匿名用户的网络浏览特征挖掘

在网络使用挖掘（web usage mining)中，分析用户的行为模式是一个关键的问题，尤其对于匿名用户特征挖掘更有实际意义，首先介绍如何从网络使用数据（web usage data)中提取出会话（session)信息，接着讨论会话的特征抽取和特征空间（feature space)的表达方式，并以此为基础提出了一种建立在会话特征信息上的戒名用户的网络浏览特征挖掘方法算法，这种算法在提高精确性的基础上减少了计算耗费，可以较好地解决路径的变长，方向性和动态聚集等问题。     

基于翻译模型的查询会话检测方法研究

查询会话检测的目的是确定用户为了满足某个特定需求而连续提交的相关查询。查询会话检测对于查询日志分析以及用户行为分析来说是非常有用的。传统的查询会话检测方法大都基于查询词的比较,无法解决词语不匹配问题(vocabulary-mismatch problem)——有些主题相关的查询之间并没有相同的词语。为了解决词语不匹配问题,我们在该文提出了一种基于翻译模型的查询会话检测方法,该方法将词与词之间的关系刻画为词与词之间的翻译概率,这样即使词与词之间没有相同的词语,我们也可以捕捉到它们之间的语义关系。同时,我们也提出了两种从查询日志中估计词翻译概率的方法,第一种方法基于查询的时间间隔,第二种方法基于查询的点击URLs。实验结果证明了该方法的有效性。     

An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem

Recently, remote user authentication schemes are implemented on elliptic curve cryptosystem (ECC) to reduce the computation loads for mobile devices. However, most remote user authentication schemes on ECC are based on public-key cryptosystem, in which the public key in the system requires the associated certificate to prove its validity. Thus, the user needs to perform additional computations to verify the certificate in these schemes. In addition, we find these schemes do not provide mutual authentication or a session key agreement between the user and the remote server. Therefore, we propose an ID-based remote mutual authentication with key agreement scheme on ECC in this paper. Based upon the ID-based concept, the proposed scheme does not require public keys for users such that the additional computations for certificates can be reduced. Moreover, the proposed scheme not only provides mutual authentication but also supports a session key agreement between the user and the server. Compared with the related works, the proposed scheme is more efficient and practical for mobile devices.     

OVERCOMING MOBILE DEVICE LIMITATIONS THROUGH ADAPTIVE INFORMATION RETRIEVAL

The present study evaluates user preferences for personalized information access through mobile devices. The research focuses on text search operations in three simulated devices on a PC screen (cellular telephone, Personal Digital Assistant [PDA], and Interactive TV [ITV] as control) through continuous search. The adaptation process implemented explicit user feedback regarding the relevance of the retrieved information. The results show that users preferred the adaptive information access system to the non-adaptive one for all the devices (PDA, cellular phone, and ITV). Moreover, adaptation neutralizes the consistent preference for ITV (big screen, easy manipulation) upon other devices for textual information manipulation tasks.     

Web日志挖掘中的会话识别方法

为更好地实现会话识别,从而为后续模式发现提供准确的挖掘数据,在分析现有常用的会话识别方法后,提出一种基于待挖掘站点首页的用户会话识别方法.该方法根据用户浏览站点的习惯,以站点首页作为用户新会话开始标识,并增强了用户会话的定义.最后利用数据库编程实现该方法,将识别出的会话存储在数据库中,便于后续数据挖掘使用.实验结果表明,该方法能识别出更多的用户会话,且识别会话的准确率也更高.     

Modeling multiple interactions with a Markov random field in query expansion for session search

How to automatically understand and answer users' questions (eg, queries issued to a search engine) expressed with natural language has become an important yet difficult problem across the research fields of information retrieval and artificial intelligence. In a typical interactive Web search scenario, namely, session search, to obtain relevant information, the user usually interacts with the search engine for several rounds in the forms of, eg, query reformulations, clicks, and skips. These interactions are usually mixed and intertwined with each other in a complex way. For the ideal goal, an intelligent search engine can be seen as an artificial intelligence agent that is able to infer what information the user needs from these interactions. However, there still exists a big gap between the current state of the art and this goal. In this paper, in order to bridge the gap, we propose a Markov random field–based approach to capture dependence relations among interactions, queries, and clicked documents for automatic query expansion (as a way of inferring the information needs of the user). An extensive empirical evaluation is conducted on large‐scale web search data sets, and the results demonstrate the effectiveness of our proposed models.     

基于反转控制的有态POJO管理模型

目前会话信息的保存主要基于session进行直接管理,session 机制基于无连接的HTTP协议实现了有连接服务,对保存客户端和服务器之间的会话状态有着重要的作用,但是session直接存储机制的固有缺陷将造成表现层的业务组件直接与session耦合,给系统单元测试带来困难,同时也不利于系统的会话建模.IoC(inversion of control)模式很好的解决了组件的耦合和测试问题,但是IoC管理的都是无态POJO(plain old Java object).提出了一种基于IoC模式的有态POJO管理模型,将有态POJO的依赖关系和生命周期作为通用组件纳入模型的管理,并证明了有态POJO和无态POJO之间的引用完整性约束.通过对比可以看出,该模型有效地解决了传统session机制所存在的缺陷.     

Combating Viruses on Microcomputers and LANs

ABSTRACT

The HTTP protocol is designed for stateless transactions, but many Web applications require a session to be maintained between a Web browser and a server creating a stateful environment. Each Web application decides how its session is managed and needs to be able to trust the session identifier. However, it is possible for sessions to be hijacked, and an intruder can gain unauthorized access to the hijacked session. The purpose of this paper is to provide an analysis of current session management mechanisms and examine various hijacking techniques. The primary issues that will be addressed pertain to session management and the importance of securing the creation, deletion, and transmission of a session token. We provide a broader view of the session hijacking threat environment by analyzing existing Web application implementations to help demonstrate the need for session hijacking prevention. We will identify the session management areas that are targeted by attackers and will identify and examine various attacks that can lead to a session being hijacked.     

Study on two privacy-oriented protocols for information communication systems

In these days, the privacy of a user in information communication system is more important than ever before. Especially, the property is important for mobile communication systems due to the mobility of underlying mobile devices. Until now, many cryptographic tools have been proposed for achieving users’ privacy. In this paper, we review two privacy-oriented cryptographic protocols, and show their security holes. We also provide some countermeasure to fix the weaknesses. First, we discuss the security of the user identification scheme proposed by Hsu and Chuang which permits a user to anonymously log into a system and establish a secret key shared with the system. We show that the Hsu-Chuang scheme is not secure against known session key attacks, and then we provide a countermeasure which can be used for enhancing the security the Hsu-Chuang scheme. Secondly, we review a deniable authentication proposed by Harn and Ren which protects the privacy of a message sender. Then we show that the protocol has a potential incompleteness and two weaknesses.     

Adapting web pages using graph partitioning algorithms for user-centric multi-device web browsing

In the era of ubiquitous computing, applications are emerging to benefit from using devices of different users and different capabilities together. This paper focuses on user-centric web browsing using multiple devices, where content of a web page is partitioned, adapted and allocated to devices in the vicinity. We contribute two novel web page partitioning algorithms. They differ from existing approaches by allowing for both, automatic and semi-automatic partitioning. On the one hand, this provides good automatic, web page independent results by utilizing sophisticated structural pre- and postprocessing of the web page. On the other hand, these results can be improved by considering additional semantic information provided through user-generated web page annotations. We further present a performance evaluation of our algorithms. Moreover, we contribute the results of a user study. These clearly show that (1) our algorithms provide good automatic results and (2) the application of user-centric, annotation-based semantic information leads to a significantly higher user satisfaction.     

A mobile knowledge carrier with personalized knowledge provision

In the e-commerce era, the organization knowledge within a centralized knowledge management server can be easily accessed over the Internet by the client PCs at distinct locations. Currently, the personal digital assistant (PDA) has been widely used as the carrier for personal memos and daily records for its high mobility. Taking advantage of the personal information, the user requirements for knowledge can be determined. This research presents an intelligent KM scheme by integrating the PDA information (including notes, schedules and address book) mining model and mobile knowledge management mechanism. Based on the user profile mining technique, the PDA-ready knowledge that fits user requirements can be imported from the knowledge server to the client PDA. Demonstration cases are also provided to illustrate the applications of the proposed model in the content services and healthcare industry. By application of the mobile KM technique, the organization knowledge can be seamlessly provided to the PDA user via the data synchronization process. The attempt of this paper is to present an applicable and intelligent mobile knowledge carrier for realization of the mobile office.     

状态封包检测中的连接管理和调度策略-LASF

网络带宽的增长和频繁的网络攻击给状态封包检测等网络安全系统的性能带来了很大挑战。通过分析TCP连接建立延迟时间分布特性和连接逗留时间分布特性,设计了一个两级连接状态表,很好地解决了检测系统中的连接状态表急剧增长问题。然后,基于经典排队论和高速骨干网的TCP连接特性提出了一个流调度策略LASF(Least Attained Sojourn First)。通过实验证明,该策略能够在系统负载过重时显著提高系统的连接吞吐率等性能。     

SAS-SIP: A secure authentication scheme based on ECC and a fuzzy extractor for session initiation protocol

The session initiation protocol is used for communication purposes in a client-server environment, where for each time session the client and server agree upon a shared secret session key through an authentication system. After establishing the connection between client and server for a session, both the parties use a session key to encrypt/decrypt messages for communicating within that session securely. Therefore, authentication plays a vital role in sharing the secret session key. Recently, Chaudhry et al. proposed an authentication scheme; yet this paper shows that Chaudhry et al.’s scheme has inefficient login and password change phases, respectively, and does not take care of the users’ anonymity. Therefore, this study proposes an enhanced scheme, referred to as the secure authentication scheme for session initiation protocol (SAS-SIP) to eliminate the drawbacks of the scheme proposed by Chaudhry et al. In addition, the proposed SAS-SIP uses fuzzy extractors to incorporate biometric data along with the password to enhance the degree of security in the authentication system. After performing the security analysis through a random oracle model, this paper concludes that SAS-SIP is secure from secret information retrieval of communicators to the attacker. Furthermore, it has a better trade-off among several measurement costs along with security.     

关于提取Web用户浏览行为特征的研究

当前,Web日志挖掘技术已成为实现网站个性化服务的研究热点.运用Markov模型来预测用户的浏览模式,从而提高站点访问率、为站点重组提供有利信息是该领域广泛采用的方法之一.但传统方法建立的Markov模型,存在着数据冗余复杂、模型庞大繁琐等问题.针对这些问题,介绍了一种改进的Markov模型.其方法主要是在原有模型的基础之上,在数据清洗、用户会话识别过程中删除一些不予考虑的因素,大大简化了建立的Markov模型,提高了Web日志挖掘的效率.     

一种新的Web用户会话实时聚类算法

互联网技术的发展日新月异,Web数据是海量的,同时网络用户的浏览兴趣也是不断变换的。为了满足用户兴趣不断变换的需求,更好地实现个性化推荐,提出了一种新的Web用户会话实时聚类算法。算法分析验证了该算法可以提高聚类速度,能更好地满足用户的需求。     

融合全局信息的注意力增强会话推荐方法

近年来,基于会话推荐系统（session-based recommender system,SRS）的应用和研究是推荐系统的一个热门方向。如何利用用户会话信息进一步提升用户满意度和推荐精确度,是基于会话推荐系统的主要任务。目前大多数SBR模型仅基于目标会话对用户偏好建模,忽略了来自其他会话的物品转换信息,导致无法全面了解用户偏好。为了解决其局限性,提出融合全局上下文信息注意力增强的图神经网络模型（global context information graph neural networks for session-based recommendation,GCI-GNN）。该模型利用所有会话上的物品转换关系,更准确地获取用户偏好。具体而言,GCI-GNN从目标会话和全局会话学习物品向量表示。使用位置感知注意网络,将反向位置信息纳入物品嵌入中。考虑会话长度信息学习用户表示进而达到更有效的推荐。在Diginetica和Yoochoose数据集上进行实验,实验结果表明,相对最优的基准模型,GCI-GNN模型在Diginetica数据集各项指标上的提高超过2个百分点,在Yoochoose数据...     

An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security

Recently, lots of remote user authentication schemes are implemented on elliptic curve cryptosystem (ECC) to reduce the computation loads for mobile devices. However, most of those remote user authentication schemes on ECC suffer from different attacks and can not provide provable security. Therefore, we propose an ID-based remote mutual authentication with key agreement scheme on ECC in this paper. The proposed scheme not only provides mutual authentication but also supports a session key agreement between the user and the server. The scheme also provides the known session key security, the perfect forward secrecy, the no key-compromise impersonation, the no unknown key-share and the no key control. Compared with the related works, the proposed scheme is more efficient and practical for mobile devices. We also give a security proof under the random oracle.     

一种改进的智能卡远程用户匿名认证方案

针对Sonwanshi提出的远程用户认证方案存在会话密钥安全性差、不能抵御扮演攻击和离线口令猜测攻击的缺陷,提出了一种改进方案,主要在注册和登录阶段增加了安全性能。在注册阶段,用户口令直接在智能卡内进行相应运算,不再提交给服务器。这不仅降低了服务器对口令存储、维护的开销,而且避免了服务器对用户的攻击,提高了安全性能。在登录阶段,采用随机数的挑战应答方式取代原方案的时间戳方式,消除了时钟不同步导致的认证失败。对原方案、改进方案和其他同类方案进行安全性和效率分析的结果表明,改进方案不仅弥补了原方案的缺陷,而且相对同类方案,降低了时间复杂度,适用于安全需求高、处理能力低的设备。     

配置管理API及数据库系统解决跨会话用户数据

深入分析了ASP.NET状态管理技术,实现了基于用户配置管理API以及数据库系统解决跨会话持久化用户数据的问题。给出了使用网站的Web.config文件,定义配置文件项,自动持久到ASPNETDB.mdf中的编程方法。     

基于集群节点间即时拷贝的会话同步技术研究

集群会话同步技术目前主要有如下几种：基于Cookie的会话同步,基于数据库的会话同步,基于分布式缓存的会话同步.在以上会话同步技术的基础上,提出了一种基于集群节点间即时拷贝的会话同步技术,将会话标识信息存放在客户端中,避免了在客户端中存放完整的会话信息,从而可防止用户身份信息暴露的安全隐患;同时,在客户端向服务器发送请求的过程中,只携带会话标识信息,而不是完整的会话信息,传输的数据量将大大减少,提高了客户端对服务器的访问效率;各集群节点间同步会话信息,不需要从数据库中获取会话信息,避免了频繁使用数据库带来的性能瓶颈;也不需要使用专门的会话缓存服务器,减低了开发和部署成本,并具有良好的应用前景.