research categories: application, mobility, QoS, and security.
of Adaptive Service-based Systems in Ubiquitous Computing Environments
Dr. Stephen S. Yau
Professor, Computer Science and Engineering
Director, Information Assurance Center
Arizona State University
Tempe, Arizona, USA
of his talk
achieve the goal of ubiquitous computing (ubicomp) - "computing
anytime, anywhere", it is necessary that ubicomp software systems
can adapt to dynamically changing environments. Such adaptations
change the configuration and behavior of ubicomp software systems
to provide not only appropriate functionality but also various satisfactory
QoS for users, such as timeliness and security. Recent development
of service-oriented architecture (SOA) has shown the great potentials
of developing adaptive software systems based on SOA. Software systems
based on SOA, called service-based systems, can be rapidly composed
from services provided by various organizations regardless the differences
in the languages and/or platforms used to implement the services,
and can be easily reconfigured in runtime to accommodate new requirements.
However, how to develop adaptive service-based systems with satisfactory
QoS in dynamic environments like ubicomp environments remains largely
The challenges for the rapid development, deployment and operations
of adaptive service-based systems providing satisfactory QoS in
ubicomp environments will be presented. Related research, such
as autonomic computing and situation awareness, will also be discussed.
In particular, our research on Adaptable Situation-aware Secure
Service-based (AS3) systems and trustworthy data sharing and management
in collaborative ubiquitous computing environments will be presented.
Some related issues, such as security and privacy in service discovery
and usage of contextual and situation information, and distributed
trust management in service-based systems in ubicomp environments
will also be discussed.
Networking: How to make it work?
Professor, Department of Computer Science,
City University of Hong Kong, Hong Kong SAR, China
of his talk
communications require wireless networking and infrastructure network
support. The first step is to look at how the different available
technologies will integrate and work with each other. One of the
next steps is to seek solutions for connecting "ubiquitous
devices" to such "integrated and heterogeneous networks".
These two steps together form the evolutionary approach towards
ubiquitous networking. This talk introduces our currently implemented
ubiquitous transmission system for "ubiquitous devices/terminals/handset",
called AnyServer which is an intelligent platform to provide the
mobile users with smooth QoS connections/communications, synchronization
and roaming over the heterogeneous networks (such as 3G/GSM/WiFi,
Sensor network and Internet). Based on SIP, AnyServer is open, scalable,
and complaint with IEEE/IETF standards. We will particularly introduce
the heterogeneous issue when we do the integrations for the various
networks to setup/maintain the real-time video/audio connections
among the networks, facing the heterogeneous networks. I will particularly
introduce the challenging and interesting issues encountered during
our research and implementations for the platform for the "live"
integration of the networks.
Hashes for Ubiquitous Applications
Hyoung Joong Kim
Graduate School of Information Management & Security,
Korea University, Korea
of his talk
hash is different from cryptographic hash. Hash turns digital data
(including text, image, audio, and video) into a fixed-size binary
string. The hash value is a concise representation of the longer
message or document from which it was computed. Cryptographic hash
functions are used to do message integrity checks and digital signatures
in various information security applications, such as authentication
and message integrity. Multimedia hash functions can also be used
for cryptographic applications for cryptographic purposes. Unfortunately,
most of the exist-ing digital signature based schemes remain vulnerable
to incidental modifications. Traditional cryptographic hashes are
not applicable in the multimedia applications because they are ex-tremely
sensitive to the message being hashed.
Multimedia hash function should have the properties that perceptually
identical data should have the same hash value with high probability,
while perceptually different images should have independent hash
values. In addition, the hash function should be secure, so that
an attacker cannot predict the hash value of a known data. A multimedia
hash function can be used to search and sort a multimedia database,
or to select frames in a video sequence for watermark embedding.
A few multimedia hash functions have been proposed recently and
they are about to be used in practical applications. In this talk,
the concept of the multimedia hash, image hash generating al-gorithms,
performance of them, and applications of the multimedia hash will
be presented. Algo-rithms based on different image descriptors
will be evaluated in terms of robustness, computation time, precision
and recall for searching applications.