Detecting P2P botnets by discovering flow dependency in C&C traffic

Botnets are widely used by attackers and they have evolved from centralized structures to distributed structures. Most of the modern P2P bots launch attacks in a stealthy way and the detection approaches based on the malicious traffic of bots are inefficient. In this paper, an approach that aims to detect Peer-to-Peer (P2P) botnets is proposed. Unlike previous works, the approach is independent of any malicious traffic generated by bots and does not require bots’ information provided by external systems. It detects P2P bots by focusing on the instinct characteristics of their Command and Control (C&C) communications, which are identified by discovering flow dependencies in C&C traffic. After discovering the flow dependencies, our approach distinguishes P2P bots and normal hosts by clustering technique. Experimental results on real-world network traces merged with synthetic P2P botnet traces indicate that 1) flow dependency can be used to detect P2P botnets, and 2) the proposed approach can detect P2P botnets with a high detection rate and a low false positive rate.     

基于状态转移相似性的P2P僵尸网络检测方法

随看对等网络(P2P)的不断发展,基于P2P架构的僵尸网络(Botnet)也应运而生.在对P2P僵尸网络从案例和全局进行深入研究,分析现有检测方法的优缺点后,提出了一种根据Bot主机状态转移的相似性来进行检测的方法,使用隐马尔科夫链进行建模,采用分布式存储异常行为数据,集中数据挖掘方式提升检测的效率和准确率.     

基于Web Service的层次化P2P小区模型的研究

P2P是一种分布式网络,由一组地位相等的节点组成.这种分布式的结构同时也带来了如资源不能有效查找等很多问题.而Web服务对资源发布、绑定的操作有效增强了系统对资源的控制,加快了资源的搜索速度.通过比较P2P与Web服务的差异,分析现有4种P2P结构的优势和劣势,并结合Web服务在分布式系统集中方面的优势,构建了新的层次化P2P小区模型.最后对该模型的一些核心问题进行了阐述.     

Detecting and tracking regional outliers in meteorological data

Detecting spatial outliers can help identify significant anomalies in spatial data sequences. In the field of meteorological data processing, spatial outliers are frequently associated with natural disasters such as tornadoes and hurricanes. Previous studies on spatial outliers mainly focused on identifying single location points over a static data frame. In this paper, we propose and implement a systematic methodology to detect and track regional outliers in a sequence of meteorological data frames. First, a wavelet transformation such as the Mexican Hat or Morlet is used to filter noise and enhance the data variation. Second, an image segmentation method, λ-connected segmentation, is employed to identify the outlier regions. Finally, a regression technique is applied to track the center movement of the outlying regions for consecutive frames. In addition, we conducted experimental evaluations using real-world meteorological data and events such as Hurricane Isabel to demonstrate the effectiveness of our proposed approach.     

支持本体推理的P3P隐私策略冲突检测研究

隐私偏好平台(platform for privacy preferences,P3P)主要被用于在用户访问网站时保护用户的隐私。同时,如何使用语义Web技术实现P3P隐私框架已经成为一个主要的关注点。分析了如何使用本体描述语言(Web ontoloty language,OWL)对P3P隐私策略及用户隐私偏好进行知识表示,并提供了若干使用OWL公理描述的约束,这些约束将为推理提供支持。分析了如何使用推理对服务隐私策略同用户隐私偏好之间的冲突进行检测。通过实验证明了该方法的正确性。     

Analysis by data mining in the emergency medicine triage database at a Taiwanese regional hospital

“Emergency medicine” is the front line of medical service a hospital provides; also it is the department people seek medical care from immediately after an emergency happens. The statistics by the Department of Health, Executive Yuan, indicate that over years, the number of people at the emergency department has been increasing. The US has introduced and practiced the triage system in the emergency medicine in 1960, whereby to aid the emergency department in allocating the patients, to give them appropriate medical care by the fast decision of the nurses and doctors in case of the patients’ seriousness through their judgment.This study takes on the knowledge contained in the massive data of unknown characteristics in the triage database at a Taiwanese regional hospital, using the cluster analysis and the rough set theory as tools for data mining to extract, with the analysis software ROSE2 (Rough Sets Data Explorer) and through rule induction technique, the imprecise, uncertain and vague information of rules from the massive database, and builds the model that is capable of simplifying massive data while maintaining the accuracy in classifying rules. After analyzing and evaluating the knowledge obtained from relevant mining in the hospitals past medical data for the consumption of emergency medical resources, this thesis proposes suggestions as reference for the hospitals in subsequent elevation of medical quality and decrease in operative costs.     

基于兴趣挖掘的非结构化P2P搜索机制研究与实现

在非结构化P2P环境下,搜索机制是影响信息检索的关键因素之一.提出一种基于兴趣索引表的搜索机制,并在此基础上实现非结构化P2P信息检索原型系统Isearch.该机制首先利用向量空间模型将文件内容向量化,然后对向量空间进行聚类,得到节点的兴趣度,再计算节点之间的兴趣相似度,在本地建立兴趣索引表.在搜索时,根据兴趣索引表直接将查询请求转发到有相似兴趣的节点.实验结果表明,该机制既不影响查询结果,又能减少访问节点的数量,提高查询效率.     

A short visit to the bot zoo [malicious bots software]

The past year (2004-5) has seen, a new attack trend emerge: bots. After a successful compromise, the attacker installs a bot (also called a zombie or drone) on the system; this small program enables a remote control mechanism to then command the victim. Attackers use this technique repeatedly to form networks of compromised machines (botnets) to further enhance the effectiveness of their attacks. In recent years, malicious bots have become commonplace, with botnets in particular posing a severe threat to the Internet community. Attackers primarily use them for distributed denial-of-service (DDoS) attacks, mass identity theft, or sending spam.     

Detecting the intersection of two convex shapes by searching on the 2-sphere

We take a look at the problem of deciding whether two convex shapes intersect or not. We do so through the well known lens of Minkowski sums and with a bias towards applications in computer graphics and robotics. We describe a new technique that works explicitly on the unit sphere, interpreted as the sphere of directions. In extensive benchmarks against various well-known techniques, ours is found to be slightly more efficient, much more robust and comparatively easy to implement. In particular, our technique is compared favorably to the ubiquitous algorithm of Gilbert, Johnson and Keerthi (GJK), and its decision variant by Gilbert and Foo. We provide an in-depth geometrical understanding of the differences between GJK and our technique and conclude that our technique is probably a good drop-in replacement when one is not interested in the actual distance between two non-intersecting shapes.     

P2P技术原理与应用软件

P2P的对等结构是互联网本质的回归,以P2P技术为支撑的网络应用目前席卷了整个网络产业。诸如BitTorrent、Thunder、Skype,P2P应用已成为当前网络技术领域的一颗明星。本文介绍了P2P技术基本原理和基于P2P技术的主流软件。     

From P2P to reliable semantic P2P systems

Current research to harness the power of P2P networks involves building reliable Semantic Peer-to-Peer (SP2P) systems. SP2P systems combine two complementary technologies: P2P networking and ontologies. There are several types of SP2P systems with applications to knowledge management systems, databases, the Semantic Web, emergent semantics, web services, and information systems. Correct semantic mapping is fundamental for success of SP2P systems where semantic mapping refers to semantic relationship between concepts from different ontologies. Current research on SP2P systems has emphasized semantics at the cost of dealing with the traditional issues of P2P networks of reliability and scalability. As a result of their lack of resilience to temporary mapping faults, SP2P systems can suffer from disconnection failures. Disconnection failures arise when SP2P systems that use adaptive query routing methods treat temporary mapping faults as permanent mapping faults. This paper identifies the disconnection failure problem due to temporary semantic mapping faults and proposes an algorithm to resolve it. To identify the problem, we will use a simulation model of SP2P systems. The Fault-Tolerant Adaptive Query Routing (FTAQR) algorithm proposed to resolve the problem is an adaptation of the generous tit-for-tat method originally developed in evolutionary game theory. The paper demonstrates that the reliability of an SP2P system increases by using the algorithm.     

P2P技术原理与应用软件

P2P的对等结构是互联网本质的回归，以P2P技术为支撑的网络应用目前席卷了整个网络产业。诸如BitTorrent、Thunder、Skype，P2P应用已成为当前网络技术领域的一颗明星。本文介绍了P2P社术基本原理和基于P2P技术的主流软件。     

Detecting weak signals for long-term business opportunities using text mining of Web news

In an uncertain business environment, competitive intelligence requires peripheral vision to scan and identify weak signals that can affect the future business environment. Weak signals are defined as imprecise and early indicators of impending important events or trends, which are considered key to formulating new potential business items. However, existing methods for discovering weak signals rely on the knowledge and expertise of experts, whose services are not widely available and tend to be costly. They may even provide different analysis results. Therefore, this paper presents a quantitative method that identifies weak signal topics by exploiting keyword-based text mining. The proposed method is illustrated using Web news articles related to solar cells. As a supportive tool for the expert-based approach, this method can be incorporated into long-term business planning processes to assist experts in identifying potential business items.     

A framework for regional association rule mining and scoping in spatial datasets

The motivation for regional association rule mining and scoping is driven by the facts that global statistics seldom provide useful insight and that most relationships in spatial datasets are geographically regional, rather than global. Furthermore, when using traditional association rule mining, regional patterns frequently fail to be discovered due to insufficient global confidence and/or support. In this paper, we systematically study this problem and address the unique challenges of regional association mining and scoping: (1) region discovery: how to identify interesting regions from which novel and useful regional association rules can be extracted; (2) regional association rule scoping: how to determine the scope of regional association rules. We investigate the duality between regional association rules and regions where the associations are valid: interesting regions are identified to seek novel regional patterns, and a regional pattern has a scope of a set of regions in which the pattern is valid. In particular, we present a reward-based region discovery framework that employs a divisive grid-based supervised clustering for region discovery. We evaluate our approach in a real-world case study to identify spatial risk patterns from arsenic in the Texas water supply. Our experimental results confirm and validate research results in the study of arsenic contamination, and our work leads to the discovery of novel findings to be further explored by domain scientists.     

IS-P2P:一种基于索引的结构化P2P网络模型

在分析无结构与有结构P2P网络结构的基础上,提出了一种新的基于索引的有结构P2P网络模型IS-P2P（Index-based Structured P2P Networks）.IS-P2P网络采用两层混合结构,上层由比较稳定的索引节点组成有结构索引网络,使用文档路由搜索机制,提供资源的发布和查找功能.下层由普通节点组成分布式网络.IS-P2P模型充分利用P2P网络中节点的性能差异,具有高效的查找性能,且能适应P2P网络高度动态性.进一步计算IS-P2P模型中索引网络路由性能、查询处理速度、索引节点索引数据库大小以及索引节点转发查询消息代价表明,IS-P2P具有良好的性能.     

P2P畅想曲

P2P是一种技术,但更多的是一种思想,有着改变整个互联网基础的潜能的思想。