International Journal of Computer Science and Information Security - PDF - PDF by ijcsiseditor

VIEWS: 3,810 PAGES: 194

More Info
									IJCSIS Vol. 5, No. 1, September 2009 ISSN 1947-5500

International Journal of Computer Science & Information Security


IJCSIS Editorial
Message from Managing Editor
The editorial policy of the Journal of Computer Science and Information Security (IJCSIS) is to publish top-level research material in all fields of computer science and related issues like mobile and wireless network, multimedia communication and systems, network security etc. With an openaccess policy, IJCSIS is an established journal now and will continue to grow as a venue for state-of-art knowledge dissemination. The journal has proven to be on the cutting edge of latest research findings with its growing popularity.

The ultimate success of this journal is truly dependent on the quality of the articles that we include in our issues. As we endeavor to live up to our mandate of providing a publication that bridges applied computer science from industry practitioners as well as the basic research/academic community.

I also want to thank the reviewers for their valuable service. We have selected some excellent papers with an acceptance rate of 35% and I hope that you enjoy IJCSIS Volume 5, No. 1 September 2009 issue. Available at IJCSIS Vol. 5, No. 1, September 2009 Edition ISSN 1947-5500 © IJCSIS 2009, USA.

Indexed by:

Dr. Gregorio Martinez Perez Associate Professor - Professor Titular de Universidad University of Murcia (UMU), Spain Dr. M. Emre Celebi, Assistant Professor Department of Computer Science Louisiana State University in Shreveport, USA Dr. Yong Li School of Electronic and Information Engineering, Beijing Jiaotong University P.R. China Dr. Sanjay Jasola Professor and Dean School of Information and Communication Technology, Gautam Buddha University, Dr Riktesh Srivastava Assistant Professor, Information Systems Skyline University College, University City of Sharjah, Sharjah, PO 1797, UAE Dr. Siddhivinayak Kulkarni University of Ballarat, Ballarat, Victoria Australia Professor (Dr) Mokhtar Beldjehem Sainte-Anne University Halifax, NS, Canada

1. A Method for Extraction and Recognition of Isolated License Plate Characters (pp. 001-010) YON-PING CHEN, Dept. of Electrical and Control Engineering, National Chiao-Tung University Hsinchu, Taiwan TIEN-DER YEH, Dept. of Electrical and Control Engineering, National Chiao-Tung University, Hsinchu, Taiwan 2. Personal Information Databases (pp. 011-020) Sabah S. Al-Fedaghi, Computer Engineering Department, Kuwait University Bernhard Thalheim, Computer Science Institute, Kiel University, Germany 3. Improving Effectiveness Of E-Learning In Maintenance Using Interactive-3D (pp. 021-024) Lt. Dr. S Santhosh Baboo, Reader, P.G. & Research Dept of Computer Science, D.G.Vaishnav College, Chennai 106 Nikhil Lobo, Research Scholar, Bharathiar University 4. An Empirical Comparative Study of Checklist-based and Ad Hoc Code Reading Techniques in a Distributed Groupware Environment (pp. 025-035) Olalekan S. Akinola and Adenike O. Osofisan Department of Computer Science, University of Ibadan, Nigeria 5. Robustness of the Digital Image Watermarking Techniques against Brightness and Rotation Attack (pp. 036-040) Harsh K Verma, Department of Computer Science and Engineering, Dr B R Ambedkar National Institute of Technology, Jalandhar, India Abhishek Narain Singh, Department of Computer Science and Engineering, Dr B R Ambedkar National Institute of Technology, Jalandhar, India Raman Kumar, Singh, Department of Computer Science and Engineering, Dr B R Ambedkar National Institute of Technology, Jalandhar, India 6. ODMRP with Quality of Service and local recovery with security Support (pp. 041-045) Farzane kabudvand, Computer Engineering Department zanjan, Azad University, Zanjan, Iran 7. A Secure and Fault-tolerant framework for Mobile IPv6 based networks (pp. 046-055) Rathi S, Sr. Lecturer, Dept. of Computer Science and Engineering, Government College of Technology, Coimbatore, Tamilnadu, India Thanuskodi K, Principal, Akshaya College of Engineering, Coimbatore, Tamilnadu, India 8. A New Generic Taxonomy on Hybrid Malware Detection Technique (pp. 056-061) Robiah Y, Siti Rahayu S., Mohd Zaki M, Shahrin S., Faizal M. A., Marliza R. Faculty of Information Technology and Communication, Univeristi Teknikal Malaysia Melaka, Durian Tunggal, Melaka, Malaysia 9. Hybrid Intrusion Detection and Prediction multiAgent System, HIDPAS (pp. 062-071) Farah Jemili, Mohamed Ben Ahmed, Montaceur Zaghdoud RIADI Laboratory, Manouba University, Manouba 2010, Tunisia 10. An Algorithm for Mining Multidimensional Fuzzy Assoiation Rules (pp. 072-076) Neelu Khare, Department of Computer Applications, MANIT, Bhopal (M.P.) Neeru Adlakha, Department of Applied Mathematics, SVNIT, Surat (Gujrat) K. R. Pardasani, Department of Computer Applications, MANIT, Bhopal (M.P.) 11. Analysis, Design and Simulation of a New System for Internet Multimedia Transmission Guarantee (pp. 077-086)

O. Said, S. Bahgat, M. Ghoniemy, Y. Elawdy Computer Science Department, Faculty of Computers and Information Systems, Taif University, Taif, KSA. 12. Hierarchical Approach for Key Management in Mobile Ad hoc Networks (pp. 087-095) Renuka A., Dept. of Computer Science and Engg., Manipal Institute of Technology, Manipal-576104-India Dr. K. C. Shet, Dept. of Computer Engg., National Institute of Technology Karnataka, Surathkal, P.O.Srinivasanagar-575025 13. An Analysis of Energy Consumption on ACK+Rate Packet in Rate Based Transport Protocol (pp. 096-102) P. Ganeshkumar, Department of IT, PSNA College of Engineering & Technology, Dindigul, TN, India, 624622 K. Thyagarajah, Principal, PSNA College of Engineering & Technology, Dindigul, TN, India, 624622 14. Prediction of Zoonosis Incidence in Human using Seasonal Auto Regressive Integrated Moving Average (SARIMA) (pp. 103-110) Adhistya Erna Permanasari, Computer and Information Science Dept., Universiti Teknonologi PETRONAS, Bandar Seri Iskandar, 31750 Tronoh, Perak, Malaysia Dayang Rohaya Awang Rambli, Computer and Information Science Dept. Universiti Teknonologi PETRONAS, Bandar Seri Iskandar, 31750 Tronoh, Perak, Malaysia Dhanapal Durai Dominic, Computer and Information Science Dept., Universiti Teknonologi PETRONAS, Bandar Seri Iskandar, 31750 Tronoh, Perak, Malaysia 15. Performance Evaluation of Wimax Physical Layer under Adaptive Modulation Techniques and Communication Channels (pp. 111-114) Md. Ashraful Islam, Dept. of Information & Communication Engineering, University of Rajshahi, Rajshahi, Bangladesh Riaz Uddin Mondal (corresponding author), Assistant Professor, Dept. of Information & Communication Engineering,University of Rajshahi, Rajshahi, Bangladesh Md. Zahid Hasan, Dept. of Information & Communication Engineering, University of Rajshahi, Rajshahi, Bangladesh 16. A Survey of Biometric keystroke Dynamics: Approaches, Security and Challenges (pp. 115-119) Mrs. D. Shanmugapriya, Dept. of Information Technology, Avinashilingam University for Women, Coimbatore, Tamilnadu, India Dr. G. Padmavathi , Dept. of Computer Science, Avinashilingam University for Women, Coimbatore, Tamilnadu, India 17. Agent’s Multiple Architectural Capabilities: A Critical Review (pp. 120-127) Ritu Sindhu, Department of CSE, World Institute of Technology, Gurgaon, India Abdul Wahid, Department of CS, Ajay Kumar Garg Enginnering College, Ghaziabad, India Prof. G.N.Purohit, Dean, Banasthali University, Rajasthan, India 18. Prefetching of VoD Programs Based On ART1 Requesting Clustering (pp. 128-134) P Jayarekha, Research Scholar, Dr. MGR University Dept. of ISE, BMSCE, Bangalore & Member, Multimedia Research Group, Research Centre, DSI, Bangalore Dr. T R GopalaKrishnan Nair Director, Research and Industry Incubation Centre, DSI, Bangalore 19. Prefix based Chaining Scheme for Streaming Popular Videos using Proxy servers in VoD (pp. 135-143) M Dakshayini, Research Scholar, Dr. MGR University.Working with Dept. of ISE, BMSCE, & Member, Multimedia Research Group, Research Centre, DSI, Bangalore, India Dr T R GopalaKrishnan Nair, Director, Research and Industry Incubation Centre, DSI, Bangalore, India 20. Convergence Time Evaluation of Algorithms in MANETs (pp.144-149)

Narmada Sambaturu, Department of Computer Science and Engineering, M.S. Ramaiah Institute of Technology,Bangalore-54,India. Krittaya Chunhaviriyakul, Department of Computer Science and Engineering, M.S. Ramaiah Institute of Technology,Bangalore-54,India. Annapurna P.Patil, Department of Computer Science and Engineering, M.S. Ramaiah Institute of Technology, Bangalore-54,India. 21. RASDP: A Resource-Aware Service Discovery Protocol for Mobile Ad Hoc Networks (pp. 150159 ) Abbas Asosheh, Faculty of Engineering, Tarbiat Modares University, Tehran, Iran Gholam Abbas Angouti, Faculty of Engineering, Tarbiat Modares University, Tehran, Iran 22. Tool Identification for Learning Object Creation (pp. 160-167) Sonal Chawla, Dept. of Computer Science and Applications, Panjab University, Chandigarh, India Dr.R.K.Singla, Dept. of Computer Science and Applications, Panjab University, Chandigarh, India 23. A Framework For Intelligent Multi Agent System Based Neural Network Classification Model (pp. 168-174) Roya Asadi, Norwati Mustapha, Nasir Sulaiman Faculty of Computer Science and Information Technology, University Putra Malaysia, 43400 Serdang, Selangor, Malaysia 24. Congestion Control in the Internet by Employing a Ratio-dependent Plant-HerbivoreCarnivorous Model (pp. 175-181) Shahram Jamali, Electrical and Computer Engineering Department, University of Mohaghegh Ardabili, Ardabil, Iran Morteza Analoui, Computer Engineering Department, Iran University of Science and Technology, Tehran, Iran --------------------

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No.1, 2009

A Method for Extraction and Recognition of Isolated License Plate Characters
Dept. of Electrical and Control Engineering, National Chiao-Tung University Hsinchu, Taiwan

Dept. of Electrical and Control Engineering, National Chiao-Tung University Hsinchu, Taiwan

Abstract—A method to extract and recognize isolated characters in license plates is proposed. In extraction stage, the proposed method detects isolated characters by using Difference-ofGaussian (DOG) function, The DOG function, similar to

Laplacian of Gaussian function, was proven to produce the most stable image features compared to a range of other possible image functions. The candidate characters are extracted by doing connected component analysis on different scale DOG images. In recognition stage, a novel feature vector named accumulated gradient projection vector (AGPV) is used to compare the candidate character with the standard ones. The AGPV is calculated by first projecting pixels of similar gradient orientations onto specific axes, and then accumulates the projected gradient magnitudes by each axis. In the experiments, the AGPVs are proven to be invariant from image scaling and rotation, and robust to noise and illumination change.
Keywords-accumulated gradient; gradient projection; isolated character; character extraction; character recognition

detected areas. Normalization is not always necessary for all recognition methods. Some recognition methods need normalized characters so that they need more computations to normalize the character candidates before recognition. In this paper the detection stage and segmentation stage are merged into an extraction stage. And the normalization is not necessary because the characters are recognized in an orientation and size invariant manner. The motivations of this work originate from three limitations of traditional method of LPR systems. First, traditional method uses simple features such as gradient energy to detect the possible location of license plates. However, this method may lose some plate candidates because the gradient energy may be suppressed due to camera saturation or underexposure, which often takes place under extreme light conditions such as sun light or shadow. Second, traditional detection methods often assume the license plates images are captured in a correct orientation so that the gradients can be accumulated on the pre-defined direction and then the license plates can be detected correctly. In real cases, the license plates may not always keep the same orientations in the captured images. They can be rotated or slanted due to the irregular roads, unfixed camera positions, or the abnormal conditions of cars. Third, it often happens that some characters in a license plate are blurred or corrupted which may fail the LPR process in detection or segmentation stage. The characteristic is dangerous for application because one single character may result in loss of whole license plate. Compare to human nature, people know the position of the unclear characters because they see some characters located aside. We try different methods, e.g. change head position or walk closer, to read the unclear character, and even guess it if it is still not distinguishable. This nature is not achievable in a traditional LPR system due to its coarse-to-fine architecture. To retain high detection rate of license plates under these limitations, the method in this paper proposes a fine-to-coarse method which firstly finds isolated characters in the captured image. Once some characters on a license plate are found, the entire license plate can be detected around these characters. The method may consume more computation than the traditional coarse-to-fine method. However, it minimizes the probability of missing license plate candidates in the detection stage. A challenge to achieve the fine-to-coarse method is recognition of isolated characters. There are some difficulties to deal with isolated characters recognition. First, it is difficult



The license plate recognition, or LPR in short, has been a popular research topic for several decades [1] [2] [3]. An LPR system is able to recognize vehicles automatically and therefore useful for many applications such as portal controlling, traffic monitoring, stolen car detection, and etc. Up to now, an LPR system still faces some problems concerning various light condition, image deformation, and processing time consumption [3]. Traditional methods for recognition of license plate characters often include several stages. Stage one is detection of possible areas where the license plates may exist. To detect license plates quickly and robustly is a big challenge since images may contain far more contents than just only expected ones. Stage two is segmentation, which divides the detected areas into several regions containing one character candidate. Stage three is normalization; some attributes of the character candidates, e.g., size or orientation, are converted to predefined values for later stages. Stage four is recognition stage; the segmented characters can be recognized by technologies such as vector quantization [4] or neural networks [5] [6]. Most works propose to recognize characters in binary forms so that they find thresholds [7] to depict the regions of interest in the
This research was supported by a grant provided by National Science Council, Taiwan, R.O.C.( NSC 98-2221-E-009 -128 -).

1 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No.1, 2009

to extract orientation of an isolated character. In traditional LPRs [3], the orientations of characters can be determined by the baseline [3][8] of multiple characters. However this method is not suitable for isolated characters. Second, the unfixed camera view angle often introduces large deformation on the character shapes or stroke directions. It makes the detection and normalization process difficult to be applied. Third, the unknown orientations and shapes exposed under unknown light condition and environment become a bottleneck for the characters to be correctly extracted and recognized. Calculate scale-space differences in the input image Group pixels of positive (or negative) differences

characters. Third, on each group the proposed accumulated gradient projection method is applied to find out the nature axes and associated accumulated gradient projection vectors (AGPVs). Finally, the AGPVs of each candidate are matched with those of standard characters to find the most similar standard character as recognition result. The experimental results show the feasibility of the proposed method and its robustness to several image parameters such as noise and illumination change. II. EXTRACTION OF ISOLATED CHARACTERS Before extracting the isolated characters in an image, there are four assumptions made for the proposed methods: 1. The color (or intensities for gray scale images) of a character is monotonic, i.e., the character is composed of single color without texture on it. 2. Same as 1, the color of background around the character is monotonic, too.

The proposed scheme to extract and recognize license plate characters has procedures as the following. First, the candidates of characters are detected by the scale-space differences. Scalespace extrema has been proved stable against noise, illumination change and 3D view point change [9]-[14]. In this paper, the scale-space differences are approximated by the difference-of-Gaussian functions as in [9]. Second, the pixels of positive (or negative) differences are gathered into groups by connected components analysis and form candidates of

Extraction Stage Recognition Stage

Calculate gradient histogram of each group Find 1~6 nature axes

3. The color of the character is always different from that of the background; 4. Characters must be isolated and no overlap in the input image. In this chapter, the scale space theory is used and acts as the theoretical basis of the method to robustly extract the interested characters in the captured image. Based on the theory, the Difference-of-Gaussian images of all different scales are iteratively calculated and grouped to produce the candidates of license plate characters. A. Produce the Difference-of-Gaussian Images Taking advantage of the scale-space theories [9]-[11], the extraction of characters becomes systematic and effective. In the first step, the detection of the characters is done by searching scale-space images of all the possible scales where the characters may appear in the input image. As suggested by the authors in [12] and [13], the scale-space images in this work are generated by convolving input image with different scale Gaussian functions. The first task to get the scale-space images is defining the Gaussian function. There are two parameters required for choosing of Gaussian filters, i.e., filter width λ and smoothing factor σ, where the two parameters are not fully independent yet some relationship between them are required to be discussed. The range of smoothing factor σ is determined from experiments that a better choice of it is from 1 to 16 for the input image up to 3M pixels. There are two factors relevant to the sampling frequency of σ: the resolution of the target characters and the computational resources(including allowed processing time). These two factors play roles of trade-off and are often determined case by case. In this paper, we choose to set σ of a scale double of that of the previous scale for convenient computation, i.e., σ2=2σ1, σ3=2σ2 …, where σ1, σ2, σ3…, are the corresponding smoothing factors of the scale numbered 1, 2, 3… As a result, the choice of smoothing factors in our case is, σ1=1, σ2=2, σ3=4, σ4=8, and σ5=16. Consider

Find nature AGPVs on each axis

Match with nature AGPVs in database to find possible matching characters Calculate augmented AGPV of each possible matching character Calculate total matching cost of each possible matching character Recognize by lowest matching cost

Figure 1. Process flow of the proposed method

2 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No.1, 2009

factors of noise and sampling frequency in the spatial domain, a larger σ is more stable to detect characters of larger sizes. Ideally the width λ of a Gaussian filter is infinity, while in real case it is reasonable to be an integer to match the design of digital filters. In addition, the integer cannot be large due to limited computation resources and only odd integers are chosen such that each output of convolution can be aligned to the center pixel of the filter. The width λ is changed with the smoothing factor σ, which is in other words the standard deviation of the Gaussian distribution. Smaller σ has better response on edges but yet more sensitive to noise. When σ is small, there is no need to define a large λ because the filter decays to a very small value when it reaches the boundary. In this paper we propose to choose the two parameters satisfying the following inequality,

λ ≥ σ × 7 & λ = 2n + 1,∀n ∈ N .


beginning, I(x,y) is convolved with Gaussian filter G(x,y,σa) to generate the first smoothed image, I1(x,y) for the first octave. σa is the smoothing factor of the initial scale and is selected as 1 (σa =σ1) in our experiments. The smoothed image I1(x,y) is used to convolve with Gaussian filter G(x,y,σb) to generate the second smoothed image I2(x,y), which will be subtracted from I1(x,y) to generate the first DOG image D1(x,y) on the octave. The I2(x,y) is also sub-sampled by every two pixels on each row and column to produce the image I2'(x,y) for the next octave. It is worth to note that an image sub-sampled from a source image has smoothing factor equal to one half of that of the source image. The length and width of image I2'(x,y) are L/2 and W/2, and the equivalent smoothing factor is (σa+σb)/2 from initial scale. As the σb is selected to be same as the smoothing factor σa of the initial scale, the image I2'(x,y) therefore has the equivalent smoothing factor σ=σa,, and is served as the initial scale of the second octave. The image I2'(x,y) is convolved with G(x,y,σb) again to generate the third smoothed image, I3(x,y), which can be subtracted from I2'(x,y) to produce the second DOG image D2(x,y). The same procedure can be applied to the remaining octaves to generate the required smoothed images I4 and I5, and Difference-ofGaussian images D3 and D4. B. Grouping of the Difference-of-Gaussian Images To find the interested characters in the DOG image, the next step is to apply connected components analysis to connect pixels of positive (or negative) responses into groups. After connected components analysis, all the groups are filtered by their sizes. There are expected sizes of characters for different octave and the groups will be discarded if their sizes are not falling into the expected range. The most stable sizes for extracting general characters on each octave are ranged from 32×32 to 64×64. Characters sizes smaller than 32×32 are easily disturbed by noise and result in undesirable outcomes. Characters sizes larger than 64×64 can be extracted on octaves of larger scales.

Figure 2. The procedure to produce difference-of-Gaussian Images


An efficient way to generate the smoothed images is taking sub-sampling. As explained above that the filter width is better chosen λ≥7σ, it makes the filter width grows to a large value when the smoothing factor grows up. This leads to a considerable amount of computation in real case if the filters are implemented in such a long size. To avoid expanding the filter width directly, we take use of sub-sampling on images of smoothing factors σ>1 based on the truth that the information in images is decreased as the smoothing factors increase. Due to the fact that the image sizes vary with the level of sub-sampling, we store the smoothed images into a series of octaves according to their sizes. The images on an octave have one half length and width of those of the previous octave. On each octave there are two images subtracting from each other to produce the desired Difference-of-Gaussian (DOG) image for later processing. The procedure of producing the Difference-ofGaussian images can be explained by Fig.2. Let the length and width of the input image I(x,y) be L and W respectively. In the


After extraction of the candidate characters, a novel method named accumulated gradient projection vector method, or AGPV method in short, is proposed and applied to recognize the extracted candidate characters. There are four stages to recognize a character using the AGPV method. First, determine the axes; including the nature axes and augmented axes. Second, calculate the AGPVs based on these axes. Third, normalize the AGPVs for comparing with standard ones. Fourth, match with standard AGPVs to validate the recognition result. The procedure will be explained in detail in the following sections. A. Determine Axes It is important to introduce the axes first before discussing the AGPV method. An axis of a character is a specific orientation on which the gradients of grouped pixels are projected and accumulated to form the desired feature vector.

3 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No.1, 2009

An axis is represented by a line that has specific orientation and passes through the center of gravity point of the pixels group. The axes of a character can be separated into two different classes named nature axes and augmented axes, which are different in characteristics and usages and will be described below. 1) Build up Orientation Histogram Upon an input image is clustered into one or more groups of pixels, the next step is to build up the corresponding orientation histograms. The orientation histograms are formed from gradient orientations of grouped pixels. Let γ(x,y) be the intensity value of sample pixel (x,y) of an image group I, the gradients on x-axis and y-axis are respectively,
∇X (x , y ) = γ (x + 1, y − 1) − γ ( x − 1, y − 1) + 2 × (γ (x + 1, y ) − γ ( x − 1, y )) + γ ( x + 1, y + 1) − γ ( x − 1, y + 1) .(2) ∇Y ( x , y ) = γ ( x − 1, y + 1) − γ ( x − 1, y − 1) + 2 × (γ (x , y + 1) − γ ( x , y − 1)) + γ ( x + 1, y + 1) − γ ( x + 1, y − 1)

Let function H(a) denote the histogram magnitude appeared on angle a. Find the center of the k-th peak, pk, of the histogram, which are defined by satisfying H(pk)> H(pk -1) and H(pk)> H(pk +1). A peak represents a specific orientation in the character image. Beside the center, find the boundaries of the peak, start angle sk and end angle ek, within an threshold angle distance ath , i.e.,

sk = a , H (a ) ≤ H (b ),∀b ∈ ( pk − ath , pk )

(4) (5)

ek = a , H (a ) ≤ H (b ),∀b ∈ ( pk , pk + ath )

The threshold ath is used to guarantee the boundaries of a peak stay nearby of its center and is defined to be 22.5 degrees in the experiment. The reason to choose ±22.5 degrees threshold is because it segments a 360-degree circle into 8 orientations, which is similar to human eyes often see a circle in 8 octants. Once the start angle and end angle of a peak is determined, define the energy function of the k-th peak as E (k ) =
a = sk

The gradient magnitude, m(x,y), and orientation, θ(x,y), of this pixel is computed by

∑ H (a ) ,


(∇X (x , y ))2 + (∇Y (x , y ))2 θ ( x , y ) = tan −1 (∇Y ( x , y ) / ∇X (x , y )) ,

m( x , y ) =

which stands for the gradient energy of a peak. In addition, an outstanding energy function D(k) is also defined for each peak, (3)

By assigning a resolution BINhis in the orientation histogram, the gradients are accumulated into BINhis bins and the angle resolution is REShis =(360/BINhis). The BINhis is chosen as 64 in the experiments and the angle resolution REShis is therefore 5.625 degrees. Each sample added to the histogram is weighted by its gradient magnitude and accumulated into the two nearest bins by linear interpolation. Besides the histogram accumulation, the gradient of each sample is accumulated into a variable GEhis which stands for the total gradient energy of the histogram. 2) Determine the Nature Axes The next step toward recognition is to find the corresponding nature axes based on the built orientation histogram. The word “nature” is used because the axes always exist “naturally” regardless of most environment and camera factors that degrade the recognition rate. The nature axes have several good properties helpful for the recognition. First, they have high gradient energy on specific orientation and therefore are easily detectable in the input image. Second, the angle differences among the nature axes are invariant to image scaling and rotation. It means, they can be used as references to correct the unknown rotation and scaling factors on the input image. Third, the directions of nature axes are robust within a range of focus and illumination differences. Fourth, although some factors, such as different camera view angle, may cause character deformation and change the angle relationship among the nature axes, the detected nature axes are still useful to filter out the dissimilar ones and narrow down the range of recognition.

D(k ) = E (k ) −

(H (s k ) + H (ek )) × (ek − s k )

The outstanding energy neglects the energy contributed by neighboring peaks and is more meaningful than E(k) to represent the distinctiveness of a peak. Peaks with small outstanding energy are not considered as nature axes because they do not outstand from the neighboring peaks and may not be detectable in new images. In the experiments, there are different strategies to threshold the outstanding energy for calculating standard AGPVs and test AGPVs. When calculating standard AGPVs, we select one grouped image as standard character image for each character and assign it to be the standard of the recognition. The mission of this task is to find stable peaks in the standard character image. Therefore, a higher threshold GEhis/32 is applied and a peak has outstanding energy higher than the threshold is considered as a nature axis of the standard character image. When calculating test AGPVs, the histogram may have many unexpected factors such as noise, focus error, bad lighting condition…, so that the task is changed to find one or more matched candidates for further recognition. Therefore, a lower threshold GEhis/64 is used to filter out the dissimilar ones by the outstanding energy. After threshold checking, the peaks whose outstanding energy higher than the threshold is called nature peaks of the character image and the corresponding angles are called the nature axes. Typical license plate characters can be found having two to six nature axes by the procedures above.

4 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No.1, 2009

Fig.3 is an example to show the nature axes. Fig.3(a) is the source image, where intensity is ranged from 0(black) to 255(white). Fig.3(b) overlays the source image with the detected nature axes shown by red arrows. Fig.3(c) is the corresponding orientation histogram which are accumulated from the pixels gradient magnitudes in Fig.3(a). We can see six peaks in the histogram, marked as A,B,C,D,E and F respectively, which correspond to the six red arrows in Fig.3(b).

B. Calculate AGPVs Once the axes of a character are found, the next step is to calculate the accumulated gradient projection vectors (AGPVs) based on these axes. On each axis of corresponding peak pk, the gradient magnitudes of pixels whose gradient orientations fall inside the range sk < θ (x , y ) < ek are projected and accumulated. The axis could be any one in the nature axes or augmented axes. 1) Projection principles The projection axis, ηφ, is chosen from either nature axes or augmented axes with positive direction φ. Let the (xcog, ycog) be the COG point of the input image, i.e.,



Figure 3.



(a)input image (b)the nature axes (c)orientation histogram

⎡N (x )⎤ ⎡ xcog ⎤ 1 ⎢ ∑ i ⎥ i =1 ⎥ ⎢y ⎥ = × ⎢ N N ⎢ cog ⎦ ⎣ ( yi )⎥ ⎥ ⎢∑ ⎦, ⎣ i =1


3) Determine the Augmented Axes Augmented axes are defined, as augmentations to nature axes, to be the directions on which the feature vectors, AGPVs, generated are unique or special to represent the source character. Unlike the nature axes possessing strong gradient energy on specific orientation, augmented axes do not have this property so that they may not be observed from orientation histogram. Some characters, such as Fig.4, have only few (one or two) apparent nature axes. Therefore, it is necessary to generate enough AGPVs on augmented axes for the recognition process. The experiment tells us that a better choice for the number of AGPVs is four to six in order to recognize a character in a high successful rate. The AGPVs can be any one from nature axes AGPVs or augmented axes AGPVs. The augmented axes can be defined by character shapes or by fixed directions. In our experiments, there are only four fixed directions, as the four arrows in Fig.4(b), defined as augmented axes for the total 36 characters. If any one of the four directions already exists in the nature axes, it will not be declared again in the augmented axes.

where (xi, yi) is the i-th sample pixel and N is the total number of sample pixels of a character. Let the function A(x,y) denote the angle between sample pixel(x,y) and the x-axis, i.e.,

⎛ y⎞ A( x , y ) = a tan⎜ ⎟ ⎝ x ⎠.


The process of projecting a character onto axis ηφ can be decomposed into three operations. First, rotate the character by angle Δθ = (A(xcog , ycog ) − φ ) . Second, scale the rotated pixels by a projection factor cos(Δθ). And third, translate the axis origin to the desired coordinate. Apply the process on the COG point, the coordinate of COG point after rotation is,

⎡ x rcog ⎤ ⎡cos (Δθ ) − sin(Δθ )⎤ ⎡ x cog ⎤ ⎢y ⎥ = ⎢ ⎥ ⎥⋅⎢ ⎣ rcog ⎦ ⎣ sin(Δθ ) cos(Δθ ) ⎦ ⎣ y cog ⎦ ,
Scaling by a projection factor cos(Δθ), it becomes,



0 ⎤ ⎡ x rcog ⎤ ⎡ x pcog ⎤ ⎡cos(Δθ ) ⋅⎢ ⎥ ⎢y ⎥ = ⎢ cos(Δθ )⎥ ⎣ y rcog ⎦ ⎦ ⎣ pcog ⎦ ⎣ 0 .


Finally, combine (15) and (16) and further translate the origin of axis ηφ, to (xηori, yηori), the final coordinate (xproj, yproj) of projecting any sample pixel (x,y) onto axis ηφ , is computed by (a) (b) (c)
Figure 4. (a).a character has only one nature axis. (b)the nature axes in red arrow and three augmented axes in blue arrows(c)orientation histogram

5 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No.1, 2009

⎡ x proj ⎤ ⎡ cos 2 (Δθ ) − sin(Δθ ) cos(Δθ )⎤ ⎡ x ⎤ ⎢y ⎥ = ⎢ ⎥⋅⎢ ⎥ cos 2 (Δθ ) ⎦ ⎣ y ⎦ . (11) ⎣ proj ⎦ ⎣ sin(Δθ ) cos(Δθ ) ⎡ x pcog ⎤ ⎡ xηori ⎤ −⎢ ⎥+⎢ ⎥ ⎣ y pcog ⎦ ⎣ yηori ⎦

ˆ (x , y ) = l



− xcog ) + ( y proj − y cog )




Note that the origin of axis ηφ., (xηori, yηori), is chosen to be the COG point of the candidate character in the experiments, i.e., (xηori, yηori)= (xcog, ycog), because it concentrates the projected pixels around the origin (xcog, ycog) and saves some memory space used to accumulate the projected samples on new axis. 2) Gradient projection accumulation In this section, the pre-computed gradient orientation and magnitude will be projected onto specific axes then summed up. Only sample pixels of similar gradient orientations are projected onto the same axis. See Fig. 5 for example; an object O is projected onto axis η of angle 0-degree. In this case, only the sample pixels of gradient orientations θ(x,y) near 0-degree will be projected onto η and then accumulated. According to axes types, there are two different cases to select sample pixels of similar orientations. For nature axis corresponding to k-th peak pk, the sample pixels with orientation θ(x,y) ranged inside the boundaries of the pk, i.e., sk < θ(x,y) < ek, are projected and accumulated. For augmented axis with angle φ, the sample pixels with gradient orientations θ(x,y) ranged by θ(x,y)≥ φ-22.5 and θ(x,y)≤ φ+22.5 will be projected and accumulated.

To accumulate the gradient projections, an empty array R(x) is created with length equals to the diagonal of the input image. Since the indexes of an array must be integers, linear interpolation is used to accumulate the gradient projections into the two nearest indexes of the array. In mathematical l representations, let b=floor( ˆ (x , y ) ) and u=b+1, where floor(z) rounds z to the nearest integers towards minus infinity. For each sample pixel (x,y) on input image I, do the following accumulations,

ˆ R(b ) = R(b ) + m( x , y ) × ˆ ( x , y ) − b ; l ˆ R(u ) = R(u ) + m( x , y ) × u − ˆ ( x , y ) l

( (

) )


Besides R(x), an additional gradient accumulation array, T(x) is also created to collect extra information required for normalization. There are two differences between R(x) and T(x). First, unlike R(x) targeting on only the sample pixels of similar orientation, T(x) targets on all the sample pixels of a character and accumulates their gradient magnitudes. Second, R(x) ˆ accumulates the projected gradient magnitude m(x , y ) , while T(x) accumulates the original gradient magnitude m(x,y). Referring to (14),

T (b ) = T (b ) + m( x , y ) × ˆ ( x , y ) − b ; l T (u ) = T (u ) + m( x , y ) × u − ˆ ( x , y ) l

( (

) )


The purpose of T(x) is to collect the overall gradient information of the interested character then applied to normalize array R(x) into desired AGPV.

Figure 5.

Accumulation of gradient projection

ˆ From (3) and (11), the projected gradient magnitude, m( x , y ) , ˆ ( x , y ) of sample pixel (x,y) onto and the projected distance, l axis ηφ are respectively

3) Normalization The last step to find out the AGPV on an axis is to normalize the gradient projection accumulation array R(x) into a fixed-length vector. With the fixed length, the AGPVs have uniform dimensionality and can be compared with standard AGPVs easily. Before the normalization, the length of AGPV, LAGPV, has to be determined. Depends on the complexity of recognition targets, different length of AGPV may be selected to describe the distribution of projected gradients. In our experiments, the LAGPV is chosen as 32. A smaller LAGPV lowers the resolution and degrades the recognition rate. A larger LAGPV slows down system performance and makes no significant difference on recognition rate. It is worth to note that, one AGPV formed upon an axis is independent from the other AGPVs formed upon different axes. This is important to make the AGPVs independent from one another regardless of the formed character and axes.
In order to avoid the impact of isolated sample pixels which are mostly caused by noise, the array R(x) is filtered by a Gaussian filter G(x):

ˆ m( x , y ) = m( x , y ) × cos (θ (x , y ) − φ ) .


~ R ( x ) = R (x )* G ( x ) ,


6 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No.1, 2009

where the operator * stands for convolution operation. The variance of the G(x) is chosen as σ =(LenR)/128 in the experiments, where LenR is the length of R(x). It is found that this choice benefits in both resolution and noise rejection. Similarly, the array T(x) is also filtered by the same Gaussian filter to eliminate the effect of noise. After Gaussian filtering, the array T(x) is analyzed to find effective range, the range in which the data is effective to represent a character. The effective range starts from index Xs and ends in index Xe, defined as



X s = {x s ,T (x s ) ≥ thT ;T (x ) < thT , ∀x < x s }



X e = {xe ,T (xe ) ≥ thT ;T (x ) < thT , ∀x > xe } ,

(c) (d)

where the threshold thT is used to discard noise and is chosen as thT =Max(T(x))/32 in the experiment. The effective range of R(x) is the same as the effective range of T(x), from Xs to Xe. As mentioned previously, the gradient projection accumulation results in a large sum along a straight edge. This is a good property if the interested character is composed of straight edges. However, some characters may consist of not only straight edges but also some curves and corners which only contribute small energy on array R(x). In order to balance the contribution of different types of edges and avoid the disturbance from noise, a threshold is used to adjust the content of array R(x) before normalization,
~ ⎧ 0 , if R (x ) < thR ˆ R(x ) = ⎨ ~ ⎩255, if R (x ) ≥ thR .

Figure 6. (a).Gradient projection on axis D. (pink: COG point; red: axis D; cyan: selected sample pixels; blue: locations after projection) (b).the gradient accumulation array T(x) with distance to the COG point (c).the gradient projection array R(x) (d).normalized AGPV.

C. Matching and Recognition 1) Properties used for matching Unlike general vectors matching problem directly referring to the RMS error of two vectors, the matching of AGPVs refers to special properties derived from their physical meanings. There are three properties useful for similarity measuring between two AGPVs.
Each peak in an AGPV represents an edge on the source character. The number of peaks, or say the edge count, is useful to represent the difference between two AGPVs. For example, there are four peaks on the extracted AGPV in Fig.6(d) and each of them represents an edge on the axis. The edge count is invariant no matter how the character exists in the input image. In this paper, a function EC(V) is defined to calculate the edge count of an AGPV V and EC(V) increase if V(i)=0 and V(i+1) >0. Although the edge count in an AGPV is invariant for the same character, the position of the edges could be varied if the character is deformed due to slanted camera angle. This is the major reason to explain why the RMS error is not suitable to measure the similarity between two AGPVs. In order to compare AGPVs under the cases of character deformation, a matching cost function C(U, V) is calculated to measure the similarity between AGPV U and AGPV V, expressed as,
C (U ,V ) = EC (U ) − EC (V ) + EC (UV ) − EC (V ) + EC ( IV ) − EC (V )


After finding the effective range and adjusting the content of array R(x), the accumulated gradient projection vector (AGPV) ˆ is defined to resample from R(x ) ,
⎛⎛ i ⎞ ⎞⎞ ˆ⎛ AGPV (i ) = R⎜ round ⎜ ⎜ ⎟ × ( X e − X s ) + X s ⎟ ⎟ ⎜ 32 ⎟⎟ ⎜ ⎝⎝ ⎠ ⎠⎠ . ⎝


Fig.6 gives an example of the gradient accumulation array T(x), gradient projection accumulation array R(x) and normalized AGPV. The example uses the same test image as Fig.3 and only one of the nature axes, axis E, is selected and printed. Similar to the method of finding the peaks of orientation histogram, the k-th peaks, pk, on R(x) is defined as R(pk)> R(pk -1) and R(pk)> R(pk +1). It can be observed that four peaks exist in Fig.6(c) and each of them represents an edge projected onto axis E.

, (21)

Where UV = U ∪ V is the union vector of AGPV U and AGPV V and UV(i)=1 if V(i)>0 or U(i) >0. IV = U ∩V is the intersection vector and IV(i)=1 if V(i)>0 and U(i) >0.

7 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No.1, 2009

An inter-axes property used to match the test character with the standard characters is that the angular relationships of nature axes on the test character are similar to those on the corresponding standard character. In the experiment, a threshold thA=π/32 is used to check if the AGPVs of the test character match the angular relationship of nature axes of a standard character. Let AAT(k) be the k-th axis angle of the test character and 0≤AAT(k)<2π. The function AA(i,j) denote the angle of the j-th axis of the i-th standard character, similarly 0≤AA(i,j)<2π. If the m-th and n-th axis of the test character are respectively corresponding to the g-th and h-th axis of the i-th standard character, then

Stage 2: Find the other matching pairs between the standard AGPVs and the test character: Based on the fundamental pair, the axes angles of the test character are compared with those of the standard character. Let the number of nature AGPVs detected on the test character be NNT. For the i-th standard character, create an empty array mp(j)=0, 1≤j≤ NV(i), to denote the matching pair with the test character. Take use of (22), calculate

( AAT (k ) − AAT (kT )) − ( AA(i , j ) − AA(i , jS )) ≤ thA . ∀k ∈ [1, NN T ], k ≠ kT ; ∀j ∈ [1, NN (i )], j ≠ jS


( AAT (m) − AAT (n )) − ( AA(i , g ) − AA(i ,h )) ≤ thA .


2) Create standard AGPV database A standard database is created by collecting all the AGPVs extracted from characters of standard parameters: standard size, standard aspect ratio, no noise, no blur, and neither rotation nor deformation. The extracted AGPVs are called standard AGPVs and stored by two categories: the one calculated on nature axes is called the standard nature AGPVs and the other calculated on augmented axes is called the standard augmented AGPVs. Let the number of total standard characters be N, N=36(0~9 and A~Z) for license plate characters in this paper. Denote the number of standard nature AGPVs for i-th standard character as NN(i), the number of standard augmented AGPVs as NA(i), and the total number of AGPVs as NV(i), where NV(i)= NN(i)+ NA(i). The j-th standard AGPV of the i-th character is denoted as VS(i,j), where j=1 to NV(i). Note that VS(i,j) are standard nature AGPVs for j≤NN(i) while VS(i,j) are standard augmented AGPVs otherwise. 3) Matching of characters In order to recognize the test character, the AGPVs of it is stage-by-stage compared with the standard AGPVs in the database. Moreover, a candidates list is created by including all the standard characters at the beginning and removes those having high matching cost to the test character on each stage. Until the end of the last stage, the candidate in the list consisting of the lowest total matching cost is considered as the recognition result.
Stage 1: Find the fundamental matching pair. Calculate the cost function between the test character and the j-th AGPV of the i-th standard character.
C1 (k , j ) = MC (VT (k ),VS (i , j ))

the k-th test AGPV satisfies (25) is called the j-th matching pair of the standard character, denoted as mp(j)=k. Note that there might be more than one test AGPVs satisfying (25). In this case only the one of lowest matching cost is recognized as the j-th matching axis and the others are ignored. Stage 3: Calculate total matching cost of standard nature AGPVs: Define a character matching cost function CMC(i) to measure the similarity between test character and the i-th standard character by summing up the matching costs of all the matching pairs,
CMC (i ) =
NN (i )

j =1,mp ( j )> 0

∑ MC (V (mp( j )),V (i , j ))


Stage 4: Calculate the matching costs of augmented AGPVs: At the first step, find the axis angle AX on the test character corresponding to the j-th standard augmented axis as
AX = ( AA(i , j ) − AA(i , j S )) + AAT (kT )


If there is one AGPV of the test character, say, the k-th nature AGPV, satisfies (25), i.e., ( AAT (k ) − AX ) ≤ th A , then the k-th nature AGPV is mapped to the j-th augmented axis and mp(j)=k. Otherwise, the AGPV corresponding to the j-th standard augmented axis must be calculated based on the axis angle AX. After that, the matching costs of the augmented AGPVs are accumulated into the character matching cost function as,


CMC (i ) = CMC (i ) +

NV (i )

j = NN (i )+1

∑ MC (V (mp( j )),V (i , j ))


Find a pair of axes whose matching cost is minimum:

(kT , j S ) = arg min(C1 (k , j ))
k ,j


Stage 5: Recognition: Due to the different number of AGPVs for different standard character, the character matching cost function is normalized by the total number of standard AGPVs, i.e.,

If min(C1(kT, jS)) is less than a threshold thF, the i-th standard character is kept in the candidates list and the pair(kT, jS) is served as the fundamental pair of the candidate.

CMC (i ) = CMC (i ) / NV (i )


8 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No.1, 2009

Finally, the test character is recognized as the h-th standard character of the lowest matching cost if the character matching cost CMC(h)<thR

A. Stability to Noise The image set B is generated by two steps: First, copy set A to a new image set. Second, add 4% pepper and salt noise onto the new image set to form set B. Note that 4% pepper and salt noise means one pepper or salt appearing in every 25 pixels.
It can be seen from Table I that the character extraction rate is degraded when noise is added. A further experiment shows that enlarging the size of characters is very useful to improve the extraction rate under the effect of noise. It is reasonable since the noise energy is lowered if the range of accumulation is enlarged. Similarly, the same method is able to improve the TPR of recognition since it accumulates the gradient energy before feature extraction.



The test images are captured from the license plates under general conditions and include several factors which often degrade recognition rates, such as dirty plates, deformed license plates, plates under special light conditions …, etc. All the images are sized 2048x1536 and converted into 8-bit grayscale images. Total 60 test images are collected and each of them contains one license plates consisting of 4 to 6 characters. The minimum character size in the image is 32×32 pixels. We choose some characters from the test images to be the standard characters and calculate the standard AGPVs. The results are measured by the true positive rate(TPR), i.e., the rate that the true characters are extracted and recognized successfully, and the false positive rate(FPR), i.e., the rate that the false characters are extracted and recognized as a character in the test image. The process is divided into two stages, extraction stage and recognition stage, and the result of each stage is recorded and listed in table I. The discussion is focused on the stability of the proposed method with respect to the three imaging parameters: noise, character deformation, and illumination change. These parameters are considered to be the most serious factors to impact recognition rate. Denote the original test images as set A. Three extra image sets, set B, set C and set D, are generated to test the impact of these parameters, respectively. In Table I, the column “Extraction TPR” stands for the rate that the characters in test images are extracted correctly. A character is considered as successfully extracted if, first, it is isolated from external objects and second, the grouped pixels can be recognized by human eyes. The column “Recognition 1 TPR” represents the rate that the extracted true characters are recognized correctly, under the condition that the character orientation is unknown. Nevertheless, the column “Recognition 2 TPR” is the recognition rate based on the condition that the character orientation is known so that the fundamental pair of a test character is fixed. This is reasonable for most cases since the license plates are often orientated horizontally. Under such conditions, the characters are kept in vertical orientations if the camera capture angle keeps upright.

B. Stability to Character Deformation The image set C is generated by transforming pixels of set A via affine transformation matrix M, expressed as
⎡ xC ⎤ ⎡ xA ⎤ . ⎢y ⎥ = M ⋅⎢y ⎥ ⎣ A⎦ ⎣ C⎦ (30)

Table II gives two examples of different matrix M and corresponding affine-transformed characters
0⎤ ⎡ 1 ⎢− 1 / 4 1 ⎥ ⎣ ⎦ ⎡ 1 0⎤ ⎢1 / 6 1⎥ ⎣ ⎦ ⎡ 1 0⎤ ⎢1 / 4 1⎥ ⎣ ⎦

Input \ M

0⎤ ⎡ 1 ⎢− 1 / 6 1⎥ ⎣ ⎦

In Table I, the extraction TPR for set C is very close to the original rate for set A. This is because the extraction method by scale-space difference is independent from character deformation. However, the character deformation has serious impact to recognition TPR because not only the angle differences of the axes but also the peaks in AGPV are changed seriously due to the deformation. A method to increase the recognition TPR for deformed input characters is expanding the database by including the deformed characters into standard characters. In other words, the false recognition can be reduced by considering the seriously deformed characters as new characters, then recognize it based on the new standard AGPVs. This method is helpful to resolve the problem of character deformation but takes more time in recognition as the AGPVs in standard database grow up comparing to the original.
C. Stability to Illumination Change It is found that the successful rate is robust and almost no change on extraction stage when the illumination is changed by constant factors, i.e.,
I' ( x , y ) = k ⋅ I ( x , y )


Set A Set B Set C Set D

TPR 93.3 83.0 91.6 89.7

Recognition 1 Unknown orientation TPR FPR 88.3 8.3 85.4 8.1 67.3 13.3 78.4 8.6

Recognition 2 Known orientation TPR FPR 93.3 3.3 88.3 5.0 75.8 10.6 89.3 3.3


9 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No.1, 2009

Consider to uneven illumination, four directional light sources, L1 to L4, are added into the test images and form Set D to imitate the response of illumination change. Expressed as
L1 ( x , y ) = ( x + y + 10 ) / (L + W + 10)

L3 (x , y ) = (x + (L − y ) + 10 ) / (L + W + 10 )

L2 ( x , y ) = ((W − x ) + y + 10 ) / (L + W + 10 ) L4 ( x , y ) = ((W − x ) + (L − y ) + 10 ) / (L + W + 10 ) ,

plate characters, a lot of isolated characters are wide spreading around our daily lives. For example, there are many isolated characters exist in elevators, clocks, telephones …, etc. Traditional coarse-to-fine methods to recognize license plate characters are not suitable for these cases because each of them have different background and irregular characters placement. The proposed AGPV method shall be useful to recognize these isolated characters if it can be adapted to different font types. REFERENCES
[1] Takashi Naito, Toshihiko Tsukada, Keiichi Yamada, Kazuhiro Kozuka, and Shin Yamamoto, “Robust License-Plate Recognition Method for Passing Vehicles under Outside Environment,” IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 49, NO. 6, NOVEMBER 2000 S. Kim, D. Kim, Y. Ryu, and G. Kim, “A Robust License Plate Extraction Method Under Complex Image Conditions,” in Proc. 16th International Conference on Pattern Recognition (ICPR’02), Quebec City, Canada, vol. 3, pp. 216-219, Aug. 2002. Wang, S.-Z.; Lee, H.-J., “A Cascade Framework for a Real-Time Statistical Plate Recognition System,” Transactions on Information Forensics and Security, IEEE, vol. 2, no.2, pp. 267 - 282, DOI: 10.1109/TIFS.2007.897251, June 2007 Zunino, R.; Rovetta, S., “Vector quantization for license-plate location and image coding.” Transactions on Industrial Electronics, IEEE, vol. 47, no.1, pp159 - 167, Feb 2000, DOI: 10.1109/41.824138 Kwan, H.K., “Multilayer recurrent neural networks [character recognition application example].” The 2002 45th Midwest Symposium on, vol. 3, pp 97-100, 4-7 Aug. 2002, ISBN: 0-7803-7523-8, INSPEC: 7736581 Wu-Jun Li; Chong-Jun Wang; Dian-Xiang Xu; Shi-Fu Chen., “Illumination invariant face recognition based on neural network ensemble.” ICTAI 2004., pp 486 - 490, 15-17 Nov. 2004, DOI: 10.1109/ICTAI.2004.71 N. Otsu, “A Threshold Selection Method from Gray-Level Histograms.” Transactions on Systems, Man and Cybernetics, IEEE, vol. 9, no.1, pp62-66, Jan. 1979, ISSN: 0018-9472, DOI: 10.1109/TSMC.1979.4310076 Atallah AL-Shatnawi and Khairuddin Omar., “Methods of Arabic Language Baseline Detection – The State of Art,” IJCSNS, vol. 8, no.10, Oct 2008 David G. Lowe, "Distinctive image features from scale-invariant keypoints," International Journal of Computer Vision, 60, 2 , pp. 91-110, 2004 David G. Lowe, "Object recognition from local scale-invariant features," International Conference on Computer Vision, Corfu, Greece (September 1999), pp. 1150-1157. Witkin, A.P. "Scale-space filtering," International Joint Conference on Artificial Intelligence, Karlsruhe, Germany, pp. 1019-1022, 1983 Koenderink, J.J. "The structure of images," Biological Cybernetics, 50:363-396, 1984 Lindeberg, T. "Scale space theory: A basic tool for analyzing structures at different scales." Journal of Applied Statistics, 21(2):224-270, 1994 Mikolajczyk, K. "Detection of local features invariant to affine transformations." Ph.D thesis, Institut National Polytechnique de Grenoble, France, 2002


where the W and L are respectively the width and length of the test image. We can see from Table I that the uneven illumination change makes little difference to character extraction. A detail analysis indicates that insufficient color (intensity) depth makes some edges disappeared under illumination change and forms the major reason for the drop of extraction TPR. Similarly, the same reason also degrades the TPR in recognition stage. A good approach to minimize the sensitivity to illumination change is to increase the color (intensity) depth of the input image. 12-bit or 16-bit gray-level test images will have better recognition rates than 8-bit ones. V. CONCLUSION




A method to extract and recognize the license plate characters is presented comprising two stages: First, extract isolated characters in a license plate. And second, recognize them by the novel AGPVs. The method in extraction stage incrementally convolves the input image with different scale Gaussian functions and minimizes the computations in high scale images by means of sub-sampling. The isolated characters are found by connected components analysis on the Difference-of-Gaussian image and filtered by expected sizes. The method in recognition stage adopts AGPV as feature vector. The AGPVs calculated from Gaussian-filtered images are independent from rotation and scaling, and robust to noise and illumination change. The proposed method has two distinctions with traditional methods: 1. Unlike traditional methods detect the whole license plate in the first step; the method proposed here extracts characters alone and no need to detect the whole plate in advance. 2. The recognition method is suitable for single characters. Unlike traditional methods require the information of baseline before recognition; the proposed method requires no prior information of character sizes and orientations. A direction for future research can be categorized to extend the method to recognize different font types. Not only license







[11] [12] [13] [14]

10 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Personal Information Databases
Sabah S. Al-Fedaghi
Computer Engineering Department Kuwait University Kuwait
Abstract—One of the most important aspects of security organization is to establish a framework to identify securitysignificant points where policies and procedures are declared. The (information) security infrastructure comprises entities, processes, and technology. All are participants in handling information, which is the item that needs to be protected. Privacy and security information technology is a critical and unmet need in the management of personal information. This paper proposes concepts and technologies for management of personal information. Two different types of information can be distinguished: personal information and non-personal information. Personal information can be either personalidentifiable information (PII), or non-identifiable information (NII). Security, policy, and technical requirements can be based on this distinction. At the conceptual level, PII is defined and formalized by propositions over infons (discrete pieces of information) that specify transformations in PII and NII. PII is categorized into simple infons that reflect the proprietor’s aspects, relationships with objects, and relationships with other proprietors. The proprietor is the identified person about whom the information is communicated. The paper proposes a database organization that focuses on the PII spheres of proprietors. At the design level, the paper describes databases of personal identifiable information built exclusively for this type of information, with their own conceptual scheme, system management, and physical structure. Keywords-component; database; personal identifiable information personal information;

Bernhard Thalheim
Computer Science Institute Kiel University Kiel, Germany leading to the need for a PII database with its own conceptual scheme, system management, and physical structure. Different types of information of interest in this paper are shown in Fig. 1. We will use the term infon to refer to “a piece of information” [9]. The parameters of an infon are objects, and so-called anchors assign these objects such as agents to parameters. Infons can have sub-infons that are also infons. Let INF = the set of infons in the system. Four types of infons are identified: 1. So-called “private or personal” information is a subset of INF. “Private or personal” information is partitioned into two types of information: PII and PNI. PII is the set of pieces of personal identifiable information. We use the term pinfon to refer to this special type of infon. The relationship between PII and the notion of identifiably will be discussed later. PNI is the set of pieces of non-identifiable information.



Information (INF)

I. INTRODUCTION Rapid advances in information technology and the emergence of privacy-invasive technologies have made information privacy a critical issue. According to Bennett and Raab [11], technically, the concept of information privacy is treated as information security. “Information privacy is the interest an individual has in controlling, or at least significantly influencing, the handling of data about themselves” [10]; however, the information privacy domain goes beyond security concerns. Information security aims to ensure the security of all information regardless whether privacy related or non-privacy related. Here we use the term information in its ordinary sense of “facts” stored in a database. This paper explores the privacyrelated differences between types of information to argue that security, policy, and technical requirements set personal identifiable information apart from other types of information,

Private/personal information Personal non-identifiable information (PNI) Personal identifiable information (PII)

Figure 1. Types of information.


NII = (INF – PII). We use the term ninfon to refer to this special type of infon. NII is the set of pieces of

11 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

non-identifiable information and includes all pieces of information except personal identifiable information (shaded area in Fig. 1). PNI in Fig. 1 is a subset of NII. It is the set of non-identifiable information; however, it is called “personal” or “private” because its owner (a natural person) has interest in keeping it private. In contrast, PII embeds a unique identity of a natural person From the security point of view, PII is more sensitive than an “equal amount” (to be discussed later) of NII. With regard to policy, PII has more policy-oriented significance (e.g., the 1996 EU directive) than NII. With regard to technology, there are unique PII-related technologies (e.g., P3P) and techniques (e.g., k-anonymization) that revolve around PII. Additionally, PII possesses an objective definition that allows separating it from other types of information, which facilitates organizing it in a manner not available to NII information. The distinction of infons into PII, NII, and PNI requires a supporting technology. We thus need a framework that allows us to handle, implement, and manage PII, NII, and PNI. Management of PII, NII, and PNI ought, ideally, to be optimal in the sense that derivable infons are not stored. This paper introduces a formalism to specify privacy-related infons based on a theoretical foundation. Current privacy research lacks such formalism. The new formalism can benefit two areas. First, a precise definition of the informational privacy notion is introduced. It can also be used as a base to develop a formal and informal specification language. Informal specification language can be used as a vehicle to specify various privacy constraints and rules. Further work can develop a full formal language to be used in privacy enhancing systems. In this paper, we concentrate on the conceptual organization of PII databases based on a theory of infons. To achieve such a task, we need to identify which subset of infons will be considered personal identifiable information. Since the combination of personal identifiable information is also personally identifiable, we must find a way to minimize the information to be stored. We introduce an algebra that supports such minimization. Infons may belong to different users in a system. We distinguish between proprietors (persons to whom PII refers through embedded identities) and owners (entities that possess PII of others such as agencies or other nonproprietor persons). II. RELATED WORKS Current database management systems (DBMS) do not distinguish between PII and NII. An enterprise typically has one or several databases. Some data is “private,” other data is public, and it is typical that these data are combined in queries. “Private” typically means exclusive ownership of and rights (e.g., access) to the involved data, but there is a difference between “private” data and personal identifiable data. “Private” data may include NII exclusively controlled by its owner; in contrast, PII databases contain only personal identifiable information and related data, as will be described later. For example, in the Oracle database, the Virtual Private Database (VPD) is the aggregation of fine-grained access control in a secure application context. It provides a mechanism for

building applications that enforce the security policies customers want enforced, but only where such control is necessary. By dynamically appending a predicate to SQL statements, VPD limits access to data at the table’s row level and ties the security policy to the table (or view) itself. “Private” in VPD means data owned and controlled by its owner. Such a mechanism supports the “privacy” of any owned data, not necessarily personal identifiable information. In contrast, we propose to develop a general PII information database management system where PII and NII are explicitly separated in planning, design, and implementation. Separating “private” data from “public” data has already been adopted in privacy preserving systems; however, these systems do not distinguish explicitly personal identifiable information. The Platform for Privacy Preferences (P3P) is one such system that provides a means for privacy policy specification and exchange but “does not provide any mechanism to ensure that these promises are consistent with the internal data processing” [7]. It is our judgment that “internal data processing” requires recognizing explicitly that “private data” is of two types: personal identifiable information and personal non-identifiable information, and this difficulty is caused by the heterogeneity of data. Hippocratic databases have been introduced as systems that integrate privacy protection into relational database systems [1][4]. A Hippocratic database includes privacy policies and authorizations associated with each attribute and each user for usage purpose(s). Access is granted if the access purpose (stated by the user) is entailed by the allowed purposes and not entailed by the prohibited purposes [7]. Users’ role hierarchies, similar to ones used in security policies (e.g., RBAC), are used to simplify management of the mapping between users and purposes. A request to access data is accompanied by access purpose, and accessing permission is determined after comparing such purpose with the intended purposes of that data in privacy policies. Each user has authorization for a set of access purposes. Nevertheless, in principle, a Hippocratic database is a general DBMS with a purpose mechanism. Purposes can be declared for any data item that is not necessarily personal identifiable information. III. INFONS This section reviews the theory of infons. The theory of infons provides a rich algebra of construction operations that can be applied to PII. Infons in an application domain such as personal identifiable information are typically interrelated; they partially depend on each other, partially exclude each other, and may be (hierarchically) ordered. Thus we need a theory that allows constructing a “lattice” of infons (and PII infons) that includes basic and complex infons while taking into consideration their structures and relationships. In such a theory, we identify basic infons that cannot be decomposed into more basic infons. This construction mechanism of infons from infons should be supported by an algebra of construction operations. We generally may assume that each infon consists of a number of components. The construction is applied in performing combination, replacement, or removal of some of these components; some may be essential (not removable) or auxiliary (optional).

12 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

An infon is a discrete item of information and may be parametric and anchored. The parameters represent objects or properties of objects. Anchors assign objects to parameters. Parameter-value pairs are used to represent a property of an infon. The property may be valid, invalid, undetermined, etc. The validity of properties is typically important information. Infons are thus representable by a tuple structure <<ID, {(param, value, validity)} >> or by an anchored tuple structures <<ID, {((param, value, validity), anchor(object))} >>. We may order properties and anchors. A linear order allows representing an infon as a simple predicate value. Following Devin’s formalism [9], an infon has the form <<R, a1, ... , an, 1>> and <<R, a1, ... , an, 0>>. R is an n-place relation and a1, . . . , an are objects appropriate for R. 0 and 1 indicate these may be thought of as objects do, do not, respectively, and they stand in relation R. For simplicity sake, we may write an infon <<R, a1, ... , an, 1/0>> as <<a1, ... , an>> when R is known or immaterial. We may use multisets instead of sets for infons or a more complex structure. We choose the set notation because of its representability within the XML technology. Sets allow us to introduce a simple algebra and a simple set of predicates. “PII infons” are distinguished by the mandatory presence of at least one proprietor, an object of type uniquely identifiable person. The world of infons currently of interest can be specified as the triple: (A; O; P) as follows. - Atomic infons A - Algebraic operations O for computing complex infons such as combination ⊕ of infons, abstraction ⊗ of infons by projections, quotient ÷ of infons, ρ renaming of infons, union ∪ of infons, intersection ∩ of infons, full negation ¬ of infons, and minimal negation ┐ of infons within a given context. - Predicates P stating associations among infons such as the sub-infon relation, a statement whether infons can be potentially associated with each other, a statement whether infons cannot be potentially associated with each other, a statement whether infons are potentially compatible with each other, and a statement whether infons are incompatible with each other. The combination of two infons results in an infon with all components of the two infons. The abstraction is used for a reduction of components of an infon. The quotient allows concentrating on those components that do not appear in the second infon. The union takes all components of two infons and does not combine common components into one component. The full negation allows generating all those components that do not appear in the infon. The minimal negation restricts this negation to some given context. We require that the sub-infon relation is not transitively reflexive. The compatibility and incompatibility predicates are not contradictory. The potential association and its negation must not conflict. The predicates should not span all possible

associations among the infons but only those that are meaningful in a given application area. We may assume that two infons are either potentially associated or cannot be associated with each other. The same restriction can be made for compatibility. This infon world is very general and allows deriving more advanced operations and predicates. If we assume the completeness of compatibility and association predicates, we may use expressions defined by the operations and derived predicates. The extraction of application-relevant infons from infons is supported by five operations: 1. Infon projection narrows the infon to those parts (objects or concepts, axioms or invariants relating entities, functions, events, and behaviors) of concern for the application-relevant infons. For example, a projection operation may produce the set of proprietors from a given infon, e.g., {Mary, John} from John loves Mary. 2. Infon instantiation lifts the general infons to those of interest within the solution and instantiates variables by values that are fixed for the given system. For example a PII infon may be instantiated from its anonymized version, e.g., John is sick from Someone is sick. 3. Infon determination is used to select those traces or solutions to the problem under inspection that are the most suitable or the best fit for the system envisioned. The determination typically results in a small number of scenarios for the infons to be supported, for example, infon determination to decide whether an infon belongs to a certain piiSphere (PII of a certain proprietor – to be discussed later). 4. Infon extension is used to add those facets not given by the infon but by the environment or the platforms that might be chosen or that might be used for simplification or support of the infon (e.g., additional data, auxiliary functionality), for example, infon extension to related non-identifiable information (to be discussed later). 5. Infons are often associated, adjacent, interacting, or fit with each other. Infon join is used to combine infons into more complex and combined infons that describe a complex solution, for example, joining atomic PIIs to form compound PII (these types of PII will be defined later) and a collection of related PII information. The application of these operations allows extraction of which sub-infons, which functionality, which events, and which behavior (e.g., the action/verb in PII) are shared among information spheres (e.g., of proprietors). These shared “facilities” encompass all information spheres of relevant infons. They also hint at possible architectures of information and database systems and at separation into candidate components. For instance, entity sharing (say, non-person entity) describes which information flow and development can be observed in the information spheres. We will not be strictly formal in applying infon theory to PII. Such a venture needs far more space. Additionally, we squeeze the approach in the area of database design in order to illustrate a sample application. The theory of PII infons can be applied in several areas, including the technical and legal aspects of information privacy and security.

13 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

IV. PERSONAL IDENTIFIABLE INFORMATION It is typically claimed that what makes data “private” or “personal” is either specific legislation, e.g., a company must not disclose information about its employees, or individual agreements, e.g., a customer has agreed to an electronic retailer's privacy policy. However, this line of thought blurs the difference between personal identifiable information and other “private” or “personal” information. Personal identifiable information has an “objective” definition in the sense that it is independent of such authorities as legislation or agreement. PII infons involve a special relationship called proprietorship with their proprietors, but not with persons who are their non-proprietors, and non-persons such as institutions, agencies, or companies. For example, a person may possess PII of another person, or a company may have the PII of someone in its database; however, proprietorship of PII is reserved only to its proprietor regardless of who possesses it. To base personal identifiable information on firmer ground, we turn to stating some principles related to such information. For us, personal identifiable information (pinfon) is any information that has referent(s) to uniquely identifiable persons [2]. In logic, this type of reference is the relation of a word (logical name) to a thing. A pinfon is an infon such that at least one of the “objects” is a singly identifiable person. Any singly identifiable person in the pinfon is called proprietor of that pinfon. The proprietor is the person about whom the pinfon communicates information. If there is exactly one object of this type, the pinfon is an atomic pinfon; if there is more than one singly identifiable person, it is a compound pinfon. An atomic pinfon is a discrete piece of information about a singly identifiable person. A compound pinfon is a discrete piece of information about several singly identifiable persons. If the infon does not include a singly identifiable person, it is called a ninfon. We now introduce a series of axioms that establish the foundation of the theory of personal identifiable information. These axioms can be considered negotiable assumptions. The symbol “→” denotes implication. INF is the set of infons described in Fig. 1. 1. Inclusivity of INF σ ∈ INF ↔ σ ∈ PII ∨ σ ∈ NII That is, infons are the union of pinfons and ninfons. PII is the set of pinfons (pieces of personal identifiable information), and NII is the set of ninfons (pieces of non-identifiable information). 2. Exclusivity of PII and NII σ ∈ INF ∧ σ ∉ PII → σ ∈ N σ ∈ INF ∧ σ ∉ N → σ ∈ PII That is, every infon is exclusively either pinfon or ninfon. 3. Identifiability Let ID denote the set of (basic) pinfons of type << is, Þ, 1>> and let þ be a parameter for a singly identifiable person. Then << is, Þ, 1>> → << is, Þ, 1>> ∈ INF

4. Inclusivity of PII Let nσ denote the number of uniquely identified persons in the infon σ, then σ ∈ INF ∧ nσ > 0 ↔ σ ∈ PII 5. Proprietary For σ ∈ PII, let PROP(σ) be the set of proprietors of σ. Let PERSONS denote the set of (natural) persons. Then, σ ∈ PII → PROP(σ) ∈ PERSONS That is, pinfons are pieces of information about persons. 6. Inclusivity of NII σ ∈ INF ∧ (nσ = 0) ↔ σ ∈ NII That is, non-identifiable information (ninfon) does not embed any unique identifiers of persons. 7. Combination of non-identifiability with identity Let ID denote the set of (basic) pinfons of type: << is, Þ, 1>>, then, σ1 ∈ PII ↔ <<σ2 ∈ NII ⊕ σ3 ∈ ID) >> assuming σ1 ∉ ID. “⊕” here denotes the “merging” of two sub-infons. 8. Closability of PII σ1 ∈ PII ⊕ σ2 ∈ PII → (σ1 ⊕ σ2) ∈ PII 9. Combination with non-identifiability σ1 ∈ NII ⊕σ2 ∈ PII → (σ1⊕σ2) ∈ PII That is, non-identifying information plus personal identifiable information is personal identifiable information. 10. Reducibility to non-identifiability σ1 ∈ PII ÷ (σ2 ∈ ID) ↔ σ3 ∈ NII where σ2 is a sub-infon of σ1. “÷” denotes removing σ2. 11. Atomicity Let APII = the set of atomic personal identifiable information. Then, σ ∈ PII ∧ (nσ = 1) ↔ σ ∈ APII 12. Non-atomicity Let CPII = the set of compound personal identifiable information. Then, σ ∈ PII ∧ (nσ > 1) ↔ σ ∈ CPII 13. Reducibility to atomicity σ ∈ CPII ↔ <<σ1, σ2, …, σm >>, σi ∈ APII, m = nσ, and 1≤i≤ m, and {PROP(σ1) , PROP(σ2), …, PROP(σm)} = PROP(σ). These axioms support the separation of infons into PII, NII, and PNI and their transformation. Let us now discuss the impact of some of these axioms. We concentrate the discussion on the more difficult axioms. Identifiability Let þ be a parameter for a singly identifiable person, i.e., a specific person, defined as

14 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Þ = IND1|<< singly identifiable, IND1, 1>> where IND indicates the basic type: an individual [9]. That is, Þ is a (restricted) parameter with an anchor for an object of type singly identifiable individual. The individual IND1 is of type person defined as << person, IND1, 1>> Put simply, þ is a reference to a singly identifiable person. We now elaborate on the meaning of “identifiable.” Consider the set of unique identifiers of persons. Ontologically, the Aristotelian entity/object is a single, specific existence (a particularity) in the world. For us, the identity of an entity is its natural descriptors (e.g., tall, black eyes, male, blood type A, etc.). These descriptors exist in the entity/object. Tallness, whiteness, location, etc. exist as aspects of the existence of the entity. We recognize the human entity from its natural descriptors. Some descriptors form identifiers. A natural identifier is a set of natural descriptors that facilitates recognizing a person uniquely. Examples of identifiers include fingerprints, faces, and DNA. No two persons have identical natural identifiers. An artificial descriptor is a descriptor that is mapped to a natural identifier. Attaching the number 123456 to a particular person is an example of an artificial descriptor in the sense that it is not recognizable in the (natural) person. An artificial identifier is a set of descriptors mapped to a natural identifier of a person. Date of birth (an artificial descriptor), gender (a natural descriptor), and a 5-digit ZIP (an artificial descriptor) are three descriptors that form an artificial identifier for 87% of the US population [12]. By implication, no two persons have identical artificial identifiers. If two persons somehow have the same Social Security number, then this Social Security number is not an artificial identifier because it is not mapped uniquely to a natural identifier. We define identifiers of proprietors as infons. Such definition is reasonable since the mere act of identifying a proprietor is a reference to a unique entity in the information sphere. Hence, << is, Þ, 1>> → << is, Þ, 1>> ∈ INF That is, every unique identifier of a person is an infon. These infons cannot be decomposed into more basic infons. Inclusivity of PII Next we position identifiers as the basic infons in the sphere of PII. The symbol nσ denotes the number of uniquely identified persons in infon σ. Then we can define PII and NII accordingly: σ ∈ INF ∧ nσ > 0 ↔ σ ∈ PII That is, an infon that includes unique identifiers of (natural) persons is personal identifiable information. From (3) and (4), any unique personal identifier or piece of information that embeds identifiers is personal identifiable information. Thus, identifiers are the basic PII infons (pinfons) that cannot be decomposed into more basic infons. Furthermore, every complex pinfon includes in its structure at least one basic infon, i.e., identifier. The structure of a complex pinfon is constructed from several components:

- Basic pinfons and ninfons, i.e., the pinfon John S. Smith and the ninfon Someone is sick form the atomic PII (i.e., PII with one proprietor) John S. Smith is sick. This pinfon is produced by an instantiation operation that lifts the general infons to pinfons and instantiates the variable (Someone) by a value (John S. Smith). - Complex pinfons form more complex infons, e.g., John S. Smith and Mary F. Fox are sick We notice that the operation of projection is not PII-closed since we can define projecting of ninfon from pinfon (removing all identifiers). This operation is typically called anonymization. Every pinfon refers to its proprietor(s) in the sense that it “leads” to him/her/them as distinguishable entities in the world. This reference is based on his/her/their unique identifier(s). As stated previously, the relationship between persons and their own pinfon is called proprietorship [1]. A pinfon is proprietary PII of its proprietor(s). Defining pinfon as “information identifiable to the individual” does not mean that the information is “especially sensitive, private, or embarrassing. Rather, it describes a relationship between the information and a person, namely that the information—whether sensitive or trivial—is somehow identifiable to an individual” [10]. However, personal identifiable information (pinfon) is more “valuable” than personal non-identifiable information (ninfon) because it has an intrinsic value as “a human matter,” just as privacy is a human trait. Does this mean that scientific information about how to make a nuclear bomb has less intrinsic moral value than the pinfon John is left handed? No, it means John is left handed has a higher moral value than the ninfon There exists someone who is left handed. It is important to compare equal amounts of information when we decide the status of each type of information [5]. To exclude such notions as confidentiality being applicable to the informational privacy of non-natural persons (e.g., companies), the next axiom formalizes that pinfon is applied only to (natural) persons. For σ ∈ PII, we define PROP(σ) to be the set of proprietors of σ. Notice that |PROP(σ ∈ PII)| = nσ. Multiple occurrences of identifiers of the same proprietor are counted as a single reference to the proprietor. In our ontology, we categorize things (in the world) as objects (denoted by the set OBJECTS) and non-objects. Objects are divided into (natural) persons (denoted by the set PERSONS) and non-persons. A fundamental proposition in our system is that proprietors are (natural) persons. Combination of non-identifiability with identity Next we can specify several transformation rules that convert from one type of information to another. These (privacy) rules are important for deciding what type of information applies to what operations (e.g., information disclosure rules). Let ID denote the set of (basic) pinfons of type << is, Þ, 1>>. That is, ID is the set of identifiers of persons (in the

15 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

world). We now define construction of complex infons from basic pinfons and non-identifying information. The definition also applies to projecting pinfons from more complex pinfons by removing all or some non-identifying information. σ1 ∈ PII ↔ <<σ2 ∈ NII ⊕ σ3 ∈ ID) >> assuming σ1 ∉ ID. That is, non-identifiable information plus a unique personal identifier is personal identifiable information and vice versa (i.e., minus). Thus the set of pinfons is closed under operations that remove or add non-identifying information. We assume the empty information ∅ is in NII. “⊕” here denotes “merging” two sub-infons. We also assume that only a single σ3 ∈ ID is added to σ2 ∈ NII; however, the axiom can be generalized to apply to multiple identifiers. An example of axiom 7 is σ1 = << John loves apples>> ↔ <<σ2 = Someone loves apples ⊕ σ3 = John>> Or, in a simpler description: σ1 = John loves apples ↔ {σ2 = Someone loves apples ⊕ σ3 = John} The axiom can also be applied to the union ∪ of pinfons. Closability of PII PII is a closed set under different operations (e.g., merge, concatenate, submerge, etc.) that construct complex pinfons from more basic pinfons. Hence, σ1 ∈ PII ⊕ σ2 ∈ PII → (σ1 ⊕ σ2) ∈ PII That is, merging personal identifiable information with personal identifiable information produces personal identifiable information. In addition, PII is a closed set under different operations (e.g., merge, concatenate, submerge, etc.) that construct complex pinfons by mixing pinfons with nonidentifying information. Reducibility to non-identifiability Identifiers are the basic pinfons. Removing all identifiers from a pinfon converts it to non-identifying information. Adding identifiers to any piece of non-identifying information converts it to a pinfon, σ1 ∈ PII ÷ σ2 ∈ ID ↔ σ3 ∈ NII where σ2 is a sub-infon of σ1. Axiom 10 states that personal identifiable information minus a unique personal identifier is non-identifying information and vice versa. “÷” here denotes removing σ2. We assume that a single σ2 ∈ ID is embedded in σ1; however, the opposition can be generalized to apply to multiple identifiers such that removing all identifiers produces σ3 ∈ NII. Atomicity Furthermore, we define atomic and non-atomic (compound) types of pinfons. Let APII = a set of atomic personal identifiable information. Each piece of atomic personal identifiable information is a special type of pinfon called apinfon. As we will see later, cpinfons can be reduced to apinfons, thus simplifying the analysis of PII. Formally, the set APII is defined as follows. σ ∈ PII ∧ nσ = 1 ↔ σ ∈ APII

That is, an apinfon is a pinfon with a single human referent. Notice that σ may embed several identifiers of the same person, yet the referent is still one. Notice that apinfons can be basic (a single identifier) or complex (a single identifier plus non-identifiable information). Non-atomicity Let CPII = a set of compound personal identifiable information. Each piece of compound personal identifiable information is a special type of pinfon called cpinfon. Formally, the set CPII is defined as follows. σ ∈ PII ∧ nσ > 1 ↔ σ ∈ CPII That is, a cpinfon is a pinfon with more than one human referent. Notice that cpinfons are always complex since they must have at least two apinfons (two identifiers). The apinfon (atomic personal identifiable information) is the “unit” of personal identifiable information. It includes one identifier and non-identifiable information. We assume that at least some of the non-identifiable information is about the proprietor. In theory this is not necessary. Suppose that an identifier is amended to a random piece of non-identifiable information (noise). In the PII theory the result is (complex) atomic PII. In general, mixing noise with information preserves information. Reducibility to atomicity Any cpinfon is privacy-reducible to a set of apinfons (atomic personal identifiable information). For example, John and Mary are in love can be privacy-reducible to the apinfons John and someone are in love and Someone and Mary are in love. Notice that our PII theory is a syntax (structural) based theory. It is obvious that the privacy-reducibility of compound personal identifiable information causes a loss of “semantic equivalence,” since the identities of the referents in the original information are separated. Semantic equivalency here means preserving the totality of information, the pieces of atomic information, and their link. Privacy reducibility is expressed by the following axiom: σ ∈ CPII ↔ <<σ1, σ2, …, σm >>, σi ∈ APII, m = nσ, (1 ≤ i ≤ m), and {PROP(σ1) , PROP(σ2), …, PROP(σm)} = PROP(σ). The reduction process produces m atomic personal identifiable information with m different proprietors. Notice that the set of resultant apinfons produces a compound pinfon. This preserves the totality of the original cpinfon through linking its apinfons together as members of the same set. V. CATEGORIZATION OF ATOMIC PERSONAL IDENTIFIABLE INFORMATION In this section, we identify categories of apinfons. Atomic personal identifiable information provides a foundation for structuring pinfons since compound personal identifiable information can be reduced to a set of apinfons. We concentrate on reducing all given personal identifiable

16 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

information to sets of apinfons. Justification for this will be discussed later. A. Eliminating ninfons embedded in an apinfon Organizing a database of personal identifiable information requires filtering and simplifying apinfons to more basic apinfons in order to make the structuring of pinfons easier. Axiom (9) tells us that pinfons may carry non-identifiable information, ninfons. This non-identifiable information may be random noise or information not directly about the proprietor. Removing random noise is certainly an advantage in designing a database. Identifying information that is not about the proprietor clarifies the boundary between PII and NII. A first concern when analyzing an apinfon is projecting (isolating, factoring) information about any other entities besides the proprietor. Consider the apinfon John’s car is fast. This is information about John and about a car of his. This apinfon can be projected as: ⊗ (John’s car is fast) ⇒ {The car is fast, John has a car}, where ⇒ is a production operator. John’s car is fast information embeds the “pure” apinfon John has a car and the ninfon The car is fast. John has a car is information about a relationship that John has with another object in the world. This last information is an example of what we call self information. Self information (sapinfon = self atomic pinfon) is information about a proprietor, his/her aspects (e.g., tall, short), or his/her relationship with nonhuman objects in the world; it is thus useful to further reduce apinfons (atomic) to sapinfon (self). Sapinfon is related to the concept of “what the piece of apinfon is about.” In the theory of aboutness, this question is answered by studying the text structure and assumptions of the source about the receiver (e.g., reader). We formalize aboutness in terms of the procedure ABOUT(σ), which produces the set of entities/objects that σ is “talking” about. In our case, we aim to reduce any self infon σ to σ´ such that ABOUT(σ) is PROP(σ´). Self atomic information represents information about the following: • Aspects of proprietor (identification, character, acts, etc.) • His or her association with non-person “things” (e.g., house, dog, organization, etc.) • His or her relationships with other persons (e.g., Smith saw a blond woman). With regard to non-objects, of special importance for privacy analysis are aspects of persons that are expressed by sapinfon. Aspects of a person include his/her (physical) parts, character, acts, condition, name, health, race, handwriting, blood type, manner, and intelligence. The existence of these aspects depends on the person, in contrast to (physical or social) objects associated with him/her such as his/her house, dog, spouse, job, professional associations, etc.

Let SAPII denote the set of sapinfons (self personal identifiable information). 14. Aboutness proposition σ ∈ SAPII ↔ ABOUT(σ) = PROP(σ) That is, atomic personal identifiable information σ is said to be self personal identifiable information (sapinfon) if its subject is its proprietor. The term “subject” here means what the entity is about when the information is communicated. The mechanism (e.g., manually) that converts APII to SAPII has yet to be investigated. A. Sapinfons involving aspects of proprietor or relationship with non-person We further simplify sapinfons. Let OPJ(σ ∈ SAPII) be the set of objects in σ. SAPII is of two types depending on the number of objects embedded in it: singleton, ssapinfon and multitude, msapinfon. The set ssapinfons, SSAPII, is defined as: 15. Singleton proposition σ ∈ SSAPII → σ ∈ SAPII ∧ (PROP(σ) = OPJ(σ)) That is, the proprietor of σ is its only object. The set msapinfons, MSAPII, is defined as follows. 16. Multitude proposition σ ∈ MSAPII → σ ∈ SAPII ∧ (|OPJ(σ)| > 1) That is, σ embeds other objects beside its proprietor. We also assume logical simplification that eliminates conjunctions and disjunctions of SAPII [5]. Now we can declare that the sphere of personal identifiable information (piiSphere) for a given proprietor is the database that contains: 1. All ssapinfons and msapinfons of the proprietor, including their arrangement in super-infons (e.g., to preserve compound personal identifiable information). 2. Related non-identifiable information to the piiSphere of the proprietor, as discussed next. A. What is related non-identifiable information? Consider the msapinfons Alice visited clinic Y. It is msapinfons because it represents a relationship (not an aspect of) the proprietor Alice had with an object, the clinic. Information about the clinic may or may not be privacy related information. For example, year of opening, number of beds, and other information about the clinic are not privacy related information; thus, such information ought not be included in Alice’s piiSphere. However, when the information is that the clinic is an abortion clinic, then Alice’s piiSphere ought to include this non-identifiable information about the clinic. As another example in terms of database tables, consider the following three tables representing the database of a company: Customer (Civil ID, Name, Address, Product ID)

17 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Product (ID, Price, Factory) Factory (Product ID, Product location, Inventory) Customer’s piiSphere includes: Ssapinfons (aspects of customer): Civil ID, Name Msapinfons (relationships with non-person objects): Address, Product ID However, information about Factory is not information related to the customer’s piiSphere. Now suppose that we have the following database: Person (Name, Address, Place of work) Place of work (Name, Owner) If it is known that the owner of the place of work is the Mafia, then the information related to the person’s piiSphere extends beyond the name of place of work. The decision about the boundary between a certain piiSphere and its related non-identifiable information is difficult to formalize. Fig. 2 shows a conceptualization of piiSpheres of two proprietors that have compound PII. Dark circles A–G represent possible non-person objects. For example, object A participates in an msapinfon (e.g., Factory, Address, and Place of work in previous examples). Object A has its own aspects (white circle around A) and relationships (e.g., with F) where some information may be privacysignificant to the piiSphere of proprietor. -

Even the relationship between the two proprietors may have its own sphere of information (white circle around E). E signifies a connection among a set of apinfons (atomic PII) since we assume that all compound PII have been reduced to atomic PII. For example, the infon {Alice is the mother of a child in the orphanage, John is the child of a woman who gave him up} is a cpinfon with two apinfons. If Alice and John are the proprietors, then E in the figure preserves the connection between these two apinfons in the two piiSpheres of Alice and John. VI. JUSTIFICATIONS FOR PII DATABASES We concentrate on what we call PII database, PIIDB, that contains personal identifiable information and information related to it. A. Security requirement We can distinguish two types of information security: (1) Personal identifiable information security, and (2) Non-identifiable information security. While the security requirements of NII are concerned with the traditional system characteristics of confidentiality, integrity, and availability, PII security lends itself to unique techniques pertaining only to PII. The process of protecting PII involves (1) protection of the identities of the proprietor and (2) protection of the nonidentity portion of the PII.


Related data piiSphere B




sspinfons Aspects Proprietor Proprietor

ssainfons Aspects

msapinfons Non-person Objects

Non-person Objects


C cpinfon cpinfon
Figure 2. Conceptualization of piiSpheres of two proprietors.


18 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Of course, all information security tools such as encryption can be applied in this context, yet other methods (e.g., anonymization) utilizing the unique structure of PII as a combination of identities and other information can also be used. Data-mining attacks on PII aim to determine the identity of the proprietor(s) from non-identifiable information; for example, determining the identity of a patient from anonymized information that gives age, sex, and zip code in health records (k-anonymization). Thus, PII lends itself to unique techniques that can be applied in protection of this information Another important issue that motivates organizing PII separately is that any intrusion on PII involves information in addition to the owner’s information (e.g., a company, proprietors, and other third parties, e.g., privacy commissioner). For example, a PII security system may require immediately alerting the proprietor that intrusion on his/her PII has occurred. An additional point is that the sensitivity of PII is in general valued more highly than the sensitivity of other types of information. PII is more “valuable” than non-PII because of its privacy aspect, as discussed previously. Such considerations imply a special security status for PII. The source of this volubility is instigated by moral considerations [7]. B. Policy requirement Some policies applied to PII are not applicable to NII (e.g., consent, opt-in/out, proprietor’s identity management, trust, privacy mining). While NII security requirements are concerned with the traditional system characteristics of confidentiality, integrity, and availability, PII privacy requirements are also concerned with such issues as purpose, privacy compliance, transborder flow of data, third party disclosure, etc. Separating PII from NII can reduce the complex policies required to safeguard sensitive information where multiple rules are applied, depending on who is accessing the data and what the function is. In general, PIIDB goes beyond mere protection of data: 1. PIIDB identifies proprietor’s piiSphere and provides security, policy, and tools to the piiSphere. 2. PIIDB provides security, policy, and tools only to proprietor’s piiSphere, thus conserving privacy efforts. 2. PIIDB identifies inter-piiSphere relationships (proprietors’ relationships with each other) and provides security, policy, and tools to protect the privacy of these relationships. VII. PERSONAL IDENTIFIABLE INFORMATION DATABASE (PIIDB) The central mechanism in PIIDB is an explicit declaration of proprietors in a table called PROPRIETORS that includes unique identifiers of all proprietors in the PIIDB. PROPRIETOR_TABLE contains a unique entry with an internal key (#proprietor) for each proprietor in addition to other information such as pointer(s) to his/her piiSphere. The principle of uniqueness of proprietor’s identifiers

requires that the internal key (#proprietor) is mapped one-toone to the individual's legal identity or physical location. This is an important feature in PIIDB to guarantee consistency of information about persons. This “identity” uniquely identifies the piiSphere and distinguishes one piiSphere from another. Thus, if we have PIIDB of three individuals, then we have three entries such that each leads (denoted as ⇒) to three piiSpheres: PROPRIETOR_TABLE: {(#proprietor1, …) ⇒ piiSphere of proprietor 1, (#proprietor2, …) ⇒ piiSphere of proprietor 2, (#proprietor3, …) ⇒ piiSphere of proprietor 3}. The “…” denotes the possibility of other information in the table. What is the content of each piiSphere? The answer is set(s) of atomic PIIs and related information. Usually, database design begins by identifying data items, including objects and attributes (Employee No., Name, Salary, Birth, Date of Employment, etc.). Relationships among data items are then specified (e.g., data dependencies). Semantically oriented graphs (e.g., ER graphs [13]) are sometimes used at this level. Finally, a set of tables is declared, such as the following: T1 = Father (ID, Name, Details), T2 = Mother (ID, Name Details), T3 = Child (ID, Name, Details), T4 = Case (No., Father ID, Mother ID, Child ID). T1, T2, and T3 represent atomic PIIs of fathers, mothers, and children, respectively. T4 embeds compound PIIs. In PIIDB, if R is a compound PII, then it is represented by the set of atomic PIIs: {R′ = Case (No., Father ID), R′′ = Case (No., Mother ID), R′′ = Case (No., Child ID)} Where R′ is in the piiSphere of father, R′′ is in the piiSphere of mother, and R′′ is in the piiSphere of child. Such a schema permits complete isolation of atomic PIIs from each other. This privacy requirement is essential in many personal identifiable databases. For example, in orphanages it is possible not to allow access to the information that a record exists in the database for a mother. In the example above, access policy for the three piiSpheres is independent from each other. At the conceptual level, reconstructing the relations among proprietors (cpinfons) is a database design problem (e.g., internal pointers among tables across piiSpheres). PIIDB obeys all propositions defined previously. Some of these propositions can be utilized as privacy rules. As an illustration of the applications of these propositions, consider the case of privacy constraint that prohibits disclosing σ ∈ PII. By proposition (9) above, mixing (e.g., amending, inserting, etc.) σ with any other piece of information makes the disclosure constraint apply to the combined piece of information. In this case a general policy is: Applying a

19 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

protection rule to σ1 ∈ PII implies applying the same protection to (σ1 σ2) where σ2 ∉ PII. VIII. CONCLUSION The theory of PII infons can provide a theoretical foundation for technical solutions to problems of protection of personal identifiable information. In such an approach, privacy rules form an integral part of the design of the system. PII can be identified (hence becomes an object of privacy rules) during processing of information that may mix it with other types of information. Different types of basic PII infons provide an opportunity for tuning the design of an information system. We propose analyzing and processing PII as a database with clear boundary lines separate from nonidentifiable information, which facilitates meeting the unique requirements of PII. A great deal of work is needed at the theoretical and design levels. An expanded version of this paper includes complete formalization of the theory. Additionally, we are currently applying the approach to analysis of an actual database of a government agency that handles social problems where a great deal of PII is collected. REFERENCES
[1] R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu, “Hippocratic databases,” 28th International Conference on Very Large Databases (VLDB), Hong Kong, China, August 2002. S. Al-Fedaghi, “How to calculate the information privacy,” Proceedings of the Third Annual Conference on Privacy, Security and Trust. (October 2005), pp. 12–14, St. Andrews, New Brunswick, Canada. S. Al-Fedaghi, G. Fiedler, and B. Thalheim, “Privacy enhanced information systems,” Information Modelling and Knowledge Bases XVII, vol. 136, in Frontiers in Artificial Intelligence and Applications, Y. Kiyoki, J. Henno, H. Jaakkola, and H. Kangassalo, Eds. IOS Press, February 2006. S. Al-Fedaghi, “Beyond purpose-based privacy access control,” 18th Australasian Database Conference, Ballarat, Australia, January 29– February 2, 2007. S. Al-Fedaghi, “How sensitive is your personal information?” 22nd ACM Symposium on Applied Computing (ACM SAC 2007), March 11– 15, Seoul, Korea. S. Al-Fedaghi, “Crossing privacy, information, and ethics,” 17th International Conference Information Resources Management Association (IRMA 2006), Washington, DC, USA, May 21–24, 2006. [Also published in Emerging Trends And Challenges in Information Technology Management, Mehdi Khosrow-Pour (ed.), IGI Publishing Hershey, PA, USA.]



[9] [10] [11] [12]


J. Byun, E. Bertino, and N. Li, “Purpose based access control of complex data for privacy protection,” Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies (SACMAT’050), June 1–3, 2005, Stockholm, Sweden. R. Clarke, “Introduction to dataveillance and informational privacy, and definitions of terms,” 2006. K. Devlin, Logic and Information, New York: Cambridge University Press, 1991. J. Kang, “Information privacy in cyberspace transactions,” Stanford Law Review 1193, pp. 1212-1220, 1998. C. J. Bennett and C. D. Raab, The Governance of Privacy: Policy Instruments in Global Perspective. United Kingdom: Ashgate, 2003. L. Sweeney, “Weaving technology and policy together to maintain confidentiality,” Journal of Law, Medicine and Ethics, vol. 25, pp. 98110, 1997. B. Thalheim, Entity-Relationship Modeling: Foundations of Database Technology. Berlin: Springer, 2000.







Sabah Al-Fedaghi holds an MS and a PhD in computer science from Northwestern University, Evanston, Illinois, and a BS in computer science from Arizona State University, Tempe. He has published papers in journals and contributed to conferences on topics in database systems, natural language processing, information systems, information privacy, information security, and information ethics. He is an associate professor in the Computer Engineering Department, Kuwait University. He previously worked as a programmer at the Kuwait Oil Company and headed the Electrical and Computer Engineering Department (1991–1994) and the Computer Engineering Department (2000–2007). Bernhard Thalheim holds an MSc in mathematics from Dresden University of Technology, a PhD in Mathematics from Lomonosov University Moscow, and a DSc in Computer Science from Dresden University of Technology. His major research interests are database theory, logic in databases, discrete mathematics, knowledge systems, and systems development methodologies, in particular for Web information systems. He has been program committee chair and general chair for several international events, including ADBIS, ASM, EJC, ER, FoIKS, MFDBS, NLDB, and WISE. He is currently full professor at Christian-Albrechts-University at Kiel in Germany and was previously with Dresden University of Technology (1979– 1988) (associate professor beginning in 1986), Kuwait University (1988–1990) (visiting professor), Rostock University (1990–1993) (full professor), and Cottbus University of Technology (1993–2003) (full professor).

20 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Improving Effectiveness Of E-Learning In Maintenance Using Interactive-3D
Lt.Dr.S Santhosh Baboo Reader P.G. & Research Dept of Computer Science D.G.Vaishnav College, Chennai 106 • • Nikhil Lobo Research Scholar Bharathiar University

Abstract—In aerospace and defense, training is being carried out on the web by viewing PowerPoint presentations, manuals and videos that are limited in their ability to convey information to the technician. Interactive training in the form of 3D is a more cost effective approach compared to creation of physical simulations and mockups. This paper demonstrates how training using interactive 3D simulations in e-learning achieves a reduction in the time spent in training and improves the efficiency of a trainee performing the installation or removal. Keywords- Interactive 3D; E-Learning; Training; Simulation

What steps a technician needs to perform as part of the procedure? What steps are to be carried out after completing a procedure? II. TRAINING EFFECTIVENESS

Effectiveness of training based on statistics convey that trainees generally remember more of what they see than of what they read or hear and more of what they hear, see and do than what they hear and see.



Some procedures are found to be hazardous and need to be demonstrated to maintenance personnel without damaging equipment or injuring personnel. These procedures require continuous practice and when necessary retraining. The technician is also to be trained in problem solving and decision making skills. The training should consider technicians widely distributed with various skills and experience levels. The aerospace and Defense industry in the past have imparted training using traditional blackboard outlines, physical demonstrations and video that is limited in their ability to convey information about tasks, procedures and internal components. Studies have demonstrated that 90% what they do is remembered by a student in contrast to 10% of what they read. Now a need has arisen for interactive three-dimensional content for visualization of objects, concepts and processes. Interactive training in the form of 3D is a more cost effective approach compared to creation of physical simulations and mockups. Online training generally takes only 60 percent of the time required for classroom training on the same material [1]. For any removal or installation procedure, it is important that the e-learning content should demonstrate the following aspects: • • • What steps are to be carried out before starting a procedure? What special tools, consumables and spares are required for carrying out the procedure? What safety conditions are to be adhered to when carrying out the procedure?

Figure 1. Statistics of training effectiveness

Three-dimensional models are widely used in the design and development of products because they efficiently represent complex shape information. These 3D models can be used in e learning to impart training. The training process can be greatly enhanced by allowing trainees to interact with these 3D models. Moreover by using WWW-based simulation, the company can make a single copy of the models available over the WWW instead of mailing demonstration software to potential customers. This reduces costs and avoids customer frustration with installation and potential hardware compatibility problems [2]. This simulation-based e-learning is designed to simplify and control reality by removing complex systems that exist in real life, so the learner can focus on the knowledge to be learnt effectively and efficiently [3].

21 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

The objectives of using interactive 3D for training is as follows: • Reducing the time spent in training by 30% or more • Reducing the time spent in performing the installation by a trainee by 25% or more III. COURSEWARE STRUCTURE

the technician to move or rotate the individual part for better understand of the particular part. Each part is labeled with a part number that is unique and a nomenclature.

Since the web has been providing unprecedented flexibility and multimedia capability to deliver course materials, more and more courses are being delivered through the web. The existing course materials like PowerPoint presentations, manuals and videos, had a limited ability to convey information to the technician and most current internet-based educational applications do not present 3D objects even though 3D visualization is essential in teaching most engineering ideas. Interactive learning is essential for both acquiring knowledge and developing physical skills for carrying out maintenance related activities. Interaction and interactivity are fundamental to all dynamic systems, particularly those involving people [4]. Although there are images of three-dimensional graphics on the web, their two-dimensional format does not imitate the actual environment because objects are three-dimensional. Hence there is a need for integrating three-dimensional components and interactivity, creating three-dimensional visualization providing technicians an opportunity to learn through experimentation and research. The e-learning courseware is linearly structured with three modules for each removal or installation procedure. A technician is required to complete each module before proceeding to the next. These modules include Part Familiarization, Procedure and Practice. These modules provide a new and creative method for presenting removal or installation procedures effectively to technicians.

Figure 3. Part Familiarisation module and Context View



Once the technician has a clear understanding of the assembly and its parts, technicians advance to the module to learn how to accurately remove or install the assembly. In procedure, removal or installation is demonstrated in an animated form one step at a time. This allows the technician to study step-bystep removal or installation process using animation that technicians can replay anytime. The use of three-dimensional models in the animation imitates the real removal or installation process helping the technicians to understand concepts very clearly. Removal or installation of each part from the assembly is animated along with callouts indicating the part number, nomenclature, tool required and torque. The animations are presented one step at a time to ensure technicians are able to perform the removal or installation process in the right order. Safety conditions like warnings and cautions are also displayed along with the animation. A warning is used to alert the reader to possible hazards, which may cause loss of life, physical injury or ill health. A caution is used to denote a possibility of damage to material but not to personnel. A voice accompanies the animation to enable the technician to understand the procedure better.

Figure 2. Part Familiarization, Procedure and Practice modules



This familiarizes the technician with the parts that constitute the assembly to be installed or removed. This module provides technicians with information as to what each part looks like and where they are located in the assembly. An assembly is displayed with a part list comprising of the parts that make up the assembly. Here the assembly is displayed as a 3D Model in the Main Window allowing the technician to rotate and move the assembly. Individual parts can be identified by selecting them from the parts list and by viewing the model in “context view”. Context View displays only the part selected in the part list with 100% opacity while reducing the opacity of other parts in the assembly. This enables easy identification of a selected part in the assembly. Individual parts that are selected are also displayed in a Secondary Window, allowing

Figure 4. Procedure module



Before performing any real procedure, technicians are first evaluated using a removal or installation procedural simulation. Practice allows a technician to perform an installation or removal procedure on standard desktops, laptops, and Tablet PCs one step at a time, to ensure that the technician clearly understands the procedure and is ready to perform the procedure using an actual assembly. Three-dimensional models

22 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

are used in the simulation to enable the technician to feel as though they were performing the removal or installation procedure using the actual assembly. Using three-dimensional simulations technicians can perform, view, and understand the procedure using a three-dimensional view. In installation, parts are dragged from a bin to create an assembly. In removal, parts are dragged from the assembly into a bin. In either case if a wrong part is installed or removed, an alert box is displayed on the screen preventing the technician from proceeding until the correct part is installed or removed.

weighing more than 5 kilos), triggered by heavy vehicles such as tanks. These mines contain enough explosives to destroy the vehicle that runs over them. Anti-personnel mines are smaller and lighter (weighing as little as 50 grams), triggered much more easily and is designed to wound people. It is critical that these soldiers have access to technical information about the landmine, details regarding safe handling and its disposal. Creation of 3D simulations of landmines that allow soldiers to view its details of its parts, watch safety procedural animations and interact with them resulted in soldiers having greater understanding and knowledge of landmines they encounter.

Figure 7. Anti-tank and Anti-personel mines

Figure 5. Practice module



A. Turbojet Engines Ineffective training to technicians that are geographically distributed has resulted in improper troubleshooting procedures being carried out on Turbojet Engines resulting in reliability of the engine being compromised. Technicians are now being trained using interactive 3D simulations of the engine explaining its description, operation, maintenance and troubleshooting procedures resulting in an estimated saving of $1.5 Million with an improved maintenance turn-around-time. Technicians now are able to practice these procedures on standard desktops, laptops, and Tablet PCs eliminating geographic barriers and imparting a high standard of training.

C. M79 Grenade Launcher It had been identified by the Army that a lack of access to M79 Grenade Launchers during familiarization trainings had resulted in deployment of soldiers with limited knowledge and experience levels. To overcome this hurdle 3D-enabled M79 Grenade Launchers Virtual Task Trainers were provided simulating the single-shot, shoulder-fired, break open grenade launcher, which fires a 40x46mm grenade. Now soldiers are able to receive familiarization training regardless of geographic barriers or lack of access to weapons.

Figure 8. M79 Grenade Launcher

Figure 6. Turbojet Engine

B. Anti-tank and Anti-personel mines There is a difficulty in training soldiers in the Army on handling and disposal of both anti-tank mines and antipersonnel mines. Anti-tank mines are large and heavy (usually

D. Black Shark Torpedo Black Shark torpedo is designed for launching from submarines or surface vessels. It is meant to counter the threat posed by any type of surface or underwater target. Due to the fast pace of operations, Navy technicians received little to no training on Black Shark torpedo. This has resulted in improper operating procedures and preventative maintenance checks. Web-enabled 3D simulations have been developed allowing technicians to have hands-on practice anytime and anywhere along with familiarization to parts, maintenance procedures and repair tasks. This has resulted in technicians showing a level of interest using 3D simulations compared to existing course materials like PowerPoint presentations, manuals and videos.

23 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009
TABLE II. Installation USING INTERACTIVE 3D FOR TRAINING Actual time spent to Time spent in training a trainee complete the installation by a trainee using Interactive 3D 2 hours 20 minutes 3 hours 1 hours 30 minutes 1 hours 30 minutes 45 minutes 30 minutes 30 minutes 20 minutes

Hydraulic Pump Figure 9. Black Shark Torpedo Hydraulic Reservoir High Pressure Filter Anti-Skid Control Valve

E. Phoenix Missile Technicians were constantly facing operational difficulties concerning Phoenix Missile due to the inability to demonstrate the operation of its internal components. Phoenix Missile is a long-range air-to-air missile. Interactive 3D simulation demonstrating its internal components along with functioning was developed allowing technicians to view parts information, rotate and cross-section of the Phoenix Missile.

Quick Disconnect Coupling 1 hours 30 minutes Suction TABLE III.



Hydraulic Pump Hydraulic Reservoir High Pressure Filter Anti-Skid Control Valve

Actual time spent to Time spent in training a trainee complete the installation by a trainee using Interactive 3D 33.3% 34% 33.3% 50% 40% 25% 33.3% 33.3% 34%

Quick Disconnect Coupling 50% Suction Figure 10. Phoenix Missile





A case study to find out the effort saved using interactive 3D was carried out on the following installations: • Hydraulic Pump • • • • Hydraulic Reservoir High Pressure Filter Anti-Skid Control Valve Quick Disconnect Coupling Suction

The metrics collected and analyzed during the implementation of interactive 3D demonstrates the following benefits in maintenance • Reducing the time spent in training by 30% or more • Reducing the time spent in performing the installation by a trainee by 25% or more


In conclusion interactive 3D reduces the amount of time spent in hands-on training on real equipment, protects trainees from injury and equipment from damage when performing procedures that are hazardous. It provides an opportunity for technicians to study the internal components of equipments and this training can be provided to technicians that are geographically distributed. REFERENCES
[1] Wright Elizabeth E, "Making the Multimedia Decision: Strategies for Success." Journal of Instructional Delivery Systems, Winter 1993, pp. 15-22. Tamie L. Veith , “World Wide Web-based. Simulation”, Int. J. Engng Ed. 1998, Vol. 14, No. 5, pp. 316-321. Alessi and Trollip, “Computer Based Instruction: Methods and Development”, New Jersey: Prentice Hall, 1991. Jong, Ton, Sarti, Luigi, “Design and Production of Multimedia and Simulation-Based Learning Material”, Kluwer Academic Publishers, Dordrecht, 1993.


Hydraulic Pump Hydraulic Reservoir High Pressure Filter Anti-Skid Control Valve

Actual time spent to Time spent in training a trainee complete the installation by a trainee using video clips 3 hours 30 minutes 4 hours 30 minutes 3 hours 2 hours 30 minutes 1 hour 45 minutes 45 minutes 30 minutes

[2] [3] [4]

Quick Disconnect Coupling 2 hours 15 minutes Suction

24 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

An Empirical Comparative Study of Checklistbased and Ad Hoc Code Reading Techniques in a Distributed Groupware Environment
Olalekan S. Akinola
Department of Computer Science, University of Ibadan, Nigeria.

Adenike O. Osofisan
Department of Computer Science, University of Ibadan, Nigeria

Software inspection is a necessary and important tool for software quality assurance. Since it was introduced by Fagan at IBM in 1976, arguments exist as to which method should be adopted to carry out the exercise, whether it should be paper-based or toolbased, and what reading technique should be used on the inspection document. Extensive works have been done to determine the effectiveness of reviewers in paper-based environment when using ad hoc and checklist reading techniques. In this work, we take the software inspection research further by examining whether there is going to be any significant difference in defect detection effectiveness of reviewers when they use either ad hoc or checklist reading techniques in a distributed groupware environment. Twenty final year undergraduate students of computer science, divided into ad hoc and checklist reviewers groups of ten members each were employed to inspect a mediumsized java code synchronously on groupware deployed on the Internet. The data obtained were subjected to tests of hypotheses using independent t-test and correlation coefficients. Results from the study indicate that there are no significant differences in the defect detection effectiveness, effort in terms of time taken in minutes and false positives reported by the reviewers using either ad hoc or checklist based reading techniques in the distributed groupware environment studied. Key words: Software Inspection; Ad hoc; Checklist; groupware.

I. INTRODUCTION A software could be judged to be of high or low quality depending on who is analyzing it. Thus, quality software can be said to be a “software that satisfies the needs of the users and the programmers involved in it”, [28]. Pfleeger highlighted four major criteria for judging the quality of a software: (i) It does what the user expects it to do; (ii) Its interaction with the computer resources is satisfactory; (iii) The user finds it easy to learn and to use; and (iv) The developers find it convenient in terms of design, coding, testing and maintenance. In order to achieve the above criteria, software inspection was introduced. Software inspection has become

widely used [36] since it was first introduced by Fagan [25] at IBM. This is due to its potential benefits for software development, the increased demand for quality certification in software, (for example, ISO 9000 compliance requirements), and the adoption of the Capability Maturity Model as a development methodology [27]. Software inspection is a necessary and important tool for software quality assurance. It involves strict and close examinations carried out on development products to detect defects, violations of development standards and other problems [18]. The development products could be specifications, source code, contracts, test plans and test cases [33, 4, 8]. Traditionally, the software inspection artifact (requirements, designs, or codes) is normally presented on papers for the inspectors / reviewers. The advent of Collaborative Software Development (CSD) provides opportunities for software developers in geographically dispersed locations to communicate, and further build and share common knowledge repositories [13]. Through CSD, distributed collaborative software inspection methodologies emerge in which group of reviewers in different geographical locations may log on synchronously or asynchronously online to inspect an inspection artifact. It has been hypothesized that in order to gain credibility and validity, software inspection experiments have to be conducted in different environments, using different people, languages, cultures, documents, and so on [10, 12]. That is, they must be redone in some other environments. The motivation for this work therefore stems from this hypothesis. Specifically, the following are the target goals of this research work, to determine if there is any significant difference in the effectiveness of reviewers using ad hoc code reading technique and those using Checklist reading technique in a distributed tool-based environment. Twenty final year students of Computer Science were employed to carry out inspection task on a mediumsized code in a distributed, collaborative environment. The students were grouped into two groups. One group used the Ad hoc code reading technique while the second group used the checklist-based code reading technique (CBR). Briefly, results obtained show that there is no significant difference

25 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

in the effectiveness of reviewers using Ad hoc and Checklist reading technique in the distributed environment. In the rest of this paper, we focus on review of related work in section 2. In section 3, we stated the experimental planning and instruments used as well as the subjects and hypotheses set up for the experiment. Threats to internal and external validities are also treated in this section. In section 4, we discuss the results and statistical tests carried out on the data in the experiment. Section 5 is about the discussion of our results while section 6 states the conclusion and recommendations. Related Works: Ad hoc versus Checklist-based Reading Techniques Software inspection is as old as programming itself. It was introduced in the 1970s at IBM, which pioneered its early adoption and later evolution [25]. It is a way of detecting faults in a software documents – requirements, design or code. Recent empirical studies demonstrate that defect detection is more an individual than a group activity as assumed by many inspection methods and refinements [20, 29, 22]. Inspection results depend on inspection participants themselves and their strategies for understanding the inspected artifacts [19]. A defect detection or reading (as it is popularly called) technique is defined as the series of steps or procedures whose purpose is to guide an inspector in acquiring a deep understanding of the inspected software product [19]. The comprehension of inspected software products is a prerequisite for detecting subtle and / or complex defects, those often causing the most problems if detected in later life cycle phases. According to Porter et al, [1], defect detection techniques range in prescription from intuitive, nonsystematic procedures such as ad hoc or checklist techniques, to explicit and highly systematic procedures such as scenarios or correctness proofs. A reviewer's individual responsibility may be general, to identify as many defects as possible, or specific, to focus on a limited set of issues such as ensuring appropriate use of hardware interfaces, identifying un-testable requirements, or checking conformity to coding standards. Individual responsibilities may or may not be coordinated among the review team members. When they are not coordinated, all reviewers have identical responsibilities. In contrast, each reviewer in a coordinated team has different responsibilities. The most frequently used detection methods are ad hoc and checklist. Ad-hoc reading, by nature, offers very little reading support at all since a software product is simply given to inspectors without any direction or guidelines on how to proceed through it and what to look for. However, ad-hoc does not mean that inspection participants do not scrutinize the inspected product systematically. The word `ad-hoc' only refers to the fact that no technical support is given to them for the problem of how to detect defects in a software artifact. In this case, defect II.

detection fully depends on the skill, the knowledge, and the experience of an inspector. Training sessions in program comprehension before the take off of inspection may help subjects develop some of these capabilities to alleviate the lack of reading support [19]. Checklists offer stronger, boilerplate support in the form of questions inspectors are to answer while reading the document. These questions concern quality aspects of the document. Checklists are advocated in many inspection works. For example, Fagan [24,25], Dunsmore [2], Sabaliauskaite [12], Humphrey [35] and Gilb and Grahams' manuscript [32] to mention a few. Although reading support in the form of a list of questions is better than none (such as ad-hoc), checklistbased reading has several weaknesses [19]. First, the questions are often general and not sufficiently tailored to a particular development environment. A prominent example is the following question: “Is the inspected artifact correct?” Although this checklist question provides a general framework for an inspector on what to check, it does not tell him or her in a precise manner how to ensure this quality attribute. In this way, the checklist provides little support for an inspector to understand the inspected artifact. But this can be vital to detect major application logic defects. Second, how to use a checklist are often missing, that is, it is often unclear when and based on what information an inspector is to answer a particular checklist question. In fact, several strategies are actually feasible to address all the questions in a checklist. The following approach characterizes the one end of the spectrum: The inspector takes a single question, goes through the whole artifact, answers the question, and takes the next question. The other end is defined by the following procedure: The inspector reads the document. Afterwards he or she answers the questions of the checklist. It is quite unclear which approach inspectors follow when using a checklist and how they achieved their results in terms of defects detected. The final weakness of a checklist is the fact that checklist questions are often limited to the detection of defects that belong to particular defect types. Since the defect types are based on past defect information, inspectors may not focus on defect types not previously detected and, therefore, may miss whole classes of defects. To address some of the presented difficulties, one can develop a checklist according to the following principles [19]: • The length of a checklist should not exceed one page. • The checklist question should be phrased as precise as possible. • The checklist should be structured so that the quality attribute is clear to the inspector and the question give hints on how to assure the quality attribute. And additionally, • The checklist should not be longer than a page approximately 25 items [12, 32].

26 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

In practice, reviewers often use Ad Hoc or Checklist detection techniques to discharge identical, general responsibilities. Some authors, especially Parnas and Weiss [9] have argued that inspections would be more effective if each reviewer used a different set of systematic detection techniques to discharge different specific responsibilities. Computer and / or Internet support for software inspections has been suggested as a way of removing the bottlenecks in the traditional software inspection process. The web approach makes software inspection much more elastic, in the form of asynchronicity and geographical dispersal [14]. The effectiveness of manual inspections is dependent upon satisfying many conditions such as adequate preparations, readiness of the work product for review, high quality moderation, and cooperative interpersonal relationships. The effectiveness of tool-based inspection is less dependent upon these human factors [29, 26]. Stein et al., [31] is of the view that distributed, asynchronous software inspections can be a practicable method. Johnson [17] however opined that thoughtless computerization of the manual inspection process may in fact increase the cost of inspections. To the best of our knowledge, many of the works in this line of research from the literatures either report experiences in terms of lessons learned with using the tools, for instance, Harjumaa [14] and Mashayekhi [34], or compare the effectiveness of tools with paper-based inspections, for instance, Macdonald and Miller [23]. In the case of ICICLE [7], the only published evaluation comes in the form of lessons learned. In the case of Scrutiny, in addition to lessons learned [16], the authors also claim that tool-based inspection is as effective as paper-based, but there is no quantifiable evidence to support this claim [15]. In this paper, we examine the feasibility of tool support for software code inspection as well as determining if there is any significant difference in the effectiveness of reviewers using ad hoc and checklist reading techniques in a distributed environment. III. Experimental Planning and Design A. Subjects: Twenty 20 final year students of Computer Science were employed in the study. Ten (10) of the studentreviewers used Ad Hoc reading technique, without providing any aid for them in the inspection. The other ten

used Checklist based reading technique. The tool provided them with some checklist as aid for the inspection. B. Experimental Instrumentation and Set up Inspro, a web-based distributed, collaborative code inspection tool was designed and developed as a code inspection groupware used in the experiment. The experiment was actually run in form of synchronous, distributed collaborative inspection with the computers on the Internet. One computer was configured as a server having WAMP server installed on it, while the other computers served as clients to the server. The tool was developed by the authors, using Hypertext Preprocessor (PHP) web programming language and deployed on Apache Wamp Server. The student reviewers were orientated on the use of the Inspro webbased tool as well as the code artifact before the real experiment was conducted on the second day. The tool has the following features: (i) The user interface is divided into three sections. A section displays the code artifact to be worked upon by the reviewers along with their line numbers, while another section displays the text box in which the reviewers keyed in the bugs found in the artifact. The third section below is optionally displayed to give the checklist to be used by the reviewers if they are in checklist group and does not display anything for the ad hoc inspection group. Immediately a reviewer log on to the server, the tool starts counting the time used for the inspection and finally records the time stopped when submit button is clicked. The date the inspection is done as well as the prompt for the name of the reviewer is automatically displayed when the tool is activated. The tool actually writes the output of the inspection exercise on a file which will be automatically opened when submit button is clicked. This file will then be finally opened and printed for further analysis by the chief coordinator of the inspection.




Fig. 1 displays the user interface of the Inspro tool.

27 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

C. Experimental Artifact The artifact used for this experiment was a 156 lines java code which accepts data into two 2-dimensional arrays. This small-sized cod was used because the students involved in the experiment had their first experience in code inspection with this experiment; even though they were given some formal trainings on code inspection prior the exercise. The experiment was conducted as a practical class in a Software Engineering course in 400 level (CSC 433) in the Department of Computer Science, University of Ibadan, Nigeria. The arrays were used as matrices. Major operations on matrices were implemented in the program such as sum, difference, product, determinant and transpose of matrices. All conditions for these operations were tested in the program. The code was developed and tested okay by the researcher before it was finally seeded with 18 errors: 12 logical and 6 syntax/semantic. The program accepts data into the two arrays, then performs all the operations on them and reports the output results of computation if there were no errors. If there were errors in form of operational

condition not being fulfilled for any of the operations, the program reports appropriate error log for that operation. D. Experimental Variables and Hypothesis The experiment manipulated 2 independent variables: The number of reviewers per team (1, 2, 3, or 4 reviewers, excluding the code author) and the review method – ad hoc and checklist. Three dependent variables were measured for the independent variables: the average number of defects detected by the reviewers, that is, defect detection effectiveness (DE), the average time spent for the inspection (T) in minutes and the average number of false positives reported by the reviewers (FP). The defect detection effectiveness (DE) is the number of true defects detected by reviewers out of the total number of seeded defects in a code inspection artifact. The time measures the total time (in minutes) spent by a reviewer on inspecting an inspection artifact. Inspection Time is also a measure of the effort (E) used by the reviewers in a software inspection exercise. False positives (FP) are the perceived defects a reviewer reported but are actually not true defects.


Inspro User Interface

28 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Three hypotheses were stated for this experiment as follows. Ho1: There is no significant difference between the effectiveness of reviewers using Ad hoc and Checklist reading techniques in distributed code inspection. Ho2: There is no significant difference between the effort taken by reviewers using Ad hoc and Checklist techniques in distributed code inspection. Ho3: There is no significant difference between the false positives reported by reviewers using Ad hoc and Checklist techniques in distributed code inspection. E. Threats to validity The question of validity draws attention to how far a measure really measures the concept that it purports to measure (Alan and Duncan, 1997). Therefore, in this experiment, we considered two important threats that may affect the validity of the research in the domain of software inspection. F. Threats to Internal Validity Threats to internal validity are influences that can affect the dependent variables without the researcher's knowledge. We considered three such influences: (1) selection effects, (2) maturation effects, and (3) instrumentation effects. Selection effects are due to natural variation in human performance [1]. For example, if one-person inspections are done only by highly experienced people, then their greater than average skill can be mistaken for a difference in the effectiveness of the treatments. We limited this effect by randomly assigning team members for each inspection. This way, individual differences were spread across all treatments. Maturation effects result from the participants' skills improving with experience. Randomly assigning the reviewers and doing the review within the same period of time checked these effects. Instrumentation effects are caused by the artifacts to be inspected, by differences in the data collection forms, or by other experimental materials. In this study, this was

negligible or did not take place at all since all the groups inspected the artifacts within the same period of time on the same web based tool. 3.4.2 Threats to External Validity Threats to external validity are conditions that can limit our ability to generalize the results of experiments to industrial practice [1]. We considered three sources of such threats: (1) experimental scale, (2) subject generalizability, and (3) subject and artifact representativeness. Experimental scale is a threat when the experimental setting or the materials are not representative of industrial practice. This has a great impact on the experiment as the material used (matrix code) was not a true representative of what obtains in industrial setting. The code document used was invented by the researchers. A threat to subject generalizability may exist when the subject population is not drawn from the industrial population. We tried to minimize this threat by incorporating 20 final year students of Computer Science who have just concluded a 6 months industrial training in the second semester of their 300 level. The students selected were those who actually did their industrial trainings in software development houses. Threats regarding subject and artifact representativeness arise when the subject and artifact population is not representative of the industrial population. The explanations given earlier also account for this threat. 4. Results

Table 1 shows the raw results obtained from the experiment. The “defect (%)” gives the percentage true defects reported by the reviewers in each group (Ad hoc and Checklist) from the 18 seeded errors in the code artifact, the “effort” gives the time taken in minutes for reviewers to inspect the online inspection documents while the “No of FP” is the total number of false positives reported by the reviewers in the experiment.

29 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009
Table 1: Raw Results Obtained from Collaborative Code Inspection

s/n 1 2 3 4 5 6 7 8 9 10

Ad hoc Inspection Defect Effort No of (%) (Mins) FP 27.78 44.44 50.00 50.00 38.89 61.11 50.00 38.89 44.44 50.00 31 72 57 50 82 98 52 50 48 51 1 5 4 2 0 6 5 3 1 3

Checklist Inspection Defect Effort No of (%) (Mins) FP 44.44 33.33 27.78 22.22 22.22 27.78 33.33 38.89 38.89 44.44 80 60 35 43 21 30 25 45 42 38 5 5 4 3 0 2 4 1 2 3 by which nominal teams can be created. Aybüke, et al, [3] suggest creating all combinations of teams where each individual reviewer is included in multiple teams, but this introduces dependencies among the nominal teams. They also suggest randomly create teams out of the reviewers without repetition and using bootstrapping as suggested by Efron and Tibshirani [11], in which samples are statistical drawn from a sample space, followed by immediately returning the sample so that it possibly can be drawn again. However, bootstrapping on an individual level will increase the overlap if the same reviewer is chosen more than once in a team. In this study, four different nominal teams were created each for the Ad hoc and Checklist reviewers. The first reviewers form the team of size 1, next two form the teams of size two. So we have Teams of 1-person, 2-person, 3-person and 4-person. Table 2 gives the mean aggregate values of results obtained with the nominal teams.

The traditional method of conducting inspection on a software artifact is to do it in teams of different sizes. However, it is not possible to gather the reviewers into teams online, since they did not meet face-to-face. Therefore, nominal teams’ selection as is usually done in this area of research was used. Nominal teams consist of individual reviewers or inspectors who do not communicate with each other during inspection work. Nominal teams can help to minimize inspection overhead and to lower inspection cost and duration [30]. The approach of creating virtual teams or nominal teams has been used in other studies as well, [30, 6]. An advantage of nominal inspections is that it is possible to generate and investigate the effect of different team sizes. A disadvantage is that no effects of the meeting and possible team synergy are present in the data [3]. The rationale for the investigation of nominal teams is to compare nominal inspections with the real world situation where teams would be formed without any re-sampling. There are many ways
Table 2: Mean Aggregate Results for Nominal Team Sizes

Nominal Team size

Ad hoc Inspection DE (%) T (mins) 27.78 47.22 50.00 46.11 31.0 64.5 76.7 50.3

FP 1.0 4.5 2.7 3.0

Checklist Inspection DE (%) T (mins) FP 44.44 30.56 24.06 38.89 80.00 47.50 31.33 37.50 5.00 4.50 1.67 2.50

1 2 3 4

30 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Table 2 shows that 42.8% and 34.5% of the defects were detected by the ad hoc and checklist reviewers respectively in the inspection experiment. The aggregate mean effort taken in minutes by the ad hoc reviewers was 55.62 ± 9.82 SEM minutes while the checklist reviewers take 49.08 ± 1 0.83 SEM minutes. SEM means Standard Error of Means. The aggregate mean false positives reported by the reviewers were 2.80 ± 0.72 SEM

and 3.42 ± 0.79 SEM respectively for the ad hoc and checklist reviewers. Fig. 2 shows the chart of defect detection effectiveness of the different teams in each of the defect detection method groups.


40 Effectiveness (%)




0 0 0.5 1 1.5 2 Team Size Ad Hoc DE (%) CBR DE (%) 2.5 3 3.5 4 4.5

Fig. 2: Chart of Defect Detection Effectiveness of Reviewers Against The Nominal Team Sizes

Fig. 2 shows that the effectiveness of Ad hoc reviewers rises steadily and positively with team size, with peak value recorded on team size 3. However, checklist reviewers take a negative trend in that their effectiveness decreases with team size up to team size 3 before rising again on team 4.

Effort in terms of time taken by reviewers in minutes also takes the same shape as shown in Fig. 3.

31 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009




60.0 Average Effort (Mins)






0.0 1 2 Team Sizes Ad hoc Av Effort (mins) Checklist Av Effort (mins 3 4

Fig. 3: Chart of Effort (Mins) against the Nominal Team Sizes

Fig. 4 shows the mean aggregate false positives reported by the reviewers in the experiment.


Average False Positives





0.0 1 2 Nominal Team Sizes Ad hoc Average False Positives Checklist Average False Positives 3 4

Fig. 4: Average False Positives against the Nominal Team Sizes

32 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Examining the false positive curves in Fig. 4 critically, we could see that the shapes follow more or less trend with what are obtained on defect detection effectiveness and effort.

Further Statistical Analyses Table 3 shows the results of major statistical tests performed on the data obtained in this experiment. Independent T-test was used for the analyses since different subjects were involved in the experiments and the experiments were carried out independently.

Table 3: Major Statistical Test Results

Hypothesis Tested Ho: There is no significant difference between the effectiveness of reviewers using Ad hoc and Checklist techniques in distributed code inspection. Ho: There is no significant difference between the effort taken by reviewers using Ad hoc and Checklist techniques in distributed code inspection. Ho: There is no significant difference between the false positives reported by reviewers using Ad hoc and Checklist techniques in distributed code inspection.





- 0.83

Ho accepted


- 0.85

Ho accepted


- 0.15

Ho accepted

Even though the shapes of the curves obtained on the experiment indicates differences in the defect detection effectiveness, the effort taken and the false positives reported by the reviewers, statistical tests conducted show that there are no significant differences in the defect detection effectiveness (p = 0.267), the effort taken (p = 0.670) as well as false positives reported by the reviewers (p = 0.585) for the two defect detection techniques understudied. Null hypotheses are thus accepted for all the tests. Correlation coefficients are highly strong for defect detection effectiveness and effort / time taken albeit in negative directions as depicted in the charts in Figs. 2 and 3. There is a very weak negative correlation coefficient in the false positives reported by the reviewers. Discussion of Results Results from the groupware experiment show that there is no significant difference between the Ad Hoc and Checklist based reviewers in terms of the parameters measured – defect detection effectiveness, effort and false positives reported. Aggregate mean values of defect detection effectiveness and effort are slightly higher for Ad hoc reviewers while aggregate mean false positives result is slightly higher for Checklist based reviewers. About 43 and 35% of the defects were detected by the reviewers using ad hoc and checklist reading techniques respectively. Our results are in consonance with some related works in the literatures. To mention a few, Porter and Votta [1] on their experiment for comparing defect detection methods for software requirements inspections show that checklist reviewers were no more effective than Ad hoc 5.

reviewers, and that another method, the scenario method, had a higher fault detection rate than either Ad hoc or Checklist methods. However, their results were obtained from a manual (paper-based) inspection environment. Lanubile and Visaggio [21] on their work on evaluating defect detection techniques for software requirements inspections, also show that no difference was found between inspection teams applying Ad hoc or Checklist reading with respect to the percentage of discovered defects. Again, they conducted their experiment in a paper-based environment. Nagappan, et al, [26] on their work on preliminary results on using static analysis tools for software inspection made reference to the fact that inspections can detect as little as 20% to as much as 93% of the total number of defects in an artifact. Briand, et al, [5] reports that on the average, software inspections find 57% of the defects in code and design documents. In terms of percentage defects detected, low results were obtained from the experiment compare to what obtains in some related works. For instance, Giedre et al, [12] results from their experiment to compare checklist based reading and perspective-based reading for UML design documents inspection shows that Checklist-based reading (CBR) uncovers 70% in defect detection while Perspective – based (PBR) uncovers 69% and that checklist takes more time (effort) than PBR. The implication of these results is that any of the defect detection reading techniques, Ad hoc or Checklist, could be conveniently employed in software inspection depending on choice either in a manual (paper-based) or

33 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

tool-based environment; since they have roughly the same level of performance. 6. Conclusion and Recommendations In this work we demonstrate the equality of ad hoc and checklist based reading techniques that are traditionally and primarily used as defect reading techniques in software code inspection; in terms of their defect detection effectiveness, effort taken and false positives. Our results show that none of the two reading techniques outperforms each other in the tool-based environment studied. However, results in this study need further experimental clarifications especially in industrial setting with professionals and large real-life codes. References [1] Adam A. Porter, Lawrence G. Votta, and Victor R. Basili (1995): Comparing detection methods for software requirements inspections: A replicated experiment. IEEE Trans. on Software Engineering, 21(Harvey, 1996):563-575. [2] Alastair Dunsmore, Marc Roper and Murray Wood (2003): Practical Code Inspection for Object Oriented Systems, IEEE Software 20(4), 21 – 29. [3] Aybüke Aurum, Claes Wohlin and Hakan Peterson (2005): Increasing the understanding of effectiveness in software inspections using published data set, journal of Research and Practice in Information Technology, vol. 37 No.3 [4] Brett Kyle (1995): Successful Industrial Experimentation, chapter 5. VCH Publishers, Inc. [5] Briand, L. C., El Emam, K., Laitenberger, O, Fussbroich, T. (1998): Using Simulation to Build Inspection Efficiency Benchmarks for Development Projects, International Conference on Software Engineering, 1998, pp. 340 – 449. [6] Briand, L.C., El Emam, K., Freimut, B.G. and Laitenberger, O. (1997): Quantitative evaluation of capture-recapture models to control software inspections. Proceedings of the 8th International Symposium on Software Reliability Engineering, 234–244. [7] L. R. Brothers, V. Sembugamoorthy, and A. E. Irgon. Knowledge-based code inspection with ICICLE. In Innovative Applications of Artificial Intelligence 4: Proceedings of IAAI92, 1992. [8] David A. Ladd and J. Christopher Ramming (1992): Software research and switch software. In International Conference on Communications Technology, Beijing, China, 1992. [9] David L. Parnas and David M. Weiss (1985): Active design reviews: Principles and practices. In Proceedings of the 8th International Conference on Software Engineering, pages 215-222, Aug. 1985. [10] Dewayne, E. Perry, Adam A. Porter and Lawrence G. Votta(2000): Empirical studies of software [11]







[18] [19]





engineering: A Roadmap, Proc. of the 22nd Conference on Software Engineering, Limerick Ireland, June 2000. Efron, B. and Tibshirani, R.J. (1993): An Introduction to the Bootstrap, Monographs on statistics and applied probability, Vol. 57, Chapman & Hall. Giedre Sabaliauskaite, Fumikazu Matsukawa, Shinji Kusumoto, Katsuro Inoue (2002): "An Experimental Comparison of Checklist-Based Reading and Perspective-Based Reading for UML Design Document Inspection," ISESE, p. 148, 2002 International Symposium on Empirical Software Engineering (ISESE'02), 2002 Haoyang Che and Dongdong Zhao (2005). Managing Trust in Collaborative Software Development. s/ downloaded in October, 2008. Harjumaa L., and Tervonen I. (2000): Virtual Software Inspections over the Internet, Proceedings of the Third Workshop on Software Engineering over the Internet, 2000, pp. 30-40 J. W. Gintell, J. Arnold, M. Houde, J. Kruszelnicki, R. McKenney, and G. Memmi. Scrutiny (1993): A collaborative inspection and review system. In Proceedings of the Fourth European Software Engineering Conference, September 1993. J.W. Gintell, M. B. Houde, and R. F. McKenney (1995): Lessons learned by building and using Scrutiny, a collaborative software inspection system. In Proceedings of the Seventh International Workshop on Computer Aided Software Engineering, July 1995. Johnson P.M. and Tjahjono D. (1998): Does Every Inspection Really Need a Meeting? Journal of Empirical Software Engineering, Vol. 4, No. 1. Kelly, J. (1993): Inspection and review glossary, part 1, SIRO Newsletter, vol. 2. Laitenberger Oliver (2002): A Survey of Software Inspection Technologies, Handbook on Software Engineering and Knowledge Engineering, vol. II, 2002. Laitenberger, O., and DeBaud, J.M., (2000): An Encompassing Life-cycle Centric Survey of Software Inspection. Journal of Systems and Software, 50, 531. Lanubile and Giuseppe Visaggio (2000): Evaluating defect Detection Techniques for Software Requirements Inspections,, downloaded Feb. 2008. Lawrence G. Votta (1993): Does every inspection need a meeting? ACM SIGSoft Software Engineering Notes, 18(5):107-114. Macdonald F. and Miller, J. (1997): A comparison of Tool-based and Paper-based software inspection,

34 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009







Empirical Foundations of Computer Science, University of Strathclyde. Michael E. Fagan (1976): Design and code inspections to reduce errors in program development. IBM Systems Journal, 15(3):182-211. Michael E. Fagan (1986): Advances in software inspections. IEEE Trans. on Software Engineering, SE-12(7):744-751. Nachiappan Nagappan, Laurie Williams, John Hudepohl, Will Snipes and Mladen Vouk (2004): Preliminary Results On Using Static Analysis Tools for Software Inspections, 15th International Sypossium on Software reliability Engineering (ISSRE’04), pp. 429 – 439. Paulk, M., Curtis, B., Chrissis, M.B. and Weber, C. V. (1993): “Capacity Maturation Model for Software”, Technical Report CMU/SEI-93-TR-024, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania. Pfleeger S. Lawrence. (1991): Software Engineering: The Production of Quality Software, Macmillan Publishing Company, NY, USA. Porter A. Adam and Johnson P. M. (1997): Assessing Software review Meetings: Results of a Comparative Analysis of Two Experimental Studies, IEEE Transactions on Software Engineering, vol. 23, No. 3, pp. 129 – 145. ix 1



[32] [33]


[35] [36]

Stefan Biffl and Michael Halling (2003): Investigating the Defect Detection Effectiveness and Cost benefit of Nominal Inspection teams, IEEE Transactions on Software Engineering, vol. 29, No. 5, pp. 385 – 397. Stein, M., Riedl, J., SÖren, J.H., Mashayekhi V. (1997): A case study Distributed Asynchronous software inspection, in Proc. of the 19th International Conference on Software Engineering, pp. 107-117, 1997. Tom Gilb and Dorothy Graham (1993): Software Inspection. Addison-Wesley Publishing Co. Tyran, Craig K (2006): “A Software Inspection Exercise for the Systems Analysis and Design Course”. Journal of Information Systems Education, vol 17(3). Vahid Mashayekhi, Janet M. Drake, Wei-tek Tsai, John Riedl (1993): Distributed, Collaborative Software Inspection, IEEE Software, 10: 66-75, Sept. 1993. Watts S. Humphrey (1989): Managing the Software Process, chapter 10. Addison-Wesley Publishing Company. Wheeler, D. A., B. Brykczynski, et al. (1996). Software Inspection: An Industry Best Practice, IEEE CS Press.

Adenike OSOFISAN is currently a Reader in the Department of Computer Science, University of Ibadan, Nigeria. She had her Masters degree in Computer Science from the Georgia Tech, USA and PhD from Obafemi Awolowo University, Ile-Ife, Nigeria. Her areas of specialty include data mining and communication.

Solomon Olalekan AKINOLA is currently a PhD student of Computer Science in the University of Ibadan, Nigeria. He had his Bachelor of Science in Computer Science and Masters of Information Science in the same University. He specializes in Software Engineering with special focus on software inspection.

35 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Robustness of the Digital Image Watermarking Techniques against Brightness and Rotation Attack
Harsh K Verma1, Abhishek Narain Singh2, Raman Kumar3
Department of Computer Science and Engineering Dr B R Ambedkar National Institute of Technology Jalandhar, Punjab, India. E-mail:,,

Abstract- The recent advent in the field of multimedia proposed a many facilities in transport, transmission and manipulation of data. Along with this advancement of facilities there are larger threats in authentication of data, its licensed use and protection against illegal use of data. A lot of digital image watermarking techniques have been designed and implemented to stop the illegal use of the digital multimedia images. This paper compares the robustness of three different watermarking schemes against brightness and rotation attacks. The robustness of the watermarked images has been verified on the parameters of PSNR (Peak Signal to Noise Ratio), RMSE (Root Mean Square Error) and MAE (Mean Absolute Error). Keywords- Watermarking, Spread Spectrum, Fingerprinting, Copyright Protection.

I. INTRODUCTION Advancements in the field of computer and technology have given many facilities and advantages to the human. Now it becomes very easier to search and develop any digital content on the internet. Digital distribution of multimedia information allows the introduction of flexible, cost-effective business models that are advantageous for commerce transactions. On the other hand, its digital nature also allows individuals to manipulate, duplicate or access media information beyond the terms and conditions agreed upon. Multimedia data such as photos, video or audio clips, printed documents can carry hidden information or may have been manipulated so that one is not sure of the exact data. To deal with the problem of trustworthiness of data, authentication techniques are being developed to verify the information integrity, the alleged source of data, and the reality of data [1]. Cryptography and steganography have been used throughout history as means to add secrecy to communication during times of war and peace [2]. A. Digital Watermarking Digital watermarking involves embedding a structure in a host signal to “mark” its ownership [3]. We call these

structures digital watermarks. Digital watermarks may be comprised of copyright or authentication codes, or a legend essential for signal interpretation. The existence of these watermarks within a multimedia signal goes unnoticed except when passed through an appropriate detector. Common types of signals to watermark are still images, audio, and digital video. To be effective a watermark must be [4]: Unobstructive; that is, it should be unperceivable when embedded in the host signal. Discreet; unauthorized watermark extraction or detection must be arduous as the mark’s exact location and amplitude are unknown to unauthorized individuals. Easily extracted; authorized watermark extraction from the watermarked signal must be reliable and convenient. Robust/fragile to incidental and unintentional distortions; depending on the intended application, the watermark must either remain intact or be easily modified in the face of signal distortions such as filtering, compression, cropping and re-sampling performed on the watermarked data. In order to protect ownership or copyright of digital media data, such as image, video and audio, encryption and watermarking techniques are generally used. Encryption techniques can be used to protect digital data during the transmission from sender to the receiver. Watermarking technique is one of the solutions for the copyright protection and they can also be used for fingerprinting, copy protection, broadcast monitoring, data authentication, indexing, medical safety and data hiding [5]. II. WATERMARK EMBEDDING AND EXTRAXTION A watermark, which is often consists of a binary data sequence, is inserted into a host signal with the use of a key [6]. The information embedding routine imposes small signal changes, determined by the key and the watermark, to generate the watermarked signal. This embedding procedure (Fig. 1) involves imperceptibly modifying a hoist signal to reflect the information content in

36 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009
Original Multimedia Signal Watermarking Algorithm Watermark 1010101…. . Key Fig. 1 Watermark embedding process Watermarked Signal


Read in the watermark message and reshape it into a vector d. For each value of the watermark, a PN sequence is generated using an independent seed e. Scatter each of the bits randomly throughout the cover image f. When watermark contains a '0', add PN sequence with gain k to cover image i. if watermark(bit) = 0 watermarked_image=watermarked_image + k*pn_sequence ii. Else if watermark (bit) = 1 watermarked_image=watermarked_image + pn_sequence g. Process the same step for complete watermark vector 2. To recover the watermark Convert back the watermarked image to vectors Each seed is used to generate its PN sequence Each sequence is then correlated with the entire image i. If ( the correlation is high) that bit in the watermark is set to “1” ii. Else that bit in the watermark is set to “0” d. Process the same step for complete watermarked vector e. Reshape the watermark vector and display recovered watermark B. Comparison of Mid-Band DCT Coefficients in Frequency Domain The algorithm of the above method is given below: 3. To embed the watermark a. b. Process the image in blocks. For each block Transform block using DCT. If message_bit is 0. If dct_block (5,2) < (4,3) . Swap them. Else If (5, 2) > (4,3) Swap them. If (5, 2) - (4,3) < k (5, 2) = (5, 2) + k/2; (4, 3) = (4, 3) – k/2; Else (5, 2) = (5, 2) - k/2; (4, 3) = (4, 3) + k/2; Move to next block. a. b. c.

Watermarked Multimedia Signal

Watermark Extraction

Extracted Watermark 1010101….


Fig. 2 Watermark extraction process

the watermark so that the changes can be later observed with the use of the key to ascertain the embedded bit sequence. The process is called watermark extraction. The principal design challenge is in embedding the watermark so that it reliably fulfills its intended task. For copy protection applications, the watermark must be recoverable (Fig. 2) even when the signal undergoes a reasonable level of distortion, and for tamper assessment applications, the watermark must effectively characterize the signal distortions. The security of the system comes from the uncertainty of the key. Without access to this information, the watermark cannot be extracted or be effectively removed or forged. III. WATERMARKING TECHNIQUES Three different watermarking techniques each from different domain i.e. Spatial Domain, Frequency Domain and Wavelet Domain [7] watermarking have been chosen for the experiment. The techniques used for the comparative analysis of watermarking process are CDMA Spread Spectrum watermarking in spatial domain, Comparison of mid band DCT coefficients in frequency domain and CDMA Spread Spectrum watermarking in wavelet domain [8]. A. CDMA Spread Spectrum Watermarking in Spatial Domain The algorithm of the above method is given below: 1. To embed the watermark a. b. Convert the original image in vectors Set the gain factor k for embedding


4. To recover the watermark a. Process the image in blocks.

37 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009


For each block Transform block using DCT. If (5,2) > (4,3) Message = 1; Else Message=0; Process next block.




C. CDMA Spread Spectrum Watermarking in Wavelet Domain The algorithm of the above method is given below: 5. To embed the watermark a. b. c. d. Convert the original image in vectors Set the gain factor k for embedding Read in the watermark message and reshape it into a vector Do Discrete Wavelet Transformation of the cover image i. [cA,cH,cV,cD]=dwt2(X,'wname')computes the approximation coefficients matrix cA and details coefficients matrices cH, cV, and cD (horizontal, vertical, and diagonal, respectively), obtained by wavelet decomposition of the input matrix X. The 'wname' string contains the wavelet name Add PN sequence to H and V components ii. If (watermark == 0) cH1=cH1+k*pn_sequence_h; cV1=cV1+k*pn_sequence_v; Perform Inverse Discrete Wavelet Transformation iii. watermarked_image = idwt2(cA1,cH1,cV1,cD1,'wname',[Mc,Nc])



Fig. 3 Brightness Attack (a) Original watermarked image, (b) Watermarked image after -25% brightness, (c) Watermarked image after 25% brightness, (d) Watermarked image after 50% brightness

IV. BRIGHTNESS ATTACK Brightness attack is one of the most common types of attack on digital multimedia images. Three different levels of brightness attacks have been done. First the brightness is increased by -25% i.e. decreased by 25%, again the brightness is increased by 25% and at last the brightness is increased by 50%. The brightness attack has been shown below in Fig. 3. Table 1 shows the results of brightness attack on different watermarking techniques on various parameters like Peak Signal to Noise Ratio [9], average Root Mean Square Error and average Mean Absolute Error. V. ROTATION ATTACK Rotation attack is among the most popular kinds of geometrical attack on digital multimedia images [10]. Three levels of rotations have been implemented. First the original watermarked image is being rotated by 90 degree, then 180 degree and at last the image is being rotated by 270degree in clock wise direction. The rotation attack has been shown below in Fig. 4. The results of the rotation attack have been shown below in Table 2 for all the three watermarking schemes. VI. EXPERIMENTAL RESULTS The comparative analysis of the three watermarking schemes has been done on the basis of brightness and rotation attacks. Results of the individual watermarking technique have been compared on the basis of PSNR (Peak Signal to Noise Ratio), RMSE (Root Mean Square Error) and MAE (Mean Absolute Error).



6. To recover the watermark a. b. c. Convert back the watermarked image to vectors Convert the watermark to corresponding vectors Initialize watermark vectors to all ones i. Watermark_vector = ones (1,MW*NW) where, MW= Height of watermark. NW = Width of watermark. Find correlation in H and V components of watermarked image i. correlation_h()=corr2(cH1,pn_sequence_h); ii. correlation_v()=corr2(cV1,pn_sequence_v); iii. correlation(wtrmkd_img)=(correlation_h() + correlation_v())/2; Compare the correlation with mean correlation i. if (correlation(bit) > mean(correlation)) watermark_vector(bit)=0; Revert back the watermar_vector to watermark_image




38 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009
Table 1 Performance analysis of watermarking techniques against Brightness Attack PSNR (dB) CDMA SS in Spatial D. -25 % Comp. of Mid Band DCT CDMA SS in Wavelet D. CDMA SS in Spatial D. 25% Comp. of Mid Band DCT CDMA SS in Wavelet D. CDMA SS in Spatial D. 50% Comp. of Mid Band DCT CDMA SS in Wavelet D. 19.982 22.427 26.215 17.203 21.339 24.305 16.921 18.435 22.605 Avg. RMSE 25.55 19.283 12.466 35.184 21.855 15.533 36.345 30.534 18.892 Avg. MAE 2.563 1.459 0.61 4.86 1.874 0.946 5.185 3.659 1.40 Fig. 5 Graph showing PSNR values for brightness attack on different watermarking schemes

30 20 10 0 -25% 25% 50% CDMA


40 30 20 10 0 -25% 25% 50%




Fig. 6 Graph showing Average RMSE values for brightness attack on different watermarking schemes

6 4 2
(c) (d)

CDMA DCT DWT -25% 25% 50%

Fig. 4 Rotation Attack (a) Original watermarked image, (b) Watermarked image after 90 degree rotation, (c) Watermarked image after 180 degree rotation, (d) Watermarked image after 270 degree rotation Table 2 Performance analysis of watermarking techniques against Rotation Attack

Fig. 7 Graph showing Average MAE values for brightness attack on different watermarking schemes

PSNR (dB) CDMA SS in Spatial D. 900 Comp. of Mid Band DCT CDMA SS in Wavelet D. CDMA SS in Spatial D. 1800 Comp. of Mid Band DCT CDMA SS in Wavelet D. CDMA SS in Spatial D. 2700 Comp. of Mid Band DCT CDMA SS in Wavelet D. 12.286 15.602 19.50 11.193 11.999 13.517 11.818 13.533 16.251

Avg. RMSE 61.973 42.305 27.008 70.283 64.059 53.784 65.404 53.685 39.263

Avg. MAE 15.087 7.035 2.866 19.398 16.122 11.368 16.803 11.323 6.057

A. Results of Brightness Attack The Fig. 5, 6 and 7 show the results of brightness attack on all the three techniques of watermarking. A comparative analysis is done thereafter. The graphs shown above are the comparative results of the brightness attack on the three watermarking techniques discussed. Greater the PSNR value implies more robust is the watermarking technique against attack. Having a look on the Fig. 5 the DWT (CDMA SS watermarking in Wavelet domain) technique is proved to be the best candidate for the digital image watermarking, since its having greater PSNR value than the other two techniques. Similarly from Fig. 6 and 7, the values of Root Mean Square Error and Mean Absolute Error are also minimum for the Discrete Wavelet Transform

39 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

25 20 15 10 5 0 90 Degree 180 Degree 270 Degree


Experimental values of the brightness and rotation attack shows that the CDMA Spread Spectrum watermarking technique is the best choice for the watermarking of digital multimedia images. Discrete Cosine Transformation Domain shows somewhat greater robustness against the rotation attack. Spatial domain watermarking techniques are not good candidates for large size of watermarks. They show poor results with larger size of watermarks. VII. CONCLUSIONS

Fig. 8 Graph showing PSNR values for rotation attack on different watermarking schemes

80 60 40 20 0 90 Degree 180 Degree 270 Degree


This paper focuses on the robustness of the watermarking techniques chosen from all the three domains of watermarking against brightness and rotation attack. The key conclusion of the paper is that the Wavelet domain watermarking technique is the best and most robust scheme for the watermarking of digital multimedia images. This work could further be extended to the watermarking purpose of another digital content like audio and video. REFERENCES
[1] Austin Russ “Digital Rights Management Overview”, SANS Institute Information Security Reading Room. Retrieved October, 2001. Stallings W., “Cryptography and Network Security: Principles and Practice”, Prentice-Hall, New Jersey, 2003. D. Kundur, D. Hatzinakos, "A Robust Digital Image Watermarking Scheme Using the Wavelet-Based Fusion," icip, vol. 1, pp.544, 1997 International Conference on Image Processing (ICIP'97) - Volume 1, 1997. Liu J. and he X., “A Review Study on Digital Watermark”, Information and Communication Technologies, 2005, ICICT 2005 First International Conference, pp. 337-341, August, 2005. Petitcolas F.A.P, Anderson R.J, Kuhn M. G,"Information Hiding-A Survey" Proceedings of the IEEE,Vol. 87, No.7, PD. 1062-1078, 1999. Nedeljko Cvejic, Tapio Seppanen, “Digital Audio Watermarking Techniques and Technologies Applications and Benchmarks”, pages x-xi, IGI Global, Illustrated edition, August 7, 2007. Corina Nafornita, "A Wavelet-Based Watermarking for Still Images", Scientific Bulletin of Politehnica University of Timisoara, Trans. on Electronics and Telecommunications, 49(63), special number dedicated to the Proc. of Symposium of Electronics and Telecommunications ETc, Timisoara, pp. 126-131, 22 - 23 October 2004. Chris Shoemaker,“Hidden Bits: A Survey of Techniques for Digital Watermarking”, Independent Study EER-290. Prof Rudko, Spring 2002. Kutter M. and Hartung F., Introduction to Watermarking Techniques, Chapter 5 of “Information Hiding: Techniques for Steganography and Digital Watermarking”, S. Katzenbeisser and F. A. P. Petitcolas (eds.), Norwood, MA: Artech House, pp. 97-120, 2000. Ping Dong, Jovan G. Brankov, Nikolas P. Galatsanos, Yongyi Yang, Franck Davoine,”Digital Watermarking Robust to Geometric Distortions”, IEEE Transactions on Image Processing, Vol. 14, NO. 12, December, 2005.

[2] Fig. 9 Graph showing Average RMSE values for rotation attack on different watermarking schemes [3]


25 20 15 10 5 0 90 Degree 180 Degree 270 Degree





Fig. 10 Graph showing Average MAE values for rotation attack on different watermarking schemes


domain technique, so it is being proved to be the best against brightness attack. B. Results of Rotation Attack A comparison of the results of rotation attack is being done by showing the results in the form of Fig. 8, 9 and 10. Graphs are drawn for all the three parameters of evaluation. A comparative analysis of the result has been done thereafter. The PSNR values in Fig. 8 shows that the CDMA SS watermarking in Wavelet domain technique is having the greatest value for the PSNR value. This shows that the wavelet domain watermarking is the best practice for the digital image watermarking purpose.



40 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security Vol. 5, No. 1, 2009

ODMRP with Quality of Service and local recovery with security Support
Farzane kabudvand Computer Engineering Department zanjan Azad University Zanjan, Iran E-mail:

In this paper we focus on one critical issue in mobile ad hoc networks that is multicast routing and propose a mesh based ”on demand” multicast routing protocol for Ad-Hoc networks with QoS (quality of service) support. Then a model was presented which is used for create a local recovering mechanism in order to joining the nodes to multi sectional groups at the minimized time and method for security in this protocol we present . Keywords: multicast protocol, ad hoc, security, request packet

battlefields, emergency search and rescue sites, classrooms, and conventions where participants share information dynamically using their mobile devices. QoS (Quality of Service) routing is another critical issue in MANETs. QoS defines nonfunctional characteristics of a system that affect the perceived quality of the result. In multimedia, this might include picture quality, image quality, delay, and speed of response. From a technological point of view, QoS characteristics may include timeliness (e.g., delay or response time), bandwidth (e.g., bandwidth required or available), and reliability (e.g., normal operation time between failures or down time from failure to restarting normal operation) [8]. In this paper, we propose a new technique for supporting QoS Routing for this protocol, and a technique then a model was presented which is used to create a local recovering mechanism in order to joining the nodes to multi-sectional groups at the minimized time, the fact that increases reliability of the network and prevents data wastage while distributing in the network.

Multicasting is the transmission of packet to group of hosts identified by destination address. A multicast datagram is typically delivered to all members of its destination host group with the same reliability as regular unicast datagrams[4]. In the case of IP, for example, the datagram is not guaranteed to arrive intact at all members of the destination group or in the same order relative to other datagrams. Multicasting is intended for group-oriented computing. There are more and more applications in which one-to-many dissemination is necessary. The multicast service is critical in applications characterized by the close collaboration of teams (e.g., rescue patrols, military battalions, scientists, etc.) with requirements for audio and video conferencing and sharing of text and images [3]. A MANET consist of a dynamic collection of nodes without the aid of the infrastructure of centralized administration . the network topology can change randomly and rapidly at predictable times. The goal of MANETs is to extend mobility into the realm of autonomous, mobile, wireless domains, where a set of nodes form the network routing infrastructure in an ad hoc fashion. The majority of applications for the MANET technology are in areas where rapid deployment and dynamic reconfiguration are necessary and the wireline network is not available [4]. These include military

2.Proposed protocol Mechanism
A. Motivation
ODMRP1] provides a high packet delivery ratio even at

high mobility, but at the expense of heavy control overhead. It does not scale well as the number of senders and traffic load increases. Since every source periodically floods advertising RREQ2 packets through the network, congestion is likely to occur when the number of sources is high . So control overhead is one of the main weaknesses of ODMRP, under the presence of multiple sources, CQMP solved the this problem, but both of these protocols have common weakness which is the lack of any admission control policy and resource reservation mechanism. Hence, to reduce the overhead generated by the control packets during the route discovery and apply admission control to network traffics, proposed protocol adopts two efficient optimization mechanisms. One is
1 2

On-demand Multicast Routing Protocol route request packet ISSN 1947-5500


(IJCSIS) International Journal of Computer Science and Information Security Vol. 5, No. 1, 2009

applied on nodes that cannot support QoS requirements, thus ignore the RREQ packet. The other is for every intermediate node and based on the comparison of available bandwidth of each node versus required bandwidth according to node position and neighboring node's role (sender, intermediate, receiver …). To address control packet problem, we use CQMP protocol's idea in RREQ packet consolidation, moreover we apply an admission control policy along with bandwidth reservation to our new protocol. B. Neighborhood maintenance Neighborhood information is important in proposed protocol.. To maintain the neighborhood information, each node is required to periodically disseminate a “Hello” packet to announce its existence and traffic information to its neighbor set. This packet contains the Bavailable of the originator and is sent at a default rate of one packet per three seconds with time to live (TTL) set to 1. Every node in the network receives the Hello packet from its neighbors, maintains a neighbors list that contains all its neighbors with their corresponding traffic and coneighbor number. C. Route discovery and resource reservation
Proposed protocol conforms to a pure on-demand routing protocol. It neither maintains any routing table, nor exchange routing information periodically. When a source node needs to establish a route to another node, with respect to a specific QoS requirement, it disseminates a RREQ that includes mainly, the requested bandwidth, delay and node's neighbor list. Hence, each intermediate node, upon receiving the RREQ performs the following tasks; • Updates its neighbor's co-neighbor number; • Determines whether it can consolidate into this RREQ packet information about other sources from which it is expecting to hear a RREQ. When a source receives a RREQ from another source, it processes the packet just as non-source intermediate node does, in addition checks its INT to determine if it would expire within a certain period of time, in other words the source checks if it is about to create and transmit its own RREQ between now and TIME-INTERVAL. If so, it adds one more row to the RREQ. • Tries to respond to QoS requirements by applying a bandwidth decision in reserving the requested bandwidth B which described in the follow, and before transmitting the packet appends its one-hop neighbor list along with their corresponding coneighbor number to the packet.

As the RREQ may contain more than one Source Row, the processing node goes through each and every Source Row entry in the RREQ, and make admission decision for non-duplicated rows. Admission decision is made at the processing node and it's neighbors listed in neighbor table as described in Section 3. If the request is accepted and there was enough bandwidth, the node will add a route entry in its routing table with status explored. The node will remain in explored status for a short period of Texplored. If no reply arrives at the explored node in time, the route entry will be discarded at the node and late coming reply packets will be ignored. Thus, we reduce the control overhead as well as exclude invalid information from the node’s routing table. Upon receiving each request packet, as the RREQ may contain more than one Source Row the receiver goes through each entry in the packet, builds and transmits a REPLY packet based upon matched entries along the reverse route. Available bandwidth of intermediate and neighboring nodes may have been changed due to the activities of other sessions. Therefore, similar to the admission control in RREQs, upon receiving a RREP, nodes double check the available bandwidth to prevent possible changes during the route discovery process. If the packet is accepted, the node will update the route status to registered. After registration, the nodes are ready to accept the real data packets of the flow. The node will only stay in registered status for a short period of Tregistered. If no data packet arrives at the registered node in time, it means that the route was not chosen by the source. Then the route entry will be deleted at the node. When any node receives a REPLY packet, it checks if the next node Id in any of the entries in the REPLY matches its own. If so, it realizes that it is on the way to a source, It checks its own available bandwidth and compares it with required bandwidth of this flow, then checks its one-hop neighbor's available bandwidth which recorded in the neighbor table. If there was enough bandwidth it sets a flag indicating that it is part of the FORWARDING GROUP for that multicast group, and then builds and broadcasts its own REPLY packet. When a REPLY reaches a source, a route is established from the source to the receiver. The source can now transmit data packets towards the receiver. A Forwarding Group node will forward any data packets received from a member for that group. D. Data Forwarding After constructing the routes, the source can send packets to multicast group via selected routes and forwarding nodes. Upon receiving a data packet forwards it, only when;

42 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security Vol. 5, No. 1, 2009

It is not a duplicate packet, Forwarding flag for this session has not expired,There was an entry with registered or reserved status corresponds to this session. It then changes its ‘registered’ status to ‘reserved’. The node will only stay in reserved status for a short period of Treserved. This procedure minimizes the traffic overhead and prevents sending packets through the stale routes. 3. Local Recovery Mechanism based on proposed protocol with reliability In this section the mechanism of local recovery will be discussed on the basis of a suggested protocol. The suggested method leads to fast improvement of the network and therefore the destination can be connected to the source through a new route. Discovered routes between destination and source may be corrupted for many reasons most of which could be occurred because of removing in nodes.

structure of the protocol, that is, every FG add only the name of the node to the received answer package by sending it up to a higher node. In other words the existing addresses in the answer package are not to be omitted rather some desired address of FG node is added to the answer package. In this way every FG can be aware of other FG between itself and destination, and starts to use them. Here the number of the steps is considered 2. As it can be seen in figure 4. while sending the answer package of membership destination in this method puts the address of the proceeding group in the package and sends it. Now FGs also do the same. Therefore every node can recognize the member of the proceeding group of all proceeding nodes between itself and destination and begin to send local recovering package in case of route corruption.



Sending membership reply packet C,D,E D,E C Fig3. local recovery with proposed method D E E




By considering figure .3, if direct link A-B corrupts an indirect route of A to B will be formed by C which stands next door to them. In this condition if some package with many steps is sent to find next node regenerating of the present route will be possible and there is no need to regenerate the end to end by three times. Algorithm follows as that when a middle node FG recognizes route corruption between itself and the next step it places data on its buffer and starts to set a timer. Then it sends the package with more steps (i.e. two steps) and puts on it a set of nodes which are placed at a farther space between source and destination. Receiving this package, every node begins to consider whether its name to be there or not. If the address of the node corresponds to one of the current addresses, the answer package may be sent and as a result of that it can be sent through a new route. But if the answer isn’t received by the end of given time determined on the timer, the package is thrown away and another route may be discovered again. Every node which receives a local regained package and its answer will function as a FG for that destination. Thus every node should be aware of its FG between itself and destination. In this way we can recognize some alteration in the




Fig4.sending local recovery packet and update address

Given timer is taken 1 second, namely if FG which sends data fails to receive the same data after utmost one second from following FG, then it discovers a route corruption and modulates another timer amount to 0/1 sec. in order to receive the answer package and therefore a new route can be resulted. During this the package is put in a temporary buffer. If new routes cannot be found the package would be thrown away.

4. Security in mobile Ad hoc networks

43 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security Vol. 5, No. 1, 2009

In mobile Ad hoc networks , due to unreliable data and lack of infrastructure , providing secure communications is a big challenge . in wired and wireless networks cryptographic techniques are used for secure communications. The key is a piece of input information for cryptography. If the key is discovered ,the encrypted information can be revealed. There are some domaining trust model because the authentication of key ownership is important . One of important models is centralized .In this model we can use a hierarchical trust structure . It is necessary for security we distribute the control trust to multiple entities that is the system public key is distributed to whole network . because a single certification node could be a security bottleneck and multiple replicas of certification node are fault tolerant. In proposed technique for security we consider number of nodes that they hold a system private key share and are able of producing certificates. These nodes are named snode . s-nodes and forwarding nodes( a sunset of non snode) generate a group . When a s-node enters the network it broadcasts a request packet . this packet has extra attributes this packet consist of TTL field , this field decrease by 1 as the packet leaves the node . When a node receives the request packet it first checks the validity of packet before taking any further actions. Then discards non-authenticated packets. Neighbor nodes to snodes receive the request and rebroadcast it .This process continues at other nodes . When another s-node receives the packet from neighbor ( example node B ) it could send back a server reply message to neighbor ( example node B ). When B receives the join reply packet , it learns that it’s neighbor is a s-node and it is on the selected path between two server and set the forwarding attribute to 1 . After all s-nodes finish the join procedure the group mesh structure is formed . This procedure can create security in whole network .

was 512 bytes. The nodes are placed randomly within this region. The multicast sources are selected from all 50 nodes randomly and most of them act as receivers at the same time. The mobility model used is random waypoint, in which each node independently picks a random destination and speed from an interval (min, max) and moves toward the chosen destination at this speed. Once it reaches the destination, it pauses for pause number of seconds and repeats the process. Our min speed is 1 m/s, max speed is 20 m/s and pause interval is 0 seconds. The RREQ interval is set at 3 second. The HELLO refresh interval is the same as the RREQ interval. We've varied the following items: mobility speed, number of multicast senders and network traffic load. Performance Metrics used: • RREQ Control Packet Load: The average number of RREQ packet transmissions by a node in the network. • Packet delivery Ratio: The ratio of data packets sent by all the sources that is received by a receiver. • End to end delay: refers to the time taken for a packet to be transmitted across a network from source to destination.

In Fig. 5, we calculated the delivery ratio of data packets received by destination nodes over data packets sent by source nodes. Without admission control, more packets are injected into the network despite they cannot reach destinations. These packets waste a lot of channel bandwidth. On the other hand, if the admission control scheme is enabled, the inefficiency usage of channel resource can be limited and the saturation condition can be alleviated. Since proposed protocol has less RREQ packet transmissions than ODMRP and CQMP, there is less chance of data packet loss by collision or congestion. Owning to additional Hello overhead, proposed protocol performs a litter worse when there are few sources. The data delivery ratio of evaluated protocols decreases as the number of sources increases under high mobility conditions, but proposed protocol constantly maintains about 4 to 5 percent higher packet delivery ratio than others because of reduction of join query overhead.

5 .Performance Evaluation
We implement the proposed protocol in GloMoSim. The performance of the proposed scheme is evaluated in terms of average Number of RREQ sent by every node, end-to-end delay, and packet delivery ratio. In the simulation, we modeled a network of 50 mobile hosts placed randomly within a 1000*1000 m area. Radio propagation range for each node was 250 meters and channel capacity was 2Mbit/sec. Each simulation runs for 300 seconds of simulation time. The MAC protocol used in our simulations is IEEE 802.11 DCF [22]. We used Constant Bit Rate as our traffic. The size of data payload

44 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security Vol. 5, No. 1, 2009

100 90 Packet Delivery ratio 80 70 60 50 40 30 20 10 0 1 5 10 15 20 25 Number of sources AMOMQ CQMP ODMRP

Fig5 Packet Delivery Ratio as a function of Number of Sources

7. Conclusion
In this paper, we have proposed a mesh-based, ondemand multicast routing protocol with admission control decision, proposed protocol, which similar to CQMP uses
consolidation of multicast group membership advertising packets plus admission control policy. then model was presented which is used to create a local recovering mechanism in order to joining the nodes to multisectional groups at the minimized time, the fact that increases reliability of the network and prevents data wastage while distributing in the network. In this mechanism a new package known as local recovering package was created by using of a membership suit package and placing the address of the nodes between a proceeding group and destination. Here we considered the number of steps restricted but it can be changed. We implemented proposed protocol using GlomoSim and show by simulations that proposed protocol shows up to 30 percent reduction in control packet load. In addition, our results

show that as the number of mobile sources increased and under large traffic load, proposed protocol performs better than ODMRP and CQMP in terms of data packet delivery ratio, end-to-end delay and number of RREQ packets. By proposed scheme, network saturation under overloaded traffic can be alleviated, and thereby, the quality of service can be improved.

[6] H. Dhillon, H.Q. Ngo, "CQMP: a mesh-based multicast routing protocol with consolidated query packets", IEEE Wireless Communications and Networking Conference, WCNC 2005, pp. 2168– 2174. [7] Y. Yi, S. Lee, W. Su, and M. Gerla, "On-Demand Multicast Routing Protocol (ODMRP) for Ad-hocNetworks",draft-yi-manet-odmrp-00.txt, 2003. [8] D. Chalmers, M. Sloman, "A survey of quality of service in mobile [9] M. Effatparvar, A. Darehshoorzadeh, M. Dehghan, M.R. Effatparvar, "Quality of Service Support and Local Recovery for ODMRP Multicast Routing in Ad hoc Networks," 4th International Conference on Innovations in Information Technology (IEEE IIT 2007), Dubai, United Arab Emirates, PP. 695-699, 18-20 Nov. 2007. [10] Y. Chen, Y. Ko, “A Lantern-Tree Based QoS on Demand Multicast Protocol for A wireless Ad hoc Networks”, IEICE Transaction on Communications Vol.E87-B., 2004, pp. 717-726. [11] Xu, K. Tang, K. Bagrodia, R. Gerla, M. Bereschinsky, M. MILCOM, "Adaptive Bandwidth Management and QoS Provisioning in Large Scale Ad hoc Networks", Proceedings of MILCOM, Boston, MA, 2003 VOL 2, pp. 1018-1023 [12] M. Saghir, T. C. Wan, R. Budiarto, "QoS Multicast Routing Based on Bandwidth Estimation in Mobile Ad Hoc Networks," in Proc. Int. Conf. on Computer and Communication Engineering (ICCCE`06), Vol. I, 9-11 May 2006, Kuala Lumpur, Malaysia, pp. 384-389. [13] G. S. Ahn, A. T. Campbell, A. Veres and L.H. Sun, "SWAN: Service Differentiation in Stateless Wireless Ad hoc Networks", In Proc. IEEE INFOCOM, 2002, VOL 2, pp. 457-466. [14] J. Garcia-Luna-Aceves, E. Madruga. "The Core Assisted Mesh Protocol", IEEE Journal on Selected Areas in Communications, vol. 17, no. 8, 1999 [15] H. Zhu, I. Chlamtac, " Admission control and bandwidth reservation in multi-hop ad hoc networks", Computer Networks 50 (2006) ,1653–1674. [16] Q. Xue, A. Ganz, "QoS routing for mesh-based wireless LANs", International Journal of Wireless Information Networks 9 (3) (2002) 179–190. [17] A. Darehshoorzadeh, M. Dehghan, M.R. Jahed Motlagh, "Quality of Service Support for ODMRP Multicast Routing in Ad hoc Networks", ADHOC-NOW 2007, LNCS 4686, pp. 237–247, 2007. [18] IEEE Computer Society LAN MAN Standards Committee, Wireless LAN Medium Access Protocol (MAC) and Physical Layer (PHY) Specification, IEEE Std 802.11-1997, IEEE, New York, NY (1997). [19] Q. Xue, A. Ganz, "Ad hoc QoS on-demand routing (AQOR) in mobile ad hoc networks", Journal of Parallel Distributed Computing 63 (2003) 154–165 [20] Herberg A , Jarecki S ,Krawczyk H, Yung M.Proactive secret sharing or : how to cope with perpetual leakage . proceeding of Crypto ’95,vol.5.1995.p.339-52 [21] Luo H, Lu S.URSA:ubiquitous and robust access control for mobile ad hoc networks IEEE/ACM Trans Networking 2004;12(6):1049-63 [22] Shamir A.How to share a secret .Commun ACM 1979;22(11):612-3

[1] Yu-Chee Tseng, Wen-Hua Liao, Shih-Lin Wu, "Mobile Ad Hoc Networks and Routing Protocols" pp . 371–392, 2002. [2] S. Deering, "Host extensions for IP multicasting", RFC 1112, August 1989, available at [3] Thomas Kunz, "Multicasting: from fixed networks to ad hoc networks", pp. 495–507, 2002. [4] S. Corson , J. Macker " Mobile ad hoc networking (MANET): Routing protocol performance issues and evaluation considerations", RFC 2501, January 1999, available at /rfc/rfc2501.txt computing environments", IEEE Communications Surveys, Second Quarter, 2–10, 1999. [5] H. Moustafa, H. Labiod, " Multicast Routing in Mobile Ad Hoc Networks", Telecommunication Systems 25:1,2, 65–88, 2004.

45 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

A Secure and Fault-tolerant framework for Mobile IPv6 based networks
Rathi S
Sr. Lecturer, Dept. of Computer Science and Engineering Government College of Technology Coimbatore, Tamilnadu, INDIA Abstract— Mobile IPv6 will be an integral part of the next
generation Internet protocol. The importance of mobility in the Internet gets keep on increasing. Current specification of Mobile IPv6 does not provide proper support for reliability in the mobile network and there are other problems associated with it. In this paper, we propose “Virtual Private Network (VPN) based Home Agent Reliability Protocol (VHAHA)” as a complete system architecture and extension to Mobile IPv6 that supports reliability and offers solutions to the security problems that are found in Mobile IP registration part. The key features of this protocol over other protocols are: better survivability, transparent failure detection and recovery, reduced complexity of the system and workload, secure data transfer and improved overall performance.

Thanuskodi K
Principal, Akshaya College of Engineering Coimbatore, Tamilnadu, INDIA gets the service from the HA. If the MN roams away from the coverage of HA, it has to register with any one of the FAs around to obtain the COA. This process is known as “Registration” and the association between MN and FA is known as “Mobility Binding”. In the Mobile IP scenario described above, the HAs are the single point of failure. Because all the communication to the MN is through the HA, since the Correspondent Node (CN) knows only the Home Address. Hence, when a particular HA is failed, all the MNs getting service from the faulty HA will be affected. According to the current specification of Mobile IP when a MN detects that it’s HA is failed, it has to search for some other HA and recreate the bindings and other details. This lacks the transparency, since everything is done by the MN. Also, this is a time consuming process which leads to the service interruption. Another important issue is the security problem in Mobile IP registration. Since the MN is allowed to change its point of attachment, it is highly mandatory to ensure and authenticate the current point of attachment. As a form of remote redirection that involves all the mobility entities, the registration part is very crucial and must be guarded against any malicious attacks that might try to take illegitimate advantages from any participating principals. Hence, the major requirements of Mobile IPv6 environment are providing fault-tolerant services and communication security. Apart from the above said basic requirements, the Mobile IP framework should have the following characteristics: 1) The current communication architecture must not be changed. 2) The mobile node hardware should be simple and does not require complicated calculations. 3) The system must not increase the number of times that communication data must be exchanged. 4) All communication entities are to be highly authenticated 5) Communication confidentiality and location privacy are to be ensured and 6) Communication data must be protected from active and passive attacks. Based on the above said requirements and goals, this paper proposes “A secure and fault-tolerant framework for Mobile IPv6 based networks” as a complete system architecture and an extension to Mobile IPv6 that supports reliability and offers solutions to the registration security problems. The key features of the proposed approach over other approaches are:

Keywords-Mobility Agents; VPN; VHAHA; Fault-tolerance; Reliability; Self-certified keys; Confidentiality; Authentication; Attack prevention



As mobile computing has become a reality, new technologies and protocols have been developed to provide mobile users the services that already exist for non-mobile users. Mobile Internet Protocol (Mobile IP) [1, 2] is one of those technologies that enables a node to change its point of attachment to the Internet in a manner that is transparent to the application on top of the protocol stack. Mobile IP based system extends an IP based mobility of nodes by providing Mobile Nodes (MNs) with continuous network connections while changing their locations. In other words, it transparently provides mobility for nodes while backward compatible with current IP routing schemes by using two types of Mobility Agents (MA), the Home Agent (HA) and the Foreign Agent (FA). While HA is responsible for providing permanent location to each mobile user, the FA is responsible for providing CareOf-Address (COA) to each mobile user who visits the Foreign Network. Each HA maintains a Home Location Register (HLR), which contains the MN’s Home Address, current COA, secrets and other related information. Similarly, FA maintains Visitors Location Register (VLR) which maintains information about the MNs for which the FA provides services. When the MN is within the coverage area of HA, it

46 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

better survivability, transparent failure detection and recovery, reduced complexity of the system and workload, secure data transfer and improved overall performance. Despite its practicality, the proposed framework provides a scalable solution for authentication, while sets minimal computational overhead on the Mobile Node and the Mobility agents. II. EARLIER RESEARCH AND STUDIES Several solutions have been proposed for the reliability problem. The proposals that are found in [3-8] are for Mobile IPv4 and [9-15] are for Mobile IPv6 based networks. The architecture and functionality of Mobile IPv4 and Mobile IPv6 are entirely different. Hence, any solutions that are applicable for Mobile IPv4 can not be applicable for Mobile IPv6 for the reason cited here: In mobile IPv4, the single HA at the Home Link serves the MN which makes the Mobile IPv4 prone to single point of failure problems. To overcome this problem, the Mobile IPv4 solutions propose HA redundancy. But in Mobile IPv6, instead of having single HA, the entire Home Link would serve the MNs. The methods proposed in [9, 10, 11, 12] are providing solutions for Mobile IPv6 based networks. In Inter Home Agent Redundancy Protocol (HAHA) [9], one primary HA will provide service to the MNs and Multiple HAs from different Home Links are configured as Secondary HAs. When the primary HA failed, the secondary HA will be acting as Primary HA. But, the registration delay is high and the approach is not transparent to MNs. The Home Agent Redundancy Protocol (HARP) proposed in [10] is similar to [9], but here all redundant HAs are considered from the same domain. The advantages of this approach are registration delay and computational overhead are less when compared to the other methods. But, the drawback of this approach is that the Home link is the single point of failure. The Virtual Home Agent Redundancy Protocol (VHARP) [11, 12, 13] is similar to [10], but it deals with load balancing issues also. In [14], the reliability is provided by using two HAs in the same Home link. The primary and the secondary HAs are synchronized by using transport layer connections. This approach provides transparency and load balancing. Also, registration delay and service interruptions are less. But, if the Home Link or both HAs are failed, then the entire network will be collapsed. Moreover, none of the above said approaches deals with the registration security even if it plays a crucial role. Registration in mobile IP must be made secure so that fraudulent registration can be detected and rejected. Otherwise, any malicious user in the internet could disrupt communications between the home agent and the mobile node by the simple expedient of supplying a registration request containing a bogus care-of-address. The secret key based authentication in Base Mobile IP is not scalable. Besides, it also can’t provide non-repudiation that seems likely to be demanded by various parties, especially in commercial settings. Many proposals are available to overcome the above said problems which can be broadly classified under the following

categories: (i) Certificate Authority – Public key Infrastructure (CA-PKI) based protocol [15] (ii) Minimal public key based protocol [16] (iii) Hybrid technique of Secret and CA-PKI based protocol [17] and (iv) Self-certified public key based protocols [18]. (i) CA-PKI based mechanisms define a new Certificate Extension message format with the intention to carry information about Certificates, which now must always be appended in all the control messages. Due to high computational complexity, this approach is not suitable for wireless environment. (ii) The Minimal Public key based method aims to provide public key based authentication and a scalable solution for authentication while setting only minimal computing on the mobile host. Even if this approach uses only the minimal public key based framework to prevent the replay attack, the framework must be executed by using complex computations due to the creation of digital signatures at the MN. This increases the computational complexity at the MN. (iii) Hybrid technique of Secret and CA-PKI based protocol proposes the secure key combine minimal public key besides producing the communication session key in mobile node registration protocol. The drawback of this approach is found to be the registration delay. When compared to other protocols, this approach is considerably increasing the delay in registration. In addition to that, the solution to the location anonymity is only partial. (iv) Providing strong security at the same time reducing the Registration delay and Computational complexity is an important issue in Mobile IP. Hence, for the first time selfcertified public keys are used in [18, 19] which considerably reduce the time complexity of the system. But, this proposal does not address the authentication issues of CN, Binding Update (BU) messages which lead to Denial-Of-Service attack and impersonation problems. Based on the above discussions, it is observed that a secure and fault-tolerant framework is mandatory which will tolerate inter home link failures and ensure secure registration that should not increase registration overhead and computational complexity of the system. III. PROPOSED APPROACH This paper proposes a fault-tolerant framework and registration protocol for Mobile IPv6 based networks to provide reliability and security. The solution is based on interlink HA redundancy and self certified keys. The proposal is divided into two major parts: (i) Virtual Home Agent Redundancy (VHAHA) architecture design and (ii) VHAHA Registration protocol. The first part proposes the design of fault-tolerant framework while the second part ensures the secure registration with the Mobility Agents. This proposed approach provides reliability and security by introducing extension to overall functionality and operation of current Mobile IPv6. The advantages of this approach are: reliable Mobile IPv6 operations, better survivability, transparent failure detection and recovery, reduced complexity of the system and workload,

47 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Figure 1. VHAHA Architecture

secure data transfer and improved overall performance. The results are also verified by performing simulation. The simulation results show that with minimal registration delay and computational overhead the proposed approach achieves the desired outcome. IV.

The design of VHAHA framework is divided into three major modules: (i) Architecture design (ii) VHAHA Scenario and data transmission and (iii) Failure detection and recovery algorithm. A. Architecture design The architecture of the proposed protocol is given in Fig. 1. As part of Mobile IPv6, multiple Home Links are available in the network and each Home Link consists of multiple HAs. In this approach, one HA is configured as Active HA, some of the HAs are configured as Backup HAs and few other HAs are configured as Inactive HAs from the Home Link. The Active HA provides all Mobile IPv6 services, the Inactive HA provides minimal set of services and Backup HA provides mid range of services. VHAHA requires that for each MN there should be at least two HAs (one active HA and the other could be any one of the backup HA) holding its binding at any instance of time. The functionalities of these HAs are given below: Active HA: There must be a HA on the Home Link serving as the Active HA. Only one HA could act as Active HA at any instance of time. The active HA maintains the Binding cache, which stores the mobility bindings of all MNs that are registered under it. This will hold [0-N] mobility bindings. This is responsible for data delivery and exclusive services. The exclusive services mainly include Home Registration, Deregistration, Registration, Registration-refresh, IKE and DHAD. Besides these, it provides regular HA services such as

Tunneling, reverse Tunneling, Return Routability and IPv6 neighbor discovery. Backup HA: For each MN, there will be at least two HAs which will be acting as backup HAs (no limits on maximum no. of HAs). The purpose of Backup HA is to provide continuous HA services in case of HA failures or overloading. The back up HA could hold [1-N] bindings in its binding cache. This provides all the services of Active HA except the exclusive services. Inactive HA: Inactive HAs will not hold any Mobility Bindings and it provides only limited services from Backup HA services since any HA in the Home Link can act as Inactive HA. The VHAHA is configured with static IP address that is referred as Global HA Address. The Global HA address is defined by the Virtual Identifier and a set of IP addresses. The VHAHA may associate an Active HA’s real IP address on an interface with the Global HA address. There is no restriction against mapping the Global HA address with a different Active HA. In case of the failure of an Active HA, the Global address can be mapped to some other backup HA that is going to act as active HA. If the Active HA becomes unavailable, the highest priority Backup HA will become Active HA after a short delay, providing a controlled transition of the responsibility with minimal service interruption. Besides minimizing service interruption by providing rapid transition from Active to Backup HA, the VHAHA design incorporates optimizations that reduce protocol complexity while guaranteeing controlled HA transition for typical operational scenarios. The significant feature of this architecture is that, the entire process is completely transparent to MN. The MN knows only the Global HA address and it is unaware of the actual Active HA. It also does not know about the transition between backup and active HAs.

48 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009


VHAHA Scenario Two or more HAs (One active HA and minimum of one backup HA) from each Home Link are selected. Then Virtual Private Network (VPN) [20, 21, 22, 23] is constructed among the selected HAs through the existing internetworking. This VPN is assigned with Global HA address and it will act as Global HA. HAs of the VPN will announce their presence by periodically multicasting Heart Beat messages inside the VPN. So, each HA will know the status of all other HAs in the Private network.

of the MN (Fig. 2. Step 4). Finally, the COA decapsulate and send the packet (Fig. 3d) to the MN using base Mobile IPv6 (Fig. 2. Step 5). C. Failure detection and Recovery In contrast to Mobile IPv6 and other approaches, failure detection and tolerance is transparent to the MN. Since the MN is unaware of this process, over-the-air (OTA) messages are reduced, the complexity of the system is reduced and the performance is improved. The failure detection and recovery algorithm is illustrated in procedure 1. __________________________________________________ Begin Calculate the priority for HAs that are part of Virtual Private Network (Current mobility bindings of HAi x workload(HAi) Current Throughput) / (Maximum no. of mobility bindings of HAi x Maximum Throughput) Priority(HAi) 1/workload(HAi) If(HAs failed to receive heartbeats from HAx) HAx Faulty If(HAx == Faulty) Then Delete entries of HAx from the tables of all HAi, where 1≤i≤n, i≠x If(HAx == Active HA) Then Activate exclusive services of Backup HA Active HA Backup HA with highest priority Backup HA Select_Backup_HA (Inactive HA with highest priority), activate the required services and acquire the binding details from primary HA to synchronize with it If(HAx == Backup HA) Then Backup HA Select_Backup_HA(Inactive HA with highest priority), activate the required services and acquire the binding details from primary HA to synchronize with it. If(HAx == Inactive HA) Then Do nothing till it recovers, if it permanently goes off; select an Inactive HA from the Home Link of HAx End __________________________________________________
Procedure 1: Failure detection and Recovery

Figure 2. VHAHA Scenario.

The scenario of VHAHA protocol is given in Fig. 2. The protocol works at layer 3. In this approach, the HAs are located in different Home Links still sharing the same subnet address. The shared subnet address is known as Global HA address and the HAs in inter home link are identified by using Local HA addresses. The data destined to the MN will be addressed to the Global HA address of the MN, which will be decapsulated by the Active HA and forwarded to the MN appropriately using base Mobile IP. The various steps in forwarding the data packets are illustrated in Fig. 2.

Figure 3. Packet Formats

The packet formats are shown in Fig. 3. As in Mobile IPv6, the CNs and MNs only know about the Global HA address. The packet (Fig. 3a) addressed to the MN from CN (Fig. 2. Step 1) will be directed to the Home Network using the Global HA address (Fig. 2. Step 2) of the MN. Here, the Home Network refers to the VPN that is constructed by using the above procedure. Once the packet reaches the Global HA address, all HAs that belong to Global HA address will hear the packet and the one which is closer to the MN and has less workload will pick up (Fig. 2. Step 3) the packet (Fig. 3b) using the internal routing mechanism. Then the packet will be routed to the Active HA and this Active HA will do the required processing and tunnel the packet (Fig. 3c) to the COA

The workload of each HA in the VPN is calculated based on the number of mobility bindings associated with each HA. This workload is used for setting priority for the HAs. The priority is dynamically updated based on the changes in the number of mobility bindings. The heartbeat messages are exchanged among the HAs at a constant rate. These heartbeat messages are used for detecting the failure. When any HA fails, it will not broadcast the heartbeat message and all other HAs will not receive the heartbeats from the faulty one. Hence, the failure of the faulty HA can be detected by all other HAs that are part of the VPN. Once the failure is detected, entry of that faulty HA will be deleted from all other HAs that are part of the Global HA

49 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009
TABLE I. Metrics Recovery overhead Fault tolerance mechanism Fault tolerant Range Transparency OTA messages exchanged for recovery MIPv6 High No No No More COMPARISON OF VHAHA WITH OTHER APPROACHES HAHA No MN initiated Covers entire range No More HARP No MN initiated Limited to Home Link No Less VHARP No HA initiated Limited to Home Link Yes Nil TCP No HA initiated Limited to Home Link Yes Nil VHAHA No HA initiated Covers entire range Yes Nil

subnet. Then, if the faulty HA is Active HA, based on the priority of backup HAs anyone of the backup HA with the highest priority will be mapped to Active HA by activating its exclusive services. Now, the new Active HA will be the owner of the Global HA address. If the faulty HA is a backup HA then anyone of the Inactive HA will be set as the corresponding backup HA by activating the required services and acquiring binding cache entries from the Primary HA. If the Inactive HA is failed then nothing needs to be done. But if it permanently goes off, then any other HA from the link will be set as Inactive HA. The significant feature of this approach is that the Global HA address will never change. Based on the availability of the Active HA, the Global HA address will be mapped to the appropriate backup HA. The CN and the MN would know only the Global HA address and do not know any thing about this mapping of addresses. All other internal mappings will be handled by the VHAHA’s internal routing mechanism. D. Performance Evaluations The proposed protocol will introduce certain amount of overhead in the network to construct the Virtual Network and to provide reliability. Hence, the performance of the proposed approach depends on two overheads: (a) Time and (b) Control message overhead. In the proposed approach, these two overheads depend on the following four factors: (1) VHAHA configuration (2) Home Registration (3) failure detection and recovery and (4) Over-the-air communication between MNs and Mobility Agents. 1) VHAHA configuration: The VHAHA is configured only during the initialization of the network and it will be updated only when the inactive HA fails. This happens to be a rare case, since most of the implementations will not take any action if the Inactive HA fails and let the Inactive HA to heal automatically because it will not affect the overall performance. Hence, this can be considered as one time cost and it is negligible. The Time complexity and message complexity introduced to the over all systems are negligible. 2) Home Registration: This factor depends on the total numbers and locations of Active, Backup and Inactive HAs that are part of VHAHA network. The registration messages include the number of messages required for the MN to get registered with the Active HA and the control messages required by the Active HA to update this information in all other backup and Inactive HAs of the MN. In the proposed approach, the Initial registration of the MN should take place

with the Global HA address instead of with a single HA. Hence, this delay will be high when compared to the normal Mobile IP registration. The initial registration delay includes the time taken by the MN to get registered with the Active HA and the time taken by the Active HA to update this information in all other backup HAs. The Time Complexity is O (D log3k) and Message Complexity is O (|1| + klog3k), where ‘D’ is the diameter of VHAHA and ‘k’ is number of active, backup and Inactive HAs of the MN. 3) Failure detection and Recovery overhead: The failure is detected when heartbeats are not received from a particular HA for a particular period of time (T). The heartbeat is actually multicasted using the multicast address. The number of heartbeats exchanged depends on ‘T’ and the time taken to detect the failure depends on the speed of the underlying wired network. After the failure is detected, it requires just a single message to switch over to the backup HA and the time taken is negligible. The Time Complexity is O (D log3n) and the Message Complexity is O (|L| + nlog3n), where ‘D’ is the diameter of VHAHA, ‘n’ is number of HAs that are part of VHAHA and ‘L’ represents the number of links that constitute VHAHA. 4) Over-the-air messages: This is very important factor because it is dealing with the air interface which is having less bandwidth. When OTA messages are increased performance of the system will be degraded. But in the proposed approach, the MN is not involved in failure detection and recovery process, so no OTA messages are exchanged during this process. The time and message complexity introduced by this factor is Nil. From the above description, it is observed that the performance of VHAHA is directly proportional to the speed of the wired network because the proposal only involves the wired backbone operations. Actually, this is not a fair constraint because bandwidth of the network is very high thanks to the high speed and advanced networks. Simulation Results and Analysis The proposed approach is compared with Simple Mobile IPv6, HAHA, HARP, VHARP, and TCP. The comparison results are given in Table 1. From the comparisons, it is found that VHAHA is persistent and has less overhead when compared to other approaches. Simulation experiments are performed to verify the performance of the proposed protocol. It is done by extending E.

50 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

the Mobile IP model given in ns-2 [24]. MIPv6 does not use any reliability mechanism; hence the time taken to detect and recover from the failure will be high. TCP, VHARP and VHAHA take almost same time to recover from the failure. This is in the case of the HAs from the same link fail. But, when the entire network fails, only the VHAHA survives. All other methods will collapse. The following parameters are used to evaluate the performance. (i) Failure detection and Recovery time when a HA fails in the Home Link (ii) Failure detection and Recovery time when entire Home Link fails (iii) Home Registration delay (iv) Packet loss (v) Number of messages exchanged during registration and (vi) Failure detection and Recovery messages. The simulation results are shown in Figures 4, 5, 6, 7, 8 and 9. The results are also compared with Mobile IPv6, TCP and VHARP to analyze the performance of the proposed approach. 1) Failure detection and Recovery time when a HA fails in the Home Link: When a particular HA is failed, all other HAs will not hear the heartbeat messages. When the heartbeat message from a particular HA is missed continuously for three times, then it is decided that the particular HA is a faulty HA. Once the failure is detected, the corresponding backup HA will be activated by the Recovery procedure. The failure detection and recovery time (TFD-R) is calculated by using the equation (1).

previous section. But TCP and VHARP will collapse and Failure detection and Recovery will be left to MNs.
120 Failure detection & Recovery time (sec). 110 100 90 80 70 60 50 40 30 20 10 0
10 00 80 00 20 00 30 00 40 00 0


No.of MNs

Figure 5. Comparison of Failure detection and recovery time, when the entire Home Link fails

This situation is represented in Fig. 5, where VHAHA’s Recovery time is almost equal to the previous scenario. But, TCP and VHARP approaches fail to handle the situation and Recovery time is very high which is equal to that of base MIPv6. 3) Registration delay: The registration delay is calculated by using the equation (2). The Active HA Registration delay is equal to that of base MIPv6. Nowadays, the bandwidth of the core network is very high and hence the propagation delay of the VHAHA is very less. The values are given in Fig. 6 and it is compared with other protocols.
reg .delay = reg .delay
130 120 110 100 Registration time (sec) 90 80 70 60 50 40 30 20 10 0 10000 1000 2000 3000 4000 5000 6000 7000 8000 9000 0 MIP v6 T CP VHARP VHAHA

T FD _ R = 3T H + prop .delayOfVHA HA (1)
where TH represents the time required to hear the heartbeat messages by HAs.
120 Failure detection & Recovery time (sec) 110 100 90 80 70 60 50 40 30 20 10 0
10 00 20 00 30 00 40 00 80 00 0

Active − HA

+ prop .delayOfVHA HA (2)


No.of MNs

Figure 6. Comparison of Home Registration delay

No.of MNs

Figure 4. Comparison of Failure detection and recovery time, when a HA fails in the Home Link

The Fig. 4 shows the TFD_R of VHAHA and other protocols. Base Mobile IPv6 does not take any action for failure detection and Recovery of HAs. This needs to be handled by MN itself. Because of that, the time taken for failure detection and Recovery is very high. This causes service interruption to MNs that are affected by the faulty HA. Other schemes like TCP, VHARP and VHAHA handle the problem and almost take same amount of time for failure detection and Recovery. 2) Failure detection and Recovery time when entire Home Link fails: The proposed protocol constructs VPN by considering HAs from different Home links. Hence, when one Home Link fails completely also, the proposed approach handles the problem in normal manner as described in

4) Packet loss: The packet losses of the compared protocols are represented in Fig. 7. From the Figure, it is inferred that packet loss in the proposed approach is very less when compared with MIPv6, TCP and VHARP, because it is able to handle both intra link and interlink failures.

Packet Loss(pkts/sec)

1 1000




0.1 No. of MNs

Figure 7. Comparison of Packet Loss

51 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

5) Number of messages exchanged during registration: This includes number of messages required to register with the Active HA and Binding Update messages to the backup HA during the Initial Registration, FA Registration and deregistration. Again, the bandwidth of the core network is very high and hence delay experienced by the MN will be negligible. This is illustrated in the Fig. 8. From the Figure, it is found that the number of messages exchanged in VHAHA is somewhat high when compared to base protocol but it is comparable with the VHARP protocol.
80000 No. of msgs exchanged during Home Registration.. 70000 60000 50000 40000 30000 20000 10000 0 250s---> Simulation time

prescribed; please do not alter them. You may note peculiarities. For example, the head margin in this template measures proportionately more than is customary. This measurement and others are deliberate, using specifications that anticipate your paper as one part of the entire proceedings, and not as an independent document. Please do not revise any of the current designations. V. VHAHA SECURE REGISTRATION The VHAHA secure registration protocol is based on self certified keys. Self-certified public keys were introduced by Girault. In contrast to the traditional public key infrastructure (PKI), self-certified public keys do not require the use of certificates to guarantee the authenticity of public keys. The authenticity of self-certified public key is verified implicitly by the proper use of the private key in any cryptographic applications in a logically single step. Thus, there is no chain of certificate authorities in self-certified public keys. This property of the self certified keys optimizes the registration delay of the proposed protocol at the same time ensuring registration security. A. VHAHA Secure Registration Protocol The proposed protocol is divided into three different parts: (i) Mobile node’s initial registration with home network (ii) Registration protocol of MN (from Foreign Network) with authentication and (iii) Authentication between MN and CN. The MN’s initial registration part deals with how the MN is initially registered with its Home Network. First, the identity of the MN is verified and other details like nonce, Temporary Identity and secret key between MN and HA will be assigned to the MN. __________________________________________________ a. Mobile node initial registration with home network(VHAHA) (IR1) Verify the Identity of the MN (IR2) Allocate nonce, Temporary ID(H(IDMN//NHA) and shared secret KMN-HA (IR3) Transfer these details to the MN through secret channel and also store in the HA’s database.


Figure 8. Comparison of no. of msgs exchanged during Home Registration

6) Failure detection and Recovery messages: This is represented in Fig 9. Here, also the complexity of the VHAHA is approximately equal to that of VHARP while TCP based mechanism is having less complexity and the base protocol is having the maximum complexity.
250000 No. of Failure detection & Recovery msgs exchanged






0 250s---> Simulation time

Figure 9. Comparison of no. of failure detection and Recovery messages


Observation From the results and analysis, it is observed that the proposed approach outperforms all other reliability mechanisms because it survives even when the entire Home link fails. The overhead and complexity introduced by the proposed approach is almost negligible when compared to other existing recovery mechanisms. The failure detection and recovery overhead imposed by the proposed approach is increased by 2% when compared to VHARP. The home registration delay is also increased by 2% when compared to VHARP. The packet loss in the proposed approach is reduced by 25% when compared to all other approaches. The template is used to format your paper and style the text. All margins, column widths, line spaces, and text fonts are

b. Registration protocol of MN (from Foreign Network) with authentication Agent Advertisement: (AA1) FA MN: M, where M1 = Advertisement, FAid, MNCoA, NFA,wF Registration: (R1) MN FA: M2, <M2>KMN-HA where M2 = Request, Key-Request, FAid, HAid, MNCoA, NHA, NMN, NFA, H(IDMN || NHA), wH (R2) FA: (upon receipt of R1) • Validate NFA and Compute the key KFA-HA
K FA−HA = H1 [ (wH
h( I H ) h + I H ) xF mod n] = H1 [(wH ( HAid ) + HAid ) xF . mod n]


Compute MAC

52 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

(R3) FA HA: M3 , <M3>KFA-HA, where M3 = M2, <M2>KMN-HA , FAid, wF (R4) HA: (upon receipt of R3) • Check whether FAid in M3 equals FAid in R1. • Compute the key,
K FA−HA = H1 [ (wF
h( I H ) h + I F ) xH mod n] = H1 [(wF ( FAid ) + FAid ) xH . mod n]

Compute MAC* and compare it with MAC value received. This is the authentication of FA by HA • Check the identity of the MN in HA’s database. • Produce new nonce NHA’, new Temporary ID(H(IDMN|| NHA’)) and new session key K’MN-FA and overlay the details in database. (R5) HA FA: M4, <M4>KFA-HA If IDMN is found out in HA’s dynamic parameter database, M4=M5, <M5>KMN-HA, NFA, {KMN-FA}KFA-HA Else, M4 = M5, <M5>K0MN-HA, NFA, {KMN-FA}, KFA-HA M5 = Reply, Result, Key-Reply, MNHM, HAid, N’HA,NMN (R6) FA: (upon receipt of R5) • Validate NFA • Validate <M4>KFA-HA with KFA-HA. This is the authentication of FA to HA. • Decrypt {KMN-FA}KFA-HA with KFA-HA and get the session key KMN-FA (R7) FA MN: M5, <M5>KMN-HA (R8) MN: (upon receipt of R7) • Validate NMN • Validate <M5>KMN-HA with the secret key, KMNHA used in R1. This is the authentication of MN to HA. • c. Authentication between MN and CN (A1) MN HA2: M1 <M1>KMN-HA2, where M1=Auth-Request, MNCOA, CNCOA, NMN, wMN (A2) HA2: (Upon receipt of A1) • Validate NMN, and compute MAC HA2 CN: M2 <M2>KHA2-CN , where M2= • M1 <M1>KMN-HA2 (A3) CN MN: M3 <M3>KCN-MN, wCN, where M3 =Auth-Response, MNCOA, CNCOA, h(NMN) • Validate MAC and nonce. This is the authentication of HA2 and MN by CN. • Compute KCN-MN (A4) MN: (Upon receipt of A3) • Validate MAC and nonce. This is the authentication of HA2 and CN by MN. • Compute KCN-MN __________________________________________________ Procedure 2: VHAHA Secure Registration Protocol The second part deals with how the MN is registered with the Foreign Network when it roams away from the Home Network. There is no change in Agent advertisement part

except that the MN authenticates the FA using its witness value. And, in Registration part, instead of passing the MN’s actual identity, it is combined with nonce and then hashed. This provides the location anonymity. Also, the witness value is passed which enables the calculation of shared secrets. The third part deals with the authentication between MN and CN. This authentication enables the MN to communicate with the CN directly which resolves the triangle routing problem. First MN sends the authentication request to the Home Agent (HA2) of the MN. There the HA2 verifies and authenticates the MN and forward the message to CN. The CN validates the MN, calculates the shared secret and sends response to MN. Finally, the MN calculates the shared secret and validates the CN. Then, the MN and CN can directly communicate each other. The details of the proposed protocol are summarized in procedure 2. B. Performance Evaluations In this section, the security aspects of the proposed protocol are analyzed. The following attributes have been considered for the analyses are: (i) Data confidentiality, (ii) Authentication, (iii) Location anonymity and synchronization and (iv) Attack prevention. 1) Confidentiality: Data delivered through the Internet can be easily intercepted and falsified. Therefore, ensuring confidentiality of communication data is very important in Mobile IP environment. The data confidentiality of the various protocols and the proposed one is listed in the Table 2.
TABLE II. Methods Secret key CA-PKI Minimal Public key Hybrid Self certified VHAHA secure Registration

MNFA No No Yes Yes Yes Yes

FAHA No No No Yes Yes Yes

MNHA Yes Yes Yes Yes Yes Yes

CNMN Yes Yes Yes Yes Yes Yes

The proposed approach achieves data confidentiality between all pairs of network components. From the table, it is found that Hybrid and Self certified approaches also provide the same result. But the computational complexities of these protocols are high when compared to the proposed one, due to the usage public keys and dynamically changing secret keys. 2) Authentication: Prior to data delivery, both parties must be able to authenticate one another’s identity. It is necessary to avoid any bogus parties from sending unwanted messages to the entities. The Mobile IP user authentication protocol is different from the general user service authentication protocol. Table 3 shows the authentication analysis of various protocols with the proposed one. From the analysis, it is found that the VHAHA secure registration excels all approaches because it provides authentication between all pairs of the networking nodes.

53 ISSN 1947-5500

TABLE III. Methods Secret key CA-PKI Minimal Public key Hybrid MN-FA None Digital Signature None None None TTP

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

FA-HA None Digital Signature None Digital Signature MAC (Static/ dynamic key) MAC (Static/ dynamic)

MN-HA MAC Digital Signature Digital Signature Symmetric Encryption MAC (dynamic key) MAC (dynamic key)

MN-CN None None None None None MAC (dynamic key)

Self certified VHAHA secure Registration

3) Location Anonymous and Synchronization: The proposed approach uses temporary identity instead of the actual identity of the MNs. Since, the actual location of the MN is not revealed to the outsides environment (i.e. CNs and Foreign links). Similarly, the proposed approach maintains two databases: (i) Initial parameter base and (ii) Dynamic parameter base. These are used for maintaining synchronization between MNs and HAs. The results are given in table 4.
TABLE IV. Methods Secret key CA-PKI Minimal Public key Hybrid Self certified VHAHA secure Registration

Simulation Results and Analysis The system parameters are shown in Table 6. The cryptography operation time on the FA, HA and MN is obtained from [25]. The following parameters are used for the evaluation: (i) Registration delay and (ii) Registration Signaling traffic. 1) Registration delay: The registration delay plays an important role in deciding the performance of the Mobile IP protocol. To strengthen the security of the Mobile IP registration part, the data transmission speed can not be compromised because it will cause the direct impact on the end user. If the delay is high, then the interruption and packet loss will be more. Due to the properties of public keys, naturally the registration delay of these protocols is very high and the packet loss is also high. But certificate based protocols are not based on public keys and thanks to the properties of the certificates, the delay is less. The registration time is calculated by using the equation (3) and the results are given in table 7.


Location anonymity No No No No No Yes

Synchronization No No No No No Yes

where, RREQMN-FA is the time taken to send the registration request from MN to FA, RREQFA-HA is the time taken to forward the registration request from FA to HA, RREPHA-FA is the time taken to send the registration reply from HA to FA and RREPFA-MN is the time taken to forward the registration reply from FA to MN.
TABLE VI. COMPARISON OF REGISTRATION DELAY RREQ FA-HA (2) 1.004 5.9266 0.9966 16.0565 14.2649 7.64708 RREP HA-FA (3) 1.0144 6.3170 10.8770 15.011 1.0176 1.0156 RREP FA-MN (4) 2.7031 7.6457 7.7466 2.8007 2.8402 2.7615 Delay (ms) (1)+(2)+ (3)+(4) 7.4406 27.5312 22.4322 36.6625 21.6023 14.8056

Methods Secret key CA-PKI Minimal Public key Hybrid Self certified VHAHA Registrat -ion

RREQ MN-FA (1) 2.7191 7.6417 2.8119 2.7934 3.4804 3.3813

4) Attack Prevention: The following attacks are considered for the analysis: (i) Replay attack (ii) TCP Splicing attack (iii) Guess attack (iv) Denial-of-Service attack (v) Manin-the-middle attack and (vi) Active attacks. Table 5 shows the attack prevention analyses of the various approaches.
TABLE V. Methods Secret key CA-PKI Minimal Public key Hybrid Self certified VHAHA secure Registrat -ion Replay No No Yes Yes Yes Yes

Splic -ing No Yes No Yes Yes Yes

Guess No No No Yes Yes Yes

DOS No Yes Yes Yes Yes Yes

Man in middle Yes Yes Yes Yes Yes Yes

Active Yes Yes Yes Yes Yes Yes

2) Registration Signaling Traffic: The computation overhead depends on the amount of traffic (i.e. the packet size) that is to be transmitted to successfully complete the registration. If the amount of signaling traffic is high means, computational complexity at the MN and the mobility agents will be high. The signaling traffic of the various protocols considered for comparison are computed and given in Table 8. From the table, it is observed that VHAHA secure registration is having the lowest traffic. Hence complexity is less both at MNs and Mobility Agents. Because of the lowest traffic, the bandwidth consumption is comparatively less.

54 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009
TABLE VII. Methods Secret key CA-PKI Minimal Public key Hybrid Self certified VHAHA Registration COMPARISON OF REGISTRATION TRAFFIC MNFA 50 224 178 66 226 206 FAHA 50 288 178 578 404 364 HAFA 46 64 174 582 124 108 FAMN 46 128 174 66 70 54 Size (bytes) 192 704 704 1292 824 732 [4] R. Ghosh, and G. Varghese, “Fault Tolerant Mobile IP,” Washington University, Tech nical Report (WUCS-98-11),1998. [5] J. Ahn, and C. S. Hwang, “Efficient Fault-Tolerant Protocol for Mobility Agents in Mobile IP,” in Proc. 15th Int. Parallel and Distributed Processing Symp., California, 2001. [6] K. Leung, and M. Subbarao, “Home Agent Redundancy in Mobile IP,” IETF Draft, draft-subbarao-mobileipredundancy-00.txt, June 2001. [7] M. Khalil, “Virtual Distributed Home Agent Protocol(VDHAP),” U.S.Patent 6 430 698, August 6, 2002. [8] J. Lin, and J. Arul, “An Efficient Fault-Tolerant Approach for Mobile IP in Wireless Systems,” IEEE Trans. Mobile Computing, vol. 2, no. 3, pp. 207-220, July-Sept. 2003. [9] R. Wakikawa, V. Devarapalli, and P.Thubert, “Inter Home Agents Protocol (HAHA),” IETF Draft, draft-wakikawamip6- nemo-haha-00.txt, October 2003. [10] F. Heissenhuber, W. Fritsche, and A. Riedl, “Home Agent Redundancy and Load Balancing in Mobile IPv6,” in Proc. 5th International Conf. Broadband Communications, Hong Kong, 1999. [11] Deng, H. Zhang, R. Huang, X. and K. Zhang, “Load balance for Distributed HAs in Mobile IPv6”, IETF Dreaft, draft-wakikawa-mip6nemo-haha-00.txt, October 2003. [12] J. Faizan, H. El-Rewini, and M. Khalil, “Problem Statement: Home Agent Reliability,” IETF Draft, draftjfaizan- mipv6-ha-reliability-00.txt, November 2003. [13] J. Faizan, H. El-Rewini, and M. Khalil, “Towards Reliable Mobile IPv6” Southern Methodist University, Technical Report (04-CSE-02), November 2004. [14] Adisak Busaranun1, Panita Pongpaibool and Pichaya Supanakoon, “Simple Implement of Home Agent Reliability for Mobile IPv6 Network”, Tencon, November 2006. [15] S. Jacobs, “Mobile IP Public Key based Authentication,”http: // search / /internet drafts / draft jacobs-mobileip-pkiauth- 01.txt. 1999. [16] Sufatrio and K.Y. Lam, “Mobile-IP Registration Protocol: a Security Attack and New Secure Minimal Pubic-key based Authentication,” Proc.1999 Intnl. Symp. Parallel Architectures, Sep. 1999. [17] C.Y. Yang and C.Y. Shiu, “A Secure Mobile IP Registration Protocol,” Int. J. Network Security, vol. 1, no. 1, pp. 38-45, Jul. 2005. [18] L. Dang, W. Kou, J. Zhang, X. Cao, J. Liu, “Improvement of Mobile IP Registration Using Self-Certified Public Keys.” IEEE Transaction on Mobile Computing, June 2007. [19] M. Girault, “Self-certified Public Keys,” Advances in Cryptology (Proceeding EuroCrypt 91), LNCS, vol. 547, pp. 490-497, SpringerVerlag 1991. [20] T.C. Wu, Y.S. Chang, and T.Y. Lin, “Improvement of Saeedni’s Selfcertified Key Exchange Protocols,” Electronics Letters, vol 34, Issue: 11, pp.1094–1095, 1998. [21] RFC 3069, VLAN Aggregation for Efficient IP Address Allocation. D. McPherson, B. Dykes. February 2001. [22] Ruixi Yuan, W. Timothy Strayer, " Virtual Private Networks: Technologies and Solutions," Addison-Wesley, April 2001. [23] Dave Kosiur, David Kosiur, "Building & Managing Virtual Private Networks," Wiley, October 1998. [24] NS -2 , [25] Wei Dai, “Crypto++ 5.2.1 Benchmarks,” http:// ~weidai/ benchmarks.html. 2004.

Observation The proposed approach does not affect the complexity of the initial registration. But, foreign network registration delay is significantly increased due to the application of security algorithms. From the procedure 2, it is understood that the proposed scheme does not change the number of messages exchanged for the registration process. But, the size of the message will be increased due to the security attributes that are passed along with the registration messages. From the results and analysis, it is observed that the VHAHA secure registration reduces the registration delay overhead by 40% and signaling traffic overhead by 20% when compared to other approaches. VI.


This paper proposes a fault-tolerant and secure framework for mobile IPv6 based networks that is based on inter home link HA redundancy scheme and self-certified keys. The performance analysis and the comparison results show that the proposed approach has less overhead and the advantages like, better survivability, transparent failure detection and recovery, reduced complexity of the system and workload, secure data transfer and improved overall performance. Moreover, the proposed approach is compatible with the existing Mobile IP standard and does not require any architectural changes. This is also useful in future applications like VoIP and 4G. The formal load balancing of workload among the HAs of the VPN is left as future work. REFERENCES [1]
C. Perkins, D. Johnson, and J. Arkko, “Mobility Support in IPv6,” IETF Draft, draft-ietf-mobileip-ipv6-24 August 2003. [2] C. Perkin RFC 3344: “IP Mobility Support for IPv4”, august 2002. [3] B. Chambless, and J. Binkley, “Home Agent Redundancy Protocol,” IETF Draft, draft-chambless-mobileip-harp- 00.txt, October 1997.

55 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

A New Generic Taxonomy on Hybrid Malware Detection Technique
Robiah Y, Siti Rahayu S., Mohd Zaki M, Shahrin S., Faizal M. A., Marliza R.
Faculty of Information Technology and Communication Univeristi Teknikal Malaysia Melaka, Durian Tunggal, Melaka, Malaysia,,,,,

Abstract-Malware is a type of malicious program that replicate from host machine and propagate through network. It has been considered as one type of computer attack and intrusion that can do a variety of malicious activity on a computer. This paper addresses the current trend of malware detection techniques and identifies the significant criteria in each technique to improve malware detection in Intrusion Detection System (IDS). Several existing techniques are analyzing from 48 various researches and the capability criteria of malware detection technique have been reviewed. From the analysis, a new generic taxonomy of malware detection technique have been proposed named Hybrid-Malware Detection Technique (Hybrid-MDT) which consists of HybridSignature and Anomaly detection technique and HybridSpecification based and Anomaly detection technique to complement the weaknesses of the existing malware detection technique in detecting known and unknown attack as well as reducing false alert before and during the intrusion occur.

process. Therefore certain detection mechanisms or technique need to be integrated with IDS correlation process in order to guarantee the malware is detected in the alert log. Hence, the proposed research is to generate a new generic taxonomy of malware detection technique that will be the basis of developing new rule set for IDS in detecting malware to reduce the number of false alarm. The rest of the paper is structured as follows. Section II discuses the related work on malware and the current taxonomy of malware detection technique. Sections III present the classification and the capability criteria of malware detection techniques. Section IV discusses the new propose taxonomy of malware detection technique and. Finally, section V conclude and summarize future directions of this work. II RELATED WORK

Keywords: Malware, taxonomy, Intrusion Detection System. I INTRODUCTION

A. What is Malware? According to [3], malware is a program that has malicious intention. Whereas [4] has defined it as a generic term that encompasses viruses, Trojans, spywares and other intrusive codes. Malware is not a “bug” or a defect in a legitimate software program, even if it has destructive consequences. The malware implies malice of forethought by malware inventor and its intention is to disrupt or damage a system. [5] has done research on malware taxonomy according to their malware properties such as mutually exclusive categories, exhaustive categories and unambiguous categories. In his research he has stated that generally malware is consists of three types of malware of the same level as depicted in Figure 1 which are virus, worm and Trojan horse although he has commented that in several cases these three types of malware are defined as not being mutually exclusive

Malware is considered as worldwide epidemic due to the malware author’s activity to have a finance gain through theft of personal information such as gaining access to financial accounts. This statement has been proved by the increasing number of computer security incidents related to vulnerabilities from 171 in 1995 to 7,236 in 2007 as reported by Computer Emergency Response Team [1]. One of the issues related to this vulnerability report is malware attack which has generated significant worldwide epidemic to network security environment and bad impact involving financial loss. Hence, the wide deployment of IDSs to capture this kind of activity can process large amount of traffic which can generate a huge amount of data. This huge amount of data can exhaust the network administrator’s time and implicate cost to find the intruder if new attack outbreak happen especially involving malware attack. An important problem in the field of intrusion detection is the management of alerts as IDS tends to produce high number of false positive alerts [2]. In order to increase the detection rate, the use of multiple IDSs can be used and correlate the alert but in return it increases the number of alerts to



Trojan horse

Figure 1. General Malware Taxonomy by Karresand

56 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

B. What is Malware Intrusion Detector? Malware intrusion detector is a system or tool that attempts to identify malware [3] and contains malware before it can reach a system or network. Diverse research has been done to detect this malware from spreading on host and network. These detectors will use various combinations of technique, approach and method to enable them to detect the malware effectively and efficiently during program execution or static. Malware intrusion detector is considered as one of the component of IDS, therefore malware intrusion detector is a complement of IDS. C. What is Taxonomy Technique? of Malware Detection

According to [8] and [9], intrusion detection technique can be divided into three types as in Figure 2 which are signature-based or misuse detection, anomaly-based detection and specification-based detection which shall be a major reference in these research. Based on previous worked [8][9][10][11], the characteristics of each techniques are as follows. B. Signature-based detection Signature-based or sometime called as misuse detection as described by [10] will maintain database of known intrusion technique (attack signature) and detects intrusion by comparing behavior against the database. It shall require less amount of system resource to detect intrusion. [8] also claimed that this technique can detect known attack accurately. However the disadvantage of this technique is ineffective against previously unseen attacks and hence it cannot detect new and unknown intrusion methods as no signatures are available for such attacks. C. Anomaly-based detection Anomaly-based detection stated by [10] analyses user behavior and the statistics of a process in normal situation, and it checks whether the system is being used in a different manner. In addition [8] has described that this technique can overcome misuse detection problem by focusing on normal system behavior rather than attack behavior. However [9] assume that attacks will result in behavior different from that normally observed in a system and an attack can be detected by comparing the current behavior with pre-established normal behavior. This detection approach is characterized by two phases which is the training phase and detection phase. In training phase, the behavior of the system is observed in the absence of attack, and machine learning technique is used to create a profile of such normal behavior. In detection phase, this profile is compared against the current behavior, and deviations are flagged as potential attacks. The effectiveness of this technique is affected by what aspect or a feature of system behavior is learnt and the hardest challenge is to be able to select the appropriate set of features. The advantage of this detection technique is that it can detect new intrusion method and capable to detect novel attacks. However, the disadvantage is that it needs to update the data (profiles) describing the user’s behavior and the statistics in normal usage and therefore it tend to be large and therefore need more resources, like CPU time, memory and disk space. Moreover, the malware detector system often exhibit legitimate but previously unseen behavior, which leads to high rate of false alarm D. Specification-based detection Specification-based detection according to [9] will rely on program specifications that describe the intended behavior of security-critical programs. The goal of the policy specification language according to [11] is to provide

To clearly identify the malware detection technique terms in depth, a research on a structured categorization which is call as taxonomy is required in order to develop a good detection tools. Taxonomy is defined in [6] as “a system for naming and organizing things, especially plants and animals, into groups which share similar qualities”. [7] has done a massive survey on malware detection techniques done by various researchers and they have come out with taxonomy on classification of malware detection techniques which have only two main detection technique which are signature-based detection and anomaly-based detection. They have considered the specification-based detection as sub-family of anomaly-based detection. The researcher has done further literature review on 48 various researches on malware detection technique to verify the relevancies of the detection technique especially the hybrid malware detection technique so that it can be mapped into the proposed new generic taxonomy of malware detection technique. Refer to Table IV for the mappings of the literature review with the malware detection technique. III CLASSIFICATION OF MALWARE DETECTION TECHNIQUES

Malware detection technique is the technique used to detect or identify the malware intrusion. Generally, malware detection technique can be categorized into Signature-based detection, Anomaly-based detection and Specification-based detection. A. Overview of Detection Technique

Figure 2. Existing taxonomy of malware detection technique

57 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

a simple way on specifying the policies of privileged programs. It monitors executions program involve and detecting deviation of their behavior from the specification, rather than detecting the occurrence of specific attack patterns. This technique is similar to anomaly detection where they detect the attacks as deviate from normal. The difference is that instead of relying on machine learning techniques, it will be based on manually developed specifications that capture legitimate system behavior. It can be used to monitor network components or network services that are relevant to security, Domain Name Service, Network File Sharing and routers. The advantage of this technique according to [8] is that the attacks can be detected even though they may not previously encounter and it produce low rate of false alarm. They avoid high rate of false alarm caused by legitimatebut-unseen-behavior in anomaly detection technique. However, the disadvantage is that it is not as effective as anomaly detection in detecting novel attacks, especially involving network probing and denial-of-service attacks due to the development of detail specification is time-consuming and hence increase false negative due to attacks may be missed. Table I summarized the advantages and disadvantages of each technique.
TABLE I Comparison of Malware detection techniques

generic taxonomy on malware detection technique. It can be done by analyzing the current malware detection technique and identify the significant criteria within each technique that can improve the IDS problem. As mentioned by [12], IDS has developed issues on alert flooding, contextual problem, false alert and scalability. The characteristic that shall be analyzed in each detection technique is according to the issue listed in Table II.
TABLE II Issue analyzed in IDS

[13] has proposed the criterion of malware detection technique that shall be analyzed against the issue listed in Table II , which are :1. 2. 3. 4. 5. 6. Capability to do alert reduction Capability to identify multi-step attack. Capability to reduce false negative alert. Capability to reduce false positive alert Capability to detect known attack Capability to detect unknown attack

Alert reduction is required in order to overcome the problem of alert flooding or large amount of alert data generated by the IDS. This capability criterion is important in order to reduce the network security officer’s tension in performing troubleshooting when analyzing the exact attacker in their environment. For second criteria, most of the malware detection technique is incapable to detect multi-step attack. Therefore this capability is required as attacker behavior is becoming more sophisticated and it shall involve one to many, many to one and many to many attacks. The third and fourth criteria, most of the IDS have the tendency to produce false positive and false negative alarm.

E. Proposed criteria Technique




Three major detection techniques have been reviewed and the objective of this research is to develop a new

58 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

This false alarm reduction criterion is important as it closely related to alert flooding issue. For fifth and sixth criterion, the capability to detect both known and unknown attack is required to ensure that the alert generated will overcome the issue of alert flooding and false alert. IV DISCUSSION AND ANALYSIS OF MALWARE DETECTION TECHNIQUES

In the current trend, few researches such as [14], [15], [16], [17] and [8] have been found to manipulate this detection technique by combining either Signature-based with Anomaly-based detection technique(Hybrid-SA) or Anomaly-based with Specification-based detection technique (Hybrid-SPA) in order to develop an effective malware detector’s tool. In this paper, a new proposes taxonomy of malware detection technique is proven to be effective by matching the current malware detection technique: Signature-based detection, Anomaly-based detection and Specification-based detection with capability criteria propose by [13] as discussed in section III. This analysis is summarized in Table III.
TABLE III Malware detection technique versus proposed capability criteria (Capable=√, incapable=×)

Figure 3. Proposed generic taxonomy of malware detection technique

To further verify the relevancies of the above proposed generic taxonomy of malware detection technique, the researchers have review on 48 researches of various malware detection techniques which can be mapped to the propose taxonomy in Figure 3. Table IV shows the related literature review in malware detection techniques.
TABLE IV Related literature review in malware detection techniques

Referring to Table III, all of the detection techniques have the same capability to detect known attack. However, anomaly-based and specification-based have the additional capabilities to detect unknown attack. Anomaly-based has the extra capabilities compare to other detection techniques in terms of reducing false negative alert and detecting multistep attack. Nevertheless, it cannot reduce the false positive alert which can only be reduced by using signature-based and specification-based technique. Due to the incapability to reduce either false negative or false positive alert, all of these techniques are incapable to reduce false alert. This has given an implication that there are still some rooms for improvement in reducing false alarm. Based on the analyses, the researcher has propose an improved solution for malware detection technique which can either use combination of signature-based with anomaly-based detection technique (Hybrid-SA) or specification-based with anomaly-based detection technique (Hybrid-SPA) to complement each other weaknesses. These new technique is later on named by the researcher as Hybrid-Malware Detection Technique (Hybrid-MDT) which shall consists of Hybrid-SA detection and HybridSPA detection technique as depicted in Figure 3.



In this study, the researchers have reviewed and analyzed the existing malware detection techniques and match it with the capability criteria propose by [13] to improve the IDS’s problem. From the analysis researcher has proposed a new generic taxonomy of malware detection techniques which is called Hybrid-Malware Detection Technique (Hybrid-MDT) which consists of Hybrid-SA detection and Hybrid-SPA detection technique. Both techniques in Hybrid-MDT shall complement the weaknesses found in Signature-based, Anomaly-based and Specification based technique. This research is a preliminary worked for malware detection. This will contribute ideas in malware detection technique field by generating an optimize rule set in IDS. Hence, the false alarm in the existing IDS will be reduced.

59 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

[1] “CERT/CC Statistics 2008", CERT Coordination Center, Software Engineering Institute, Carnegie Mellon University Pittsburg, PA, 2003. Retrieved August 2008, from: Autrel, F & Cuppens, F (2005), “Using an Intrusion Detection Alert Similarity Operator to Aggregate and Fuse Alerts”, The 4th Conference on Security and Network Architectures, France, 2005. Mihai Christodorescu , Somesh Jha , Sanjit A. Seshia , Dawn Song , Randal E. Bryant, “Semantics-Aware Malware Detection”, Proceedings of the 2005 IEEE Symposium on Security and Privacy, p.32-46, May 08-11, 2005 Vasudevan, A., & Yerraballi, R., “SPiKE: Engineering Malware Analysis Tools using Unobtrusive Binary-Instrumentation”. Australasian Computer Science Conference (ACSC 2006),2006 Karresand, M., “A proposed taxonomy of software weapons” (No. FOI-R-0840-SE): FOI-Swedish Defence Research Agency, 2003. Cambridge, U. P., “Cambridge Advanced Learner’s Dictionary” Online. Retrieved 29 January 2008, from Idika, N., & Mathur, A. P. (2007). A Survey of Malware Detection Techniques. Paper presented at the Software Engineering Research Center Conference, West Lafayette, IN 47907. Sekar, R., Gupta, A., Frullo, J., Shanbhag, T., Tiware, A., & Yang, H., “Specification-based Anomaly Detection: A New Approach for DetectingNetwork Intrusions”, ACM Computer and Communication Security Conference, 2002 Ko, C., Ruschitzka, M., & Levitt, K., “Execution monitoring of security critical programs in distributed systems: A Specificationbased Approach”, IEEE Symposium on Security and Privacy,1997. Okazaki, Y., Sato, I., & Goto, S., “A New Intrusion Detection Method based on Process Profilin”, Symposium on Applications and the Internet (SAINT '02) IEEE, 2002. Ko, C., Fink, G., & Levitt, K., ‘Automated detection of Vulnerabilities in priviliged programs by execution monitoring”, 10th Annual Computer Security Applications Conference, 1994. Debar, H., & Wespi, A., “Aggregation and Correlation of Intrusion Detection Alert”, International Symposium on Recent Advances in Intrusion Detection, Davis, CA, 2001. Robiah Yusof, Siti Rahayu Selamat, Shahrin Sahib, “Intrusion Alert Correlation Technique Analysis for Heterogeneous Log”, IJCNS,2008 Cowan, C., Pu, C., Maier, D., Walpole, J., Bakke, P., Beattie, S., et al, “Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks”, 7th USENIX security Conference, 1998. G.J. Halfond, W., & Orso, A., “AMNESIA: Analysis and Monitoring for NEutralizing Sql-Injection Attacks”, 20th IEEE/ACM International Conference on Automated Software Engineering, 2005. Bashah, N., Shanmugam, I. B., & Ahmed, A. M., ”Hybrid Intelligent Intrusion Detection System”, 2005 World Academy of Science, Engineering and Technology, 2005. Garcia-Teodoro, P., E.Diaz-Verdejo, J., Marcia-Fernandez, G., & Sanchez-Casad, L., “Network-based Hybrid Intrusion Detection Honeysystems as Active Reaction Schemes”, IJCSNS International Journal of Computer Science and Network Security, 7, 2007 A. Hofmeyr, S., Forrest, S., & Somayaji, A. (1998). Intrusion detection using sequences of system calls. Journal of Computer Security, 151-180. Adelstein, F., Stillerman, M., & Kozen, D. (2002). Malicious Code Detection For Open Firmware. Paper presented at the 18th Annual Computer Security Applications Conference (ACSAC '02), IEEE. B. Lee, R., K. Karig, D., P. McGregor, J., & Shi, Z. (2003). Enlisting hardware architecture to thwart malicious code injection. Paper presented at the International Conference on Security in Pervasive Computing (SPC) Bergeron, J., Debbabi, M., Desharnais, J., M., E., M., Lavoie, Y., & Tawbi, N. (2001). Static Detection of Malicious Code in executables programs. International Journal of Req Engineering Bergeron, J., Debbabi, M., M. Erhioui, M., & Ktari, B. (1999). Static Analysis of Binary code to Isolate Malicious Behaviours. Paper presented at the 8th Worksop on Enabling Technologies: Infrastructure for Collaborative Enterprises. Boldt, M., & Carlsson, B. (2006). Analysing Privacy-Invasive SoftwareUsing Computer Forensic Methods. from




[5] [6]


















[24] Castaneda, F., Can Sezer, E., & Xu, J. (2004). Worm Vs. Worm: Preliminary Study of an Active Counter-Attack Mechanism. Paper presented at the 2004 ACM Workshop on Rapid Malcode. [25] Christodorescu, M., & Somesh, J. (2003). Static Analysis of Executables to Detect Malicious Pattern. Paper presented at the 12th USENIX Security Symposium. [26] Debbabi, M., Giasson, E., Ktari, B., Michaud, F., & Tawbi, N. (2000). Secure Self-Certified COTS. Paper presented at the IEEE International Workshops on Enabling Technologies:Infrastructure for Collaborative Enterprises. [27] E. Schechter, S., Jung, J., & W. Berger, A. (2004). Fast detection of scanning worms infections. Paper presented at the 7th International Symposium on Recent Advances in Intrusion Detection (RAID) 2004. [28] Filiol, E. (2006). Malware pattern scanning schemes secure against black-box analysis. Journal of Computer Virol 2, 35-50. [29] Forrest, S., S. Perelson, A., Allen, L., & Cherukuri, R. (1994). SelfNonself Discrimination in a Computer. Paper presented at the IEEE Symposium on Research in Security and Privacy. [30] Ilgun, K., A. Kemmerer, R., & A. Porras, P. (1995, March 1995). State Transition Analysis: A Rule- Based Intrusion Detection Approach. Paper presented at the IEEE Transactions on Software Engineering. [31] Kirda, E., Kruegel, C., Vigna, G., & Jovanovic, N. (2006). Noxes: A client-side solution for mitigating cross-site scripting attacks. Paper presented at the 21st ACM Symposium on Applied computing. [32] Kreibich, C., & Crowcroft, J. (2003). Honeycomb - Creating Intrusion Detection Signatures Using Honeypots. Paper presented at the 2nd Workshop on Hot Topics in Network. [33] Kumar, S., & H. Spafford, E. (1992). A generic virus scanner in C++. Paper presented at the 8th IEEE Computer Security Applications Conference. [34] Lee, W., & J. Stolfo, S. (1998). Data Mining approaches for intrusion detection. Paper presented at the 7th USENIX Security Symposium. [35] Li, W.-J., Wang, K., J. Stolfo, S., & Herzog, B. (2005). Fileprints:Identifying file types by n-gram analysis. Paper presented at the 2005 IEEE Workshop on Information Assurance and Security, United States Military Academy, West Point, NY. [36] Linn, C. M., Rajagopalan, M., Baker, S., Collberg, C., K. Debray, S., & H. Hartman, J. (2005). Protecting against unexpected system calls. Paper presented at the Usenix Security Symposium. [37] Masri, W., & Podgurski, A. (2005, 30 May 2005). Using dynamic information flow analysis to detect attacks against applications. Paper presented at the 2005 Workshop on Software Engineering for secure systems-Building Trustworthy Applications. [38] Milenkovic, M., Milenkovic, A., & Jovanov, E. (2005). Using Instruction Block Signatures to Counter Code Injection Attacks. ACM SIGARCH Computer Architecture News(33), 108-117. [39] Mori, A., Izumida, T., Sawada, T., & Inoue , T. (2006). A Tool for analyzing and detecting malicious mobile code. Paper presented at the 28th International Conference on Software Engineering. [40] Peng, J., Feng, C., & W.Rozenblit, J. (2006). A Hybrid Intrusion Detection and Visualization System. Paper presented at the 13th Annual IEEE International Symposium and Workshop on Engineering of Computer Based Systems (ECBS '06). [41] R. Ellis, D., G.Aiken, J., S.Attwood, K., & D. Tenaglia, S. (2004). A Behavioral Approach to Worm Detection. Paper presented at the 2004 ACM Workshop on Rapid Malcode. [42] Rabek, J. C., Khazan, R. l., Lewandowski, S. M., & Cunningham, R. K. (2003). Detection of Injected, Dynamically Generated, and Obfuscated Malicious Code. Paper presented at the 2003 ACM Workshop on Rapid Malcode. [43] Sekar, R., Bendre, M., Dhurjati, D., & Bollineni, P. (2001). A Fast Automaton-Based Method for Detecting Anomalous Program Behaviours. Paper presented at the IEEE Symposium on security and Privacy. [44] Sekar, R., Bowen, T., & Segal, M. (1999). On preventing intrusions by process behavior monitoring. Paper presented at the USENIX Intrusion Detection Workshop, 1999. [45] Suh, G. E., Lee, J., & Devadas, S. (2004). Secure program execution via dynamic information flow tracking. Paper presented at the International Conference Architectural Support for Programming Languages and Operating Systems,2004. [46] Sulaiman, A., Ramamoorthy, K., Mukkamala, S., & Sung, A. (2005). Malware Examiner using disassembled code (MEDiC). Paper

60 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009
[47] presented at the 20th Annual Computer Security Application Conference (ACSAC'04). Sung, A., Xu, J., Chavez, P., & Mukkamala, S. (2004). Static Analyzer of Vicious Executables. Paper presented at the 20th Annual Computer Security Applications Conferece (ACSAC '04), IEEE T. Giffin, J., Jha, S., & P. Miller, B. (2002). Detecting manipulated remote call streams. Paper presented at the 11th USENIX Security Symposium. Taylor, C., & Alves-Foss, J. (2002). NATE: Network Analysis of anomalous traffic events, a low cost approach. Paper presented at the New Security Paradigm Workshop, New Mexico, USA. W. Lo, R., N. Levitt, K., & A. Olsson, R. (1994). MCF: A Malicious Code Filter. Computers and Society, 541-566. Wagner, D., & Dean, D. (2001). Intrusion Detection via static analysis. Paper presented at the IEEE Symposium on Security and Privacy 2001. Wang, K., & J. Stolfo, S. (2004). Anomalous payload-based network intrusion detection. Paper presented at the 7th International Symposium on (RAID). Wang, Y.-M., Beck, D., Vo, B., Roussev, R., & Verbowski, C. (2005). Detecting Stealth Software with Strider Ghostbuster. Paper presented at the International Conference on Dependable Systems and Networks (DSN '05). Wespi, A., Dacier, M., & Debar, H. (2000). Intrusion detection using variable-length audit trail patterns. Paper presented at the Recent Advances in Intrusion Detection (RAID). Xiong, J. (2004). Act: Attachment chain tracing scheme for email virus detection and control. Paper presented at the ACM Workshop on Rapid Malcode (WORM).



[50] [51]





61 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No.1, 2009

Hybrid Intrusion Detection and Prediction multiAgent System, HIDPAS
Farah Jemili
RIADI Laboratory Manouba University Manouba 2010, Tunisia

Montaceur Zaghdoud
RIADI Laboratory Manouba University Manouba 2010, Tunisia

Mohamed Ben Ahmed
RIADI Laboratory Manouba University Manouba 2010, Tunisia

Abstract— This paper proposes an intrusion detection and prediction system based on uncertain and imprecise inference networks and its implementation. Giving a historic of sessions, it is about proposing a method of supervised learning doubled of a classifier permitting to extract the necessary knowledge in order to identify the presence or not of an intrusion in a session and in the positive case to recognize its type and to predict the possible intrusions that will follow it. The proposed system takes into account the uncertainty and imprecision that can affect the statistical data of the historic. The systematic utilization of an unique probability distribution to represent this type of knowledge supposes a too rich subjective information and risk to be in part arbitrary. One of the first objectives of this work was therefore to permit the consistency between the manner of which we represent information and information which we really dispose. Besides, our system integrates host intrusion detection and network intrusion prediction in the setting of a global antiintrusions system capable to function like a HIDS (Host based Intrusion Detection System) before functioning like NIPS (Network based Intrusion Prediction System). The so proposed anti-intrusions system permits to combine two powerful tools together to permit a reliable host intrusion detection leading to an as reliable network intrusion prediction. In our contribution, we chose to do a supervised learning based on Bayesian networks. The choice of modeling the historic of data with Bayesian networks is dictated by the nature of learning data (statistical data) and the modeling power of Bayesian networks. However, taking into account the incompleteness that can affect the knowledge of parameters characterizing the statistical data and the set of relations between phenomena, the proposed system in the present work uses for the inference process a propagation method based on a bayesian possibilistic hybridization. The so proposed system is adapted to the modeling of reliability with taking into account imprecision.
Keywords-uncertainty; imprecision; host intrusion detection; network intrusion prediction; Bayesian networks; bayesian possibilistic hybridization.

resources [1]. Malicious behavior is defined as a system or individual action which tries to use or access to computer system without authorization and the privilege excess of those who have legitimate access to the system. The term attack can be defined as a combination of actions performed by a malicious adversary to violate the security policy of a target computer system or a network domain [2]. Each attack type is characterized by the use of system vulnerabilities based on some feature values. Usually, there are relationships between attack types and computer system characteristics used by the intruder. If we are able to reveal those hidden relationships, we will be able to predict the attack type. From another side, an attack generally starts with an intrusion to some corporate network through a vulnerable resource and then launching further actions on the network itself. Therefore, we can define the attack prediction process as the sequence of elementary actions that should be performed in order to recognize the attack strategy. The use of distributed and coordinated techniques in attacks makes their detection more difficult. Different events and specific information must be gathered from all sources and combined in order to identify the attack plan. Therefore, it is necessary to develop an advanced attack strategies prediction system that can detect attack strategies so that appropriate responses and actions can be taken in advance to minimize the damages and avoid potential attacks. Besides, the proposed anti-intrusions system should take into account the uncertainty that can affect the data. The uncertainty on parameters can have two origins [3]. The first source of uncertainty comes from the uncertain character of information that is due to a natural variability resulting from stochastic phenomena. This uncertainty is called variability or stochastic uncertainty. The second source of uncertainty is related to the imprecise and incomplete character of information due to a lack of knowledge. This uncertainty is called epistemic uncertainty. The systematic utilization of an unique probability distribution to represent this type of knowledge supposes a too rich subjective information and risk to be in part arbitrary. The system proposed here offers a formal setting adapted to treat the uncertainty and imprecision, while combining probabilities and possibilities. In this paper we propose an intrusion detection and prediction system which recognizes an upcoming intrusion and predicts the attacker’s attack plan and intentions. In our approach, we apply graph techniques based on bayesian



The proliferation of Internet access to every network device, the use of distributed rather than centralized computing resources, and the introduction of network-enabled applications has rendered traditional network-based security infrastructures vulnerable to serious attacks. Intrusion detection can be defined as the process of identifying malicious behavior that targets a network and its

62 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No.1, 2009

reasoning for learning. We further apply inference to recognize the attack type and predict upcoming attacks. The inference process is based on hybrid propagation that takes into account both the uncertain and imprecise character of information. II. RELATED WORK

Several researchers have been interested in using Bayesian network to develop intrusion detection and prediction systems. Axelsson in [5] wrote a well-known paper that uses the Bayesian rule of conditional probability to point out the implications of the base-rate fallacy for intrusion detection. It clearly demonstrates the difficulty and necessity of dealing with false alarms [6]. In [7], a model is presented that simulates an intelligent attacker using Bayesian techniques to create a plan of goal-directed actions. In [8], a naïve Bayesian network is employed to perform intrusion detection on network events. A naïve Bayesian network is a restricted network that has only two layers and assumes complete independence between the information nodes (i.e., the random variables that can be observed and measured). Kruegel in [6] proposed an event classification scheme that is based on Bayesian networks. Bayesian networks improve the aggregation of different model outputs and allow one to seamlessly incorporate additional information. Johansen in [9] suggested a Bayesian system which would provide a solid mathematical foundation for simplifying a seemingly difficult and monstrous problem that today’s Network IDS (NIDS) fail to solve. The Bayesian Network IDS (BNIDS) should have the capability to differentiate between attacks and the normal network activity by comparing metrics of each network traffic sample. Govindu in [10] wrote a paper which discusses the present state of Intrusion Detection Systems and their drawbacks. It highlights the need of developing an Intrusion Prediction System, which is the future of intrusion detection systems. It also explores the possibility of bringing intelligence to the Intrusion Prediction System by using mobile agents that move across the network and use prediction techniques to predict the behavior of user. III. INTRUSION DETECTION AND PREDICTION SYSTEM

There are two general methods of detecting intrusions into computer and network systems: anomaly detection and signature recognition [13,14]. Anomaly detection techniques establish a profile of the subject’s normal behavior (norm profile), compare the observed behavior of the subject with its norm profile, and signal intrusions when the subject’s observed behavior differs significantly from its norm profile. Signature recognition techniques recognize signatures of known attacks, match the observed behavior with those known signatures, and signal intrusions when there is a match. Systems that use misuse-based techniques contain a number of attack descriptions, or ‘signatures’, that are matched against a stream of audit data looking for evidence of the modeled attacks. The audit data can be gathered from the network [15], from the operating system [16], or from application log files [6]. IDSs are usually classified as host-based or network-based. Host-based systems use information obtained from a single host (usually audit trails), while network based systems obtain data by monitoring the trace of information in the network to which the hosts are connected [17]. A simple question that will arise is how can an Intrusion Detection System possibly detect every single unknown attack? Hence the future of intrusion detection lies in developing an Intrusion Prediction System [10]. Intrusion Prediction Systems must be able to predict the probability of intrusions on each host of a distributed computer system. Prediction techniques can protect the systems from new security breaches that can result from unknown methods of attacks. In an attempt to develop such a system, we propose a global anti-intrusions system which detects and predicts intrusions based on hybrid propagation in Bayesian networks . IV. BAYESIAN NETWORKS

A Bayesian network is a graphical modeling tool used to model decision problems containing uncertainty. It is a directed acyclic graph where each node represents a discrete random variable of interest. Each node contains the states of the random variable that it represents and a conditional probability table (CPT) which give conditional probabilities of this variable such as realization of other connected variables, based upon Bayes rule: Π(Β|Α)=Π(Α|Β)Π(Β)/Π(Α) (1) The CPT of a node contains probabilities of the node being in a specific state given the states of its parents. The parentchild relationship between nodes in a Bayesian network indicates the direction of causality between the corresponding variables. That is, the variable represented by the child node is causally dependent on the ones represented by its parents [18]. Several researchers have been interested by using Bayesian network to develop intrusion detection systems. Axelsson in [5] wrote a well-known paper that uses the Bayesian rule of conditional probability to point out the implications of the base-rate fallacy for intrusion detection. It clearly demonstrates the difficulty and necessity of dealing with false alerts.

The detection of certain attacks against a networked system of computers requires information from multiple sources. A simple example of such an attack is the so-called doorknob attack. In a doorknob attack the intruder’s goal is to discover, and gain access to, insufficiently-protected hosts on a system. The intruder generally tries a few common account and password combinations on each of a number of computers. These simple attacks can be remarkably successful [12]. An Intrusion Detection system, as the name suggests, detect possible intrusions [13]. An IDS installed on a network is like a burglar alarm system installed in a house. Through various methods, both detect when an intruder/attacker/burglar is present. Both systems issue some type of warning in case of detection of presence of burglar/intrusion [10].

63 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No.1, 2009

Kruegel in [1] presented a model that simulates an intelligent attacker using Bayesian techniques to create a plan of goal-directed actions. An event classification scheme is proposed based on Bayesian networks. Bayesian networks improve the aggregation of different model outputs and allow one to seamlessly incorporate additional information. Johansen in [9] suggested that a Bayesian system which provides a solid mathematical foundation for simplifying a seemingly difficult and monstrous problem that today’s Network IDS fail to solve. He added that Bayesian Network IDS should differentiate between attacks and the normal network activity by comparing metrics of each network traffic sample. Bayesian networks learning has several advantages. First, it can incorporate prior knowledge and expertise by populating the CPTs. It is also convenient to introduce partial evidence and find the probability of unobserved variables. Second, it is capable of adapting to new evidence and knowledge by belief updates through network propagation. A. Bayesian Network Learning Algorithm Methods for learning Bayesian graphical models can be partitioned into at least two general classes of methods: constraint-based search and Bayesian methods. The constraintbased approaches [19] search the data for conditional independence relations from which it is in principle possible to deduce the Markov equivalence class of the underlying causal graph. Two notable constraint based algorithms are the PC algorithm which assumes that no hidden variables are present and the FCI algorithm which is capable of learning something about the causal relationships even assuming there are latent variables present in the data [19]. Bayesian methods [21] utilize a search-and-score procedure to search the space of DAGs, and use the posterior density as a scoring function. There are many variations on Bayesian methods, however, most research has focused on the application of greedy heuristics, combined with techniques to avoid local maxima in the posterior density (e.g., greedy search with random restarts or best first searches). Both constraint-based and Bayesian approaches have advantages and disadvantages. Constraint-based approaches are relatively quick and possess the ability to deal with latent variables. However, constraint-based approaches rely on an arbitrary significance level to decide independencies. Bayesian methods can be applied even with very little data where conditional independence tests are likely to break down. Both approaches have the ability to incorporate background knowledge in the form of temporal ordering, or forbidden or forced arcs. Also, Bayesian approaches are capable of dealing with incomplete records in the database. The most serious drawback to the Bayesian approaches is the fact that they are relatively slow. In this paper, we are dealing with incomplete records in the database so we opted for the Bayesian approach and particularly for the K2 algorithm. K2 learning algorithm showed high performance in many research works. The principle of K2 algorithm, proposed by Cooper and

Herskovits, is to define a database of variables : X1,..., Xn, and to build an acyclic graph directed (DAG) based on the calculation of local score [22]. Variables constitute network nodes. Arcs represent “causal” relationships between variables. K2 Algorithm used in learning step needs: • • A given order between variables and the number of parents of the node.

K2 algorithm proceeds by starting with a single node (the first variable in the defined order) and then incrementally adds connection with other nodes which can increase the whole probability of network structure, calculated using the S function. A requested new parent which does not increase node probability can not be added to the node parent set. (2) Where, for each variable Vi, ri is the number of possible instantiations, Nij is the j-th instantiation of C(Vi) in the database, qi is the number of possible instantiations for C(Vi), Nijk is the number of cases in D for which Vi takes the value Vik with C(Vi) instantiated to Nij, Nij is the sum of Nijk for all values of k. V. JUNCTION TREE INFERENCE ALGORITHM

The most common method to perform discrete exact inference is the Junction Tree algorithm developed by Jensen [23]. The idea of this procedure is to construct a data structure called a junction tree which can be used to calculate any query through message passing on the tree. The first step of JT algorithm creates an undirected graph from an input DAG through a procedure called moralization. Moralization keeps the same edges, but drops the direction, and then connects the parents of every child. Junction tree construction follows four steps: • JT Inference Step1: Choose a node ordering. Note that node ordering will make a difference in the topology of the generated tree. An optimal node ordering with respect to the junction tree is NP-hard to find. JT Inference Step2: Loop through the nodes in the ordering. For each node Xi, create a set Si of all its neighbours. Delete the node Xi from the moralized graph. JT Inference Step3: Build a graph by letting each Si be a node. Connect the nodes with weighted undirected edges. The weight of an edge going from Si to Sj is |Si ∩ Sj |. JT Inference Step4: Let the junction tree be the maximal-weight spanning tree of the cluster graph. VI. PROBLEM DESCRIPTION




The inference in bayesian networks is the post-calculation of uncertainty. Knowing the states of certain variables (called variables of observation), the inference process determines the states of some other variables (called variables targets)

64 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No.1, 2009

conditionally to observations. The choice to represent the knowledge by probabilities only, and therefore to suppose that the uncertainty of the information we dispose has stochastic origin, has repercussions on the results of uncertainty propagation through the bayesian model. The two sources of uncertainties (stochastic - epistemic) must be treated in different manners. In practice, while the uncertain information is treated with rigorous manner by the classic probability distributions, the imprecise information is much more better treated by possibility distribution. The two sources of uncertainty don't exclude themselves and are often related (for example: imprecise measurement of an uncertain quantity ). The merely probabilistic propagation approach can generate some too optimistic results. This illusion is reinforced by the fact that information is sometimes imprecise or incomplete and the classic probabilistic context doesn't represent this type of information faithfully. In the section below, we will present a new propagation approach in bayesian networks called hybrid propagation combining probabilities and possibilities. The advantage of this approach over the classic probabilistic propagation is that it takes into account both the uncertain and the imprecise character of information. VII. HYBRID PROPAGATION IN BAYESIAN NETWORKS

measures reflects the imprecise character of the information. It is about defining a possibility distribution on a probability measure. This possibility distribution reflects the imprecise character of the true probability of the event. A probability measure is more reliable and informative when the gap between its two upper and lower terminals is reduced, ie imprecision on the value of the variable is reduced, as opposed to a measure of probability in a confidence interval relatively large, this probability is risky and not very informative. C. Hybrid Propagation Process The hybrid propagation proceeds in three steps: 1) Substitute probability distributions of each variable in the graph by probability distributions framed by measures of possibility and necessity, using the variable transformation from probability to possibility TV, applied to probability distributions of each variable in the graph. The gap between the necessity and possibility measures reflects the imprecise character of the true probability associated to the variable. 2) Transformation of the initial graph to a junction tree. 3) Uncertain and imprecise uncertainty propagation which consists in both : a) The classic probabilistic propagation of stochastic uncertainties in junction tree through message passing on the tree, and b) The possibilistic propagation of epistemic uncertainties in the junction tree. Possibilistic propagation in junction tree is a direct adaptation of the classic probabilistic propagation. Therefore, the proposed propagation method: 1) Preserves the power of modeling of Bayesian networks (permits the modeling of relations between variables), 2) This method is adapted to both stochastic and epistemic uncertainties, 3) The result is a probability described by an interval delimited by possibility and necessity measures. HYBRID INTRUSION DETECTION AND PREDICTION SYSTEM Our anti-intrusions system operates to two different levels, it integrates host intrusion detection and network intrusion prediction. The intrusion detection consists in analyzing audit data of the host in search of attacks whose signatures are stocked in a signatures dataset. The intrusion prediction, consists in analyzing the stream of alerts resulting from one or several detected attacks, in order to predict the possible attacks that will follow in the whole network. Our anti-intrusions approach is based on hybrid propagation in Bayesian networks in order to benefit the power of modeling of Bayesian networks and the power of possibilistic reasoning to manage imprecision. VIII.

The mechanism of propagation is based on Bayesian model. Therefore, the junction tree algorithm is used for the inference in the Bayesian network. The hybrid calculation combining probabilities and possibilities, permits to propagate both the variability (uncertain information) and the imprecision (imprecise information). A. Variable Transformation from Probability to Possibility (TV) Let's consider the probability distribution p=(p1,...,pi ,...,pn) ordered as follows: p1>p2>…>pn. The possibility distribution π=(π1,…,πi,…,πn) according to the transformation (p→π) proposed in [24] is π1> π2> …> πn. Every possibility is defined by: ∀ i = 1, 2, .., n Where k1=1, , ∀ i =2, 3, …, n (3)

B. Probability Measure and Possibility Distribution Let's consider a probabilistic space (Ω,A,P). For all measurable whole A⊆Ω, we can define its high probability and its low probability. In other terms the value of the probability P(A) is imprecise: ∀ A⊆Ω, N(A) ≤ P(A) ≤ Π(A) where N(A) = 1-Π( ). Each couple of necessity/possibility measures (N,Π) can be considered as the lower and higher probability measures induced by a probability measure. The gap between these two

65 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No.1, 2009

A. Hybrid intrusion detection The main objective of intrusion detection is to detect each security policy violation on a system of information. Signature Recognition approach, adopted in our contribution, analyzes audit data in search of attacks whose signatures are stocked in a signatures dataset. Audit data are data of the computer system that bring back information on operations led on this later. A signatures dataset contains a set of lines, every line codes a stream of data (between two definite instants) between a source (identified by its IP address) and a destination (identified also by its IP address), under a given protocol (TCP, UDP...). Every line is a connection characterized by a certain number of attributes as its length, the type of the protocol, etc. According to values of these attributes, every connection in the signatures dataset is considered as being a normal connection or an attack. In our approach, the process of intrusion detection is considered as a problem of classification. Given a set of identified connections and a set of connections types, our goal is to classify connections among the most plausible corresponding connections types. Our approach for intrusion detection consists in four main steps [30]: 1) Important attributes selection : In a signatures dataset, every connection is characterized by a certain number of attributes as its length, the type of the protocol, etc. These attributes have been fixed by Lee and al. [31]. The objective of this step is to extract the most important attributes among attributes of the signatures dataset. To do so, we proceeded by a Multiple Correspondences Factorial Analysis (MCFA) of attributes of the dataset, then we calculated the Gini index for every attribute of the dataset in order to visualize the different attributes distribution and to select the most important attributes [32]. It results a set of the most important attributes characterizing connections of the signatures dataset. Some of these attributes can be continuous and can require to be discretized to improve classification results, 2) Continuous attributes discretization : The selected attributes, can be discrete (admitting a finished number of values) or continuous. Several previous works showed that the discretization improved bayesian networks performances [4]. To discretize continuous attributes, we opted for the discretization by the fit together averages. it consists in cutting up the variable while using some successive averages as limits of classes. This method has the advantage to be bound strongly to the variable distribution, but if the variable is cut up a big number of time, this method risks to either produce some empty or very heterogeneous classes, in the case of very dissymmetric distributions. Thus, we use only one iteration, i.e. a binary discretization based on the average, but this supposes that the behavior of the observation variables is not too atypical, 3) Bayesian network learning : The set of important attributes being discretized as well as the class of connection types constitute the set of entry variables to the Bayesian

network learning step. The first step is to browse the set of entry variables to extract their different values and to calculate their probabilities. Then, we use the K2 probabilistic learning algorithm to build the Bayesian network for intrusion detection. The result is a directed acyclic graph whose nodes are the entry variables and edges denote the conditional dependences between these variables. To each variable of the graph is associated a conditional probability table that quantifies the effect of its parents, 4) Hybrid propagation in Bayesian network : consists in the three steps mentioned previously. At the end of this step, every connection (normal or intrusion) in a host is classified in the most probable connection type. In case of detected intrusions in a host, one or several alerts are sent in direction of the intrusion prediction module, this later is charged to predict the possible intrusions that can propagate in the whole network. B. Hybrid intrusion prediction The intrusion prediction aims to predict attack plans, given one or several intrusions detected at the level of one or several hosts of a computer network. An intrusion detected at the level of a host results to one or several alerts generated by a HIDS. The intrusion prediction tent to classify alerts among the most plausible hyper-alerts, each hyper-alert corresponds to a step in the attack plan, then, based on hyper-alerts correlation, deducts the possible attacks that will follow in the whole computer network [11]. 1) Alerts Classification: The main objective of the alerts classification is to analyze the stream of alerts generated by intrusion detection systems in order to contribute in the attack plans prediction. In our approach, given a set of alerts, alerts classification's goal is to classify alerts among the most plausible corresponding hyper-alerts. Our approach for alerts classification consists in four main steps : a) Important attributes selection: In addition to time
information, each alert has a number of other attributes, such as source IP, destination IP, port(s), user name, process name, attack class, and sensor ID, which are defined in a standard document, “Intrusion Detection Message Exchange Format (IDMEF)”, drafted by the IETF Intrusion Detection Working Group [20]. For the most important attributes selection, we proceed by a Multiple Correspondences Factorial Analysis (MCFA) of the different attributes characterizing alerts. The attributes selection doesn't include time stamps, we will use time stamps in the attack plans prediction process in order to detect alerts series. It results of this step, a set of the most important attributes characterizing alerts of the alerts dataset,

b) Alerts aggregation: An alerts dataset generally contains a big number of alerts, most are raw alerts and can make reference to one same event. Alerts aggregation consists in exploiting alerts attributes similarities in order to reduce the redundancy of alerts. Since alerts that are output by the same IDS and have the same attributes except time stamps correspond to the same step in the attack plan [26], we

66 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No.1, 2009

aggregate alerts sharing the same sensor, the same attributes except time stamps in order to get clusters of alerts where each cluster corresponds to only one step of the attack plan, called hyper-alert. Then, based on results of this first step, we merge clusters of alerts (or hyper-alert) corresponding to the same step of the attack plan. At the end of this step of alerts aggregation, we get, a cluster of alerts (or hyper-alert) for each step of the attack plan (i.e. hyper-alert = step of the attack plan). We regroup in one class all the observed hyper-alerts, c) Bayesian network learning: The set of selected attributes of alerts as well as the class regrouping all the observed hyper-alerts forms the set of entry variables to the Bayesian network learning step. The first step is to browse the set of entry variables in order to extract their different values and calculate their probabilities. Then, we use the K2 probabilistic learning algorithm to build the Bayesian network for alerts classification, d) Hybrid propagation in Bayesian network : consists in the three steps mentioned previously. At the end of this step, every generated alert is classified in the most probable corresponding hyper-alert. 2) Attack plans prediction: Attack plans prediction consists in detecting complex attack scenarios, that is implying a series of actions by the attacker. The idea is to correlate hyper-alerts resulting from the previous step in order to predict, given one or several attacks detected, the possible attacks that will follow. Our approach for attack plans prediction consists in three main steps : a) Transaction data formulation [26]: we formulate transaction data for each hyper alert in the dataset. Specifically, we set up a series of time slots with equal time interval, denoted as ∆t, along the time axis. Given a time range time slots. Recall that each hyper alert A T, we have m = includes a set of alert instances with the same attributes except time stamps, i.e., A = [a1 ,a2, …, an], where ai represents an alert instance in the cluster. We denote NA = {n1, n2, …, nm} as the variable to represent the occurrence of hyper alert A during the time range T, where ni is corresponding to the occurrence (i.e., ni = 1) or un-occurrence (i.e., ni = 0) of the alert A in a specific time slot , Using the above process, we can create a set of transaction data. Table 1 shows an example of the transaction data corresponding to hyper alerts A, B and C.

entry variables to extract their different values and to calculate their probabilities. Then, we use the K2 probabilistic learning algorithm to build the Bayesian network for attack plans prediction. The result is a directed acyclic graph whose nodes are the hyper-alerts and edges denote the conditional dependences between these hyper-alerts. c) Hybrid propagation in Bayesian network : consists in the three steps mentioned previously. At the end of this step, given one or several attacks detected, we can predict the possible attacks that will follow. IX. HIDPAS SYSTEM AGENT ARCHITECTURE

HIDPAS system architecture is composed by two interconnected layers of intelligent agents. The first layer is concerned by host intrusion detection. On each host of a distributed computers system an intelligent agent is charged by detecting intrusion eventuality. Each agent of the intrusion detection layer uses a signature intrusion database (SDB) to build its own bayesian network. For every new suspect connection, the intrusion detection agent (IDA) of the concerned host uses hybrid propagation in its bayesian network to infer the conditional evidences of intrusion given the new settings of the suspect connection. Therefore, based on the probability degree and the gap between the necessity and the possibility degrees associated with each connection type, we can perform quantitative analysis on the connection types. In the final selection of possible connection type, we can select the type who has the maximum informative probability value. An informative probability is a probability delimited by two confidence measures where the gap between them is under a threshold.


Network Intrusion Prediction Layer




Time Slot


A 1 1 1 … 1

B 0 0 1 … 0

C 0 1 0 … 0


Host Intrusion Detection Layer Figure 1. HIDPAS system architecture

b) Bayesian network learning: The set of the observed hyper-alerts forms the set of entry variables to the Bayesian network learning step. The first step is to browse the set of

In case of intrusion, IDA agent informs the intrusion prediction agent (IPA) which is placed in the prediction layer,

67 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No.1, 2009

about the eventuality of intrusion on the concerned host and its type. The second layer is based upon one intelligent agent which is charged by network intrusion prediction. When the Intrusion Prediction Agent (IPA) is informed about a new intrusion which will be happened on a host of the distributed computers system and its type, it tries to compute conditional probabilities that other attacks may be ultimately happen. To accomplish this task, IPA uses another database type (ADB) which contains historical data about alerts generated by sensors from different computer systems. Given a stream of alerts, agent IPA first output results as evidences to the inference process of the first graph for alerts classification, second, it output results of alerts classification to the inference process of the second graph for attack plans prediction. Each path in the second graph is potentially a subsequence of an attack scenario. Therefore, based on the probability degree and the gap between the necessity and the possibility degrees associated with each edge, IPA can perform quantitative analysis on the attack strategies. The advantage of our approach is that we do not require a complete ordered attack sequence for inference. Due to bayesian networks and the hybrid propagation, we have the capability of handling partial order and unobserved activity evidence sets. In practice, we cannot always observe all of the attacker’s activities, and can often only detect partial order of attack steps due to the limitation or deployment of security sensors. For example, IDA can miss detecting intrusions and thus result in an incomplete alert stream. In the final selection of possible future goal or attack steps, IPA can either select the node(s) who has the maximum informative probability value(s) or the one(s) whose informative probability value(s) is (are) above a threshold. After computing conditional probabilities of possible attacks, IPA informs the system administrator about possible attacks. X. HIDPAS SYSTEM IMPLEMENTATION

operating systems and services. Additional three machines are then used to spoof different IP addresses to generate traffic. Finally, there is a sniffer that records all network traffic using the TCP dump format. The total simulated period is seven weeks [27]. Packet information in the TCP dump file is summarized into connections. Specifically, “a connection is a sequence of TCP packets starting and ending at some well defined times, between which data flows from a source IP address to a target IP address under some well defined protocol” [27]. DARPA KDD'99 dataset represents data as rows of TCP/IP dump where each row consists of computer connection which is characterized by 41 features. Features are grouped into four categories: 1) Basic Features: Basic features can be derived from packet headers without inspecting the payload. 2) Content Features: Domain knowledge is used to assess the payload of the original TCP packets. This includes features such as the number of failed login attempts; 3) Time-based Traffic Features: These features are designed to capture properties that mature over a 2 second temporal window. One example of such a feature would be the number of connections to the same host over the 2 second interval; 4) Host-based Traffic Features: Utilize a historical window estimated over the number of connections – in this case 100 – instead of time. Host based features are therefore designed to assess attacks, which span intervals longer than 2 seconds. In this study, we used KDD'99 dataset which is counting almost 494019 of training connections. Based upon a Multiple Correspondences Factorial Analysis (MCFA) of attributes of the KDD’99 dataset, we used data about only important features. Table 2 shows the important features and the corresponding Gini index for each feature:

HIDPAS was implemented using JADE multiagent plateform. The dataset used for intrusion detection implementation and experimentation is DARPA KDD’99 which contains signatures of normal connections and signatures of 38 known attacks gathered in four main classes: DOS, R2L, U2R and Probe. DARPA’99 DATA SET MIT Lincoln Lab’s DARPA intrusion detection evaluation datasets have been employed to design and test intrusion detection systems. The KDD 99 intrusion detection datasets are based on the 1998 DARPA initiative, which provides designers of intrusion detection systems (IDS) with a benchmark on which to evaluate different methodologies [25]. To do so, a simulation is made of a factitious military network consisting of three ‘target’ machines running various A.

N° A23 A5 A24 A3 A36 A2 A33 A35 A34

Feature Count src_bytes src_count service dst_host_same_src_port_rate protocol_type dst_host_srv_count dst_host_diff_srv_rate dst_host_same_srv_rate

Gini 0.7518 0.7157 0.6978 0.6074 0.5696 0.5207 0.5151 0.4913 0.4831

To these features, we added the "attack_type". Indeed each training connection is labelled as either normal, or as an attack with specific type. DARPA'99 base counts 38 attacks which can be gathered in four main categories: 1) Denial of Service (dos): Attacker tries to prevent legitimate users from using a service.

68 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No.1, 2009

2) Remote to Local (r2l): Attacker does not have an account on the victim machine, hence tries to gain access. 3) User to Root (u2r): Attacker has local access to the victim machine and tries to gain super user privileges. 4) Probe: Attacker tries to gain information about the target host. Among the selected features, only service and protocoltype are discrete, the other features need to be discretized. Table 3 shows the result of discretization of these features.
TABLE III. N° A23 count

4) Phase 4: The attacker uses telnet and rpc to install a DDoS program on the compromised machines. 5) Phase 5: The attacker telnets to the DDoS master machine and launches the mstream DDOS against the final victim of the attack. We used an alert log file [28] generated by RealSecure IDS. As a result of replaying the “Inside-tcpdump” file from DARPA 2000, Realsecure produces 922 alerts. After applying the proposed alerts important attributes selection, we used data about only important features as shown in Table4.














Values cnt_v1 m < 332.67007446 cnt_v2 m ≥ 332.67007446 sb_v1 m < 30211.16406250 sb_v2 m ≥ 30211.16406250 srv_cnt_v1 m < 293.24423218 srv_cnt_v2 m ≥ 293.24423218 dh_ssp_rate_v1 m < 0.60189182 dh_ssp_rate_v2 m ≥ 0.60189182 dh_srv_cnt_v1 m < 189.18026733 dh_srv_cnt_v2 m ≥ 189.18026733 dh_dsrv_rate_v1 m < 0.03089163 dh_dsrv_rate_v2 m ≥ 0.03089163 dh_ssrv_rate_v1 m < 0.75390255 dh_ssrv_rate_v2 m ≥ 0.75390255

Feature SrcIPAddress SrcPort DestIPAddress DestPort AttackType

Gini 0,6423 0,5982 0,5426 0,5036 0,4925

After applying the proposed alerts aggregation, we obtained 17 different types of alerts as shown in Table5.
TABLE V. ID 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

The dataset used for intrusion prediction implementation and experimentation is LLDOS 1.0 provided by DARPA 2000, which is the first attack scenario example dataset to be created for DARPA. It includes a distributed denial of service attack run by a novice attacker. B. LLDOS 1.0 – SCENARIO ONE DARPA2000 is a well-known IDS evaluation dataset created by the MIT Lincoln Laboratory. It consists of two multistage attack scenarios, namely LLDDOS1.0 and LLDOS2.02. The LLODS1.0 scenario can be divided into five phases as follows [29]: 1) Phase 1: The attacker scans the network to determine which hosts are up. 2) Phase 2: The attacker then uses the ping option of the sadmind exploit program to determine which hosts selected in Phase 1 are running the Sadmind service. 3) Phase 3: The attacker attempts the sadmind Remoteto-Root exploit several times in order to compromise the vulnerable machine.

Hyper-alert Sadmind_Ping TelnetTerminaltype Email_Almail_Overflow Email_Ehlo FTP_User FTP_Pass FTP_Syst http_Java http_Shells Admind Sadmind_Amslverify_Overflow Rsh Mstream_ Zombie http_ Cisco_ Catalyst_ Exec SSH_Detected Email_Debug Stream_DoS

Size 3 128 38 522 49 49 44 8 15 17 14 17 6 2 4 2 1


SYSTEM IMPLEMENTATION HIDPAS system contains three interfaces:

1) Intrusion Detection Interface : Figure 2 shows the bayesian network built by AGENT ID1. For every new connection, AGENT ID1 uses its bayesian network to decide about the intrusion and its type. 2) Alerts Classification Interface : Figure 3 shows the bayesian network built by the IPA for alerts classification. The IPA receives alerts messages sent by intrusion detection agents about the detected intrusions. The IPA uses its bayesian network to determine hyper-alerts corresponding to these alerts. 3) Attack Plans Prediction Interface : Figure 4 shows the bayesian network built by the IPA for attack plans prediction.

69 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No.1, 2009

The IPA uses its bayesian network to determine the eventual attacks that will follow the detected intrusions.

TABLE VI. Detection Normal (60593) DOS (229853) Probing (4166) R2L (16189) U2R (228)


Classic propagation 99.52% 97.87% 89.39% 19.03% 31.06%

Hybrid propagation 100% 99.93% 98.57% 79.63% 93.54%

Table 6 shows high performance of our system based on hybrid propagation in intrusion detection. • False Alerts : Bayesian networks can generate two types of false alerts: False negative and false positive alarms. False negative describe an event that the IDS fails to identify as an intrusion when one has in fact occurred. False positive describe an event, incorrectly identified by the IDS as being an intrusion when none has occurred.
TABLE VII. False alerts Normal (60593) DOS (229853) Probing (4166) R2L (16189) U2R (228)

Figure 2. Intrusion Detection Interface

Classic propagation 0.48% 1.21% 5.35% 6.96% 6.66%

Hybrid propagation 0% 0.02% 0.46% 2.96% 1.36%

Figure 3. Alerts Classification Interface

Table 7 shows the gap between false alerts results given by the two approaches. Hybrid propagation approach gives the smallest false alerts rates. • • Correlation rate: can be defined as the rate of attacks correctly correlated by our system. False positive correlation rate : is the rate of attacks correlated by the system when no relationship exists between them. False negative correlation rate : is the rate of attacks having in fact relationship but the system fails to identify them as correlated attacks.


Table 8 shows experimentation results about correlation measured by our system:
TABLE VIII. Figure 4. Intrusion Prediction Interface CORRELATION RATE COMPARISON Classic propagation 95.5% 6.3% 4.5% hybrid propagation 100% 1.3% 0%



The main criteria that we have considered in the experimentation of our system are the detection rate, false alerts rate, alerts correlation rate, false positive correlation rate and false negative correlation rate. • Detection Rate: is defined as the number of examples correctly classified by our system divided by the total number of test examples.

Correlation rate False positive correlation rate False negative correlation rate

Table 8 shows high performance of our system based on hybrid propagation in attack correlation and prediction. The use of hybrid propagation in bayesian networks was

70 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No.1, 2009

especially useful, because we have deal with a lot of missing information. XII. CONCLUSION

In this paper, we outlined a new approach based on hybrid propagation combining probability and possibility, through a bayesian network. Bayesian networks provide automatic learning from audit data. Hybrid propagation through bayesian network provide propagation of both stochastic and epistemic uncertainties, coming respectively from the uncertain and imprecise character of information. The application of our system in intrusion detection context helps detect both normal and abnormal connections with very considerable rates. Besides, we presented an approach to identify attack plans and predict upcoming attacks. We developed a bayesian network based system to correlate attack scenarios based on their relationships. We conducted inference to evaluate the likelihood of attack goal(s) and predict potential upcoming attacks based on the hybrid propagation of uncertainties. Our system demonstrates high performance when detecting intrusions, correlating and predicting attacks. This is due to the use of bayesian networks and the hybrid propagation within bayesian networks which is especially useful when dealing with missing information. There are still some challenges in attack plan recognition. First, we will apply our algorithms to alert streams collected from live networks to improve our work. Second, our system can be improved by integrating an expert system which is able to provide recommendations based on attack scenarios prediction. REFERENCES
[1] Kruegel Christopher, Darren Mutz William, Robertson Fredrik Valeur. Bayesian Event Classification for Intrusion Detection Reliable Software Group University of California, Santa Barbara, , 2003. F. Cuppens and R. Ortalo. LAMBDA: A language to model a database for detection of attacks. In Third International Workshop on the Recent Advances in Intrusion Detection (RAID’2000), Toulouse, France, 2000. C. Baudrit and D. Dubois. Représentation et propagation de connaissances imprécises et incertaines: Application à l'évaluation des risques liées aux sites et aux sols pollués. Université Toulouse III – Paul Sabatier, Toulouse, France, Mars 2006. Dougherty J., Kohavi R., Sahami M., «Forrests of fuzzy decision trees», Proceedings of ICML’95 : supervised and unsupervised discretization of continuous features, p. 194-202, 1995. S. Axelsson. The Base-Rate Fallacy and its Implications for the Difficulty of Intrusion Detection. In 6th ACM Conference on Computer and Communications Security, 1999. Christopher Kruegel, Darren Mutz William, Robertson Fredrik Valeur, Bayesian Event Classification for Intrusion Detection Reliable Software Group University of California, Santa Barbara, 2003. R. Goldman. A Stochastic Model for Intrusions. In Symposium on Recent Advances in Intrusion Detection (RAID), 2002. A. Valdes and K. Skinner. Adaptive, Model-based Monitoring for Cyber Attack Detection. In Proceedings of RAID 2000, Toulouse, France, October 2000. Krister Johansen and Stephen Lee, Network Security: Bayesian Network Intrusion Detection (BNIDS) May 3, 2003.






[7] [8]


[10] Surya Kumari Govindu, Intrusion Forecasting System, 15/03/2005. [11] Jemili F., Zaghdoud M., Ben Ahmed M., « Attack Prediction based on Hybrid Propagation in Bayesian Networks », In Proc. of the Internet Technology And Secured Transactions Conference, ICITST-2009. [12] B. Landreth, Out of the Inner Circle, A Hacker’s Guide to Computer Security, Microsoft Press, Bellevue, WA, 1985. [13] Paul Innella and Oba McMillan, An introduction to Intrusion detection, Tetrad Digital Integrity, LLC, December 6, 2001, by URL:, 2001. [14] Brian C. Rudzonis, Intrusion Prevention: Does it Measure up to the Hype? SANS GSEC Practical v1.4b. April 2003. [15] M. Roesch. Snort - Lightweight Intrusion Detection for Networks. In USENIX Lisa 99, 1999. [16] K. Ilgun. USTAT: A Real-time Intrusion Detection System for UNIX. In Proceedings of the IEEE Symposium on Research on Security and Privacy, Oakland, CA, May 1993. [17] Biswanath Mukherjee, Todd L. Heberlein and Karl N. Levitt, Network intrusion detection. IEEE Network, 8(3):26{41, May/June 1994. [18] Peter Spirtes, Thomas Richard-son, and Christopher Meek. Learning Bayesian networks with discrete variables from data. In Proceedings of the First International Conference on Knowledge Discovery and Data Mining, pages 294-299, 1995. [19] Peter Spirtes, Clark Glymour, and Richard Scheines. Causation, Prediction, and Search. Springer Verlag, New York, 1993. [20] GROUP, I. I. D. W., « Intrusion Detection Message Exchange Format », 2002. [21] Gregory F. Cooper and Edward Herskovits. A Bayesian method for the induction of probabilistic networks from data. Machine Learning, 1992. [22] Sanguesa R., Cortes U. Learning causal networks from data: a survey and a new algorithm for recovering possibilistic causal networks. AI Communications 10, 31–61, 1997. [23] Frank Jensen, Finn V. Jensen and Soren L. Dittmer. From influence diagrams to junction trees. Proceedings of UAI, 1994. [24] M. Sayed Mouchaweh, P. Bilaudel and B. Riera. “Variable ProbabilityPossibility Transformation”, 25th European Annual Conference on Human Decision-Making and Manual Control (EAM'06), September 27-29,Valenciennes, France, 2006. [25] DARPA. Knowledge Discovery in Databases, 1999. DARPA archive. Task Description [26] Qin Xinzhou, «A Probabilistic-Based Framework for INFOSEC Alert Correlation », PhD thesis, College of Computing Georgia Institute of Technology, August 2005. [27] Kayacik, G. H., Zincir-Heywood, A. N. Analysis of Three Intrusion Detection System Benchmark Datasets Using Machine Learning Algorithms, Proceedings of the IEEE ISI 2005 Atlanta, USA, May, 2005. [28] North Carolina State University Cyber Defense Laboratory, Tiaa: A toolkit for intrusion alert analysis, [29] MIT Lincoln Laboratory, 2000 darpa intrusion detection scenario speci¯ c data sets, 2000. [30] Jemili F., Zaghdoud M., Ben Ahmed M., « Intrusion Detection based on Hybrid Propagation in Bayesian Networks », In Proc. of the IEEE International Conference on Intelligence and security informatics, ISI 2009. [31] Lee W., Stolfo S. J., Mok K. W., « A data mining framework for building intrusion detection models », Proceedings of the 1999 IEEE symposium on security and privacy, 1999. [32] Arfaoui N., Jemili F., Zaghdoud M., Ben Ahmed M., « Comparative Study Between Bayesian Network And Possibilistic Network In Intrusion Detection », In Proc. of the International Conference on Security and Cryptography, Secrypt 2006.

71 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009 .

An Algorithm for Mining Multidimensional Fuzzy Assoiation Rules

Neelu Khare


Neeru Adlakha


K. R. Pardasani

Department of computer Applications MANIT, Bhopal (M.P.) Email:

Department of Applied Mathematics SVNIT, Surat (Gujrat) Email:

Department of Mathematics MANIT, Bhopal (M.P.) Email:

Abstract— Multidimensional association rule mining searches for interesting relationship among the values from different dimensions/attributes in a relational database. In this method the correlation is among set of dimensions i.e., the items forming a rule come from different dimensions. Therefore each dimension should be partitioned at the fuzzy set level. This paper proposes a new algorithm for generating multidimensional association rules by utilizing fuzzy sets. A database consisting of fuzzy transactions, the Apriory property is employed to prune the useless candidates, itemsets. Keywords- interdimension ; multidimensional association rules; fuzzy membership functions ;categories.

itemset, i.e., A ∩ B= φ . The strength of an association rule can be measured in terms of its support and confidence. Support determines how often a rule is applicable to a given data set, while confidence determines how frequently items in B appear in transactions that contain A [5]. The formal definitions of these metrics are Support s (A

⇒ B) =

σ (A ∪ B)

Confidence c (A

⇒ B) =



σ (A ∪ B) σ (A)

Data Mining is a recently emerging field, connecting the three worlds of Databases, Artificial Intelligence and Statistics. The computer age has enabled people to gather large volumes of data. Every large organization amasses data on its clients or members, and these databases tend to be enormous. The usefulness of this data is negligible if “meaningful information” or “knowledge” cannot be extracted from it. Data Mining answers this need. Discovering association rules from large databases has been actively pursued since it was first presented in 1993, which is a data mining task that discovers associations among items in transaction databases such as the sales data [1]. Such kind of associations could be "if a set of items A occurs in a sale transaction, then another set of items B will likely also occur in the same transaction". One of the best studied models for data mining is that of association rules [2]. This model assumes that the basic object of our interest is an item, and that data appear in the form of sets of items called transactions. Association rules are “implications” that relate the presence of items in transactions [16]. The classical example is the rules extracted from the content of market baskets. Items are things we can buy in a market, and transactions are market baskets containing several items [17][18]. Association rules relate the presence of items in the same basket, for example, “every basket that contains bread contains butter”, usually noted bread ⇒ butter [3]. The basic format of an association rule is: An association is an implication of expression of the form A ⇒ B, where A and B is disjoint

In general, association rule mining can be viewed as a twostep process : 1. Find all frequent itemsets: By definition, each of these itemsets will occur at least as frequently as a predetermined minimum support count, min_sup. 2. Generate strong association rules from the frequent itemsets: By definition, these rules must satisfy minimum support and minimum confidence [6]. Association rule mining that implies a single predicate is referred as a single dimensional or intra-dimension association rule since it contains a single distinct predicate with multiple occurrences (the Predicate occurs more than once within the rule) [8]. The terminology of single dimensional or intradimension association rule is used in multidimensional database by assuming each distinct predicate in the rule as a dimension [11]. Association rules that involve two or more dimensions or predicates can be referred as multidimensional association rules. Rather than searching for frequent itemsets (as is done in mining single dimensional association rules), in multidimensional association rules, we search for frequent predicate sets (here the items forming a rule come from different dimensions) [10]. In general, there are two types of multidimensional association rules, namely inter-dimension association rules and hybrid-dimension association rules [15]. Inter-dimension association rules are multidimensional association rules with no repeated predicates. This paper introduces a method for generating inter-dimension association rules. Here, we introduce the concept of fuzzy transaction as a subset of items. In addition we present a

72 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009 .

general model to discover association rules in fuzzy transactions. We call them fuzzy association rules. II. APRIORI ALGORITHM AND APRIORI PROPERTY

Apriori is an influential algorithm in market basket analysis for mining frequent itemsets for Boolean association rules [1]. The name of Apriori is based on the fact that the algorithm uses prior knowledge of frequent itemset properties. Apriori employs an iterative approach known as a level-wise search, where k-itemsets are used to explore (k+1)-itemsets[2]. First, the set of frequent 1-itemsets is found, denoted by L1. L1 is used to find L2, the set of frequent 2-itemsets, which is used to find L3, and so on, until no more frequent k-itemsets can be found. Property: All non empty subsets of frequent item sets must be frequent [5]. A. Itemsets in multidimensional data sets Let RD is relational database with m records and n dimensions [4]. It consists of a set of all attributes/dimensions D = {d1 ∧ d2…….∧dn } and set of tuples T ={t1, t2, t3…….. tm} [10]. Where ti represents ith tuple and if there are n domains of attributes D1, D2, D3………. Dn, then each tuple ti = (vi1 ∧vi2……∧vin ) here vij is atomic value of tuple ti with vij ∈ Dj ; j-th value in i-th record, 1 ≤ i ≤ m and 1 ≤ j ≤ n [9]. Whereas RD can be defined as: RD ⊆ D1 × D2 × D3………. × Dn. To generate Multidimensional association rules we search for frequent predicate sets. A k-predicate set contains k conjunctive predicate. Dimensions, which are also called predications or fields, constitute a dimension combination with a formula (d1, d2, …, dn), in which dj represents j-th dimension [9]. The form (dj, vij) is called an “item” in relational database or other multidimensional data sets, which is denoted by Iij. That is: Iij = (dj, vij), where 1 ≤ i ≤ m and 1 ≤ j ≤ n. Suppose that A and B are items in the same relational database RD. A equals B if and only if the dimension and the value of the item A are equal to the dimension and the value of the item B, which is denoted by A=B. If it is not true that A equals B, then it is denoted by A ≠ B. A set constituted by some “item” defined above is called “itemset”. III.

attribute will be considered to find support of an item [8]. A new algorithm is proposed by considering that every item will have a relation (similarity) to the others if they are purchased together in the same record of transaction. They will have stronger relationship if they are purchased in more transactions. On the other hand, increasing number of categories/values in a dimension will reduce the total degree of relationship among the items involved from the different dimensions [12]. The proposed algorithm is given in the following steps: Step-1: Determine λ ∈ {2, 3, …, n}(maximum value threshold). λ is a threshold to determine maximum number of categories/values in a dimension by which the dimension can or cannot be considered in the process of generating rules mining. In this case, the process just considers all dimensions with the number of categories/values in the relational database RD less than or equal to λ . Formally, let DA = (D1 × D2 × D3………. × Dn ) is a universal set of attributes or a domain of attributes/dimensions [13]. M ⊆ DA is a subset of qualified attributes/dimensions for generating rules mining that the number of unique categories/values(n) in DA are not greater than λ : M={D|n(D) ≤ λ } (1) where n(D) is the number of categories/values in attribute/ dimension D. Step-2: Set k=1, where k is an index variable to determine the number of combination items in itemsets called k-itemsets. Whereas each item belongs to different attribute/dimension. Step-3: Determine minimum support for k-itemsets, denoted by βk ∈ (0,|M|) as a minimum threshold of a combination k items appearing from the whole qualified dimensions, where |M| is the number of qualified dimensions. Here, βk may have different value for every k. Step-4: Construct every candidate k-itemset, Ik, as a fuzzy set on set of qualified transactions, M. A fuzzy membership function, µ, is a mapping: µ I K : M → [0,1] as defined by:

Apriori algorithm ignores the number items when determining relationship of the items. The algorithm that calculates support of itemsets just count the number of occurrences of the itemsets, in every record of transaction (shopping cart), without any consideration of the number of items in a record of transaction. However, based on human intuitive, it should be considered that the larger number of items purchased in a transaction means that the degree of association among the items in the transaction may be lower. When calculating support of itemsets in relational database, count of the number of categories/values in every dimension /

  η (i )  µ I ( D ) = inf  D ij , ∀D j ∈ M i ∈D
K ij j

 n( D j )   


Where I is a k-itemset, and items belongs to different dimensions. A Boolean membership function, η, is a mapping: η D : D →{0,1}as defined by:


η D (i ) = 


1, i ∈ D 0 , otherwise


73 ISSN 1947-5500

such that if an item, i, is an element of D then

otherwise η D (i ) =0. Step-5: Calculate support for every (candidate) k-itemset using the following equations [7] : Support( I

η D (i)

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009 .


step. The process is started from a given relational database as shown in TABLE I. TABLE I.
TID T1 T2 T3 T4 T5 T6 T7 T8 T9 T10 A A1 A2 A2 A1 A2 A2 A1 A1 A1 A2 B B1 B2 B2 B3 B3 B1 B2 B2 B2 B3 C C1 C2 C2 C2 C2 C2 C1 C2 C1 C1 D D1 D1 D2 D1 D1 D1 D2 D1 D2 D1 E E1 E1 E1 E1 E2 E2 E1 E1 E1 E2 F F1 F2 F1 F4 F3 F1 F4 F2 F4 F3


T ∈M





M is the set of qualified dimensions as given in (1); it can be proved that (4) satisfied the following property:

∑ Support (i ) =| M |

For k=1, Ik can be considered as a single item. Step-6: Ik will be stored in the set of frequent k-itemsets, Lk if and only if support (Ik) ≥ βk. Step-7: Set k=k+1, and if k > λ , then go to Step-9. Step-8: Looking for possible/candidate k-itemsets from Lk-1 by the following rules: A k-itemset, Ik, will be considered as a candidate k-itemset if Ik satisfied:

Step-1: Suppose that λ arbitrarily equals to 3; that means qualified attribute/dimension is regarded as an attribute/dimension with no more than 3 values/categories in the attribute/dimension. Result of this step is a set of qualified attribute/dimensions as seen in TABLE II. TABLE II.
TID T1 T2 T3 T4 T5 T6 T7 T8 T9 T10 A A1 A2 A2 A1 A2 A2 A1 A1 A1 A2 B B1 B2 B2 B3 B3 B1 B2 B2 B2 B3 C C1 C2 C2 C2 C2 C2 C1 C2 C1 C1 D D1 D1 D2 D1 D1 D1 D2 D1 D2 D1 E E1 E1 E1 E1 E2 E2 E1 E1 E1 E2

∀ F ⊂ Ik, | F |= k -1 ⇒ F ∈ L
For example, Ik={i1, i2, i3, i4} will be considered as a candidate 4-itemset, iff: {i1, i2, i3}, { i2, i3, i4},{i1, i3, i4} and {i1, i2, i4} are in L3. If there is not found any candidate k-itemset then go to Step-9. Otherwise, the process is going to Step-3. Step-9: Similar to Apriori Algorithm, confidence of an association rule mining, A ⇒ B , can be calculated by the following equation[14]: Conf = ( A

⇒ B ) = P(B|A) =

where A, B ∈ DA.

Support(A ∪ B) Support(A)


It can be followed that (5) can be also represented by:
inf( µ i ( D )) D ∈ M i∈ A ∪ B
D∈M i∈ A

Conf(A⇒ B) =

∑ ∑

inf ( µ i ( D ))


where M={A,B,C,D,E} Step-2: The process is started by looking for support of 1-itemsets for which k is set equal to 1. Step-3: Since λ =3 and 1≤k≤ m. It is arbitrarily given β1= 2, β2 =2, β3=1.5. That means the system just considers support of kitemsets that is ≥ 2, for k=1,2 and ≥ 1.5, for k=3. Step-4: Every k-itemset is represented as a fuzzy set on set of transactions as given by the following results: 1-itemsets:
{A1} = {0.5/T1, 0.5/T4, 0.5/T7,0.5/T8, 0.5/T9}, {A2} = {0.5/T2, 0.5/T3, 0.5/T5, 0.5/T6, 0.5/T10}, {B1} = {0.33/T1, 0.33/T6}, {B2} = {0.33/T2, 0.33/T3, 0.33/T7, 0.5/T8, 0.5/T9,}, {B3} = {0.5/T4, 0.33/T5, 0.33/T10}, {C1} = {0.5/T1, 0.5/T7, 0.5/T9, 0.5/T10}, {C2} = {0.5/T2, 0.5/T3,0.5/T4, 0.5/T5, 0.5/T6, 0.5/T8}, {D1} = {0.5/T1, 0.5/T2, 0.5/T4,0.5/T5, 0.5/T6,0.5/T8, 0.5/T10}, {D2} = {0.5/T3, 0.5/T7, 0.5/T9}, {E1} = {0.5/T1, 0.5/T2, 0.5/T3, 0.5/T4, 0.5/T7,0.5/T8, 0.5/T9}, {E2} = {0.5/T5, 0.5/T6, 0.5/T10}

Where A and B are any k-itemsets in Lk. (Note: µi(T) = µ{i}(T), for simplification)[12]. Therefore, support of an itemset as given by (4) can be also expressed by: Support(IK)=


∑ inf (µ ( D))
i∈I K i




An illustrative example is given to understand well the concept of the proposed algorithm and how the process of the generating fuzzy association rule mining is performed step by

From Step-5 and Step-6, {B1},{B2},{B3},{D2},{E2} cannot be considered for further process their because support is < β1.

74 ISSN 1947-5500

{A1,C1}={0.5/T1, 0.5/T7,0.5/T9}, {A1,C2}={0.5/T4, 0.5/T8}, {A2,C1}={0.5/T10}, {A2,C2}={0.5/T2, 0.5/T3, 0.5/T5,0.5/T6}, {A1, D1}={0.5/T1, 0.5/T4, 0.5/T8}, {A2,D1}={ 0.5/T2, 0.5/T5, 0.5/T6, 0.5/T10}, {A1,E1}={ 0.5/T1, 0.5/T4, 0.5/T7, 0.5/T8, 0.5/T9}, {A2,E1}={ 0.5/T2, 0.5/T3}, {C1,D1}={ 0.5/T1,0.5/T10}, {C2,D1}={ 0.5/T2, 0.5/T4, 0.5/T5, 0.5/T6, 0.5/T8}, {C1,E1}={ 0.5/T1, 0.5/T7, 0.5/T9}, {C2,E1}={ 0.5/T2, 0.5/T3, 0.5/T4, 0.5/T8}, {D1,E1}={ 0.5/T1, 0.5/T2, 0.5/T4,0.5/T8}

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009 . TABLE IV : L2 (β2=2)

L2 {A2,C2} {A2,D1} {A1,E1} {C2,D1} {D1,E1} {C2,E1}

2.5 2 2.5 2.5 2 2

TABLE V : L3 (β3=1.5)

L3 {A2,C2,D1} {C2,D1,E1}

1.5 1.5

From Step-5 and Step-6 {A1,C1}, {A2,C1}, {A1,C2}, {A1,D1}, {A2,E1}, {C1,D1}, {C1,E1} cannot be considered for further process because their support< β2.
1-itemsets support({A1}) = 2.5, support({A2}) = 2.5, support({B1}) = 0.66, support({B2}) = 1.65, support({B3}) = 0.99, support({C1}) = 2, support({C2}) = 3, support({D1}) = 3.5, support({D2}) =1.5, support({E1}) = 3.5 support({E2}) = 1.5 2-itemsets support({A1,C1}) = 1.5 support({A1,C2}) = 0.5 support({A2,C1}) = 0.5 support({A2,C2}) = 2.5 support({A1,D1}) = 1.5 support({A2,D1}) = 2 support({A1,E1}) = 2.5 support({A2,E1}) = 1 support({C1,D1}) = 1 support({C2,D1}) = 2.5 support({C1,E1}) = 1.5 support({C2,E1}) = 2 support({D1,E1}) = 2

Step-6: From the results as performed by Step-4 and 5, the sets of frequent 1-itemsets, 2-itemsets and 3-itemsets are given in Table 8, 9 and 10, respectively. Step-7: This step is just for increment the value of k in which if all elements of LK< β K, then the process is going to Step-9. Step-8: This step is looking for possible/candidate k-itemsets from Lk-1. If there is no anymore candidate k-itemset then go to Step-9. Otherwise, the process is going to Step-3. Step-9: The step is to calculate every confidence of each possible association rules as follows:
2 2 2, 2 2 2.5 2.5 1

3-itemsets: {A2,C2,D1} = {0.5/T2, 0.5/T5,0.5/T6}, {C2,D1,E1} = {0.5/T2, 0.5/T4,0.5/T8} Step-5: Support of each k-itemset is calculated as given in the following results: 3-itemsets: support({A2,C1,E1}) = 1.5 support({C2,D1,E1}) = 1.5
TABLE III : L1(β1=2) 2 1

. . . .

2, 1 2

2 2.5


2∧ 2 1 2 2∧ 1

2, 2, 1 1.5 2, 2,2, 1 2 1.5 2.5 0.6 0.6 2 2.5 2, 1, 1 2, 1 2, 1, 1 2 1.5 2.5 1.5 3 0.6

L1 {A1} {A2} {C1} {C2} {D1} {E1} 2.5 2.5 2 2 3.5 3.5

2∧ 1



1∧ 1




This paper introduced an algorithm for generating fuzzy multidimensional association rules mining as a generalization of inter-dimension association rule. The algorithm is based on the concept that the larger number of values/categories in a dimension/attribute means the lower degree of association

75 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009 . [10] Rolly Intan, Department of Informatics Engineering, Petra among the items in the transaction. Moreover, to generalize

inter-dimension association rules, the concept of fuzzy itemsets is discussed, in order to introduce the concept of fuzzy multidimensional association rules. Two generalized formulas were also proposed in the relation to the fuzzy association rules. Finally, an illustrated example is given to clearly demonstrate and understand steps of the algorithm. In future we discuss and propose a method to generate conditional hybrid dimension association rules using fuzzy logic, whereas hybrid dimension association rule is hybridization between inter-dimension and intra-dimension association rules. REFERENCES
[1] Agrawal, R., Imielinski, T., and Swami, A. N. “Mining association rules between sets of items in large databases”. In Proceedings of the ACM SIGMOD International Conference on Management of Data, pp .207-216 (1993). [2] Agrawal, R. and Srikant, R. ”Fast algorithms for mining association rules”. In Proc. 20th Int. Conf. Very Large Data Bases, pp. 487-499, (1994). [3] Klemetinen, L., Mannila, H., Ronkainen, P., “Finding interesting rules from large sets of discovered association rules”. Third International Conference on Information and Knowledge








Multidimensional Association Rules”, Jurnal INFORMATIKA VOL 7: pp. 85-90 ,NOV 2006. [11] Reda ALHAJJ ADSA , Mehmet KAYA ,”Integrating Fuzziness into OLAP for Multidimensional Fuzzy Association Rules Mining”, Third IEEE International Conferenceon Data Mining (ICDM’03) , (2003) [12]Rolly Intan, “An Algorithm for Generating Single Dimensional Fuzzy Association Rule Mining”, JURNAL INFORMATIKA VOL. 7, NO. 1, MEI 2006: 61 - 66 (2006) [13] Rolly Intan, “Mining Multidimensional Fuzzy Association Rules from a Normalized Database”, International Conference on Convergence and Hybrid Information Technology © 2008 IEEE [14] Rolly Intan1, Oviliani Yenty Yuliana, Andreas Handojo, Mining “Multidimensional Fuzzy Association Rules From A Database Of Medical Record Patients” , Jurnal Informatika Vol. 9, No. 1, 15 - 22 Mei 2008. [15] Anjna Pandey and K. R. Pardasani, “Rough Set Model for Discovering Multidimensional Association Rules” IJCSNS VOL 9, pp 159-164, June 2009. [16] Miguel Delgado, Nicolás Marín, Daniel Sánchez, and MaríaAmparo Vila, “Fuzzy Association Rules: General Model and Applications” IEEE TRANSACTIONS ON FUZZY SYSTEMS, VOL. 11,
NO. 2, APRIL 2003.

Management Gaithersburg, pp.401-407 USA (1994). [4] Houtsma M, Swami A. “Set-oriented mining of association rules in relational databases”. In: Proc of the 11th International Conference on Data Engineering. Taipei, pp. 25-33 Taiwan: 1995. [5] R. Agrawal, A. Arning, T. Bollinger, M. Mehta,J. Shafer, and R. Srikant. “ The Quest Data Mining System” , Proceedings of the 2nd Int'l Conference on Knowledge Discovery in Databases and Data Mining”, Portland, Oregon, August (1996). [6] J. Han, M. Kamber, Data Mining: Concepts and Techniques, The Morgan Kaufmann Series, (2001). [7] G. J. Klir, B. Yuan, Fuzzy Sets and Fuzzy Logic: Theory and Applications, New Jersey: Prentice Hall, (1995).

[17] Han, J., Pei, J., Yin, Y. “Mining Frequent Patterns without Candidate Generation”,SIGMOD Conference, pp 1-12, ACM Press (2000). [18] Han, J., Pei, J., Yin, Y., Mao, R. “Mining Frequent Patterns without Candidate Generation: A Frequent-Pattern Tree Approach”. Data Mining and Knowledge Discovery, 53–87 (2004). [19] Hannes Verlinde, Martine De Cock, and Raymond Boute, “Fuzzy Versus Quantitative Association Rules: A Fair Data-Driven Comparison”

[8] Jurgen M. Jams Fakultat ,”An Enhanced Apriori Algorithm for Mining Multidimensional Association Rules”, 25th Int. Conf. Information Technology interfaces ITI Cavtat, Croatia (1994). [9] Wan-Xin Xu1, Ru-Jing Wang, “A Fast Algorithm Of Mining Multidimensional Association Rules Frequently”, Proceedings of the Fifth International Conference on Machine Learning and Cybernetics, Dalian, 13-16 August 2006 IEEE.


76 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009 .

Analysis, Design and Simulation of a New System for Internet Multimedia Transmission Guarantee
O. Said, S. Bahgat, S. Ghoniemy, Y. Elawady
Computer Science Department Faculty of Computers and Information Systems Taif University, Taif, KSA.
Abstract: QoS is a very important issue for multimedia communication systems. In this paper, a new system that reinstalls the relation between the QoS elements (RSVP, routing protocol, sender, and receiver) during the multimedia transmission is proposed, then an alternative path is created in case of original multimedia path failure. The suggested system considers the resulting problems that may be faced within and after the creation of rerouting path. Finally, the proposed system is simulated using OPNET 11.5 simulation package. Simulation results show that our proposed system outperforms the old one in terms of QoS parameters like packet loss and delay jitter. Key words: Multimedia Protocols, RSVP, QoS, DiffServ, MPLS


The path that the multimedia streams is to follow should
provide it with all required Quality of Services (QoS). Suppose that the determined multimedia path gives the multimedia streams all the needed services. In this situation, an urgent question arises. The question is what is the solution if, during the multimedia streams are transmitted in the path, that path is failed? This state may cause a loss in multimedia streams especially when are transported under the User Datagram Protocol (UDP). So, the solution is either to create an alternative path and change the multimedia streams away to flow in the new path or retransmit the failed multimedia streams. The second solution is so difficult (if not impossible) because the quantity of lost multimedia streams may be too huge to be retransmitted. So, the only available solution is to create another alternative path and complete the transmission process. To determine an alternative path, we face two open questions. The first question is: how a free path, that will transport the multimedia streams to the same destination, is created? The second question that may be put forward after the path creation is: can the created path provide the required QoS assigned for the failed one? From these queries and RSVP analysis, it's obvious that the elements of resource reservation and QoS are RSVP,

routing protocol, sender, and receiver. Also, it's notable that the resource reservation process occurs before the multimedia transmission. At the beginning of the multimedia streams transmission, the relations between the QoS elements are disjoint. Hence, if a change occurs in the reserved path during the multimedia streams transmission operation, the previous stated problems may occur [1], [2]. In this paper, a new system for internet multimedia transmission guarantee is proposed and solves the old ones problem. This paper is organized as follows. In section 2, the related work that contains the RSVP analysis and DiffServ & MPLS evaluation is illustrated; in section 3, the problem definition is introduced; in section 4, our system is demonstrated; in section 5, detailed simulation and evaluation of our system are showed. Finally, the conclusion and the future work are illustrated. 2. RELATED WORK (RSVP, DIFFSERV, AND MPLS) The three systems that are closely related to our work are RSVP, DiffServ, and MPLS. In this section, a brief analysis for RSVP is introduced. In addition, an evaluation of DiffServ & MPLS is demonstrated. A. RSVP operational model The RSVP resource-reservation process initiation begins when an RSVP daemon consults the local routing protocol(s) to obtain routes. A host sends Internet Group management Protocol (IGMP) messages to join a multicast group and RSVP messages to reserve resources along the delivery path(s) from that group. Each router that is capable of participating in resource reservation passes incoming data packets to a packet classifier and then queues them as necessary in a packet scheduler. The RSVP packet classifier determines the route and QoS class for each packet. The RSVP scheduler allocates resources for transmission on the particular data link layer medium used by each interface. If the data link layer medium has its own QoS management capability, the packet scheduler

77 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009 .

is responsible for negotiation with the data-link layer to obtain the QoS requested by RSVP. The scheduler itself allocates packet-transmission capacity on a QoS-passive medium, such as a leased line, and also can allocate other system resources, such as CPU time or buffers. A QoS request, typically originating in a receiver host application, is passed to the local RSVP implementation as an RSVP daemon. The RSVP protocol is then used to pass the request to all the nodes (routers and hosts) along the reverse data path(s) to the data source(s). At each node, the RSVP program applies a local decision procedure called admission control to determine whether it can supply the requested QoS. If admission control succeeds, the RSVP program sets the parameters of the packet classifier and scheduler to obtain the desired QoS. If admission control fails at any node, the RSVP program returns an error indication to the application that originated the request. However, it was found that unsurprisingly, the default best effort delivery of RSVP messages performs poorly in the face of network congestion. Also, the RSVP protocol is receiver oriented and it's in charge of setting up the required resource reservation. In some cases, to reallocate the bandwidth in a receiver oriented way could delay the required sender reservation adjustments [3], [4], see Fig. (1).

In a Differentiated Service domain, all the IP packets crossing a link and requiring the same DiffServ behavior are said to constitute a behavior aggregate (BA). At the ingress node of the DiffServ domain, the packets are classified and marked with a DiffServ Code Point (DSCP), which corresponds to their Behavior Aggregate. At each transit node, the DSCP is used to select the Per-Hop Behavior (PHP) that determines the queue and scheduling treatment to use and, in some cases, drop probability for each packet [5], [6]. From the preceding discussion, one can see the similarities between MPLS and DiffServ: an MPLS LSP or FEC is similar to a DiffServ BA or PHB, and the MPLS label is similar to the DiffServ Code Point in some ways. The difference is that MPLS is about routing (switching) while DiffServ is rather about queuing, scheduling and dropping. Because of this, MPLS and DiffServ appear to be orthogonal, which means that they are not dependent on each other, they are both different ways of providing higher quality to services. Further, it also means that it is possible to have both architectures working at the same time in a single network, but it is also possible to have only one of them, or neither of them, depending on the choice of the network operator. However, they face several limitations: 1. No Provisioning methods 2. No Signaling as (RSVP). 3. Works per hop (i.e. what to do with non-DS hop in the middle?) 4. No per-flow guarantee. 5. No end user specification. 6. Large number of short flows works better with aggregate guarantee. 7. Works only on the IP layer 8. DiffServ is unidirectional – no receiver control. 9. Long multimedia flow and flows with high bandwidth need per flow guarantee. 10. Designed for static topology. 3. PROBLEM FORMULATION The routing and resource reservation protocols must be capable to adapt a route change without failure. When new possible routes pop up between the sender and the receiver, the routing protocol may tend to move the traffic onto the new path. Unfortunately, there is a possibility that the new path can’t provide the same QoS as the previous one. To avoid these situations, it has been suggested that the resource reservation protocol should be able to use a technique called the route pinning. This would deny the routing protocol the right to change such a route as long as it is viable. Route pinning is not as easy to implement as it sounds. With technologies such as Classless Inter-Domain Routing (CIDR) [7], [8], a pinned route can use as much memory from a router as a whole continent! Also, this problem may occur if a path station can’t provide the

Fig. 1 The RSVP Operations

B. DiffServ & MPLS MPLS simplifies the routing process used in IP networks, since in an MPLS domain, when a stream of data traverses a common path, a Label Switched Path can be established using MPLS signaling protocols. A packet will typically be assigned to a Forwarding Equivalence Class (FEC) only once, when it enters the network at the ingress edge Label Switch Router, where each packet is assigned a label to identify its FEC and is transmitted downstream. At each LSR along the LSP, only the label is used to forward the packet to the next hop.

78 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009 .

multimedia streams with the same required QoS during a transmission operation. At this situation, the multimedia streams should search about an alternative path to complete the transmission process. 4. THE PROPOSED SYSTEM From the problem definition and the RSVP analysis, it is obvious that the elements of the resource reservation and QoS are RSVP, routing protocol, sender, and receiver. Also, it is notable that the resource reservation process occurs before the multimedia transmission. At the beginning of the multimedia streams transmission (i.e. after the resources are reserved for the multimedia), the relations between the QoS elements are disjoint. So, if a change occurs in the reserved path during the multimedia streams transmission operation, the above stated problem may occur. If the connections between the QoS elements are reinstalled during the multimedia streams transmission, then the QoS problems may be solved. The reinstallation process is accomplished by three additive components that are called the proposed system components. A. The proposed system components The proposed system comprises three additive components in addition to the old system components. The additive components are 1- Connector. 2- Analyzer. 3- Detector. In the following subsections, the definition and the functions of each additive component are demonstrated. • Connector



The detector and the connector are fired simultaneously. The detector precedes the connector in visiting the multimedia path’s stations. The detector visits each path station to test the required QoS. If the detector notes a defect in the QoS at any station (i.e. the station can’t provide the required QoS), then it sends to the connector an alarm message containing the station IP address and the failed required QoS, see algorithm 3for more detector discussion.

Algorithm 1 1- While the number of multimedia packets < > Null
2-1 Begin 2-2 The multimedia starts the transmission operation 2-3 The connector agent is fired with the starting of the transmission operation. 2-4 For I = 1 To N. 2-4-1 Begin 2-4-2 The connector agent tests the stored detector flag value. 2-4-3 If the flag value is changed to one. 2-3-3-1 Go to the step number 3 2-4-4 Else 2-4-4-1 Complete the I For Loop 2-4-5 End I For Loop. 2-5 While ((SW-SC) * TR ) < > Null) 2-5-1 Begin 2-5-2 The connector extracts the nearest router address around the failed station. 2-5-3 The connector sends a message to the router asking about alternative path (or station). 2-5-4 The connector receives all available paths in a reply message sent by the router. 2-5-5 The connector sends the router reply message to the analyzer asking about the new QoS request for the new path. 2-5-6 For J = PFS To M 2-5-6-1 Begin. 2-5-6-2 The connector tests the QoS. 2-5-6-2-1 If the QoS fails, the router returns to the step 2-5. 2-5-6-2-2 Else, complete the J For Loop. 2-5-6-3 End J For Loop. 2-5-7 (SW-SC) * TR = ((SW-SC) * TR) –1(Unite time) 2-5-8 End Inner while loop 2-6 End outer while loop 2-7 Stored flag value = 0. 2- End of the connector algorithm.

This component is fired at the transmission starting and can be considered as a software class(s). The connector has more than one task for helping the system to accomplish its target. The main function of the connector is to reinstall the connections between QoS elements in a problem occurrence case, see algorithm 1 for more connector discussion. • Analyzer

This component, located at the receiver, is considered also as a software class(s). The main function of the analyzer is to extract the failed station(s) and its alternative(s). Also, the analyzer connects to RSVP at the receiver site to extract a QoS request or a flow description of the new path. Also the analyzer uses some features of DiffServ and MPLS to acquire an alternative simple path with full QoS requirements. The DiffServ provides the system with simplest path and pushes the complexity to the network edges. The MPLS provides our system with next hop for each packet and to perform traffic conditioning on traffic streams flow in different domains (paths), see algorithm ٢ for more analyzer discussion.

79 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009 .

Algorithm 2
1- If the stored connector flag is changed to one 2-1 The analyzer receives an old and a new paths from the connector. 2-2 The analyzer compares between the two paths and separates the similar stations and the different ones. 2-3 The analyzer keeps the similar stations in a table (called same) and keeps the different stations in another two tables (called Diff1 and Diff2). 2-4 The analyzer constructs a mapping in relation to the QoS in the tables of different stations, see step 2. 2-5 The analyzer cooperates with the RSVP to extract the QoS request of a new path. 2-6 The analyzer capsulate the results in a message and sends it to the connector. 2- The analyzer handling and mapping operations 2-1 For I = 1 to old[N]. 2-2-1 Begin 2-2-2 If the old[I] = New[I] 2-2-2-1 Begin. 2-2-2-2 old[I] = Same[K] 2-2-2-3 K=K+1 2-2-2-4 End IF. 2-2-3 Else 2-2-3-1 Begin. 2-2-3-2 old[I] = Diff1[H]. 2-2-3-3 old[I] = Diff1[H]. 2-2-3-4 H = H+1 2-2-3-5 End Else. 2-2-4 If H=K 2-2-4-1no changing in the old QoS request. 2-2-5 For J = 1 to H 2-2-5-1 Begin 2-2-5-1 Diff2 [J] = Construct a QoS request. 2-2-5-2 End J For Loop. 2-2-6 End I For Loop 3- End of the analyzer Algorithm.

Table 1: The Data Stored in each System Component

Connector stored data Connector ID Address of each path station Time of each visiting station Analyzer ID Analyzer Address Stream ID Detector flag value (default value =0) RSVP connections

Analyzer stored data Connector ID Analyzer ID Connector address RSVP connections Similar table Different tables The connector flag value (default value =0)

Detector stored data Detector ID Connector ID Connector address QoS required from each path station Path structure The connector flag value (default value =0) QoS test value (default value =0)

B. System approach After the resource reservation processes have been done, the multimedia streams begin the flood across the predetermined path. The connector accompanies the multimedia streams at every station. When the connector receives an error message from the detector, the connector starts to install the connections between the QoS elements.


Algorithm 3
1- While the number of multimedia packets < > Null 1-1 Begin 1-2 If the QoS test value = 1 1-2-1 Begin 1-2-2 The detector multicast alarm message including the connector ID. 1-2-3 The detector changes the test value to 0. 1-2-4 The detector tests another succeed stations. 1-2-5 End IF. 1-3 End of the While Loop 1-4 QoS test value = 0. 2- End of the detector algorithm.

Fig. 2 Functional Diagram of the Proposed System

Note: the symbols description is found at appendix A.

The connector extracts the address of the failed station and the nearest router. The connector constructs a message that will be sent to the routing protocol asking for an alternative path (or station). The routing protocol provides the connector with the available path(s) that compensates the old one. The connector constructs a message, containing the old and new paths, and sends it to the analyzer. The analyzer extracts the failed station(s) and its corresponding one(s) in the new path. The analyzer connects the RSVP to extract the QoS request. The

80 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009 .

analyzer constructs a message to be sent to the connector. The connector transforms the analyzer message to the sender informing it with the new selected path. Hence; the sender transmits the new multimedia streams using the new connector path see figures (2), (3).

message to access the alternative path (or station) that replaces the failed path (or station). There are two types of this message, the request message and the reply message. The request message comprises the failed path and the reply message contains the alternative path. The request message has the following fields, 1) Message type, 2) Container ID, and 3) Old path. The reply message has the following fields, 1) Message type, 2) Connector ID, and 3) Alternative path(s). • Between the connector and the analyzer (Request and Reply).

This message is used to communicate the connector and the analyzer. This message is fired when the connector needs a QoS request for the new path. The message has two types, the request message and the reply message. The request message contains a new path that is accessed from the router. The reply message contains the QoS request that is extracted after the analysis operation. The request message contains the following fields 1) Message type, 2) Container ID, and 3) Alternative path. The reply message contains the following fields 1) Message type, 2) Connector ID, and 3) QoS request.
Fig. 3 Analyzer Operation

C. System messages To complete the connections between proposed system components, we have to demonstrate the structure of each used message. The proposed system contains five new messages that can be stated as follows. 1. From the connector to the sender. 2. Between the connector and the routing protocol (router) (Request and Reply). 3. Between the connector and the analyzer (Request and Reply). 4. Between the analyzer and RSVP at the receiver site (Request and Reply). 5. From the detector to the connector • From the connector to the sender


Between the analyzer and the RSVP at the receiver (Request and Reply).

This message is used to complete the dialog between the analyzer and the RSVP at the receiver site. The analyzer handles the old path and its alternative(s) to extract the failed station(s) and its corresponding station(s) in the new path. The analyzer needs it to construct a QoS request for the new path (s). This message has two types, the request message and the reply message. The request message contains the new path that was sent by the connector. The reply message contains the QoS request that is extracted by the RSVP. The request message contains the following fields, 1) Message type, 2) Analyzer ID, and 3) Alternative path. The reply message contains the following fields, 1) Message type, 2) Analyzer ID, and 3) Required QoS. • From the detector to the connector

This message joins the connector with the multimedia sender. This message is sent when the connector receives the QoS request from the analyzer. This message structure looks like the RSVP reservation request message but with the connector ID (This field is used in case of more than one connector in the proposed system). • Between the connector and the routing protocol (Request and Reply).

This message can be used to alarm the connector with a new event occurrence. If the detector finds a failure at a station in relation to QoS, then it sends this message to the connector asking to start its function for solving the problem. The message contains the following fields, 1) Message type, 2) Connector ID, 3) QoS request, and 4) Address of the failed station. D. Decreasing the number of system messages It is notable that our system contains a number of messages that may cause a network overload. To make our system suitable for every network state, a new strategy to

This message joins the connector with the router or the routing protocol. This message is fired when the detector alarms the connector that a QoS failure is occurred at a station in the multimedia path. The connector needs this

81 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009 .

decrease a number of sent and received messages should be demonstrated. This strategy is built on the cumulative message idea. For the detector component, it’s clear that its job is to test if each router (station) can provide the multimedia with required QoS or not. In case of network overload, the detector can capsulate its messages in one message. The capsulated message contains the addresses of the QoS failed stations that not visited by the multimedia streams in the transmission trip. For the analyzer component, it can use the same idea during the communication with the DiffServ and MPLS provided that the multimedia streams keep away from the analyzer transactions. 5. PERFORMANCE STUDY In this section, the performance of the suggested multiresource reservation system is studied. In our simulation the network simulator OPNET 11.5 [9] is used. A distributed reservation-enabled environment, with multiple distributed services deployed and multiple clients requesting these services is simulated. In particular, for runtime computation of end-to-end multi-resource reservation plans, the performance of the proposed system with the best effort communication system (old system) is compared. The key performance metrics in our simulations are: 1) End-to-end delay, 2) Packet loss, 3) Packet Loss in Case of Compound Services, 4) Re-Routing State, 5) Reservation Success Rate, 6) Utilization, and 7) Delay jitter. These parameters are evaluated for an increasing network load. Also, in our simulations, we compare between our system and the DiffServ && MPLS. In our simulation, Abhay Agnihotri study [10] is used to build the simulation environment. A. Simulation Setup

4. 5.

The links between the workstations (video transmitters and receivers), are 1 Mbps. The links between the routers are 2 Mbps. For internet simulation, the routers are connected via IP cloud.

Fig. 4 Simulation Model Infrastructure

5.2 General Notes and Network Parameters
The data link rate and queue size for each queue scheme are fixed. 2. The multimedia traffics are considered MPEG with all characters. 3. The small queue size didn’t affect the queue delay. 4. Inadequate data link rate causes more packet drops and too much consumed bandwidth. 5. Data link rate are fixed at 2 Mbps between the routers. 6. For FIFO queue scheme, the queue size was fixed at 400 packets. 7. The traffic pattern (continuous or discrete), the protocol (TCP or UDP), and application (prioritized or not) are considered input parameters. 8. The output parameters are calculated as regards the RSVP, DiffServ, MPLS, and our proposed technique. 9. It’s supposed that the number of multimedia packets is increased with simulation time. 10. The simulation of the old system can be found at [11], [12]. 1.

The infrastructure of the simulation contains the following items: 1. 3 Ethernet routers to send and receive the incoming traffics and police it according to the QoS seniors specified in the proposed system, DiffServ, MPLS, and RSVP. 2. 15 video transmitters distributed on the router 1 and the router 2 as follows: 10 video transmitters are connected to router 1 and 5 are connected to router 2. The video workstations used to transmit 375 MPEG video packets per second, of size 1000 bytes. Each transmitter can send the multimedia packets only if it has a full required QoS like specified priority interactive, streaming, full bandwidth, specified delay jitter, and excellent effort. 3. 15 video receivers distributed on the router 2 and the router 3 as follows: 10 video receivers are connected to the router 2 and 5 are connected to the router 3.

82 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009 .

B. Simulation Results In our simulation, the parameters of multimedia and network QoS are scaled. The curves below contain a comparison between the old system (RSVP, DiffServ, and MPLS) and the new proposed system. • End-to-End Delay

One of the key requirements of high speed packet switching networks is to reduce the end-to-end delay in order to satisfy real time delivery constraints and to achieve the necessary high nodal throughput for the transport of voice and video [13]. Figure 5 displays the end-to-end delay that may result from our computations, component messages and a buffer size. It’s clear that our system computations didn’t affect the delay time. This is because the computations are done during the multimedia transmission even a path failure is detected. Also, the old one uses the rerouting technique when finds a failure at any path station. The rerouting operations load the old system with more computations that will increase the time delay. In addition, our proposed system uses the cumulative message technique in case of network overflow.

packet loss in our system is decreased compared to the old system. This decrease is justified by the following; the increasing in the network load means the increasing in the network hosts and this require services with different qualities. When the number of services and resources increases, the old system efficiency decreases hence; the number of packet loss increases. Unlike the old system, our system uses the detector, the connector, and the analyzer, to handle a failure that occurred in the old system before the multimedia packets affect and this promotes its efficiency. The number of packet loss is approximately equal especially before the middle of simulation time. The notable packet loss in our system comes from making the analyzer component inactive. The system fault tolerance will be discussed in the future work.

End-to-End Delay Percentage

Packet Loss

Simulation Time
Figure (6): Packet Loss


Packet loss in case of compound services

Simulation Time
Fig. 5 End-to-End Delay


Packet Loss

This metric demonstrates the number of packet loss that occurred in the proposed system and the old system. The diagram found in figure 6 demonstrates the packet loss versus the time unit (it’s supposed that the network load is increased with the time). It’s obvious that the number of

This metric scales the efficiency of our system as regards the complete reservation of the resources that are required quality of the compound service. The compound service is a service that needs other one(s) to be reserved (dependant service). The curve in figure 7 shows the relation between the number of lost bits versus the generic times. It’s notable that the efficiency of our system in compound service reservation is better than the old one. This indicates that the old system has a delay in dealing with the required compound services and this causes a loss of huge number of bits especially at the start of simulation time.

83 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009 .


Reservation Success Rate

The Number of Lost Bits

This metric scales the efficiency of the proposed system as regard the resource reservation. The diagram in figure 9 shows the success reservation rates per time unit. It is observed that the success reservation rate in our system increases the success reservation rate in the old system. This increasing is due to efficiency of the detector in fault detection at any resource before it is used, in addition, efficiency of the connector in finding and handling the alternative solution. Also, the difference between the two systems is notable at the second hour of simulation time.

Generic Times
Fig. 7 Packet Loss in Case of Compound Services


Re-Routing State

To meet high throughput requirements, paths are selected, resources reserved, and paths are recovered in case of failure. This metric should be scaled to make sure that our new system has an ability to find a new path when a failure occurred. This metric scales the rerouting state for our system and old one. The curve in figure 8 shows the relation between the number of recovered paths versus simulation time for new system and old one.

The Success Reservation Rate

Simulation Time
Fig. 9 Reservation Success Rate

• The Number of Recovered Paths


Simulation Time
Fig. 8 Re-Routing State

This metric scales the efficiency of our system additive components (the connector, the analyzer, and the detector). The efficiency of the connector is scaled by the number of successful connections in relation to the number of stations that cannot provide their QoS. The efficiency of the analyzer is scaled by the number of successful QoS requests extraction in relation to the number of its connections with the connector. The efficiency of the detector is scaled by the number of failed point’s detection in relation to the number of failed points in the new system during the simulation time. For accuracy, all the components efficiency is scaled under different network loads. Figure 10 shows the average efficiency of three system components compared with the old system efficiency. The old system efficiency is calculated with a percentage of the services that are correctly reserved with the same required quality.

84 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009 .

6. CONCLUSION In this paper, a brief analysis for the RSVP, the DiffServ, and the MPLS is demonstrated. Also, the QoS problems that may be occurred during the multimedia transmission are demonstrated. A new system to solve the QoS problem is introduced. The proposed system adds new three additive components, called connector, analyzer, and detector, over the old RSVP system to accomplish its target. A simulated environment is constructed and implemented to study the proposed system performance. A network simulator called OPNET 11.5 is used in the environment simulation construction. Finally, detailed comments are demonstrated to clarify the extracted simulation results. The test-bed experiments showed that our proposed system increases the efficiency of the old system with approximately 40 % Simulation Time
Fig. 10 Utilization (System Efficiency)

The Utilization Percentage

7. FUTURE WORK To complete our system efficiency, the fault tolerance problem should be. What will be done if one of the system components fails? In our simulation, we faced this problem in packet loss diagram; hence we should find an alternative component (software or hardware) to replace the failed one and solve this problem. The suggested solution is to use a multi agent technology instead of one agent. Consequently, we simulate the multi agent QoS system and show the results. We will apply the proposed system with different types of multimedia data. This will make our system goes to the standardization. Hence, we can transform the proposed system to a new application layer protocol used for solving the multimedia QoS problems. ACKNOWLEDGMENT The authors would like to convey thanks to the Taif University for providing the financial means and facilities. This paper is extracted from the research project number 1/430/366 that is funded by the deanship of the scientific research at Taif University.


Delay Jitter

This metric is introduced to make sure that the additive components didn’t affect the multimedia packets delay jitter. The delay jitter as regards the multimedia streams is a very important QoS parameter. The plot in figure 11 describes the relation between the delay jitter and the first 1500 packets sent by the new system. In the new system’s curve, it is obvious that the delay jitter is less than the old system’s curve in the most simulation time. So, the additive components operate in harmony without affecting the delay jitter of the multimedia packets.

The Delay Jitter

K. RAO, Z. S. Bojkovic, and D. A. Milovanovic, Multimedia Communication Systems Techniques, Standards, and Networks, Prentice-Hall Inc. Upper Saddle River, NI, 2003 G. Malkin, R. Minnear, RIPng for IPv6, Request For Comment (RFC) 2080, January 1997. R. Guerin, S. Kamat, S. Herzog, QoS Path Management with RSVP, Internet Engineering Task Force (IETF) Draft, March 20, 1997.

[2] [3]

Sent Packets
Fig. 11 Delay Jitter

85 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009 .


Marcos Postigo- Bois, and Jose L. Melus, "Performance Evaluation of RSVP Extension for a guaranteed Delivery Scenario", Computer Communication, Volume 30, Issue 9, June, 2007. B. Davie, and Y. Rekhter, MPLS Technology and Applications, Morgan Kaufmann, San Francisco, CA, 2000. S. Blake et al, An Architecture for Differentiated Services, Request For Comment (RFC) 2475, December 1998. Daniel Zappala, Bob Braden, Deborah Estrin, Scott Shenker, Interdomain Multicast Routing Support for Integrated Services Networks, Internet Engineering Task Force (IETF) InternetDraft, March 26, 1997. Y. Rekhter,C. Topolcic, Exchanging Routing Information Across Provider Boundaries in the CIDR Environment, Request For Comment (RFC) 1520, September 1993 Abhay Agnihotri.” Study and Simulation of QoS for Multimedia Traffic”, Master’s project, 2003. Modeler/AgnihotriMasterProject.ppt M. Pullen, R. Malghan, L. Lavu, G. Duan, J. Ma, J. Ma, A Simulation Model for IP Multicast with RSVP, Request For Comment (RFC) 2490, January 1999. Raymond Law and Srihari Raghavan, “DiffServ and MPLS – Concepts and Simulation” 2003. System for coding voice signals to optimize bandwidth occupation in high speed packet switching networks, 2000.

[5] [6] [7]

Dr. Omar Said is currently assistant professor in the Computer Science at Dept. of Computer Science, Taif University, Taif, KSA. He received Ph.D degree from Menoufia University, Egypt. He has published many papers at international journals and conferences. His research areas are Computer Networking, Internet Protocols, and Multimedia Communication Prof. Sayed F. Bahgat is a Professor in the Department of Scientific computing, Faculty of Computer and Information Sciences, Ain Shams University, Cairo, Egypt. He received his Ph.D. from the Illinois Institute of Technology, Chicago, Illinois, U.S.A., in 1989. From 2003 to 2006, he was the head of Scientific Computing Department, Ain Shaams University, Cairo, Egypt. From 2006 to 2009 he was the head of Computer Science Department, Taif University, KSA. He is now a professor in the Computer Science Department, Taif University, KSA. Dr. Sayed F. Bahgat has written over 39 research articles and supervised over 19 M.Sc. and Ph. D. Theses. His research focuses in computer architecture and organization, computer vision and robotics. Prof. Said Ghoniemy is a Professor in the Department of Computer Systems, Faculty of Computer and Information Sciences, Ain Shams University, Cairo, Egypt. He received his Ph.D. from the Institute National Polytechnique du Toulouse, Toulouse, France, in 1982. From 1996 to 2005, he was the head of Computer Systems Department and director of the Information Technology Research and Consultancy Center (ITRCC), Ain Shaams University, Cairo, Egypt. From 2005 to 2007 he was the vice-dean for post-graduate affairs, Faculty of Computer and Information Sciences, Ain Shams University. He is now a professor in the Computer Engineering Department, Taif University, KSA. Dr. Ghoniemy has written over 60 research articles and supervised over 40 M.Sc. and Ph. D. Theses. His research focuses in computer architecture and organization, computer vision and robotics. Eng. Yasser Elawady is a Lecturer in the Department of Computer Engineering, Faculty of Computers and Information Systems,Taif University,Taif, KSA. He received his M.Sc. from the Department of Computer Engineering, Faculty of Engineering, Mansoura university, Mansoura, Egypt, in 2003. His subject of interest includes Multimedia Communication, Remote Access and Networking.


[9] [10]




Appendix A
SW SC TR TC I, J H, K PFS N M Old[ ] New[ ] Same[ ] Diff1[ ] Diff2[ ]

Detector visited station address. Connector visited station address. Time spent to reach any station. Connector visiting time. Counters. Two used variables. Failed station position. Number of stations in the old path. Number of stations in the new path. Array used to keep the old path stations addresses. Array used to keep the new path stations addresses. Array used to keep the similar stations found in the two paths. Array used to keep the different stations found in the old path. Array used to keep the different stations found in the new path.

86 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Hierarchical Approach for Key Management in Mobile Ad hoc Networks
Renuka A.
Dept. of Computer Science and Engg. Manipal Institute of Technology Manipal-576104-India

Dr. K.C.Shet
Dept. of Computer Engg. National Institute of Technology Karnataka Surathkal, P.O.Srinivasanagar-575025

87 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No.1, 2009

Abstract—Mobile Ad-hoc Network (MANET) is a collection of autonomous nodes or terminals which communicate with each other by forming a multi-hop radio network and maintaining connectivity in a decentralized manner. The conventional security solutions to provide key management through accessing trusted authorities or centralized servers are infeasible for this new environment since mobile ad hoc networks are characterized by the absence of any infrastructure, frequent mobility, and wireless links. We propose a hierarchical group key management scheme that is hierarchical and fully distributed with no central authority and uses a simple rekeying procedure which is suitable for large and high mobility mobile ad hoc networks. The rekeying procedure requires only one round in our scheme and Chinese Remainder Theorem Diffie Hellman Group Diffie Hellmann and Burmester and Desmedt it is a constant 3 whereas in other schemes such as Distributed Logical Key Hierarchy and Distributed One Way Function Trees, it depends on the number of members. We reduce the energy consumption during communication of the keying materials by reducing the number of bits in the rekeying message. We show through analysis and simulations that our scheme has less computation, communication and energy consumption compared to the existing schemes. Keywords- mobile ad hoc network; key management; rekeying.



We propose a distributed group key management approach wherein there is no central authority and the users themselves arrive at a group key through simple computations. In large and high mobility mobile ad hoc networks, it is not possible to use a single group key for the entire network because of the enormous cost of computation and communication in rekeying. So, we logically divide the entire network into a number of groups headed by a group leader and each group is divided into subgroups called clusters headed by the cluster head. Though the term group leaders and cluster heads are used these nodes are no different from the other nodes, except for playing the assigned roles during the initialization phase and inter group and inter cluster communication. After initialization phase, within any cluster, any member can initiate the rekeying process and the burden on the cluster head is reduced. The transmission power and memory of the cluster head and the group leaders is same as other members. The members within the cluster communicate with the help of a group key. Inter cluster communication take place with the help of gate way nodes if the nodes are in the adjacent clusters and through the cluster heads if the are in far off clusters.. Inter group communication is routed through the group leaders. Each member also carries a public key, private key pair used to encrypt the rekeying messages exchanged. This ensures that the forward secrecy is preserved. The rest of the paper is organized as follows. Section II focuses on the related work in this field. The proposed scheme is presented in Section III. Performance analysis of the scheme is discussed in Section IV. Experimental Results and Conclusion are given in Section V and Section VI respectively.

A mobile ad hoc network (MANET) is a collection of autonomous nodes that communicate with each other, most frequently using a multi-hop wireless network. Nodes do not necessarily know each other and come together to form an ad hoc group for some specific purpose. Key distribution systems usually require a trusted third party that acts as a mediator between nodes of the network. Ad hoc networks typically do not have an online trusted authority but there may be an off line one that is used during system initialization. Group key establishment means that multiple parties want to create a common secret to be used to exchange information securely. Without relying on a central trusted entity, two people who do not previously share a common secret can create one based on the party Diffie Hellman (DH) protocol. The 2-party Diffie Hellman protocol can be extended to a generalized version of n-party DH. Furthermore, group key management also needs to address the security issue related to membership changes. The modification of membership requires refreshment of the group key. This can be done either by periodic rekeying or updating right after member change. The change of group key ensures backward and forward security. With frequently changing group memberships, recent researches began to pay more attention on the efficiency of group key update. Recently, collaborative and group-oriented applications in MANETs have been an active research area. Obviously, group key management is a central building block in securing group communications in MANETs. However, group key management for large and dynamic groups in MANETs is a difficult problem because of the requirement of scalability and security under the restrictions of nodes’ available resources and unpredictable mobility.



Key management is a basic part of any secure communication. Most cryptosystems rely on some underlying secure, robust, and efficient key management system. Group key establishment means that multiple parties want to create a common secret to be used to exchange information securely. Secure group communication (SGC) is defined as the process by which members in a group can securely communicate with each other and the information being shared is inaccessible to anybody outside the group. In such a scenario, a group key is established among all the participating members and this key is used to encrypt all the messages destined to the group. As a result, only the group members can decrypt the messages. The group key management protocols are typically classified in four categories: centralized group key distribution (CGKD), de-centralized group key management (DGKM), distributed/contributory group key agreement (CGKA), and distributed group key distribution (DGKD). In CGKD, there exists a central entity (i.e. a group controller (GC)) which is responsible for generating, distributing, and updating the group key. The most famous CGKD scheme is the key tree scheme (also called Logical Key Hierarchy (LKH) proposed in [1] is based on the tree ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

structure with each user (group participant) corresponding to a leaf and the group initiator as the root node. The tree structure significantly reduces the number of broadcast messages and storage space for both the group controller and group members. Each leaf node shares a pairwise key with the root node as well as a set of intermediate keys from it to the root. One Way Function (OFT) is another centralized group key management scheme proposed in [2].similar to LKH. However, all keys in the OFT scheme are functionally related according to a one-way hash function The DGKM approach involves splitting a large group into small subgroups. Each subgroup has a subgroup controller which is responsible for the key management of its subgroup. The first DGKM scheme to appear was IOLUS [3]. The CGKA schemes involve the participation by all members of a group towards key management. Such schemes are characterized by the absence of the GC. The group key in such schemes is a function of the secret shares contributed by the members.Typical CGKA schemes include binary tree based ones [4] and n-party Diffie-Hellman key agreement [5, 6]. Tree Based Group Diffie Hellman (TGDH) is a group key management scheme proposed in [4]. The basic idea is to combine the efficiency of the tree structure with the contributory feature of DH. The DGKD scheme, proposed in [7], eliminates the need for a trusted central authority and introduces the concepts of sponsors and co distributors. All group members have the same capability and are equally trusted. Also, they have equal responsibility, i.e. any group member could be a potential sponsor of other members or a co-distributor. Whenever a member joins or leaves the group, the member’s sponsor initiates the rekeying process. The sponsor generates the necessary keys and securely distributes the keys to co-distributors respectively. The co distributors then distribute in parallel, corresponding keys to corresponding members. In addition to the above four typical classes of key management schemes, there are some other forms of key management schemes such as hierarchy and cluster based ones [6, 8]. A contributory group key agreement scheme is most appropriate for SGC in this kind of environment. Several group key management schemes have been proposed for SGC in wireless networks [9, 10]. In Simple and Efficient Group Key (SEGK) management scheme for MANETs proposed in [11] group members compute the group key in a distributed manner. Also, a new approach was developed in [12] called BALADE, based on a sequential multi-sources model, and takes into account both localization and mobility of nodes, while optimizing energy and bandwidth consumptions. Most of these schemes involve complex operations which is not suitable for large and high mobility networks. In Group DiffieHellman, the group agrees on a pair of primes and starts calculating in a distributive fashion the intermediate values. The setup time is linear since all members must contribute to generating the group key. Therefore, the size of the message increases as the sequence is reaching the last members and more intermediate values are necessary. With that, the number of exponential operations also increases. Therefore this method is not suitable for large

networks. Moreover the computational burden is high since it involves a lot of exponentiations. Another approach using logical key hierarchy in a distributed fashion was proposed in [13] called Distributed One-way Function Tree (D-OWT) This protocol uses the one-way function tree. A member is responsible for generating its own key and sending the blinded version of this key to its sibling. Reference [14] also uses a logical key hierarchy to minimize the number of key held by group members called Diffie–Hellman Logical Key Hierarchy. The difference here is that group members generate the keys in the upper levels using the Diffie– Hellman algorithm rather than using a one-way function. In Chinese Remainder Theorem Diffie-Hellman (CRTDH) [15] each member computes the group key as the XOR operation of certain values computed. This requires that the members agree on two large primes. CRTDH is impractical in terms of efficiency and security, such as low efficiency, possibly a small key, and possessing the same Least Common Multiple (LCM). However this CRTDH scheme was modified in [16] wherein the evaluation of the LCM was eliminated and other steps were modified slightly, so that a large value for the key is obtained. In both these methods, whenever membership changes occur, the new group key is derived from the old group key as the XOR function of the old group key and the value derived from the Chinese Remainder Theorem values broadcast by one of its members. Since it is possible for the leaving member to obtain this message, and hence deduce the new group key backward secrecy is not preserved. In this paper, we propose a distributed approach in which members contribute to the generation of group key by sending the hash of a random number during initialization phase within the cluster. They regenerate the group key themselves by obtaining the rekeying message from one of its members during rekeying phase or whenever membership changes occur. In a group the group key used for communication among the cluster heads is generated by the group leader and transmitted securely to the other clusterheads. The same procedure is used to agree on a common key among the group leaders wherein the network head generates the key and passes on to the other group leaders. Symmetric key is used for communication between the members of a cluster and asymmetric key cryptography for distributing the rekeying messages to the members of the cluster.



A. System model The entire set of nodes is divided into a number of groups and the number of nodes within a group is further subdivided into subsets called clusters. Each group is headed by a group leader and a cluster by the cluster head. The layout of the network is as shown in Fig.1. One of the nodes in the cluster is head. A set of eight such clusters form a group and each group is headed by a group leader. The cluster head is similar to the nodes in the network. The nodes within a cluster are also the
89 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

physical neighbors. The nodes within a cluster use contributory key agreement. Each node within a cluster contributes his share in arriving at the group key. Whenever membership changes occur, the adjacent node initiates the rekeying operation thereby reducing the burden on the cluster head. The group leader chooses a random key to be used for encrypting messages exchanged between the cluster heads and the network head sends the key to the group leaders that is used for communication among the group leaders. The hierarchical arrangement of the network is shown in Fig.2.

become members of the cluster or local nodes. The nodes update the status values accordingly. Step 3: The cluster head broadcasts the message “I am cluster head” so as to know its members. Step 4: The members reply with the message “I am member” and in this way clusters are formed in the network. Step 5: If a node receives more than one “I am cluster head” messages, it becomes Gateway which acts as a mediator between two clusters. In this manner clusters are formed in the network. The cluster heads broadcast the message, “Are there any cluster heads” so as to know each other. The cluster head with the smallest id is selected as the leader of the cluster heads which is representative of the group called the group leader. The group leaders establish communication with other group leaders in a similar manner and one among the group leaders is selected as the leader for the entire network. The entire network is hierarchical in nature and the following hierarchy is observed network group cluster cluster members C. Group Key Agreement within a cluster Step 1: Each member broadcasts the public key along with its id to all other members of the cluster along with the certificate for authentication. Step 2: The members of the cluster generate the group key in a distributive manner. Each member generates a random number and sends the hash of this number to the other members encrypted with the public key of the individual members, so that the remaining members can decrypt the message with their respective private key. Step 3: Each member concatenates the hash values of the received members in the ascending order of the ids and mixes it using a one way hash function on the concatenated string. This is the group key used for that cluster. Let HRi be the hash of the random number generated by node i and GK denote the group key then GK=f (HR1 , HR2 , HR3 , ........... HRn) where HRi = hash(Random number i) f is a one way function and hash is secure hash function such as SHA1. All the members now possess a copy of the same key as same operations are performed by all the nodes.

Figure 1. Network Layout

The key management system consists of two phases (i) Initialization (ii) Group Key Agreement

Figure 2. Hierarchical layout

B. Initialization Step 1: After deployment, the nodes broadcast their id value to their neighbors along with the HELLO message. Step 2: When all the nodes have discovered their neighbors, they exchange information about the number of one hop neighbors. The node which has maximum one hop neighbors is selected as the cluster head. Other nodes

Inter cluster group key agreement The gateway node initiates communication with the neighboring node belonging to another cluster and mutually agrees on a key to be used for inter cluster communication between the two clusters. Any node belonging to one cluster can communicate with any other node in another cluster through this node as the intermediary. In this way adjacent clusters agree on group key. A set of eight clusters form a group. The cluster heads of each of these clusters mutually agree on a group key to be used for communication among the clusterheads ISSN 1947-5500


(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

within a group in the similar manner. This key is different from the key used within the cluster. Going one level above in the hierarchy, a number of groups can be combined headed by a group leader and the group leaders agree on a group key to be used for communication among the group leaders which aids in intergroup communication. Even though we have considered that the network is divided into eight groups, each group consisting of eight clusters and each cluster consisting of eight members, it need not be constant. It may vary and this number does not change the manner in which group key is derived. This is assumed so that it gives the hierarchical appearance in the form of a fractal tree. E. Network Dynamics The mobile ad hoc network is dynamic in nature. Many nodes may join or leave the network. In such cases, a good key management system should ensure that backward and forward secrecy is preserved. 1) Member join: When a new member joins, it initiates communication with the neighbouring node. After initial authentication, this node initiates the rekeying operations for generating a new key for the cluster. The rekeying operation is as follows. new node adjacent node : {authentication} new node :{acknowledge} all nodes:{rekeying message}k(old adjacent node adjacent node
cluster key)

When a member leaves the group key of the cluster to which it belongs must be changed. This is changed in the similar manner as described above. The leaving member informs the neighboring node which in turn informs the other nodes about the leaving member. It also generates two random numbers and sends it securely to the other members which generate the group key. leaving node adjacent node adjacent node adjacent node : {leaving message} leaving node :{acknowledge} each node i :{rekeying message}pki

b) When a gateway node leaves When a gateway node leaves the network, it delegates the role of the gateway to the adjacent node. In this case, the group key of both the clusters with which this node is associated need to be changed. When the gateway node moves into one of the clusters only the group key of the other cluster has to be changed. leaving gateway node adjacent node : {leaving message + other messages for delegating its role} adjacent node :{acknowledge} adjacent node message}pki adjacent node message}pkj c) leaving each node each node



in cluster1:{rekeying in cluster2:{rekeying


When the cluster head leaves

The neighboring node broadcasts two random numbers that are mixed together using a hashing function and is inserted at a random position in the old group key, the position being specified by the first random number. The two random numbers are sent in a single message, so that any transmission loss may not result in wrong key being generated. Let the two bit strings be I Random no. = 00100010 II Random no. = 10110111 Suppose the result of mixing function is 11010110 and the previous group key is 10010100010101010001110000111100000110001000 0001 The new group key is 10010100010101010001110000111100000110011010 110010000001 Since all members know the old group key they can compute the new group key. This new group key is transmitted to the new member by the adjacent node in a secure manner. 2) Member Leave a) When Cluster Member leaves

When the cluster head leaves the group key used for communication among the cluster heads need to be changed. Also, the group key used within the cluster has to be changed. This cluster head informs the adjacent cluster head about its desire to leave the network which initiates the rekeying procedure. The adjacent cluster head generates two random numbers and sends it to the other cluster heads in a secure manner. leaving cluster head adjacent cluster head : {leaving message} adjacent node adjacent node leaving node :{acknowledge} each node i :{rekeying message}pki

leaving clusterhead adjacent clusterhead : {leaving message + other messages for delegating its role} adjacent node adjacent node message}pki leaving clusterhead :{acknowledge} each cluster headi :{rekeying

The group key of the clusterheads is obtained by taking the product of the two random numbers, inserting at the position of indicated by the first number and removing the initial bits old group key of the clusterheads and removing the bits equal to the number of bits in the product from the old group key. Suppose I Random no. = 00101101 II Random no. = 00111111
91 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

The product of the two numbers is00 00010101000110 Suppose the old group key is 10010100010101010001110000111100000110001000 000100110 The new group key is 00011100001111000001100010000000010101000110 000100110. Thus the cluster heads compute the group key after rekeying operation. This is the new group key for clusterheads within a group.Even the group key used for intra cluster communication in that particular cluster needs to be changed. This is changed in the manner described above for rekeying within the clauster. d) Whenever the group leader leaves Whenever the group leader leaves all the three keys should be changed. These are (i) group key among the group leaders (ii)group key among the clusterheads and (iii) group key within the cluster leaving group leader adjacent group leader:{leaving message + other messages for delegating its role } adjacent group leader leaving node :{acknowledge} each group leaderi adjacent group leader :{rekeying message}pki

10010100010101010001110000111100000110001000 000100110101 Dividing the group key into 8 bit blocks (size of the random number), we get, 10010100 01010101 00011100 00111100 00011000 10000001 00110101 Performing the XOR operation and concatenating as shown, 00100010 XOR 10010100 || 00100010 XOR 01010101 || 00100010 XOR 00011100 || 00100010 XOR 00111100 || 00100010 XOR 00011000 || 00100010 XOR 10000001 || 00100010 XOR 00110101 the following group key is obtained 10110110011101110011111000011110001110101010 001100010111 This is the new group key of the group leaders. F. Communication Protocol The nodes within the cluster communicate using the intra cluster group key. The communication between intra group and inter cluster nodes takes place through the gateway node, if they belong to adjacent clusters and through the cluster heads if the are in far off clusters. Sourcenode gateway node Destination node --- For adjacent clusters Sourcenode clusterhead(source) clusterhead(destinati on) Destination node ---For far away clusters For adjacent clusters GKCL1 Source node ------------->Gateway Destination node For nodes in far off clusters GKCL2 node ---------->

leaving group leader adjacent node : {leaving message} adjacent node adjacent node message}pki leaving group leader :{acknowledge} each node i in that cluster:{rekeying

leaving group leader adjacent clusterhead : {leaving message + other messages for delegating its role} adjacent clusterhead :{acknowledge} adjacent node message}pki leaving node adjacent node adjacent node each leaving cluster headi clusterhead :{rekeying

adjacent node : {leaving message} leaving node :{acknowledge} each node i :{rekeying message}pki

GKCL1 GKCH Source node ------------->Cluster head1 ----------> Cluster GKCL2 head1 -------------- Destination node The inter group communication is through corresponding cluster heads and the group leaders as shown Source node cluster head (source) group leader (source) group leader (destination) cluster head (destination) Destination node.

The first two group keys are changed in the manners described above. To change the group key of the group leaders, the leaving group leader delegates the role of the group leader to another cluster head in the same group and informs it to the other group leaders about this change. The adjacent group leader initiates the rekeying operation. It generates two random numbers, and sends it the other group leaders. The group leaders divide the old group key into blocks of size which is the same as the number of bits in the random number, perform the exclusive OR of the random number and the blocks of the old group key and concatenate the result to arrive at the new group key. Suppose the Random no. is 00100010 and the old group key is

GKCL1 GKCH1 Source node ------------->Cluster head1 ----------> Group GKGR GKCH2 Leader1----------- Group Leader2-------------- Cluster GKCL2 head2 ------------ Destination node ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009



A. Cost Analysis We compute communication cost of our scheme under various situations and for different network organizations. We also compare the communication cost of rekeying for various schemes. Some schemes such as GD-H use 1024 bit message for rekeying whereas our seheme uses a 32 bit meaasge and therefore the energy required for rekeying is very less. This is very important in energy constrained mobile ad hoc networks. Let us denote N= Network size M=Group Size P=Cluster Size G=No. of groups CH=Cluster Head CL=Cluster member GL =Group leader 1) Member joins When a new member joins, the public key of the new member is broadcast to all old members encrypted with the old group key. Suppose the average number of members in a cluster is P, two 16 bit numbers or a message of 32 bits is transmitted to all the existing members encrypted with the old key. This scheme requires one round and 1 broadcast message . The group keys of other clusters need not be changed. 2) Member leaves When a node leaves, there are three cases (i) The cluster member leaves (ii)The cluster head leaves (iii)The gateway node leaves (iv)The group leader leaves a) When the cluster member leaves The random numbers are sent to the existing members encrypted with their respective public keys and unicast to the existing members. Therefore this requires one round and P-1 unicast messages. b) When the cluster head leaves The rekeying is similar to member leave within the cluster i.e P-1 unicast messages and M-1 messages among the cluster heads for changing the cluster head key. c) When gateway node leaves The group key of both the cluster with which it is associated have to change the group keys. Therefore, this requires one round in each cluster and M-1 unicast messages in each cluster that is a total of 2 (P-1) messages. d) When the group leader leaves The group key of the group leaders , the group key of the cluster heads and also the cluster key of the cluster need to be changed. This requires one round and G-1 unicast messages among the group leaders, M-1 unicast messages among the group leaders and P-1 messages within the cluster.

Table II gives the communication cost of rekeying for various schemes. In our scheme, the entire network is divided into a number of groups which in turn is divided into a number of clusters, wherein each cluster consists of members. When a member leaves, in the non hierarchical scheme, the key of the entire network needs to be changed. But in hierarchical scheme, it is just sufficient if the group key of the cluster to which it belongs is changed. The hierarchical scheme reduces the number of rekeying messages transmitted and this is shown in Table I. The communication between far off nodes (nodes in different groups) has to undergo 5 encryptions and decryptions whereas in non hierarchical schemes it is only one. In very large networks, this is tolerable compared to the enormous rekeying messages that need to be transmitted whenever membership changes occur. From this table we observe that the rekeying procedure requires only one round in our scheme and CRTDH and modified CRTDH, in GD-H and BD it is a constant 3 whereas in other schemes such as D-LKH and D-OFT, it depends on the number of members. Regarding the number of messages sent, BD method involves 2N broadcast messages and no unicast messages, whereas in our technique, the number of unicast messages is N-1. We also observe that CRTDH has the least communication cost among all the methods, but it does not provide forward secrecy because the rekeying message is broadcast and even the leaving member can derive the new group key. Moreover, in our scheme the rekeying message is only 32 bits wide and thus the communication overhead is greatly reduced.

No. of nodes that receive rekeying messages (Our scheme)
CL leaves or CL joins CH leaves GL leaves

Nonhierarchical scheme

N=256 M=8 P=16 G=2 N=256 M=4 P=16 G =4 N=256 M=4 P=8 G =8 N=256 M=4 P=4 G =16 N=256 M=2 P=4 G=32

Join -15 (Broadcast) Leave-15




Join -16 Leave-15




Join -8 Leave-7




Join -4 Leave-3




Join -4 Leave-3




93 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. XXX, No. XXX, 2009

TABLE II. Scheme Burmester Desmedt(BD)

COMMUNICATION COST OF REKEYING No. of rounds and 3 No. of messages
Broadcast Unicast




Group-Diffie Hellman(GDH) Distributed Logical Key Hierarchy (D-LKH) Distributed One Way Function Trees(DOFT) CRTDH Modified CRTDH Our scheme(join) Our scheme CL (leave) Gateway leave CH leave GL leave

N 3

N 1

N-1 N

Log 2 N


2Log 2 N

The simulations are performed using Network Simulator (NS-2.32) [17], particularly popular in the ad hoc networking community. The MAC layer protocol IEEE 802.11 is used in all simulations. The Ad Hoc Ondemand Distance Vector (AODV) routing protocol is chosen for the simulations. Every simulation run is 500 seconds long. The simulation is carried out using different number of nodes. The simulation parameters are shown in Table III. The experiment is conducted with different mobility patterns generated using the setdest tool of ns2. These are stationary nodes located at random positions, nodes moving to random destinations with speeds varying between 0 and a maximum of 5m/s, 10m/s and 20m/s. The random waypoint mobility model is used in which the nodes move to a randomly selected position with the speed varying between 0 and maximum speed, pauses for a specified pause time and again starts moving with the same speed to a new destination. The pause time is set to 200 secs. Different message sizes of 16, 32, 48, 64, 128, 152, 180, 200, 256, 512 and 1024 bits are used. We observed that in all the four scenarios the energy consumed by the node increases as the message size increases. This is depicted in Fig.3. Since the nodes in a mobile ad hoc network communicate in a hop by hop manner, the energy consumed by all the nodes is not the same, even though same number of messages are sent and received by the nodes. This is clearly visible from the graphs. From the graph we observe that the energy consumed is less for a speed of 10m/s. This may be due to the fact that the movement brings the nodes closer to each other which reduces the relaying of the messages. The energy shown is inclusive of the energy for forwarding the message by the intermediate node.
TABLE IV. Parameters Simulation time Topology size Initial energy Transmitter Power Receiver Power Node mobility Routing Protocol Traffic type MAC Mobility model Max. no. of packets Pause time SIMULATION PARAMETERS Values 1000 sec 500m X 500m 100 Joules 0.4W 0.3W Max. speed 0m/s,5m/s, 10m/s, 20m/s AODV CBR, Message IEEE 802.11 Random Waypoint 10000 200sec

1 1 1 1 1 1 1

1 1 1 0 0 0 0 0 P-1 2(P-1) M+P-2 G+P+M-3

Let Exp=Exponential operation D=Decryption operation OWF=One Way Function X=Exclusive OR operation CRT=Chinese Remainder solving congruence relation i= node id M= Cluster size







During Set up phase
Cluster head Members

During rekey

Burmester and Desmedt Group-Diffie Hellman Distributed Logical Key Hierarchy Distributed One Way Function Trees CRTDH




(i+1)Exp Log2(MExp)

-----Log 2MD

(i+1)Exp Log 2MD

(Log 2M+ 1) Exp


(Log 1)Exp




Modified CRTDH Our scheme


Sort+ OWF

LCM(M-1) + (M-1) X +MExp + CRT (M-1) X +MExp +CRT Sort+ OWF

LCM+X+CRT leader CRT+X mem bers X+CRT

D+OWF Multiplication( CH leave) XOR(GL leave)

In the next experiment, we varied the cluster size and observed the effect of the cluster size on the average energy consumed by the nodes for communicating the rekeying messages. In this setup one node sends a message to every other node in the cluster. For P nodes, P1 messages are exchanged. This is indicated in Fig 4 for the mobility pattern of max. speed 20m/s. We observe that the energy consumed by the nodes increases as the network size increases and this is true with message sizes also.

94 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

member should not have access to this information, doing this in a secure manner is a challenging task.

[1] Wallner, D.M., Harder, E.J. and Agee, R.C. (1998) “Key management for multicast: issues and architectures”, Internet Draft, draft-wallner-key-arch-01.txt Sherman, A.T. and McGrew, D.A. (2003) “Key establishment in large dynamic groups using one-way function trees”, IEEE Transactions on Software Engineering, Vol. 29, No. 5, pp.444– 458 S. Mittra. Iolus: “A framework for scalable secure multicasting”, Journal of Computer Communication Reviews, 27(4):277–288, 1997. Y. Kim, A. Perrig, and G. Tsudik., “Tree-based group key agreement. ACM Transactions on Information Systems Security”, 7(1):60–96, Feb. 2004. Y. Amir, Y. Kim, C. Nita-Rotaru, J. L. Schultz, J. Stan, and G. Tsudik, “Secure group communication using robust contributory key agreement”. IEEE Trans. Parallel and Distributed Systems, 15(5):468–480, 2004. M. Burmester and Y. Desmedt,. “A secure and efficient conference key distribution system” In Advances in Cryptology EUROCRYPT, 1994. P. Adusumilli, X. Zou, and B. Ramamurthy, “DGKD: Distributed group key distribution with authentication capability” Proceedings of 2005 IEEEWorkshop on Information Assurance and Security, West Point, NY, USA, pages 476–481, June 2005. J.-H. Huang and S. Mishra, “Mykil: a highly scalable key distribution protocol for large group multicast”, IEEE Global Telecommunications Conference, (GLOBECOM), 3:1476– 1480, 2003. B. Wu, J. Wu, E. B. Fernandez, M. Ilyas, and S. Magliveras, “Secure and efficient key management in mobile ad hoc networks” Journal of Network and Computer Applications, 30(3):937–954, 2007. Z. Yu and Y. Guan., “A key pre-distribution scheme using deployment knowledge for wireless sensor networks” Proceedings of the 4th ACM/IEEE International Conference onInformation Processing in Sensor Networks (IPSN), pages 261–268, 2005. Bing Wu, Jie Wuand Yuhong Dong, “An efficient group key management scheme for mobile ad hoc networks”, Int. J. Security and Networks, 2008. MS. Bouassida, I. Chrisment, and 0. Festor , “A Group Key Management in MANETs. in International Journal of Network Security”, Vol.6, No. 1, PP.67-79, Jan. 2008 Dondeti L., Mukherjee S., and Samal A. 1999a. “A distributed group key management scheme for secure many-to-many communication”. Tech. Rep. PINTL-TR-207-99, Department of Computer Science, University of Maryland. Kim Y., Perrig, A., And Tsudik G. 2000, “Simple and faulttolerant key agreement for dynamic collaborative groups”, In Proceedings of the 7th ACM Conference in Computer and Communication Security, (Athens, Greece Nov.). (S. Jajodia and P. Samarati, Eds.), pp. 235–241. R. Balachandran, B. Ramamurthy, X. Zou, and N. Vinodchandran, “CRTDH: An efficient key agreement scheme for secure group communications in wireless ad hoc networks” Proceedings of IEEE International Conference on Communications (ICC), pages 1123–1127, 2005. Spyros Magliveras and Wandi Wei Xukai Zou, “Notes on the CRTDH Group Key Agreement Protocol” The 28th International Conference on Distributed Computing Systems Workshops 2008 The network simulator, http://www.isi.nsnam




Figure 3. Average energy consumed by the nodes for various message sizes for cluster size of 8 nodes






. Figure 4. Average energy consumed by the nodes vs. message size for different cluster sizes with mobility pattern of max. speed=20m/s



VI. CONCLUSION We proposed a hierarchical scheme scheme for group key management that does not rely on a centralized authority for regenerating a new group key. Any node can initiate the process of rekeying and so the energy depletion of any one particular node is eliminated unlike the centralized schemes. Our approach satisfies most of the security attributes of a key management system. The communication and computational overhead is small in our scheme compared with other distributed schemes. The energy saving is approximately 41% for 8 nodes and 15% for 200 nodes when the message size is reduced from 1024 to 16 bits. This indicates that small message size and small cluster size is most suitable for energy limited mobile ad hoc networks. A small cluster size increases the overhead of inter cluster communication since it needs more encryptions and decryptions whereas a large cluster size increases the communication cost of rekeying. An optimal value is chosen based on the application. As a future work, instead of unicasting the rekeying messages, broadcasting may be done that will reduce the number of messages sent through the network.Since the leaving







95 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

An Analysis of Energy Consumption on ACK+Rate Packet in Rate Based Transport Protocol
Department of IT PSNA College of Engineering & Technology, Dindigul, TN, India, 624622

Principal PSNA College of Engineering & Technology, Dindigul, TN, India, 624622

Abstract— Rate based transport protocol determines the rate of data transmission between the sender and receiver and then sends the data according to that rate. To notify the rate to the sender, the receiver sends ACK+Rate packet based on epoch timer expiry. In this paper, through detailed arguments and simulation it is shown that the transmission of ACK+Rate packet based on epoch timer expiry consumes more energy in network with low mobility. To overcome this problem, a new technique called Dynamic Rate Feedback (DRF) is proposed. DRF sends ACK+Rate whenever there is a change in rate of ±25% than the previous rate. Based on ns2 simulation DRF is compared with a reliable transport protocol for ad hoc network (ATP) . Keywords- Ad hoc network, Ad hoc transport Protocol, Rate based transport protocols, energy consumption, Intermediate node



In this paper, the design of new technique called Dynamic rate feedback (DRF), which minimizes the frequency of ACK+Rate packet transmission for rate based transport protocol in ad hoc network is focused. Ad hoc network is dynamically reconfigurable wireless network that does not have a fixed infrastructure. The characteristics of ad hoc network are completely different from that of the wired network. Therefore TCP protocol which is designed originally for wired network cannot be used as such for ad hoc network. Several studies have focused on the transport layer issues in ad hoc network. Research work have been carried out on both studying the impact of using TCP as the transport layer protocol and improving its performance either through lower layer mechanisms that hide the characteristics of ad hoc network from TCP, or through appropriate modifications to the mechanisms used by TCP [1-8]. Existing approaches to improve transport layer performance over ad hoc networks fall under three broad categories [9] (i) Enhancing TCP to adopt to the characteristics of ad hoc network (ii) Cross layer design (iii) A new transport protocol tailored specifically for ad hoc network environment. TCP ELFN proposed by Holland et al [10], Atra framework proposed by Anantharaman et al [11], Ad hoc transport protocol (ATP) proposed by Sunderasan et al [12] are examples protocols of the three categories

respectively. Transport layer protocols tailored specifically for ad hoc network are broadly classified in to (i) Rate based transport protocol. (ii) Window based transport protocol. In rate based transport protocol the rate is determined first and then the data are transmitted according to that rate. The intermediate node calculates the rate of data transmission. This rate is appended in the data packet and it is transmitted to the receiver. Receiver collates the received rate from the intermediate node and sends it to sender the along with ACK. This ACK+Rate packet is transmitted based upon epoch timer expiry. If the epoch timer is set to 1 second, then for each and every 1 second the receiver transmits ACK+Rate packet to the sender. In this paper, the epoch timer based transmission of ACK+Rate packet and its problems are discussed. The frequency of ACK+Rate packet transmission with respect to the energy consumption, mobility and rate adaptation is presented. Frequency of rate change with respect to mobility and its result is also presented. Energy consumption with respect to simulation and its results are found out for various mobility speeds.



In this paper, the focus is based on the proposals that aim to minimize the frequency of the ACK packets transmitted. Jimenz and Altman [13] investigated the impact of delaying more than 2 ACKs on TCP performance in multi hop wireless networks and they proved through simulation that encouraging result have been obtained. Johnson [14] investigated the impact of using extended delayed acknowledgement interval on TCP performance. Allman [15] conducted an extensive simulation evaluation on delayed acknowledgement (DA) strategies. Most of the approaches aims only on the ACK packets of window based transmission. In contrast to window based transmission, rate based transmission is another classification which falls under transport layer protocols as mentioned in section 1. As compared to window based transmission, rate based transport protocols aid in improving the performance in the following 2 ways [12] (i) Avoid the draw back due to burstiness. (ii) the transmission are scheduled by a timer at the sender, therefore the need for self clocking through the arrival of ACK is eliminated. The latter

96 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

benefit is used by rate based protocols to decouple congestion control mechanism from the reliability mechanism. The protocols that fall under rate based transmission are as follows. Sunderasan et al [12] proposed ATP: a reliable transport protocol for ad hoc network. Kaichen et al [16] proposed an end to end rate based flow control scheme called EXACT. Ashishraniwala et al [17] designed a link layer aware reliable transport protocol called LRTP. Danscofield [18] in his thesis presented a protocol called a hop by hop transport control for multi hop wireless network. Nengchungwang et al [19] have proposed improved transport protocol which uses fuzzy logic control. Ganeshkumar et al [20,21] have studied ATP and designed a new transport protocol called PATPAN. In all the rate based transport protocol mentioned above, the rate (congestion information) is transmitted by the intermediate node to the receiver during the transmission of data packets. The receiver collates the congestion information and notifies the same to the sender along with ACK. The sender adjusts the rate of data packet transmission according to the rate (congestion information) received from the receiver. The ACK+Rate feedback packet is transmitted periodically or based on epoch timer. The granularity of setting epoch timer and the frequency of ACK+Rate feedback packet transmission highly influences the performance of the protocol. In window based transport protocol huge amount of work is done to minimize the frequency of ACK packet transmission. The literature survey on the related work of rate based transport protocol clearly depicts that until now research work have not been carried out in minimizing the frequency of ACK+Rate feedback packet transmission. Therefore this motivated us to study the behaviour of well known rate based transport protocol ATP [12] and further explore deep in to the frequency of ACK + Rate feedback packet transmission. III. BACKGROUND

The ATP receiver collates this information and sends it back to the sender in the next ACK packets, and the ATP sender can adjust its transmission rate based on this information. During the establishment of the connection, the ATP sender determines the initial transmission rate by sending probe packet to the receiver. Each intermediate node attaches network congestion information to the probe packet and the ATP receiver replies to the sender with an ACK packet containing relevant congestion information. In order to minimize control overhead, ATP uses connection request and ACK packets as probe packets. ATP increases the transmission rate only if the new transmission rate (R) received from the network is beyond a threshold (x) greater than a current rate (S), e.g. if R>S(1+x) then the rate is increased. The transmission rate is increased only by a fraction (k) of the difference between two rates, i.e.: S=S+(RS)/k, this kind of method avoids rapid fluctuations in the transmission rate. If the ATP sender has not receive ACK packets for two consecutive feedback periods, it significantly decreases the transmission rate. After a third such period, connection is assumed to be lost and the ATP sender moves to the connection initiation phase where it periodically generates probe packets. When a path break occurs, the network layer sends an explicit link failure notification (ELFN) packet to the ATP sender and the sender moves to the connection initiation phase. The major advantage of ATP is the avoidance of congestion window fluctuations and the separation of the congestion control and reliability. This leads to a higher performance in ad hoc wireless networks. The biggest disadvantage of ATP is incompatibility with a traditional TCP, nodes using ATP cannot communicate directly with the Internet. In addition, fine-grained per-flow timer used at the ATP sender may become a bottleneck in large ad hoc wireless networks. IV. DYNAMIC RATE FEEDBACK (DRF)

A. Ad Hoc Transport Protocol (ATP) Ad hoc transport protocol (ATP) is a protocol designed for ad hoc wireless networks. It is not based on TCP. ATP differs from TCP in many ways: ATP uses coordination between different layers, ATP uses rate based transmissions and assisted congestion control and finally, congestion control and reliability are decoupled in ATP. Like many TCP variants, ATP also uses information from lower layers for many purposes like estimating of initial transmission rate, congestion detection, avoidance and control, and detection of path breaks. ATP obtains network congestion information from intermediate nodes, while the flow control and reliability information are obtained from the ATP receiver. The ATP uses a timer-based transmission where the rate is dependent on the congestion in the network. As packets travel through the network, intermediate nodes attach the congestion information to each ATP packet. This congestion information is expressed in terms of weighted average of queuing delay and contention delay experienced by the packets at intermediate node.

A. Design issues In rate based transport protocols, the intermediate node sends the congestion information (rate) to the receiver. The congestion information is usually appended with the data packet. The receiver collates the congestion information and sends it to the sender. The sender finds out the rate according to the received congestion information and starts to transmit the data. According to the concept of IEEE 802.11 MAC, at any particular instant only one node make use of the channel, even though the channel is common for all the nodes lying in the same contention area. The receiver sends transport layer ACK for the data which it have received. Since MAC uses shared channel, the data packet and ACK packet will contend to occupy the channel. This reduces the number of data packet send. To address this issue SACK is used in the transport layer. In TCP SACK, the ACK will be send for every 3 packets. In ATP SACK, the ACK will be send for every 20 packets or less than 20 packets. In ATP, to trigger the process of sending ACK, epoch timer is used. This epoch timer has a fixed value. After each epoch timer expires, ACK will be send

97 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

The congestion information which the intermediate node sends to the receiver is transmitted by the receiver to the sender along with ACK. The ACK is triggered by epoch timer expiry. Therefore for each and every epoch timer expiry the congestion information (delay/rate) is send to the sender. Even though the rate is determined on the fly and dynamically through out the session, it is notified to the sender only once per epoch. Therefore the granularity of epoch affects the performance of the protocol. If the epoch time is very short, then ACK packet transmitted per unit time will become more. This unnecessary traffic in the reverse path creates lot of problems such as high energy consumption leading to poor network life time and throughput reduction in the forward path. If the epoch time is very large, then ACK+Rate packet transmitted per unit time will be less. Due to this the rate changes which occur within the epoch will not be notified to the sender promptly. This causes the sender to choose rate that are much lower than necessary, resulting in periodic oscillations between high and low transmission speeds. In ad hoc network, the topology of the network changes dynamically which result in frequent rate changes. If the sender is not notified with frequent rate changes, then the sender will choose a rate which does not appropriately matches with the characteristics of network at that particular instant. Due to this the sender may choose a rate that is much lower or higher than necessary resulting in periodic oscillation between high and low transmission speeds. The epoch timer plays an important role in terms of throughput in the forward path, energy consumption and congestion in the network. According to the characteristics of the ad hoc network choosing a constant epoch timer value for the entire period of operation of protocol does not hold good. Therefore in the proposal the ACK+Rate packet is transmitted by the receiver to the sender when ever there is 25 percent rate change than the previous rate. If the receiver finds a rate which is 25 percent more or less than the previous rate, then it transmits the ACK+Rate to the sender. This procedure is termed as Dynamic Rate Feedback(DRF). According to this technique the rate is notified to the sender when ever there exist a 25 percent rate change, eliminating the concept of ACK+Rate packet transmission based on epoch timer expiry. B. Independence on ACKs In rate based transport protocols, the rate is notified to the sender along with ACK. The receiver sends ACK+Rate to the sender, the sender adopts its date transmission according to the received rate. In window based transmission, the reception of ACK triggers the data transmission. So if ACK is late or if only few ACK is received per unit time, then only less number of data packets will be transmitted. This decreases the throughput and performance of the protocol. In rate based transport protocols, the reception of ACK does not trigger the

data transmission. The data is transmitted only based on the received rate. In DRF while using slow speed mobile topology, transmission of ACK+Rate packet is limited. This does not affect the number of data packet transmitted in the forward path. In low mobility network, the frequency of rate changes will be minimum. This does not cause any side effect except for which the sender should not discard the buffered data transmitted already until ACK is received for the same. DRF does not affect the data recovery through retransmission. If any data is lost, then it is the indication of congestion, route failure. This causes change in rate. If rate change occurs, then ACK+Rate will be transmitted. From the ACK, the lost data packet can be found out and the same can be recovered through retransmission. C. Triggering ACK+Rate Packet The DRF technique is developed to eliminate the unnecessary transmissions of ACK+Rate packet in order to reduce the additional overhead and energy consumption bared by the intermediate nodes. In this paper, through detailed arguments it is told that the triggering of ACK+Rate packet in response to expiry of epoch timer causes serious performance problems. If the epoch time period is set to 1 second, then the rate changes that occur with in 1 second could not be informed to the sender. This causes harmful effects such as reduction in throughput and under utilization of network resources. To overcome this drawback, DRF sends ACK+Rate packet when ever there is a rate changes, rather than sending ACK+Rate packet for each and every expiry of epoch timer. If ACK+Rate packet is transmitted for every rate change, then more traffic will be generated in the network which causes high energy consumption in the intermediate node and reduction in the throughput due to the contention of data and ACK+Rate packet in the forward and reverse path respectively. If ACK+Rate packet is transmitted after a ±100% rate change(i.e., if the current rate is 4, then the next ACK+Rate packet will be transmitted only if rate becomes 8) than the previous rate, then the sender will choose an inappropriate rate which does not suits exactly with the characteristics of the network at that particular instant. Therefore, in order to find out the optimal time to transmit ACK+Rate packet an experiment is conducted in ns2 simulator. The simulation set up is discussed in section 5.1. The source node and destination node are randomly chosen. Throughput is analyzed in various angles. Transmission of ACK+Rate packets with respect to ± 15%, ±25%, ±35%, ±50%, ±65%, ±75% rate changes than the previous rate is analyzed. Throughput in pedestrian mobile topology (1m/s), throughput in slow speed mobile topology (20m/s), and throughput in high speed mobile topology (30m /s) is found out for 1flow, 5flow and 25flow. The results are shown in Table1. The results are rounded to nearest integer. The average throughput for pedestrian, slow speed and high speed mobile topology for ±15%, ±25%, ±35%, ±50%, ±65%,±75% rate changes in a network load of 1 flow are 539, 529, 468, 366, 278, 187 respectively. From the result it is clear that

98 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Transmission of ACK+Rate packet with respect to % of rate change ±15 ±25 ±35 ±50 ±65 ±75

Throughput in pedestrian topology

Throughput in slow speed topology

Throughput in high speed topology

1 flow 635 629 522 424 367 217

5 flow 214 198 153 132 123 105

25 flow 46 39 31 27 21 19

1 flow 551 537 492 371 254 184

5 flow 157 146 114 91 68 54

25 flow 43 39 31 24 19 15

1 flow 432 421 392 304 213 161

5 flow 141 133 111 92 63 43

25 flow 38 32 24 17 14 8


Transmission of ACK+Rate packet with respect to % of rate change ±15 ±25 ±35

Number of ACK+Rate packet transmitted for simulation time of 100 second and a network load of 1 flow. Pedestrian Slow Speed Topology High Speed Topology Topology 43 56 69 64 76 73 85 84 94

the throughput for ±15%, ±25% and ±35% are greater than that of ±50%, ±65%, ±75%. Therefore, it can be concluded that ACK+Rate packet may be triggered for transmission if there is ±15%, ±25% or ±25% of rate change than the previous rate change. Transmission of ACK+Rate packet from the rate change of ±15%, ±25% and ±25% than the previous rate is analysed as shown in table 2. The appropriate percent of rate change so as when to trigger the ACK+Rate packet must be chosen. From the results shown in Table 2, it is clear that the number of ACK+Rate packet in ±25% rate change is lower than ±35% rate change and slightly higher than ±15% rate change. Therefore in DRF the method of triggering ACK+Rate packet, whenever there is ±25% rate change than the previous rate is adopted. V. PERFORMANCE EVALUATION


Simulation Setup

Simulation study was conducted using ns2 network simulator. A mobile topology of 500m X 500m grid consisting of 50 nodes is used. Radio transmission range of each node is kept as 200 meters. The interference range is kept as 500 meters. Channel capacity is chosen as 2 Mbit/sec. channel delay is fixed as 2.5µs. Dynamic source routing and IEEE 802.11b is used as the routing and MAC protocol. FTP is used as the application layer protocol. The source and destination pairs are randomly chosen. The effect of load on the network is studied with 1,5 and 25 flows. The performance of DRF is evaluated and compared with ATP. B. Instantaneous Rate Dynamics

This section presents the evaluation of DRF and ATP considering the aspects such as energy consumption, change in rate with respect to time for various mobility. The performance of DRF is compared with ATP. The reason for the comparison with ATP is that it is a well known and widely accepted rate based transport protocol. Since the scope of this paper limits to rate based transport protocol, other version of TCP is not considered for comparison

Instantaneous rate dynamics refers to change in rate (packets/sec) with respect to time. Fig.1 shows the result of change in rate for various mobility 1m/s, 10m/s, 30m/s, 50m/s. When mobility is 1 m/s, rate change occurs 3 to 4 times. The average rate of rate changes is 210. When mobility is 50 m/s, frequent rate change occurs. The average rate of rate changes is 225.4. While the mobility is 50 m/s, the maximum deviation of rate change with respect to average value ranges from 50 to 60. From this observation it can be concluded that mobility is directly proportional to the change in rate i.e., whenever mobility increases the rate change also increases.

99 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Figure 1. Rate Vs Time


D. Energy Consumption In this section, the energy consumption in intermediate node is examined for ATP and DRF. The energy model implemented in the ns2 simulator [22] is used in simulation. A node starts with initial energy level that is reduced whenever the node transmits, receives a packet. The total amount of energy E(n) consumed at a given node n is represented as E(n) = Et(n) + Er(n) Where Et and Er denote the amount of energy spended by transmission, reception respectively. Energy/ Bit ratio i.e., the energy consumption per bit is computed as follows e= n*p*8/es Where n is the number of packet transmitted, p is the size of the packet in bytes and es is the energy spend by the node in joules. E. Performance in pedestrian (1 m/s) mobile topology In pedestrian mobile topology, the rate change with respect to time is low as compared to the slow speed and high speed mobile topology. Snapshot of energy consumption due to the transmission of ACK+Rate packet in DRF and ATP are presented for single flow, 5 flows, and 25 flows in Fig. 2 a, b, c respectively. Here the focus is only to high light the energy consumption of ATP and DRF. Hence other variants of TCP and other rate based transport protocols are not considered. The average energy consumption of ATP are 3.84, 4.65, 5.05 for 1 flow, 5 flow, 25 flow respectively. The average energy consumption of DRF are 3.24, 4.01, 4.35 for 1 flow, 5 flow, 25 flow respectively. In ATP since the ACK+Rate packet is transmitted for every epoch period (say 1 second), the number ACK+Rate packet transmitted is high. Therefore the energy consumption in ATP is higher as compared to DRF. Energy consumption in DRF is low because ACK+Rate is transmitted to the sender only when there is rate change. In pedestrian topology since the mobility is low ( 1m/s), the rate change is also low so the number of ACK+Rate packet transmission is minimum. Therefore the energy consumption for both ATP and DRF is minimum as compared to slow speed and high speed mobile topology.


Figure 2. Energy Consumption in Pedestrian Mobile Topology (a) [1flow] (b) [5flow], (c) [25flow].

F. Performance in slow speed mobile topology Snapshot of energy consumption due to the transmission of ACK + Rate packet in DRF and ATP are presented for single flow, 5 flows, and 25 flows in Fig.3 a, b, c respectively. The average energy consumption of ATP are 3.92, 4.75, 5.12 for 1 flow, 5 flows, 25 flows respectively. The average energy consumption of DRF are 3.75, 3.94, 4.24 for 1 flow, 5 flow, 25 flow respectively. In slow speed mobile topology the speed of mobility is 10m/s. The average energy consumption in slow speed mobile topology is greater than that of the results obtained in pedestrian mobile topology. According to the results shown in Fig. 1. as the speed increases the change in rate with respect to time also increases. Therefore energy consumption in both ATP and DRF is higher in slow speed topology than that of pedestrian mobile topology. But

100 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

comparing ATP and DRF, ATP has high energy consumption than DRF, this is due to the transmission of ACK+Rate packet based on epoch timer expiry. This is the indication to use DRF technique in a topology where mobility speed varies from 1 m/s to 10 m/s. DRF causes reduction of energy consumption and there by increases the network life time which is critical issue.

consumption of DRF are 4.89, 5.6, 6.23 for 1 flow, 5 flow, 25 flow respectively It is seen that the energy consumption of DRF is greater than that of ATP. This is because as mobility increases rate change also increases. In DRF the ACK+Rate packet is transmitted whenever there is a rate change. Since rate changes are higher, number of ACK+ Rate packets transmitted is higher. The result shows that within 1 second 5 to 6 ACK+Rate packets are transmitted. This raises the energy consumption. In case of ATP ACK+Rate packet is transmitted for each and every epoch period (say 1 second) in contrast, DRF send ACK+Rate packet whenever there is a rate change.





Figure 3.

(c) Energy Consumption in slow speed mobile topology (a) [1flow], (b) [5flow],(c) [25flow]. (c) Energy Consumption in High speed mobile topology (a) [1flow], (b) [5flow], (c) [25flow].

G. Performance in high speed mobile topology Snapshot of energy consumption for high speed mobile topology of ATP and DRF are presented for single flow, 5 flows and 25 flows in Fig.4 a, b, c respectively. The average energy consumption of ATP are 4.15, 4.85, 5.33 for 1 flow, 5 flows and 25 flows respectively. The average energy

Figure 4.

The results clearly reveals that the DRF technique reduces energy consumption and increases the life time of a node in very slow speed and slow speed mobility. But in high speed

101 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

mobility topology DRF consumes slightly higher energy than ATP. Therefore it is clear that DRF technique can be deployed in an ad hoc network where the mobility speed does not exceed 20 m/s. VI. CONCLUSION The Dynamic Rate Feedback (DRF) strategy aims to minimize the contention between data and ACK+Rate packets by transmitting as few ACK+Rate packet as possible. This mechanism is self adaptive and it is feasible and optimal to use in ad hoc networks whose mobility is restricted to 20m/s. Through simulation it is found that the frequency of change in rate is directly proportional to the mobility. In DRF technique, it is adopted that the ACK+Rate is transmitted only, whenever there is change in rate of ±25% than the previous rate. The simulation result showed that the DRF can outperform ATP, the well known rate based transport protocol for ad hoc network in terms of energy consumption in intermediate node. This technique is easy to deploy since the changes are limited to the end node (receiver) only. It is important to emphasize that in DRF the semantics of ATP is retained but the performance is improved. REFERENCE
[1] B. Bakshi, P. Krishna, N.H. Vaidya, & D.K. Pradhan, Improving Performance of TCP over Wireless Networks, Proc. 17th International Conference on Distributed Computing systems (ICDCS), Baltimore, Maryland, USA,1997, 112-120. G. Holland & N.H. Vaidya, Impact of Routing and Link layers on TCP Performance in Mobile Ad Hoc Networks, Proc. of IEEE Wireless Comm. and Networking Conference, USA, 1999, 505509. M. Gerla, K. Tang, & R. Bagrodia, TCP Performance in Wireless Multi Hop Networks, Proc. IEEE Workshop Mobile computing Systems and Applications, USA, 1999, 202-222. G. Holland & N.H. Vaidya, Analysis of TCP Performance over Mobile Ad Hoc Networks, Proc. of ACM MOBICOM Conference, 1999, Seattle, washinton, 219- 230. J.P. Monks, P. Sinha, & V. Bharghavan, Limitations of TCPELFN for Ad Hoc Networks, Proc. Workshop Mobile and Multimedia Communication, USA, 2000, 56-60. K. Chandran, S. Raghunathan, S. Venkatesan, & R. Prakash, A Feedback Based Scheme for Improving TCP Performance in Ad Hoc Wireless Networks, Proc. International Conference on Distributed Computing Systems, Amsterdam, The Netherlands, 1998, 472-479. T.D. Dyer & R. Bopanna, A Comparison of TCP Performance over Three Routing Protocols for Mobile Ad Hoc Networks, Proc. ACM MOBIHOC 2001 Conference, Long Beach, California, USA, 2001, 156-162. J. Liu & S. Singh, ATCP: TCP for Mobile Ad Hoc Networks, IEEE Journal on Selected Areas in Comm., 2001. Karthikeyan Sundaresan, Seung-Jong Park, & Raghupathy Sivakumar, “Transport Layer Protocols in Ad Hoc Networks, Ad hoc Network, ( Springer US ) 123-152. J. P. Monks, P. Sinha, & V. Bharghavan, Limitations of TCPELFN for Ad hoc Networks, Proc. in Workshop on Mobile and Multimedia Communication, Marina del Rey, CA, Oct. 2000. V. Anantharaman & R. Sivakumar, A Microscopic Analysis of TCP Performance Analysis over Wireless Ad Hoc Networks, Proc. of ACM SIGMETRICS 2002., Marina del Rey, CA, 2002. K.Sundaresan, V.Anantharaman, Hung-Yun Hsieh & A.R.Sivakumar, ATP: a reliable transport protocol for ad hoc networks, IEEE Transaction on Mobile computing, (4)6, 2005,588- 603.











T. Jimenez and E. Altman, “Novel Delayed ACK Techniques for Improving TCP performance in Multihop Wireless Networks,” Proc. Personal Wireless Comm. (PWC ’03), Sept. 2003. S.R. Johnson, “Increasing TCP Throughput by Using an Extended Acknowledgment Interval,” master’s thesis, Ohio Univ., June 1995. M. Allman, “On the Generation and Use of TCP Acknowledgements,” ACM Computer Comm. Rev., vol. 28, pp. 1114-1118, 1998. K.Chen, K.Nahrstedt, & N.Vaidya, The utility of explicit ratebased flow control in mobile ad hoc networks, Proc. Wireless Communications and Networking Conference, USA, 2004. Raniwala, S Sharma, R Krishnan, & T Chiueh, Evalaution of a Stateful Transport Protocol for Multi-channel Wireless Mesh Networks, Proc. International conf. on Didtributed Computing System, Lisboa, Portugal, 2006. Dan scofield, Hop-by-Hop Transport Control for Multi-Hop Wireless Networks, ms thesis, Department of Computer Science, Brigham Young University, Provo, 2007. Neng-Chung Wang, Yung-Fa Huang, & Wei-Lun Liu, A FuzzyBased Transport Protocol for Mobile Ad Hoc Networks, Proc. of IEEE International Conference on Sensor Networks, Ubiquitous and Trustworthy Computing, SUTC apos, 2008,320-325. P.Ganeshkumar, & K.Thyagarajah, PATPAN: Power Aware Transport Protocol for Adhoc Networks, Proc. of IEEE Conference on Emerging Trends in Engineering and Technology, Nagpur, India, 2008, 182-186. P.Ganeshkumar, & K,Thyagarajah, Proposals for Performance Enhancement of intermediate Node in Ad hoc Transport Protocol, Proc. of IEEE International Conference on Computing, communication and Networking, Karur, India, 2008. Y. Xu, J. Heidemann, and D. Estrin, “Adaptive Energy Conserving Routing for Multihop Ad Hoc Networks,” Research Report 527, Information Sciences Inst., Univ. of Southern California, Oct. 2000 AUTHORS PROFILE






P.Ganesh kumar received the bachelor’s degree in Electrical and Electronics Engineering from Madurai Kamaraj University in 2001, and Master’s degree in Computer science and Engineering with distinction from Bharathiar University in 2002. He is currently working towards the PhD degree in Anna university Chennai. He has 7 years of teaching experience in Information Technology. He is a member of IEEE, CSI and ISTE. He had published several papers in International journal, IEEE international conferences and national conferences. He authored a book “Component based Technology”. His area of interest includes Distributes systems, Computer Network and Ad hoc network. Dr. K.Thyagarajah received the bachelor’s degree in Electrical Engineering and master’s degree in Power systems from Madras university. He received doctoral degree in Power Electronics and AC Motor Drives from Indian Institute of science, Banglore in 1993. He has 30 years of experience in teaching and research. He is a senior member of IEEE. He is a senior member of various bodies such as ISTE, Institution of engineers, India etc. He is syndicate member in Anna university Chennai and in Anna University Tiruchirapalli. He is member of board of studies in various universities in India. He has published more than 50 papers in various national and international referred journals and conferences. He authored a book “Advanced Microprocessor”. His area of interest includes Network Analysis, Power electronics, Mobile computing, Ad hoc networks.


[8] [9]




102 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Prediction of Zoonosis Incidence in Human using Seasonal Auto Regressive Integrated Moving Average (SARIMA)
Adhistya Erna Permanasari
Computer and Information Science Dept. Universiti Teknonologi PETRONAS Bandar Seri Iskandar, 31750 Tronoh, Perak, Malaysia

Dayang Rohaya Awang Rambli
Computer and Information Science Dept. Universiti Teknonologi PETRONAS Bandar Seri Iskandar, 31750 Tronoh, Perak, Malaysia

P. Dhanapal Durai Dominic
Computer and Information Science Dept. Universiti Teknonologi PETRONAS Bandar Seri Iskandar, 31750 Tronoh, Perak, Malaysia

Abstract— Zoonosis refers to the transmission of infectious diseases from animal to human. The increasing number of zoonosis incidence makes the great losses to lives, including humans and animals, and also the impact in social economic. It motivates development of a system that can predict the future number of zoonosis occurrences in human. This paper analyses and presents the use of Seasonal Autoregressive Integrated Moving Average (SARIMA) method for developing a forecasting model that able to support and provide prediction number of zoonosis human incidence. The dataset for model development was collected on a time series data of human Salmonellosis occurrences in United States which comprises of fourteen years of monthly data obtained from a study published by Centers for Disease Control and Prevention (CDC). Several trial models of SARIMA were compared to obtain the most appropriate model. Then, diagnostic tests were used to determine model validity. The result showed that the SARIMA(9,0,14)(12,1,24)12 is the fittest model. While in the measure of accuracy, the selected model achieved 0.062 of Theil’s U value. It implied that the model was highly accurate and a close fit. It was also indicated the capability of final model to closely represent and made prediction based on the tuberculosis historical dataset. Keywords—zoonosis; forecasting; time series; SARIMA

cases, at least 2185 deaths). Some of these zoonoses recently have major outbreaks worldwide which resulted in many losses of lives both to humans and animals. Zoonosis evolution from the original form could cause the newly emerging zoonotic disease [4]. Indeed this is evidenced in a report presented by WHO [4] associating microbiological factors with the agent, the animal hosts/reservoirs and the human victims which could result in a new variant of a pathogen that is capable of jumping the species barrier. For example, Influenza A virus mechanism have jumped from wild waterfowl species into domestic farm, farm animal, and humans. The other recent example is the swine flu that the outbreaks in human originally come from a new influenza virus in a swine. The outbreak of disease in people caused by a new influenza virus of swine origin continues to grow in the United States and internationally Worldwide frequency of zoonosis outbreak in the past 30 years [3] and the risk factor of the newly emerging diseases forced many governments to apply stringent measures to prevent zoonosis outbreak, for example by destroying the last livestock in the infected area. These mean great losses to farmer. The significant impact to human life, however, still remains the biggest issue in zoonosis. Therefore, it highlights the need for a modeling approach that can give decision makers an early estimate of future number zoonosis incidence, based on the historical time series data. The use of computer software couple with a statistical modeling can be used to forecast the number of zoonosis incidence. Time series analysis regarding forecasting model is widely used in various fields. In fact, there are few of studies regarding zoonosis forecasting comparing to other areas, such as energy demand prediction, economic field, traffic prediction, and in the health support. Indeed, prediction the risk of zoonosis impact in human need to be focused, due to the need to obtain the result to take the further decision. Many researchers have developed different forecasting methods to predict zoonosis human incidence.



Zoonosis refers to any infectious disease that is transmitted from animals humans [1, 2]. It was estimated that around 75% of emerging disease infections to humans come from animal origin [3-5]. The zoonosis epidemics arise and exhibit the potential threat for public health and economic impact. Large numbers of people have been killed by zoonotic disease in different countries. The WHO statistic [6] reported some zoonosis outbreaks including Dengue/dengue haemorrhagic fever in Brazil (647 cases, with 48 deaths); Avian Influenza outbreaks in 15 countries (438 cases, 262 deaths) ; Rift Valley Fever in Sudan (698 cases, including 222 deaths); Ebola in Uganda (75 patients), Ebola in Philippines (6 positive cases from 141 suspect) and Ebola in Congo (32 cases, 15 deaths); and the latest was Swine Flu (H1N1) in many countries (over 209438

103 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Multivariate Markov chain model was selected to project the number of tuberculosis (TB) incidence in the United States from 1980 to 2010 [7]. This work pointed out the study of TB incidence based on demographic groups. The uncertainty in model parameters was handled by fuzzy number. The model determined that the decline rate in the number of cases among Hispanics would be slower than among white non-Hispanics and black non-Hispanics. The number of human incidence of Schistosoma haematobium at Niono, Mali was forecasted online by using exponential smoothing method [8]. The method was used as a core of a proposed state-space framework. The data was collected from 1996-2004 from 17 community health center in that area. The framework was able to assist managing and assessing S. haematobium transmission and intervention impact, Three different approaches were applied to forecast the SARS epidemic in China. The existing time series was processed by AR(1), ARIMA(0,1,0), and ARMA(1,1). The result could be used to support the disease reports [9]. The result of this study could be used to monitor the dynamic of SARS in China based on the daily data. A Bayesian dynamic model also could be used to to monitor the influenza surveillance as one factor of SARS epidemic [10]. This model was developed to link pediatric and adult syndromic data to the traditional measures of influenza morbidity and mortality. The findings showed the importance of modeling influenza surveillance data, and recommend dynamic Bayesian Network. Monthly data of Cutaneous Leishmaniasis (CL) incidence in Costa Rica from 1991 to 2001 was analyzed by using seasonal autoregressive models. This work was studying the relationship between the interannual cycles of the diseases with the climate variables using frequency and time-frequency techniques of time series analysis [11]. This model supported the dynamic link between the disease and climate. Additive decomposition method was used to predict Salmonellosis incidence in US [12]. Fourteen years historical

data from 1993 to 2006 was collected to compute the forecast values until 12 months-ahead. Different forecasting approaches were applied into zoonosis time series. However, the increasing number of zoonosis occurrences in human made the need to take a further study of zoonosis forecasting in different zoonotic disease [13]. Due to that issue, selections of the fitted model were necessary to obtain the optimal result. This paper analyses the empirical results for evaluating and predicting the number of zoonosis incidence by using Autoregressive Integrated Moving Average (ARIMA). This model is selected because of the capability to correct the local trend in data, where the pattern in the previous period can be used to forecast the future. Thus this model also supports in modeling one perspective as a function of time (in this case, the number of human case) [14]. Due to the seasonal trend of time series used, the Seasonal ARIMA (SARIMA) is selected for the model development. The remainder of the paper is structured as follows. Section II presents preparation of the time series. Section III describes basic theory of ARIMA and SARIMA model. Section IV introduces Bayesian Information Criterion (BIC) and Akaike Information Criterion (AIC). Section V reports model development. Finally, Section VI present conclusion and directions for future work. II. DATASET FOR MODEL DEVELOPMENT This section describes the dataset (time series) that was used for model development. Salmonellosis disease was selected because these incidences can found in any country. A study collected time series data of human Salmonellosis occurrences in United State for the 168 month period from January 1993 to December 2006. The data was obtained from the summary of notifiable diseases in United States from the Morbidity and Mortality Weekly Report (MMWR) that published by Centers for Disease Control and Prevention (CDC). The seasonal variation of the original data is presented in Fig. 1. Then, trend in every month is plotted by using seasonal stacked line in Fig.2.


7000 6000 5000 4000


Number of Incidence




2000 1000 Jan Feb Mar Apr May SALM Jun Jul Aug Sep Oct Nov Dec


1000 12 24 36 48 60 72 84 96 Month Index 108 120 132 144 156 168

Means by Season

Figure 1. Monthly number of US Salmonellosis incidence (1993-2006)

Figure 2. Seasonal stacked line of US Salmonellosis (1993-2006)

104 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Fig. 2 shows seasonal stacked line for human Salmonellosis incidence in US from 1993 until 2006. The plot shows a peak season of incidence in August while the minimum number of incidence occurrences in January. Since time series plot of the historical data exhibited the seasonal variations which present similar trend every year, then SARIMA was chosen as the appropriate approach to develop a model prediction. III. ARIMA AND SEASONAL ARIMA MODEL

• θ Q ( B L ) = (1 − θ 1, L B L − θ 2, L B 2 L − ... − θ Q , L B QL ) is the seasonal moving average operator of order Q • δ = μφ p ( B)φ P ( B L ) is a constant term where μ is the mean of stationary time series • φ ,θ , δ are unknown parameter that can be calculated from the sample data. • at , at −1 ,... are random shocks that are assumed to be independent of each other George Box and Gwilym Jenkins studied the simplified step to obtain the comprehensive information of understanding ARIMA model and using the univariate ARIMA model [15],[16]. The Box-Jenkins (BJ) methodology consists of four iterative steps: 1) Step 1: Identification This step focus on selection of the order of regular differencing (d), seasonal differencing (D), the non-seasonal order of Autoregressive (p), the seasonal order of Autoregressive (P), the non-seasonal order of Moving Average (q) and the non-seasonal order of Autoregressive (Q). The number of order can be identified by observing the sample autocorrelations (SAC) and sample partial autocorrelations (SPAC). 2) Step 2: Estimation The historical data is used to estimate the parameters of the tentatively model in Step 1. 3) Step 3: Diagnostic checking Various diagnostic tests are used to check the adequacy of the tentatively model. 4) Step 4: Forecasting The final model in step 3 then is used to forecast the forecast values. This approach is widely used to examining the SARIMA model because of the capability to capture the appropriate trend by examining historical pattern. The BJ methodology has several advantages, involving extract a great deal of information from the time series using a minimum number of parameters and the capability in handling stationery and nonstationary time series in non-seasonal and seasonal elements [17],[18]. IV. BAYESIAN INFORMATION CRITERION (BIC) AND AKAIKE INFORMATION CRITERION (AIC)

This section introduces the basic theory of Autoregressive Integrated Moving Average (ARIMA). The general class of ARIMA (p,d,q) processes shown in (1) as
yt = δ + φ1 yt −1 + φ2 yt −2 + ... + φ p yt − p + at − θ1at −1 − θ 2 at −2 − ... − θ q at −q


where d is the level of differencing, p is the autoregressive order, and q is the moving average order [15]. The constant is notated by δ, while φ is an autoregressive operator and θ is a moving average operator. Seasonal ARIMA (SARIMA) is used when the time series exhibits a seasonal variation. A seasonal autoregressive notation (P) and a seasonal moving average notation (Q) will form the multiplicative process of SARIMA as (p,d,q)(P,D,Q)s. The subscripted letter ‘s’ shows the length of seasonal period. For example, in a hourly data time series s = 7, in a quarterly data s = 4, and in a monthly data s = 12. In order to formalize the model, the backshift operator (B) is used. The time series observation backward in time by k period is symbolized by Bk, such that Bkyt = yt-k Formerly, the backshift operator is used to present a general stationarity transformation, where the time series is stationer if the statistical properties (mean and variance) are constant through time. The general stationarity transformation is presented below:
zt = ∇ ∇ yt = (1 − B ) (1 − B) yt
D s d s D d


where z is the time series differencing, d is the degree of nonseasonal differencing used and D is the degree of seasonal differencing used. Then, the general SARIMA (p,P,q,Q) model is

φ p ( B)φP ( B s ) zt = δ + θ q ( B)θQ ( B s )at


• φ p ( B ) = (1 − φ1 B − φ2 B − ... − φ p B ) is the nonseasonal autoregressive operator of order p • φ p ( B L ) = (1 − φ1, L B L − φ 2, L B 2 L − ... − φ P , L B PL ) is the
2 p

Selection of ARIMA model was based on the Bayesian Information Criterion (BIC) and Akaike Information Criterion (AIC) values. These models are using Maximum Likelihood principle to choose highest possible dimension. The determinant of the residual covariance is computed as:
^ ^ ^ ⎛ 1 ⎞ | Ω |= det⎜ ⎜ T − p ∑ ε t ε t' / T ⎟ ⎟ t ⎝ ⎠

seasonal autoregressive operator of order P • θ q ( B ) = (1 − θ1 B − θ 2 B 2 − ... − θ q B q ) is the nonseasonal moving average operator of order q


105 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

The log likelihood value is assuming computed by a multivariate normal (Gaussian) distribution as:
^ T l = − {k (1 + log 2π ) + log | Ω |} 2


that the correlogram of time series is likely to have seasonal cycles especially in SAC which implied level non-stationary. Therefore, the regular differencing and seasonal differencing was applied to the original time series as presented in Fig. 4 and Fig. 5. An Augmented Dickey-Fuller (ADF) test was performed to determine whether a data differencing is needed [19]. The null hypothesis of the Augmented Dickey-Fuller t-test is: • • H0 : θ = 0 then the data needs to be differenced to make it stationary, versus the alternative hypothesis of H1 : θ < 0 then the data is stationary and doesn’t need to be differenced

Then the AIC and BIC are formulated as [19]:
AIC = −2(l / T ) + 2(n / T )

(6) (7)

BIC = −2(l / T ) + n log(T ) / T

where l is the value of the log of the likelihood function with the k parameters estimated using T observations and n = k ( d + pk ) . The various information criteria are all based on –2 times the average log likelihood function, adjusted by a penalty function. V. MODEL DEVELOPMENT

This following section discusses the result of BJ iterative steps to forecast an available dataset. A. Identification Starting with BJ methodology introduced in section 3, the first step in the model development is to identify the dataset. In this step, sample autocorrelations (SAC) and sample partial autocorrelations (SPAC) of the historical data were plotted to observe the pattern. Three periodical data was selected to illustrate the plot. The result is shown in Fig. 3. Based on Fig. 3, it could be observed

The result was compared with the 1%, 5%, and 10% critical values to indicate non-rejection of the null hypothesis. The ADF test statistic value had a t-Statistic value of -1.779 and the one-sided p-value is 0.389. The critical values reported at 1%, 5%, and 10% were -3.476, -2.882, -2.578. It showed that t α value was greater than the critical values that provide evidence not to reject the null hypothesis of a unit root then the time series need to be differencing. The regular differencing and seasonal differencing was applied to the original time series. The ADF test also applied for both of them. The result showed the critical values of the regular differencing were -14.171 and for the seasonal differencing were -12.514. The one-sided p-value for both differencing was 0.000. While the probability value of 0.000 provided evidence to reject the null hypotheses. It indicated the stationarity of the time series.

Figure 3.

SAC and SPAC correlogram of original data

Figure 4.

SAC and SPAC correlogram of regular differencing

Figure 5.

SAC and SPAC correlogram of seasonal differencing

106 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Selecting of whether to use regular or seasonal differencing was based on the correlogram. In order to develop ARIMA, time series should be stationary. Based on the correlogram shown in Figure 3 and Figure 4 was observed that more spikes was found in the regular differencing than the seasonal differencing. Then, the seasonal differencing was chosen for model development. B. Parameter Estimation Different ARIMA models were applied to find the best fitting model. The most appropriate model was selected by using BIC and AIC values. The best model was determined from the minimum BIC and AIC. Table I presents the results of estimating the various ARIMA processes for the seasonal differencing of Salmonellosis human incidence using the EViews 5.1 econometric software package.
TABLE I. No 1 2 3 4 5 6 7 8 9 ESTIMATION OF SELECTED SARIMA MODEL BIC 15.614 15.587 15.583 15.394 15.351 15.368 15.359 15.331 15.352 AIC 15.431 15.427 15.423 15.286 15.243 15.282 15.273 15.245 15.245 Adj. R2 0.345 0.342 0.345 0.449 0.472 0.447 0.452 0.468 0.471

Hence, δ value was 0.44, less than |2| and statistically not different from zero, then δ can be excluded from the model. Where an autoregressive and a moving average model presented in the nonseasonal or seasonal level, then multiplicative terms was used as the following: •

φ9 zt − 9 and φ1,12 zt −12 was multiplicative term φ9φ1,12 zt − 21






− θ14 at −14 and − θ 2,12 at − 24 was used to form the multiplicative term θ 14 θ 2 , 12 a t − 38

The model was derived using multiplicative form as follows:
zt = φ9 zt −9 − θ14 at −14 + φ1,12 zt −12 − θ 2,12 at −24 + φ9φ1,12 zt −21 + θ14θ 2,12 at −38 + at zt − φ9 zt −9 − φ1,12 zt −12 − φ9φ1,12 zt −21 = θ14 at −14 + θ 2,12 at −24 − θ14θ 2,12 at −38 + at


Model Variable C, AR(9), SAR(12), SAR(22), SAR(24), MA(9), SMA(12), SMA(24) AR(9), SAR(12), SAR(22), SAR(24), MA(9), SMA(12), SMA(24) AR(9), SAR(12), SAR(24), MA(9),SMA(12), SMA(22), SMA(24) AR(3), AR(9), SAR(12), MA(3), SMA(24) AR(3), AR(9), SAR(12), MA(14), SMA(24) AR(3), AR(9), SAR(12), MA(24) AR(9), SAR(12), MA(3), SMA(24) AR(9), SAR(12), MA(14), SMA(24) AR(9), SAR(12), MA(3), MA(14), SMA(24)

The backshift operator (B) was applied in (13) yield:
zt − φ9 B 9 zt − φ1,12 B12 zt − φ9φ1,12 B 21 zt = θ14 B14 at + θ 2,12 B 24 at − θ14θ 2,12 B 38at + at (1 − φ9 B − φ1,12 B − φ9φ1,12 B ) zt
9 12 21


= (1 + θ14 B14 + θ 2,12 B 24 − θ14θ 2,12 B 38 )at

The AIC and BIC are commonly used in model selection, whereby the smaller value is preferred. From Table 1, model 8 had a relatively small value of BIC and AIC. It also achieved large adjusted R2. The model AR(9), SAR(12), MA(14), SMA(24) also could be written as SARIMA(9,0,14)(12,1,24)12. To produce the model, the separated non-seasonal and seasonal model was computed first. It was followed by combining these models to describe the final model. • Step 1: Model for nonseasonal level AR (9) : z t = δ + φ9 z t −9 + at (8) (9) (10) (11)

From the computation the parameter result were AR(9) = 0.154, SAR(12) = -0.513, MA(14) = 0.255, SMA(24) = -0.860. The estimated parameters were included into (14) to form the final model that expressed as follows:
(1 − 0.154 B 9 + 0.513B12 + 0.078 B 21 ) zt = (1 + 0.255 B14 − 0.860 B 24 − 0.219 B 38 )at


Since the seasonal differencing was chosen, then (2) was notated with d = 0, D = 1 and s = 12 to define zt as:
D z t = ∇ s ∇ d yt = (1 − B s )1 (1 − B) 0 yt

= (1 − B s ) yt = yt − B s yt = yt − yt − s = yt − yt −12


MA(14) : z t = δ + a t − θ 14 a t − 14


Step 2: Model for seasonal level AR (12) : z t = δ + φ 1 , 12 z t − 12 + a t MA (24) : z t = δ + a t − θ 2 ,12 a t − 24 Step 3: Combining (8) – (11) has arrived to (12).
z t = δ + φ9 z t −9 − θ14 at −14 + φ1,12 z t −12 − θ 2,12 at −24 + at

The SARIMA final model was used to compute the forecast values for the three years-ahead. C. Diagnostic Checking Diagnostic check was made into the selected model. Correlogram and the residual plots are presented in Fig. 6. LM (Lagrange multiplier) Test was applied for the first lag period (lag 1 – lag 12) where the result can be seen in Table 2. There is no serial correlation in the residual because the SAC and



107 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

SPAC at all lag nearly zero and within the 95% confidence interval.


THE FORECASTING RESULT. Prediction 2008 1678.544 1965.624 1969.383 2692.268 2657.578 3364.677 5020.563 4675.721 5655.426 5691.992 3489.962 5639.223

Month January February March April May June July August September October November December

2007 1678.571 1965.707 1969.415 2692.214 2657.628 3364.616 5020.626 4675.720 5655.739 5691.898 3489.930 5639.062

2009 1678.558 1965.666 1969.399 2692.240 2657.604 3364.646 5020.595 4675.720 5655.587 5691.944 3489.946 5639.140

Figure 6. SAC and SPAC correlogram of model residual TABLE II. Variable AR(9) SAR(12) MA(14) SMA(24) RESID(-1) RESID(-2) RESID(-3) RESID(-4) RESID(-5) RESID(-6) RESID(-7) RESID(-8) RESID(-9) RESID(-10) RESID(-11) RESID(-12) LM TEST RESULT FOR RESIDUAL Std. Error 0.224 0.124 0.084 0.029 0.093 0.092 0.093 0.095 0.096 0.096 0.098 0.096 0.224 0.096 0.094 0.156 t-Statistic 0.510 -0.804 -0.049 -0.223 -0.225 1.252 1.448 -1.345 0.730 -1.141 -0.547 0.036 -0.250 -0.647 0.178 0.943 Prob. 0.611 0.423 0.961 0.824 0.822 0.213 0.150 0.181 0.467 0.256 0.586 0.971 0.803 0.274 0.721 0.432

E. Error Measures After empirical examination, forecast accuracy was initially calculated using different accuracy measures: RMSE, MAD, MAPE, and Theil’s U-statistic. The result showed that RMSE was RMSE was 479.99, MAD was 367.23, MAPE was 10.36, and Theil’s U was 0.062. On hindsight RMSE, MAD, and MAPE are stand-alone accuracy measures that have inherent disadvantages that could lead to certain losses of functions [20]. The use of relative measures however could resolve this limitation. Instead of naïve forecasting, relative measures evaluate the performance of a forecast. Moreover, it can eliminate the bias from trends, seasonal components, and outliers. As such, forecast accuracy for the selected model is based on relative accuracy measure, Theil’s U statistic. Based on the Theil’s U-statistics of value 0.062, the model is highly accurate and present a close fit. Thus, the empirical result indicated that the model was able to accurately represent the Salmonellosis historical dataset. VI. CONCLUSION

Refer to the result from Table II, it proved that there were no correlation up to order 12 because the t-Statistic for SAC and SPAC less than |2|. Then it was concluded that the selected model was fit. D. Forecasting SARIMA(9,0,14)(12,1,24)12 was selected as the most appropriate model from various traces. It was used to forecast the predicted incidence from 2007 through 2009 (t169 – t204) that present in the Table III. A completed time series plots in Fig. 7 which consists of three components: actual values, fitted values, and residual values.

In this paper, the use of forecasting method was applied to predict the number of Salmonellosis human incidence in US based on the monthly data. The adjusted model prediction was developed by using SARIMA model based on the historical data. Different SARIMA model was tested to select an appropriate ARIMA model. Various diagnostic check were used to determine model validity, including BIC and AIC. The result indicate that SARIMA(9,0,14)(12,1,24)12 was the fittest model among them. The empirical result indicated that the model was able to represent the historical data with Theil’s U with the value 0,062. In addition, SARIMA model can be obtained by using four iteratively Box-Jenkins steps and provide the prediction of the number of human incidence in other zoonosis to help the stakeholder make further decision. A further work is still needed to evaluate and apply other forecasting methods into the zoonosis time series in order to obtain better accuracy of forecast value.

108 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009
7000 6000 5000 Number of Incidence 4000 3000 2000 1000 0 -1000 Actual -2000 12 24 36 48 60 72 84 96 108 120 132 144 156 168 180 192 204 Month Fitted Residual

Figure 7. Time series forecasting plot

[1] CDC, "Compendium of Measures To Prevent Disease Associated with Animals in Public Settings," National Association of State Public Health Veterinarians, Inc. (NASPHV) MMWR 2005;54 (No. RR-4), 2005. [2] [3] WHO. (2007). Zoonoses and veterinary public health (VPH) [Online]. Available: B. A. Wilcox and D. J. Gubler, "Disease Ecology and the Global Emergence of Zoonotic Pathogens," Environmental Health and Preventive Medicine, vol. 10, pp. 263–272, 2005. [4] [5] WHO, "Report of the WHO/FAO/OIE joint consultation on emerging zoonotic diseases," Geneva, Switzerland, 3–5 May 2004. J. Slingenbergh, M. Gilbert, K. de Balogh, and W. Wint, "Ecological sources of zoonotic diseases," Rev. sci. tech. Off. int. Epiz., vol. 23, pp. 467-484, 2004. [6] [7] WHO. (2009). Disease Outbreak News [Online]. Available: S. M. Debanne, R. A. Bielefeld, G. M. Cauthen, T. M. Daniel, and D. Y. Rowland, "Multivariate Markovian Modeling of Tuberculosis: Forecast for the United States," Emerging Infectious Diseases, vol. 6, 2000. [8] D. C. Medina, S. E. Findley, and S. Doumbia, "State–Space Forecasting of Schistosoma haematobium Time-Series in Niono, Mali," PLoS Neglected Tropical Diseases, vol. 2, 2008. [9] D. Lai, "Monitoring the SARS Epidemic in China: A Time Series Analysis," Journal of Data Science, vol. 3, pp. 279-293, 2005. [10] P. Sebastiani, K. D. Mandl, P. Szolovits, I. S. Kohane, and M. F. Ramoni, "A Bayesian Dynamic Model for Influenza Surveillance," Statistics in Medicine, vol. 25, pp. 1803-1825, 2006. [11] L. F. Chaves and M. Pascual, "Climate Cycles and Forecasts of Cutaneous Leishmaniasis, a Nonstationary Vector-Borne Disease," PLoS Medicine, vol. 3 (8), pp. 1320-1328, 2006. [12] A. E. Permanasari, D. R. Awang Rambli, and D. D. Dominic, "Forecasting of Zoonosis Incidence in Human Using Decomposition Method of Seasonal Time Series," in Proc NPC 2009, 2009, pp. 1-7.

[13] A. E. Permanasari, D. R. Awang Rambli, D. D. Dominic, and V. Paruvachi Ammasa, "Construction of Zoonosis Domain Relationship as a Preliminary Stage for Developing a Zoonosis Emerging System," in Proc ITSim 2008, Kuala Lumpur, 2008, pp. 527-534. [14] E. S. Shtatland, K. Kleinman, and E. M. Cain, "Biosurveillance and outbreak detection using the ARIMA and logistic procedures." [15] B. L. Bowerman and R. T. O'Connell, Forecasting and Time Series An Applied Approach, 3rd ed: Duxbury Thomson Learning, 1993. [16] S. Makridakis and S. C. Wheelwright, Forecasting Methods and Applications: John Wiley & Sons. Inc, 1978. [17] J. G. Caldwell. (2006). The Box-Jenkins Forecasting Technique [Online]. Available: [18] C. Chia-Lin, S. Songsak, and W. Aree, "Modelling and forecasting tourism from East Asia to Thailand under temporal and spatial aggregation," Math. Comput. Simul., vol. 79, pp. 1730-1744, 2009. [19] L. Quantitative Micro Software. (2005). EViews 5.1 User’s Guide [Online]. Available: [20] Z. Chen and Y. Yang. (2004). Assessing Forecast Accuracy Measures [Online]. Available:

109 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009
AUTHORS PROFILE Adhistya Erna Permanasari is a lecturer at the Electrical Engineering Department, Gadjah Mada University, Yogyakarta 55281, Indonesia. She is currently a PhD student at the Department of Computer and Information Science Department, Universiti Teknologi PETRONAS, Malaysia. She received her BS in Electrical Engineering in 2002 and M. Tech (Electrical Engineering) in 2006 from the Department of Electrical Engineering, Gadjah Mada University, Indonesia. Her research interest includes database system, decision support system, and artificial intelligence. Dr Dayang Rohaya Awang Rambli is currently a senior lecturer at the Computer and Information Science Department, Universiti Teknologi PETRONAS, Malaysia. She received her BS from University of Nebraska, M.Sc from Western Michigan University, USA, and Ph.D from Loughborough University, UK. Her primary areas of research interest involve Virtual Reality in Education & training, human factors in VR, Augmented Reality in Entertainment and Education. Dr. P. Dhanapal Durai Dominic obtained his M.Sc degree in operations research in 1985, MBA from Regional Engineering College, Tiruchirappalli, India during 1991, Post Graduate Diploma in Operations Research in 2000 and completed his Ph.D during 2004 in the area of job shop scheduling at Alagappa University, Karaikudi, India. Presently he is working as a Senior Lecturer, in the Department of Computer and Information Science, Universiti Teknologi PETRONAS, Malaysia. His fields of interest are Operations Management, KM, and Decisions Support Systems. He has published technical papers in International, National journals and conferences.

110 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No.1, 2009

Performance Evaluation of Wimax Physical Layer under Adaptive Modulation Techniques and Communication Channels
Md. Ashraful Islam
Dept. of Information & Communication Engineering University of Rajshahi, Rajshahi, Bangladesh e-mail: Riaz Uddin Mondal (corresponding author) Assistant Professor, Dept. of Information & Communication Engineering
Abstract— Wimax (Worldwide Interoperability for Microwave Access) is a promising technology which can offer high speed voice, video and data service up to the customer end. The aim of this paper is the performance evaluation of an Wimax system under different combinations of digital modulation (BPSK, QPSK, 4-QAM and 16-QAM) and different communication channels AWGN and fading channels (Rayleigh and Rician). And the Wimax system incorporates Reed-Solomon (RS) encoder with Convolutional encoder with ½ and 2⁄3 rated codes in FEC channel coding. The simulation results of estimated Bit Error Rate (BER) displays that the implementation of interleaved RS code (255,239,8) with 2/3 rated Convolutional code under BPSK modulation technique is highly effective to combat in the Wimax communication system. To complete this performance analysis in Wimax based systems, a segment of audio signal is used for analysis. The transmitted audio message is found to have retrieved effectively under noisy situation. Keywords-OFDM, Block Coding, Convolution coding, Additive White Gaussian Noise, Fading Channel.

University of Rajshahi, Rajshahi, Bangladesh e-mail:

Md. Zahid Hasan
Dept. of Information & Communication Engineering University of Rajshahi, Rajshahi, Bangladesh e-mail:



The demand for broadband mobile services continues to grow. Conventional high-speed broadband solutions are based on wired-access technologies such as digital subscriber line (DSL). This type of solution is difficult to deploy in remote rural areas, and furthermore it lacks support for terminal mobility. Mobile Broadband Wireless Access (BWA) offers a flexible and cost-effective solution to these problems [1]. The IEEE WiMax/802.16 is a promising technology for broadband wireless metropolitan area networks (WMANs) as it can provide high throughput over long distances and can support different qualities of services. WiMax/802.16 technology ensures broadband access for the last mile. It provides a wireless backhaul network that enables high speed Internet access to residential, small and medium business customers, as well as Internet access for WiFi hot spots and cellular base stations [2]. It supports both point-to-multipoint (P2MP) and multipoint-to-multipoint (mesh) modes.

WiMAX will substitute other broadband technologies competing in the same segment and will become an excellent solution for the deployment of the well-known last mile infrastructures in places where it is very difficult to get with other technologies, such as cable or DSL, and where the costs of deployment and maintenance of such technologies would not be profitable. In this way, WiMAX will connect rural areas in developing countries as well as underserved metropolitan areas. It can even be used to deliver backhaul for carrier structures, enterprise campus, and Wi-Fi hot-spots. WiMAX offers a good solution for these challenges because it provides a cost-effective, rapidly deployable solution [3]. Additionally, WiMAX will represent a serious competitor to 3G (Third Generation) cellular systems as high speed mobile data applications will be achieved with the 802.16e specification. The original WiMAX standard only catered for fixed and Nomadic services. It was reviewed to address full mobility applications, hence the mobile WiMAX standard, defined under the IEEE 802.16e specification. Mobile WiMAX supports full mobility, nomadic and fixed systems [4]. It addresses the following needs which may answer the question of closing the digital divide: • It is cost effective. • • • • • It offers high data rates. It supports fixed, nomadic and mobile applications thereby converging the Fixed and mobile networks. It is easy to deploy and has flexible network architectures. It supports interoperability with other networks. It is aimed at being the first truly a global wireless broadband network.

111 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No.1, 2009

IEEE 802.16 aim to extend the wireless broadband access up to kilometers in order to facilitate both point-to-point and pointto-multipoint connections [5]. II. SIMULATION MODEL

The complementary operations are applied in the reverse order at channel decoding in the receiver end. The complete channel encoding setup is shown in above Figure 1. FEC techniques typically use error-correcting codes (e.g., RS, CC) that can detect with high probability the error location. These channel codes improve the bit error rate performance by adding redundant bits in the transmitted bit stream that are employed by the receiver to correct errors introduced by the channel. Such an approach reduces the signal transmitting power for a given bit error rate at the expense of additional overhead and reduced data throughput (even when there are no errors) [6]. The forward error control (FEC) consists of a Reed-Solomon (RS) outer code and a ratecompatible Convolutional Code (CC) inner code. A block Reed Solomon (255,239,8) code based on the Galois field GF (28) with a symbol size of 8 bits is chosen that processes a block of 239 symbols and can correct up to 8 symbol errors calculating 16 redundant correction symbols. Reed Solomon Encoder that encapsulates the data with coding blocks and these coding blocks are helpful in dealing with the burst errors [7]. The block formatted (Reed Solomon encoded) data stream is passed through a convolutional interleaver. Here a code rate can be defined for convolutional codes as well. If there are k bits per second input to the convolutional encoder and the output is n bits per second, the code rate is k/n. The redundancy is on not only the incoming k bits, but also several of the preceding k bits. Preceding k bits used in the encoding process is the constraint length m that is similar to the memory in the system [8], where k is the input bits and n is the number of output bits – is equal to ½ and 2/3 and the constraint length m of 3 and 5. The convolutionally encoded bits are interleaved further prior to convert into each of the either four complex modulation symbols in BPSK, QPSK, 4QAM, 16-QAM modulation and fed to an OFDM modulator for transmission. The simulated coding, modulation schemes and also noisy fading channels used in the present study is shown in Table 1. Table 1: Simulated Coding, Modulation Schemes and noisy channels
Modulation RS code CC code rate Noise Channels

This structure corresponds to the physical layer of the WiMAX/IEEE 802.16 WirelessMAN-OFDM air interface. In this setup, The input binary data stream obtained from a segment of recorded audio signal is ensured against errors with forward error correction codes (FECs) and interleaved..

Audio Signal Source

Output Data

Channel Encoding

Channel Decoding

Digital Modulati on

Digital Demodul ation

Serial to Parallel Conversi on

Parallel to Serial Conversi on



Cyclic Prefix Insertion

Cyclic Prefix Removal

Parallel to Serial Conversi on

AWGN AWGN Channel and and Channel fading fading channels channels

Serial to Parallel Conversi on

Figure 1: A block diagram represents Wimax communication system with interleaved concatenated channel coding.



(1/2, 2/3)

AWGN Chnnel


(1/2, 2/3) (1/2, 2/3)

Rayleigh Channel Rician Channel


112 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No.1, 2009

In OFDM modulator, the digitally modulated symbols are transmitted in parallel on subcarriers through implementation as an Inverse Fast Fourier Transform (IFFT) on a block of information symbols followed by an analog-to-digital converter (ADC). To mitigate the effects of inter-symbol interference (ISI) caused by channel time spread, each block of IFFT coefficients is typically presented by a cyclic prefix. At the receiving side, a reverse process (including deinterleaving and decoding) is executed to obtain the original data bits. As the deinterleaving process only changes the order of received data, the error probability is intact. When passing through the CCdecoder and the RS-decoder, some errors may be corrected, which results in lower error rates [9]. III. SIMULATION RESULTS

found not to be suitable for transmission. It is also shown in this figure that the performance of QPSK and 4-QAM is found more better than BPSK modulation for a ½ convolutional code rate with respect to SNR values.

In this section, we have presented various BER vs. SNR plots for all the essential modulation and coding profiles in the standard on different channel models. We analyzed audio signal to transmit or receive data as considered for real data measurement. Figure 2, 3 and 4 display the performance on Additive White Gaussian Noise (AWGN), Rayleigh and Rician channel models respectively. The Bit Error Rate (BER) plot obtained in the performance analysis showed that model works well on Signal to Noise Ratio (SNR) less than 25 dB. Simulation results in figure 2 show the advantage of considering a ½ and 2/3 convolutinal coding and ReedSolomon coding rate for each of the four considered digital modulation schemes (BPSK, QPSK, 4-QAM and 16-QAM). The performance of the system under BPSK modulation in 2/3 convolutional code rate is quite satisfactory as compared to other modulation techniques in AWGN channel.

Figure 3: System performance under different modulation schemes for a Convolutional Encoder with a 1/2 and 2/3 code rates in Rayleigh channel. In figure 4, it also shows that the BER performance of convolutional 2/3 code rate for BPSK modulation technique is better than all other modulation techniques and there is a little difference exists between BPSK-1/2 and BPSK-2/3 convolutional code rated.

Figure 2: System performance under different modulation schemes for a Convolutional Encoder with a 1/2 and 2/3 code rates in AWGN channel. The Bit Error Rate under BPSK modulation technique for a typical SNR value of 3 dB is .000035303 which is smaller than that of other modulation techniques. In figure 3 with Rayleigh channel, the BER performance in case of 16-QAM modulation in 2/3 convolutional code rate is

Figure 4: System performance under different modulation schemes for a Convolutional Encoder with a 1/2 and 2/3 code rates in Rician channel. The transmitted and received audio signal for such a case corresponding with time and amplitude coordinates is shown in fig5.

113 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No.1, 2009

techniques and coding scheme. The effects of the FEC (Forward Error Correction) and different communication channels were also evaluated in the form of BER. Performance results highlight the impact of modulation scheme and show that the implementation of an interleaved Reed-Solomon with 2/3 rated convolutional code under BPSK modulation technique under different channels provides satisfactory performance among the four considered modulations. The IEEE 802.16 standard comes with many optional PHY layer features, which can be implemented to further improve the performance. The optional Block Turbo Coding (BTC) can be implemented to enhance the performance of FEC. Space Time Block Code (STBC) can be employed to provide transmit diversity. (a) V. REFERENCE
[1] Mai Tran, George Zaggoulos, Andrew Nix and Angela Doufexi, ” Mobile WiMAX: Performance Analysis and Comparison with Experimental Results” J. El-Najjar, B. Jaumard, C. Assi, “Minimizing Interference in WiMax/802.16 based Mesh Networks with Centralized Scheduling”, Global Telecommunications Conference, 2008.pp.16. pdf Intel White Paper, Wi-Fi and WiMAX Solutions: ”Understanding Wi-Fi and WiMAX as Metro-Access Solutions,” Intel Corporation, 2004. A. Yarali, B. Mbula, A. Tumula, “WiMAX: A Key to Bridging the Digital Divide”, IEEE Volume, 2007, pp.159 – 164. WiMAX Forum, “Fixed, Nomadic, Portable and Mobile Applications for 802.16-2004 and 802.16e WiMAX Networks”, November, 2005. T. TAN BENNY BING,"The World Wide Wi-Fi:Technological Trends and Business Strategies", JOHN WILEY & SONS, INC.,2003 M. Nadeem Khan, S. Ghauri, “The WiMAX 802.16e Physical Layer Model”, IET International Conference on Volume, 2008, pp.117 – 120. Kaveh Pahlavan and Prashant Krishnamurthy, “Principles of Wireless Networks”, Prentice-Hall, Inc., 2006. Yang Xiao,"WiMAX/Mobile MobileFi: advanced Research and Technology",Auerbach Publications,2008.


[3] [4] [5]

(b) Figure 5: A segment of an audio signal, (a) Transmitted (b) Retrieved

[6] [7] [8]




A performance analysis of an Wimax (Worldwide Interoperability for Microwave Access) system adopting concatenated Reed-Solomon and Convolutional encoding with block interleaver has been carried out. The BER curves were used to compare the performance of different modulation

114 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

A Survey of Biometric keystroke Dynamics: Approaches, Security and Challenges
Mrs. D. Shanmugapriya Dept. of Information Technology Avinashilingam University for Women Coimbatore, Tamilnadu, India Dr. G. Padmavathi Dept. of Computer Science Avinashilingam University for Women Coimbatore, Tamilnadu, India

Abstract— Biometrics technologies are gaining popularity today since they provide more reliable and efficient means of authentication and verification. Keystroke Dynamics is one of the famous biometric technologies, which will try to identify the authenticity of a user when the user is working via a keyboard. The authentication process is done by observing the change in the typing pattern of the user. A comprehensive survey of the existing keystroke dynamics methods, metrics, different approaches are given in this study. This paper also discusses about the various security issues and challenges faced by keystroke dynamics. Keywords- Biometris; Keystroke Dynamics; computer Security; Information Security; User Authentication.

Traditional keys to the doors can be assigned to the objectbased category. Usually the token-based approach is combined with the knowledge-based approach. An example of this combination is a bankcard with PIN code. In knowledge-based and object-based approaches, passwords and tokens can be forgotten, lost or stolen. There are also usability limitations associated with them. For instance, managing multiple passwords / PINs, and memorizing and recalling strong passwords are not easy tasks. Biometric-based person recognition overcomes the above mentioned difficulties of knowledge-based and object based approaches.
User Authentication


Knowledge Based Object Based Biometrics Based

The first and foremost step in preventing unauthorized access is user Authentication. User authentication is the process of verifying claimed identity. The authentication is accomplished by matching some short-form indicator of identity, such as a shared secret that has been pre-arranged during enrollment or registration for authorized users. This is done for the purpose of performing trusted communications between parties for computing applications. Conventionally, user authentication is categorized into three classes [17]: • • • Knowledge - based, Object or Token - based, Biometric - based.



Fingerprints, Face Recognition, Retina, Iris, Retina, Hand Geometry

Keystroke Dynamics, Voice, Gait, Signature, Lip Movement, Mouse Dynamics

Figure 1. Classification of User Authentication approaches

The following Figure 1. shows the different classification of user authentication methods. The knowledge-based authentication is based on something one knows and is characterized by secrecy. The examples of knowledge-based authenticators are commonly known passwords and PIN codes. The object-based authentication relies on something one has and is characterized by possession. Behavioural characteristics are related to what a person does, or how the person uses the body. Voiceprint, gait

Biometric technologies are defined as automated methods of verifying or recognizing the identity of a living person based on a physiological or behavioral characteristics [2]. Biometrics technologies are gaining popularity due to the reason that when used in conjunction with traditional methods of authentication they provide an extra level of security. Biometrics involves something a person is or does. These types of characteristics can be approximately divided into physiological and behavioural types [17]. Physiological characteristics refer to what the person is, or, in other words, they measure physical parameters of a certain part of the body. Some examples are Fingerprints, Hand Geometry, Vein Checking, Iris Scanning, Retinal Scanning, Facial Recognition, and Facial Thermogram. recognition, Signature Recognition, Mouse Dynamics and keystroke dynamics, are good examples of this group.

115 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Keystroke dynamics is considered as a strong behavioral Biometric based Authentication system [1]. It is a process of analyzing the way a user types at a terminal by monitoring the keyboard in order to identify the users based on habitual typing rhythm patterns. Moreover, unlike other biometric systems, which may be expensive to implement, keystroke dynamics is almost free as the only hardware required is the keyboard. This paper surveys various keystroke dynamics approaches and discusses about the security provided by keystroke dynamics. The paper is structured as follows: the next section gives the identification and verification in keystroke dynamics. Section III explains the methods and metrics of keystroke dynamics. Section IV discusses the various performance measures. Existing approaches are discussed in Section V. The Sixth and Seventh Sections discuss about the security and challenges of keystroke dynamics respectively and final section concludes the topic. II. IDENTIFICATION AND VERIFICATION

constantly analyzed and when they do not match the user’s profile, access to the system is blocked. III. METHODS AND METRICS FOR KEYSTROKE DYNAMICS

Previous studies [3, 5, 7, 10, 15] have identified a selection of data acquisition techniques and typing metrics upon which keystroke analysis can be based. The following section summarizes the basic methods and metrics that can be used. Static at login – Static keystroke analysis authenticates a typing pattern based on a known keyword, phrase or some other predetermined text. The typing pattern captured is compared against a previously recorded typing patterns stored during system enrollment. Periodic dynamic – Dynamic keystroke analysis authenticates a user on the basis of their typing during a logged session. The data, which is captured in the logged session, is then compared to an archived typing pattern to determine the deviations. In a periodic configuration, the authentication can be constant; either as part of a timed supervision. Continuous dynamic – Continuous keystroke analysis extends the data capturing to the entire duration of the logged session. The continuous nature of the user monitoring offers significantly more data upon which the authentication judgment is based. Furthermore, an impostor may be detected earlier in the session than under a periodically monitored implementation. Keyword-specific – Keyword-specific keystroke analysis extends the continuous or periodic monitoring to consider the metrics related to specific keywords. Extra monitoring is done to detect potential misuse of sensitive commands. Static analysis could be applied to specific keywords to obtain a higher confidence judgment. Application-specific – Application-specific keystroke analysis further extends the continuous or periodic monitoring. It may be possible to develop separate keystroke patterns for different applications. In addition to a range of implementation scenarios, there are also a variety of possible keystroke metrics. The Following are the metrics widely used by keystroke dynamics. Digraph latency – Digraph latency is the metric that is most commonly used and it typically measures the delay between the key-up and the subsequent key-down events, which are produced during normal typing (e.g. pressing letter T-H). Trigraph latency – Trigraph latency extends the digraph latency metric to consider the timing for three successive keystrokes (e.g. pressing letter T-H-E). Keyword latency – Keyword latencies consider the overall latency for a complete word or may consider the unique combinations of digraph / trigraphs in a word-specific context.

Keystroke dynamics systems can run in two different modes [2] namely the Identification mode or Verification mode. Identification is the process of trying to find out a person’s identity by examining a biometric pattern calculated from the person’s biometric features. A larger amount of keystroke dynamics data is collected, and the user of the computer is identified based on previously collected information of keystroke dynamics profiles of all users. For each of the users, a biometric template is calculated in this training stage. A pattern that is going to be identified is matched against every known template, yielding either a score or a distance describing the similarity between the pattern and the template. The system assigns the pattern to the person with the most similar biometric template. To prevent impostor patterns (in this case all patterns of persons not known by the system) from being correctly identified, the similarity has to exceed a certain level. If this level is not reached, the pattern is rejected. Identification with keystroke dynamics means that the user has to be identified without additional information besides measuring his keystroke dynamics. A person’s identity is checked in the verification case. The pattern that is verified is only compared with the person’s individual template. Keystroke verification techniques can be classified as either static and dynamic or continuous [22]. Static verification approaches analyze keystroke verification characteristics only at specific times providing additional security than the traditional username/password. For example, during the user login sequence. Static approaches provide more robust user verification than simple passwords but the detection of a user change after the login authentication is impossible. Continuous verification, on contrary, monitors the user's typing behavior throughout the course of the interaction. In the continuous process, the user is monitored on a regular basis throughout the time he/she is typing on the keyboard, allowing a real time analysis [21]. It means that even after a successful login, the typing patterns of a person are

116 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009



Performance of Keystroke analysis is typically measured in terms of various error rates [13], namely False Accept Rate (FAR) and False Reject Rate (FRR). FAR is the probability of an impostor posing as a valid user being able to successfully gain access to a secured system. In statistics, this is referred to as a Type II error. FRR measures the percent of valid users who are Keystroke Dynamics-based Authentication rejected as impostors. In statistics, this is referred to as a Type I error. Both error rates should ideally be 0%. From a security point of view, type II errors should be minimized that is no chance for an unauthorized user to login. However, type I errors should also be infrequent because valid users get annoyed if the system rejects them incorrectly. One of the most common measures of biometric systems is the rate at which both accept and reject errors are equal. This is known as the Equal Error Rate (EER), or the Cross-Over Error Rate (CER). The value indicates that the proportion of false acceptances is equal to the proportion of false rejections. The lower the equal error rate value, the higher the accuracy of the biometric systems.

V. KEYSTROKE ANALYSIS APPROACHES A number of studies [5,7,10,12,20-22,27,28] have been performed in the area of keystroke analysis since its conception. There are two main keystroke analysis approaches for the purposes of identity verification. They are statistical techniques and neural networks techniques. Some are the combinations of both the approaches. The basic idea of the statistical approach is to compare a reference set of typing characteristics of a certain user with a test set of typing characteristics of the same user or a test set of a hacker. The distance between these two sets (reference and test) should be below a certain threshold or else the user is recognized as a hacker. Neural Networks process first builds a prediction model from historical data, and then uses this model to predict the outcome of a new trial (or to classify a new observation). Although the studies tend to vary in approach from what keystroke information they utilise to the pattern classification techniques they employ, all have attempted to solve the problem of providing a robust and inexpensive authentication mechanism. Table 1 illustrates a summary of the main research approaches performed till date.

TABLE I. Study Joyce & Gupta (1990) [16] Leggett et al. (1991) [18] Brown & Rogers (1993) [6] Bleha & Obaidat (1993) [27] Napier et al (1995) [23] Obaidat & Sadoun (1997) [19] Monrose& Rubin (1999) [22] Cho et al. (2000) [7] Ord & Furnell (2000) [25] Bergadano et al. (2002) [5] Guven & Sogukpinar(2003) [13] Sogukpinar & Yalcin(2004) [28] Dowland & Furnell (2004) [9] Yu & Cho (2004) [10] Gunetti & Picardi (2005) [12] Clarke & Furnell (2007) [8] Lee and Cho (2007) [14] Pin shen The et al (2008) [27]

APPROACHES IN KEYSTROKE ANALYSIS Classification Technique Static Statistical Dynamic Statistical Static Neural Network Static Neural Network Dynamic Statistical Statistical Static Neural Network Static Static Static Static Static Static Dynamic Static Static Static Static Static Statistical Neural Network Neural Network Statistical Statistical Statistical Neural Network Neural Network Neural Network Neural Network Neural Network Statistical Users 33 36 25 24 24 15 63 21 14 154 12 40 35 21 205 32 21 50 FAR (%) FRR (%) 0.25 16.36 12.8 11.1 0 12.0 8 9 3.8 (Combined) 0.7 1.9 0 0

7.9 (Combined) 0 1 9.9 30 0.01 4 1 10.7 0.6 60 4.9 0 0 3.69 0.005 5 5 (Equal Error Rate) 0.43 (Average Integrated Errors) 6.36 (Equal Error Rate)



So far, very little research has been conducted to analyze keystroke dynamics concerning security [4]. The application of keystroke dynamics to computer access security is relatively new and not widely used in practice. Reports on real cases of breaking keystroke dynamics authentication system do not exist. Keystroke dynamics schemes are analyzed regarding traditional attack techniques in the following section. The traditional attacks can be classified as: Shoulder Surfing, Spyware, Social Engineering, Guessing, Brute Force and Dictionary Attack

Shoulder Surfing A simple way to obtain a user’s password is to watch them during authentication. This is called shoulder surfing. No matter if keystroke dynamics are used in the verification or identification mode, shoulder surfing is no threat for the authentication system. Password is not used in the identification case and therefore the password cannot be stolen. Only the keystroke pattern is important and decisive. In case of verification, an attacker may be able to obtain the password by shoulder surfing. However, keystroke dynamics for verification is a two-factor authentication mechanism. The keystroke pattern still has to match with the stored profile.

117 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Spyware Spyware is software that records information about users, usually without their knowledge. Spyware is probably the best and easiest way to crack keystroke dynamic-based authentication systems. If a user unintentionally installs a Trojan which records all of the user’s typing, keystroke latencies and keystroke durations an attacker can use this information to reproduce the user’s keystroke pattern. A program could simulate the user’s typing and get access to the system from the keystroke pattern. Much more research in the area is expected. Social Engineering Social engineering is the practice of obtaining confidential information by manipulation of legitimate users. A social engineer will commonly use the telephone or Internet to trick people into revealing sensitive information or getting them to do something that are against typical policies. Using this method, social engineers exploit the natural tendency of a person to trust his or her word, rather than exploiting computer security holes. Phishing is social engineering via e-mail or other electronic means. On first sight, social engineering is not possible with keystroke dynamics. In the identification case there is no password that can be given away, not even on purpose. Asking for the password on the phone and pretending to be the authorized user, is not feasible. Nevertheless, phishing, social engineering via Internet, may be a way of tricking a user to give away his keystroke pattern. The attacker might portrait as a trustworthy person, asking the user to log-on to a primed website. When the user logs-on to the website the attacker might record the keystroke rhythm of the users. However, the success rate would probably be very low. The user must type his username and password several times in order to have a meaningful keystroke pattern. Guessing People use common words for their passwords. The way of typing of a different user can hardly be simulated. There are just too many varieties of ways of typing on the keyboard. Guessing of typing rhymes is impossible in keystroke dynamics. Brute Force In a brute force attack, an intruder tries all possible combinations of cracking a password. The more complex a password is, the more secure it is against brute force attacks. The main defense against brute force search is to have a sufficiently large password space. The password space of keystroke dynamic authentication schemes is quite large. It is nearly impossible to carry out a brute force attack against keystroke dynamics. The attack programs need to automatically generate keystroke patterns and imitate human input. If keystroke dynamics are used in a two-factor authentication mechanism, that is password and keystroke, it is almost impossible to overpower the security system. Dictionary Attack A dictionary attack [4] is a technique for defeating authentication mechanism by trying to determine its pass phrase by searching a large number of possibilities. In contrast to a brute force attack, where all possibilities are searched through exhaustively, a dictionary attack only tries possibilities that are most likely to succeed, typically derived from a list of words in a dictionary. As with brute force searches, it is impractical to carry out dictionary attacks against keystroke dynamic authentication mechanisms. It is

possible to use a dictionary attack which consists of general keystroke patterns, but an automated dictionary attack will be much more complex than a text based dictionary attack. Again the attack programs need to automatically generate keystroke patterns and imitate human input. Overall keystroke dynamics are less vulnerable to brute force and dictionary attacks than text based passwords. VII. CHALLENGES Keystroke dynamics is a behavioral pattern exhibited by an individual while typing on a keyboard [21]. User authentication through keystroke dynamics is appealing for many reasons such as: (i) it is not intrusive, and (ii) it is relatively inexpensive to implement, since the only hardware required is the computer [12]. Unlike other physiological biometrics such as fingerprints, retinas, and facial features, all of which remain fairly consistent over long periods of time, typing patterns can be rather erratic. Even though any biometric can change over time, typing patterns have smaller time scale for changes. Not only the typing patterns is inconsistent when compared to other biometrics, a person’s hands can also get tired or sweaty after prolonged periods of typing. This often results in major pattern differences over the course of a day. Another substantial problem is that typing patterns vary based on the type of the keyboard being used, the keyboard layout (i.e. qwerty or dvorak), whether the individual is sitting or standing, the person’s posture if sitting, etc. The fact is that the distributed nature of keyboard biometrics also means that additional inconsistencies may be introduced into typing pattern data. VIII. CONCLUSION The future of biometric technologies is promising. Biometric devices and applications continue to grow worldwide. There are several factors that will push the growth of biometric technologies. A major inhibitor of the growth of biometrics has been the cost to implement them. Moreover, increased accuracy rates will play a big part in the acceptance of biometric technologies. The development and research into biometric error testing false reject (false nonmatch) and false accept (false match), has been of keen interest to biometric developers. Keyboard Dynamics, being one of the cheapest forms of biometric, has great scope. In this paper an effort has been taken to give the existing approaches, security and challenges in keystroke dynamics in order to motivate the researches to further come with more novel ideas. REFERENCES
[1] [2] Ahmed Awad E. Ahmed, and Issa Traore, “Anomaly Intrusion Detection based on Biometrics”, Proceedings of the IEEE, 2005. Anil K. Jain, Arun Ross and Salil Prabhakar2, “An Introduction to Biometric Recognition”, IEEE Transactions on Circuits and Systems for Video Technology, Special Issue on Image- and Video-Based Biometrics, Vol. 14, No. 1, January 2004. Attila Meszaros, Zoltan Banko, Laszlo Czuni, “Strengthening Passwords by Keystroke Dynamics”, IEEE International Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications, 6-8, September 2007.


118 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009
[4] [5] Benny Pinkas ,“Securing Passwords Against Dictionary Attacks”, CCS’02, 18–22,November 2007. Bergando et al, “User Authentication through keystroke Dynamics”, ACM transaction on Information System Security” Vol.No. 5, pg 367-397, Nov 2002. Brown, M., Rogers, J. , “User Identification via Keystroke Characteristics of Typed Names using Neural Networks”. International Journal of Man-Machine Studies, vol. 39, pp. 999-1014, 1993 Cho et al , “Web based keystroke dynamics identity verification using neural network”, Journal of organizational computing and electronic commerce, Vol. 10, No. 4, 295-307, 2000. Clarke, N. L. and Furnell, S.M., ‘Authenticating mobile phone users using keystroke analysis’ International Journal of Information Security, 6 (1): 1-14, 2007. Downland, P. and Furnell, S., “A long-term trail of keystroke profiling using digraph, trigraph and keyword latencies”, in proceedings of IFIP/SEC 19th International Conference on Information Security, pages 275-289,2004. Enzhe Yu, Sungzoon Cho, “Keystroke dynamics identity verification and its problems and practical solutions”, Computers & Security, 2004. Glaucya C. Boechat, Jeneffer C. Ferreira, and Edson C. B. Carvalho, Filho, “Using the Keystrokes Dynamic for Systems of Personal Security”, Proceedings Of World Academy Of Science, Engineering And Technology, Volume 18 December 2006. Gunetti and Picardi, “ Keystroke analysis of free text”, ACM Transactions on Information and System Security, volume 8, pages 312–347, 2005. Guven, A. and I. Sogukpinar, “Understanding users’ keystroke patterns for computer access security”, Computers & Security, 22, 695–706, 2003. Hyoungjoo Lee, Sungzoon Cho, “Retraining a keystroke dynamicsbased authenticator with impostor patterns”, Computers & Security, 26(4): 300-310, 2007 John A. Robinson, Vicky M. Liang, J. A. Michael Chambers, and Christine L. MacKenzie, “Computer User verification Using Login String Keystroke Dynamics”, IEEE transactions on systems, man, and cybernetics—part a: systems and humans, Vol. 28, No. 2, March 1998. Joyce R., Gupta, G., “Identity Authentication Based on Keystroke Latencies”, Communications of the ACM, vol. 39; pp 168-176, 1990. Lawrence O’Gorman, “Comparing Passwords, Tokens, and Biometrics for User Authentication”, Proceedings of the IEEE, Vol. 91, No. 12, Dec, pp. 2019-2040, 2003. Leggett, J., Williams, G., Usnick, M., “Dynamic Identity Verification via Keystroke Characteristics”. International Journal of Man-Machine Studies, 1991. Mohammad S. Obaidat, Balqies Sadoun, “Verification of computer users using keystroke dynamics”, IEEE Transactions on Systems, Man, and Cybernetics, Part B 27(2): 261-269, April 1997. [20] Monrose, F., Reiter, M., Wetzel, S, “Password Hardening Based on Keystroke Dynamics”, International journal of Information security, 1-15, 2001. [21] Monrose, F., Rubin, A., “Authentication via Keystroke Dynamics”, Proceedings of the 4th ACM Conference on Computer and Communications Security, p 48-56, April 1997. [22] Monrose, R., Rubin, A., “Keystroke Dynamics as a Biometric for Authentication”. Future Generation Computer Systems, 16(4) pp 351359, 1999. [23] Napier, R., Laverty, W., Mahar, D., Henderson, R., Hiron, M., Wagner, M., “Keyboard User Verification: Toward an Accurate, Efficient and Ecological Valid Algorithm”. International Journal of Human-Computer Studies, vol. 43, pp213-222, 1995. [24] Obaidat, M. S., Sadoun, B., “Verification of Computer User Using Keystroke Dynamics”. IEEE Transactions on Systems, Man and Cybernetics – Part B: Cybernetics, Vol. 27, No.2, 1997. [25] Ord, T., Furnell, S., “User Authentication for Keypad-Based Devices using Keystroke Analysis”. MSc Thesis, University of Plymouth, UK, 2000. [26] Pin Shen The et al, “Statistical Fusion Approach on Keystroke Dynamics”, Third International IEEE Conference on Signal-Image Technologies and Internet-Based System”, 2007. [27] S Bleha and M S Obaidat,“Computer user verification using the perceptron,” IEEE Trans. on Systems, Man, and Cybernetics, vol. 23, no. 3, pp. 900–902, May 1993 AUTHORS PROFILE Shanmugapriya. D received the B.Sc. and M.Sc. degrees in Computer Science from Avinashilingam University for Women, Coimbatore in 1999 and 2001 respectively. And, she received the M.Phil degree in Computer Science from Manonmaniam Sundaranar University, Thirunelveli in 2003 and pursuing her PhD at Avinashilingam University for Women. She is currently working as a Lecturer in Information Technology in the same University and has eight years of teaching experience. Her research interests are Biometrics, Network Security and System Security.











[16] [17]

Dr. Padmavathi Ganapathi is the Professor and Head of Department of Computer Science, Avinashilingam University for Women, Coimbatore. She has 21 years of teaching experience and one year Industrial experience. Her areas of interest include Network security and Cryptography and real time communication. She has more than 50 publications at national and International level. She is a life member of many professional organizations like CSI, ISTE, AACE, WSEAS, ISCA, and UWA.



119 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009


Agent’s Multiple Architectural Capabilities: A Critical Review
Ritu Sindhu Ph.D Scholar Banasthali University and WIT Gurgaon, India Abdul Wahid Professor,CS Ajay Kumar Garg Enginnering College Ghaziabad, India
Abstract-It is true that any organization of non-trivial size, scope and function, is destined to change. The organization which is not robust, evolvable or adaptable can not survive. To model an adaptable agent organization, the capability must be present to transition from one state to the next over the life of the organization. The organization model must include not only the structural components, but also the ability to facilitate change. The objective of this paper is to provide some of important capabilities possessed by the Agents. Twelve architectures have been used for this preliminary analysis representing a wide range of current architectures in artificial intelligence (AI). The aim of this paper is to understand the various capabilities that agents should possess generally. Also because of the design of the architecture of the agents that we have taken in to consideration, the capabilities also vary from one agent to another. Key Words: Adaptive Intelligent System, Meta Reasoning Architecture, Entropy Reduction System.

Prof. G.N.Purohit Dean, Banasthali University Rajasthan, India predators, building shelters, making tools, etc.) and internally (interpreting sensory data, generating motives, evaluating motives, selecting motives, creating plans, storing information for future use, making inferences from new or old information, detecting inconsistencies, monitoring plan execution, monitoring various kinds of internal processing, noticing resemblances, creating new concepts and theories, discovering new rules, noticing new possibilities, etc.). In this paper we list out majority of the capabilities and finally in the form of a table we indicate which agent among the twelve agents we consider possess what kind of capabilities. The twelve agents we take into consideration , are Subsumption, Architecture, ATLANTIS , Theo , Prodigy , ICARUS ,Adaptive Intelligent Systems (AIS) , A Meta-reasoning Architecture for 'X' (MAX) , Homer , Soar , Teton , RALPH-MEA ,Entropy Reduction Engine (ERE) .[1][2] and their features are shown in the following.

I. INTRODUCTION A complete functioning agent, whether biological, or simulated in software, or implemented in the form of a robot, needs an integrated collection of diverse but interrelated capabilities. At present, most work in AI and Cognitive Science addresses only components of such an architecture (e.g. vision, speech understanding, concept formation, rule learning, planning, motor control, etc.) or mechanisms and forms of representation and inference (logic engines, condition-action rules, neural nets, genetic algorithms) which might be used by many components. While such studies can make useful contributions it is important to ask, from time to time, how everything can be put together, and that requires the study of architectures. [6] Besides differences in levels of abstraction or implementation, there are differences in types of functionality. A human-like agent needs to be able to perform a large and diverse collection of tasks, both externally (finding and consuming food, avoiding

S. No 1 Architecture SUBSUMPTIO N (S1) Ø Ø Properties Subsumption architecture is reactive robot architecture. Subsumption architecture is a way of decomposing "simple" behaviour modules into layers.




Theo is an example of a Plan-ThenCompile architecture Integrates learning, planning, and knowledge representation

120 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

3 ICARUS (C) Ø Ø Icarus' architecture is designed around a specific representation of long term memory. Icarus represents all knowledge in a hierarchy of probabilistic concepts. Storing the knowledge in a form of first order predicate logic (FOPL) called Prodigy Description language (PDL) . Has a modular architecture. The A Three-Layer Architecture for Navigating Through Intricate Situations (ATLANTIS) is a hybrid reactive/deliberative robot architecture. Three layers of Control layer, Sequencing layer, deliberate layer. Ø 12 Meta Reasoning (MAX) Ø Ø Ø to respond.. Able to coordinate with external agent. The philosophy behind MAX is that it is uniform and declarative. MAX may be traced to Prodigy The architecture only supplies the programmer with a means-endsanalysis (MEA) planner MAX is designed to support modular agents They are used to respond to a dynamic environment in a timely manner, and they may be declared at runtime.. Some of the modules are: v attention focusing v multiple problem solving .strategies v execution monitoring v goal-directed exploration v explanation-based learning v process interruption













Soar (originally known as SOAR, State Operator And Result) is a symbolic cognitive architecture. The main goal of the Soar project is to be able to handle difficult open-ended problems The Soar architecture is known as the physical symbol system hypothesis. The ultimate goal for Soar is to achieve general intelligence, Is not designed for general intelligence. The architecture on which Homer exists is a modular architecture. It consists of a memory, planner, a natural language, interpreter and generator, reflective processes, a plan executor Is a problem solver Uses two memory areas .Short-Term memory .Long-Term memory Like human beings, interruptions are allowed. It has a feature called Execution Cycle which always look for what to do next.






We discuss here about various learning capabilities. Also we briefly point out against each such learning capability. [4] A. Single Learning Method A system is said to learn if it is capable of acquiring new knowledge from its environment. Learning may also enable the ability to perform new tasks without having to be redesigned or reprogrammed, especially when accompanied by generalization. Learning is most often accomplished in a system that supports symbolic abstraction . This type of learning is separated from the acquisition of knowledge through direct programming by the designer. B. Multi-Method Learning As a capability, learning is often thought of as one of the necessary conditions for intelligence in an agent. Some systems extend this requirement by including a plethora of mechanisms for learning in order to obtain as much as possible from the system, or to allow various components of their system to learn in their own ways (depending on the modularity, representation, etc., of each). Additionally, multiple methods are included in a system in order to gauge the performance of one method against that of another. C. Caching Caching can be seen as rote learning, but can also be seen as a form of explanation-based learning. This is simply storing a computed value to avoid having to compute it in the future. Caching vastly reduces the high cost of relying on meta-knowledge and the necessary retrieval and application[20]. D. Learning by Instruction An agent that is given information about the environment, domain knowledge, or how to accomplish a particular task on-line (that is in real-time as opposed
121 ISSN 1947-5500






Entropy Reduction Engine (ERE)



ERE is architecture for the integration of planning, scheduling, and control. The architecture is designed to support both multiple planning methods as well as multiple learning methods, Uses many different problem solving methods such as .problem reduction .temporal projection .rule-based execution Is a multiple execution architecture. Like human being , selecting best one from the environment RALPH – MEA uses Execution Architecture (EA) to select from one state to best one. It uses the following v Condition action v Action utility v Goal – based v Decision Theoretic






Adaptive Intelligent System (AIS) (A2)


To reason about and interact with other dynamic entities in real time. Problem solving techniques When encountering un-expected situation, decides whether to and how

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009


to some off-line programming) is said to be able to learn from instruction. Some instruction is completely unidirectional: a teacher simply gives the agent the knowledge in a sequential series of instructions. Other learning is interactive: the teacher is prepared to instruct the agent when the agent lacks knowledge and requests it. This last method supports experiential learning in which a teacher may act as both a guide (when called upon) and as an authority (when the agent is placing itself in danger or making a critical mistake). E. Learning from Experimentation Learning from experimentation, also called discovery, involves the use of domain knowledge, along with observations made about the environment, to extend and refine an agent's domain knowledge. The more systematic an agent manipulates its environment to determine new information, the more its behavior seems to follow traditional scientific experimental paradigms. However, the agent's action need not be so planned to produce new behaviour[5]. F. Learning by Analogy Reasoning by analogy generally involves abstracting details from a particular set of problems and resolving structural similarities between previously distinct problems. Analogical reasoning refers to this process of recognition and then applying the solution from the known problem to the new problem. Such a technique is often identified as case-based reasoning. Analogical learning generally involves developing a set of mappings between features of two instances. Paul Thagard and Keith Holyoak have developed a computational theory of analogical reasoning that is consistent with the outline above, provided that abstraction rules are provided to the model[19]. G. Inductive Learning and Concept Acquisition In contrast to abstraction, concept acquisition refers to the ability of an agent to identify the discriminating properties of objects in the world, to generate labels for the objects and to use the labels in the condition list of operators, thereby associating operations with the concept. Concept acquisition normally proceeds from a set of positive and negative instances of some concept (or group of segregated concepts). With the presentation of the instances, the underlying algorithm makes correlations between the feature of the instances and their classification. The problem with this technique as it is described here is that it requires the specification of both relevant features and the possible concepts. In general, as an inductive technique, concept acquisition should be able to generate new concepts spontaneously and to recognize the relevant features over the entire input domain. H. Learning from Abstraction Contrasted with concept acquisition, abstraction is the ability to detect the relevant -- or critical -- information

and action for a particular problem. Abstraction is often used in planning and problem solving in order to form a condition list for operators that lead from one complex state to another based on the criticality of the precondition. For instance, in an office environment, a robot with a master key can effectively ignore doors if it knows how to open doors in general. Thus, the problem of considering doors in a larger plan may be abstracted from the problem solving. This can be performed by the agent repeatedly to obtain the most general result. Some architectures limit abstraction to avoid the problem of over-generalization, resulting in mistaken applications of the erroneously abstracted operator. I. Explanation-Based Learning When an agent can utilize a worked example of a problem as a problem-solving method, the agent is said to have the capability of explanation-based learning (EBL). This is a type of analytic learning. The advantage of explanation-based learning is that, as a deductive mechanism, it requires only a single training example (inductive learning methods often require many training examples). However, to utilize just a single example most EBL algorithms require all of the following: • • • • The training example A Goal Concept An Operationally Criteria A Domain Theory

From the training example, the EBL algorithm computes a generalization of the example that is consistent with the goal concept and that meets the operationality criteria (a description of the appropriate form of the final concept). One criticism of EBL is that the required domain theory needs to be complete and consistent. Additionally, the utility of learned information is an issue when learning proceeds indiscriminately. Other forms of learning that are based on EBL are knowledge compilation, caching and macro-ops. J. Transfer of Learning A capability that comes from generalization and is related to learning by analogy. Learned information can be applied to other problem instances and possibly even other instances. Three specific types of learning transfer are normally identified: • Within-Trial Learning applies immediately to the current situation. Within-Task Learning is general enough that it may apply to different problem instances in the same domain. Across-Task Learning applies to different domains. Examples here include some types of concept acquisition in ISSN 1947-5500



(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009


which a concept learned in one domain (e.g., blocks) can be related to other concepts (e.g., bricks) through similarities (e.g., stackable). Acrosstask learning is then strongly[7][8].



An intelligent agent should update its plan when it learns new information which helps it accomplish its current goal more quickly. For instance, it may be the case that in the process of satisfying one goal the agent also satisfies one or more of its other goals. The agent should recognize when it has already satisfied a goal and change its plan accordingly. In addition, an agent should replan when facts about the world upon which its current plan are based change. This is important when in the act of achieving one goal the agent undoes another. The agent must realize this and update its plan to satisfy both goals. Re-planning is a capability that arises from other capabilities, namely planning and interrupt ability. D. Support of Multiple, Simultaneous Goals Taskable agents can support the achievement of externally specified top-level goals. Some of these agents can support the achievement of many top-level goals at once. This is usually performed in conjunction with planning such that the goals are sequenced in some rational way. E. Self Reflection Systems which are capable of self reflection are able to examine their own internal processing mechanisms. They can use this capability to explain their behavior, and modify their processing methods to improve performance. Such systems must have some form of Meta-Knowledge available, and in addition, they must actively apply the Meta-Knowledge to some task. The list below explains the common uses of self reflection. E.I Learning

A. Planning Planning is arguably one of the most important capabilities for an intelligent agent to possess. In almost all cases, the tasks which these agents must carry out are expressed as goals to be achieved; the agent must then develop a series of actions designed to achieve this goal. The ability to plan is closely linked to the agent's representation of the world. It seems that effective planning requires that 1) knowledge of the world is available to the planner, and since most worlds in which we are interested are reasonably complex, this is a strong motivation for implementing 2) a symbolic representation of knowledge. Typically, this knowledge contains information about possible actions in the world, which is then used by the planner in constructing a sequence of actions[18]. Planning itself is a prerequisite for several other capabilities that are often instantiated in intelligent agents. Certainly, problem solving relies heavily on planning, as most approaches to problem solving consist of incremental movements toward a solution; planning is integral to assembling these steps. Learning and planning have a reciprocal relationship wherein planning creates a new method for carrying out a task, which can then be learned for future use by the planner. [5] B. Problem Solving It may seem that all agents must solve problems, as indeed they must, but problem solving in the technical sense is the ability to consider and attain goals in particular domains using domain-independent techniques (such as the weak methods) as well as domain knowledge. Problem Solving includes the capability to acquire and reason about knowledge, although the level to which such capability is supported differs between architectures[17]. Problem solving, especially human problem solving has been characterized as deliberate movement through a problem space. A problem space defines the states that are possible for a particular problem instance and the operators available to transform one state to another. In this formulation, problem solving is search through the state space by applying operators until a recognizable goal state is reached. [2] C. Replanning Intelligent agents operating in dynamic environments often find it necessary to modify or completely rebuild plans in response to changes in their environment. There are several situations in which an agent should re-plan.

Many systems reflect upon traces of problem solutions and try to extract generalities from them to improve their problem solving strategies. Histories of past problem solutions can be collectively examined to find commonalities that can lead to case based learning. E.2 Performance Fine Tuning

Performance can be fine tuned by gathering statistics on the efficiency of various problem solving methods. These statistics are then examined to determine which problem solving methods are most efficient for certain classes of problems. This is closely related to the learning capability described above. E.3 Explanation

Systems can use self reflection to explain their behaviour to an outside observer. This action is often performed by examining traces of the problem solution and reporting key aspects of it. E.4 Episodic Recall

Self Reflection can take the form of reporting past

123 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009


experiences to an outside observer. This is usually accomplished through some form of episodic memory, where experiences are stamped with indications of when they occurred. There are several different mechanisms that can be included in architecture to help facilitate self reflection. These are explained below. E.5 Episodic Memory Episodic memory is directly applicable to episodic recall. This type of memory is often costly, however, both in terms of space and time. As the agent's experiences grow the size of the memory space to store these experiences must grow as well. In addition, searching through past experiences for some specific detail is often too time consuming to be practical. F. Meta-Reasoning Reasoning about reasoning, or meta-reasoning is a critical capability for agents attempting to display general intelligence. Generally intelligent agents must be capable of constantly improving skills, adapting to changes in the world, and learning new information. Meta-reasoning can be deployed implicitly through mechanisms such as domain-independent learning, or explicitly using, for example, declarative knowledge which the agent can interpret and manipulate. The domain-independent approaches seem the most successful so far. Other aspects of meta-reasoning include the consideration of computational costs of processing, leading to the issues such as focused processing and realtime performance. G. Expert-Systems Capability (Diagnosis and Design) An expert system is an artificial intelligence technique in which the knowledge to accomplish a particular task (or set of tasks) is encoded a priori from a human expert. An expert system typically consists to two pieces. The knowledge base represents the expert's domain knowledge and must be encoded as efficiently as possible due to the size of the database. This representation often takes the form of rules. The reasoner exploits the knowledge in the rules in order to apply that knowledge to a particular problem. Expert systems often have an explanation facility as well. Production systems are often used to realize expert systems. Expert systems also often lag the cutting edge of AI research since they are normally more applicationoriented. Examples of implemented expert systems include: • • • • • MYCIN: Diagnosis of Infectious Diseases MOLE: Disease Diagnosis PROSPECTOR: Mineral Exploration Advice DESIGN ADVISOR: Silicon Chip Design Advice R1: Computer Configuration

H. Inductive and Deductive Reasoning Deductive reasoning can be described as reasoning of the form if A then B. Deduction is in some sense the direct application of knowledge in the production of new knowledge. However, this new knowledge does not represent any new semantic information: the rule represents the knowledge as completely as the added knowledge since any time the assertions (A) are true then the conclusion B is true as well. Purely deductive learning includes methods such as caching, building macro-operators, and explanation-based learning. In contrast to this, inductive reasoning results in the addition of semantic information. There are a great many ways in which inductive inference has been characterized but most are similar to those specified by the philosopher John Stuart Mill (1843). Combinations of inductive and/or deductive reasoning are present in most cognitive architectures that utilize a symbolic world model and are described in the individual architecture document with more specific capabilities such as planning and learning. IV. CAPABILITIES RELATED TO INTERACTION WITH THE ENVIROMENT A. Prediction Our use of the term prediction refers to an architecture's ability to predict what the state of the world is or might be what things might happen in the outside world, and what other things might happen as a consequence of the agent's actions. It should be clear that, for architecture to be able to predict it needs to have a fairly good and consistent model of the outside world. In fact, architectures with no such model are unable to do prediction. B. Query Answering and Providing Explanations for Decisions Query answering is the ability to query the agent about things like past episodes ("Where were you last night?"), or the current state of the world ("Are your fingernails clean?"). If not posed in natural language, some of these queries are quite simple if the agent simply has episodic or state information immediately available. While a number of architecture discussions omitted query answering, many have general problem-solving ability that could be applied in this direction.

. C.

Navigational Strategies

Agents constructed under the hypothesis of situated action often have rudimentary reactions built into the architecture. These built-in reactions give rise to the strategy that the agent will take under certain environmental conditions. Reactive agents, such as the Brooksian agents, have emergent navigational strategies. Other agents augment emergent strategies with a degree of explicit planning. D. Natural Language Understanding Natural language understanding and generation abilities

124 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009


are required to communicate with other agents, particularly with people. Natural language understanding corresponds to receiving words from outside world, and natural language generation corresponds to sending words that may be compiled internal deliberation of the agent itself, to external world. E. Perception Perception refers to the extraction of knowledge (usually in the form of signals) from the environment. One characteristic of perception is that it may integrate sensory information from different modalities. For example, in humans the modalities of perception correspond to the five senses: taste, touch, sight, sound, and smell. Agents that sense the world and generate knowledge accessible to processes that reasons are said to perceive the world. Perception drives a continuum of behaviors that extend from the simplicity of a thermostat which simply measures the temperature to the assumption used by some agents that objects containing all relevant information about things in the world get inserted into the agent's knowledge[11][13]. F. Support for Inaccurate Sensing Sensors provide incomplete information and the state of the agent is always behind the state of the external environment. Some agents account for this in the architecture while others make tacit or explicit assumptions (or requirements) that sensors be perfect. Several architectures support inaccuracies and delays in sensing. Others assume or require that sensors be perfect. G. Robotic Tasks Navigation, sensing, grabbing, picking up, putting down and the host of Blocks' World tasks can be considered robotic. Agents that attempt to solve problems in dynamic environment must support these capabilities.

B. Focused Behaviour and Processing/Selective Attention The designers of most intelligent agents intend their agents to be operative in a complex, dynamic environments, usually the "real world" or some subset thereof. This, however, often causes significant practical problems: the real world provides a literally overwhelming amount of information to the agent; if the agent were to attempt to sense and process all this information, there would be very few computational resources remaining for other processes such as planning or learning. C. Goal Reconstruction

Goal reconstruction is the ability of an agent to exploit short-cuts to return to a problem where it was last left off, even when the memory in which the problem was stored has been used for other purposes. This capability is implicit in some architecture and explicit in others. Kurt VanLehn argues that goal reconstruction is critical to mimic the human capability of quickly restarting a problem after being indefinitely interrupted. Teton employs goal reconstruction explicitly using two mechanisms in order to balance efficiency and speed with robustness[12]. D. Responding Intelligently to Interrupts and Failures The ability to respond intelligently to interrupts is extremely important for agents that must operate in a dynamic environment. In particular, interrupt ability may be an important feature that supports reactivity but neither property implies the other. E. Human-like Math Capability Humans often solve arithmetic problems the "long way". The optimal bit-based methods of the computer are not natural and, as such, not employed by humans. Several psychological experiments have been performed showing that, not only are the arithmetic operations used by humans not optimal, but the long-hand algorithms can be suboptimal and sometimes inconsistent. Some humans classify problems before approaching them (even the classifications can be inconsistent) and use a personal method that varies consistently with the class of problem[14][15]. Kurt VanLehn argues that a non-Last-In, First-Out (LIFO) goal reconstruction technique can reproduce this behavior. An essential component to the reproduction of this behavior is that goals cannot be managed by a LIFO stack. VanLehn's Teton architecture was designed specifically to model these types of behaviors. Additionally, the Soar architecture has also been applied to the cognitively-plausible solution of math problems.In the following table-2 the rows represent the capabilities and the column corresponds to agents with specific architecture. In the cells ‘Y’ indicates that agent corresponds to the column possess the capability represented by the row[16].



A. Real-Time Execution While speed is an issue in all architectures to varying degrees, the ability to guarantee real-time performance places a tighter restriction on the speed requirements of the system. Real-time performance means that the agent is guaranteed to behave within certain time constraints as specified by the task and the environment. This is especially challenging in a dynamic environment because it provides an very tight time constraint on performance. Perfect rationality is perhaps impossible to guarantee when operating under a real-time constraint and thus some architectures will satisfy with bounded rationality to achieve this goal.

125 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009


S A T 1 1 1 P A S T 2 M H 2 2 R E

Single Learning Method Multi-Method Learning Caching Learning by Instruction Learning from Experimentation Learning by Analogy Inductive Learning and Concept Acquisition Abstarction Explanationbased learning Transfer of Learning Planning Problem Solving Replanning Support of Multiple , Simultaneous Goals Self Reflection Meta-Reasoning Expert System Capability Inductive and deductive Reasoning Prediction Query Answering and providing Explanations for Decisions Navigational Strategies Natural Language Understanding Perception Support for Inaccurate sensing Robotic Tasks Real-time Execution Focussed Behavior and Processing/Selec tive Attentions Goal Recontruction Responding Intelligently to Interrupts and Failures Human-like Math Capability



VI. CONCLUSION In this paper we list out major architectural agent’s, which analyse and represent a wide range of current architecture in Artificial Intelligence. The main objective of this paper is to understand the various capabilities in regards of agents. The capabilities vary from one agent to another agent because of their design architecture. Finally in the form of a table we indicate, which agent among the twelve agents, we possess what kind of capabilities. This leads to the study of Multi Agent systems and its applications. In depth analysis of various Agent architectures and their capabilities is to build a Multi Agent System that will be suitable for our future work on Supply Chain Management.

[1] Y [2] Y [3] Y Y Y Y Y Y [4] Anderson, J. (1991). Cognitive Architectures in a rational analysis. In K. VanLehn (ed.), Architectures for Intelligence, pp. 1-24, Lawrence Erlbaum Associates, Hillsdale, N.J. Albus, J. S. 1992. A reference model architecture for intelligent systems design. In Antsaklis, P. J., and Passino, K. M., eds., An Introduction to Intelligent and Autonomous Control, 57{64. Boston, MA: Kluwer Academic Publishers Anderson, J. R.; Bothell, D.; D., B. M.; and Lebiere, C. An integrated theory of the mind. To appear in Psychological Review. Andronache, V., and Scheutz, M. 2004a. Ade - atool for the development of distributed architecturesfor virtual and robotic agents. In Proceedings of theFourth International Symposium "From Agent Theoryto Agent Implementation". Andronache, V., and Scheutz, M. 2004b. Integratingtheory and practice: The agent architecture frame-work apoc and its development environment ade. In Proceedings of AAMAS 2004. Arkin, R. C., and Balch, T. R. 1997. Aura: principles and practice in review. JETAI 9(2-3):175{189. Arkin, R. C. 1989. Motor schema-based mobile robotnavigation. International Journal of Robotic Research8(4):92{112. Bonasso, R. P.; Firby, R.; Gat, E.; Kortenkamp, D.;Miller, D.; and Slack, M. 1997. Experiences with anarchitecture for intelligent, reactive agents. Journalof Experimental and Theoretical Arti_cial Intelligence 9(1). Bonasso, R.P. and Kortenkamp, D. 1995. Characterizing an Architecture for Intelligent, Reactive Agents. AAAI Spring Symposium. Brooks, R. A. 1986. A robust layered control systemfor a mobile robot. IEEE Journal of Robotics andAutomation 2(1):14{23. Fikes, R., Nilsson, N. (1971). STRIPS: A new approach to the application of theorem proving to problem solving. Artificial Intelligence, 2, pp. 189-203. Firby, R.J. and Slack, M.G. 1995. Task Execution: Interfacing to Reactive Skill Networks. AAAI Spring Symposium on Software Architectures. Gat, E. 1992. Integrating Planning and Reacting in a Heterogeneous Asynchronous Architecture for Controlling Real-World Mobile Robots. AAAI-92: 809-815. Horswill, I. 2000. Functional programming ofbehaviorbased systems. Autonomous Robots (9):83{93}. Laird, J. E.; Newell, A.; and Rosenbloom, P. S. 1987.SOAR: An architecture for general intelligence. Arti_cial Intelligence 33:1{64. Laird, J.; Rosenbloom, P.; and Newell, A. 1986.Chunking in soar: The anatomy of a general learningmechanism. Machine Learning 1:11{46. Langley, P.; Shapiro, D.; Aycinena, M.; and Siliski,M. 2003. A value-driven architecture for intelligentbehavior. In Proceedings of the IJCAI-2003 Workshopon Cognitive Modeling of Agents and Multi-Agent In-teractions.























[6] [7]

[8] Y Y Y Y Y Y












[12] Y Y Y Y


[14] Y Y Y Y Y Y Y Y Y Y Y [15]











126 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009





Langley, P.; Cummings, K.; and Shapiro, D. 2004. Hierarchical skills and cognitive architectures. In Proceedings of the Twenty-Sixth Annual Conference of theCognitive Science Society. Lyons, D. M., and Arbib, M. A. 1989. A formal modelof computation for sensory-based robotics. IEEETransactions on Robotics and Automation 5(3):280{293}. Schoppers, M. (1987). Universal Plans for Reactive Robots in Unpredictable Environments. Proc. of the IEEE. Vol. 77, No. 1. (January).pp. 81-98. AUTHORS PROFILE Ritu Sindhu: Ph.D Scholar, Banasthali University and WIT Gurgaon. Completed her B.Tech (CSE) from U.P.T.U, Lucknow, M.Tech (CSE) from Banasthali University, Rajasthan. Abdul Wahid: Presently working as a professor in Computer science department in AKG Engineering College Ghaziabad, India. Completed his MCA, M.Tech. and Ph.D. in Computer Science from Jamia Millia Islamia (Central University), Delhi. G.N.Purohit: Dean, Banasthali University, Rajasthan.

127 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Prefetching of VoD Programs Based On ART1 Requesting Clustering
P Jayarekha *, Dr.T R GopalaKrishnan Nair**
* Research Scholar, Dr. MGR University Dept. of ISE, BMSCE, Bangalore . Member, Multimedia Research Group, Research Centre, DSI, Bangalore. ** Director, Research and Industry Incubation Centre, DSI, Bangalore.

Abstract In this paper, we propose a novel approach to group users according to the VoD user request pattern. We cluster the user requests based on ART1 neural network algorithm. The knowledge extracted from the cluster is used to prefetch the multimedia object from each cluster before the user’s request. We have developed an algorithm to cluster users according to the user’s request patterns based on ART1 neural network algorithm that offers an unsupervised clustering. This approach adapts to changes in user request patterns over period without losing previous information. Each cluster is represented as prototype vector by generalizing the most frequently used URLs that are accessed by all the cluster members. The simulation results of our proposed clustering and prefetching algorithm, shows enormous increase in the performance of streaming server. Our algorithm helps the server’s agent to learn user preferences and discover the information about the corresponding sources and other similar interested individuals.

Keywords: Adaptive Resonance theory 1 (ART1), clustering, Predictive prefetch, neural networks. 1 Introduction For the past few years, Multimedia applications are growing rapidly and we have witnessed an exponential growth of traffic on the internet [11]. These applications include Video-on demand, Video authoring tools, news broadcasting, Videoconferencing digital libraries and interactive video games. The new challenges that has raised today is concerned with aspects of data storage, management processing, the continuous arrival of requests in multiple, rapid, time-varying and potentially unbounded streams. It is usually not feasible to store the request arrival pattern in a traditional database management system in order to perform delivery operation on the data later on. Instead, the request arrival must generally be processed in an online manner from the cache which also holds the predictive prefetched video streams and guarantee that results can be delivered with a small start up delay for the first-time access videos. The VoD streaming server is an important component as it is responsible for retrieving different blocks of different video stream and sends them to different users simultaneously. This is not an easy task due to the real time factor and the large volume of characteristics possessed by the video. Real time characteristic requires that video blocks have to be retrieved from the server’s disk within a deadline for continuous delivery to users. Failure to meet the deadline will result in jerkiness during viewing [13]. With the rapid development in VoD streaming services, the knowledge discovery in the multimedia services has become an important research area. These can be classified broadly into

two classes multimedia content mining and multimedia usage pattern mining. An important topic in learning user’s request pattern is the clustering of multimedia VoD users, i.e, grouping the users into clusters based on their common interest. By analyzing the characteristics of the groups, the streaming server will understand the users better and may provide more suitable, customized services to the users. In this paper, the clustering of the users request access pattern based on their browsing activities is studied. Users with similar browsing activities are clustered or grouped into classes (clusters). A clustering algorithm takes as input a set of input vectors and gives as output a set of clusters and a mapping of each input vector to a cluster. Input vectors which are close to each other according to a specific similarity measure should be mapped to the same cluster[5,8]. Clusters are usually internally represented using prototype vectors which are the vectors indicating a certain similarity between the input vectors are mapped to a cluster. Automated knowledge discovery in large multimedia databases is an increasingly important research area. VoD application services over a computer network. It provides to watch any video at any time. One of the requirements for VoD system implementation is to have a VoD streaming server that acts as an engine to deliver videos from the server’s disk to users. Video blocks should be prefetched intelligently with less latency time from the disk and hence service high number of streams. However, due to real time and large volume characteristics possessed by the video, the designing of video layout is a challenging task. Real time constraints the distribution of blocks on disk and hence decrease the number of streams being delivered to users. The deficiency possessed by the existing prefetching techniques like window based prefetching and active prefetching methods and cumulative prefetching[14] is that these schemes only perform prefetching for the currently accessed object and perform prefetching for the currently accessed object and prefetching is only triggered when the client starts to access that object. For the first time accessed objects, its initial portion will not be fetched by current caching and prefetching schemes. So client suffers from start-up delay for the first-time access. In this paper, we consider the problem of periodic clustering and prefetching of first-time access video streams using ART1 neural networks [10]. A target is set as the request arrival pattern, to achieve the results comparative with that of target

128 ISSN 1947-5500

the videos are prefetched using a ART1 model for which a set of videos to be prefetched are grouped on time-zone.

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Outline of the Paper: The paper is organized into various sections as follows: section 2 provides some back-ground information, both on VoD streaming model and clustering. Section 3 discusses about the related work in clustering and prefetching. Section 4 presents the methology used in developing the algorithm. Section 5 evaluates our proposed model through analysis and simulation results. Section 6 presents conclusions. 2 Background 2.1 The VoD Streaming Model The VoD streaming model has the following characteristics: • The request arrival pattern is online and they might be undergoing on some specific constraints. The order in which the request arrives is not under the control of the system. Request arrivals that have been processed are either discarded or serviced. They cannot be re retrieved easily unless being stored in the cache memory, which is just the prefix of the whole video stream. The prefetching operation should have lower priority than normal request. So the video steaming server should prefetch only when its workload is not heavy. The prefetched objects are required to content with normally fetched objects for cache space. Fig 1 Multimedia Streaming Server Architecture • Live broadcast, such as a digital camera connected to the computer port. • Data stored in the form of media. • Data stored on machines in a network. The system targets Remote Monitoring, live event broadcasting, home/office monitoring, archiving of the video in a centralized server and related applications. Streaming multimedia data is a transaction between the server and client. The client, can be any HTTP client, that accesses the media. The server is an application that provides all the client applications with the multimedia content. Unlike the downloadand-play mechanism, the multimedia streaming client starts playing the media packets as soon as they arrive, without holding back to receive the entire file. While this technology reduces the client’s storage requirements and startup time for the media to be played, it introduces a strict timing relationship between the server and the client. 2.3 Clustering A cluster is a collection of data objects that are similar to one another within the same cluster and are dissimilar to the objects in other cluster. A cluster of data objects can be treated collectively as one group and so may be considered as a form of data compression. Also, cluster analysis can be used as a form of descriptive statistics, showing whether or not the data c consists of a set of distinct subgroups. The term cluster analysis (first used by Tryon, 1939) encompasses a number of different methods and algorithms for grouping objects of similar kind into respective categories. A general question facing researchers in many areas of inquiry is how to organize observed data into meaningful structures, that is, to develop taxonomies. In other words cluster analysis is an exploratory data analysis tool which aims at sorting different objects into groups in a way that the degree of association between two objects is maximal if they belong to the same group and minimal otherwise. Clustering and unsupervised learning do not relay on predefined classes and class-labeled training examples. For this reason, clustering is a form of learning by observation, rather than learning by examples.




2.2 Proposed architecture Multimedia streaming servers are designed to provide continuous services to clients on demand. A typical Video-ondemand service allows the remote users to play any video from a large collection of videos stored on one or more servers. The server delivers the videos to the clients, in response to the request. Multimedia Streaming Servers, specifically customized for HTTP, RTSP based streaming are ideally suited for developing quick I.P. based streaming systems. Multimedia streaming setup, as shown in Figure 1, includes two types of interactions. The streaming server processes the real-time multimedia data and sends it to the clients, through the various possible types of devices. In the server part, the multimedia streaming server accepts multimedia data or input from any of the following sources:

129 ISSN 1947-5500

2.4 Clustering Video Streams

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

given model.

The clustering of (active) video streams concerns the concept of distance or, alternatively, similarity between streams. It is required to decide how two video streams fall into one cluster. Here, we are interested in the time-dependent evolution of a request generated to a video stream. That is to say, two different request to video streams are considered similar if their evolution over time shows similar characteristics. The customer behavior change over time the accurate predictions are rather difficult. A successful video streaming server is the one which offers customer with large selection of videos. While prefetching the videos from the server's disk and clustering them in one cluster the different factors that are considered are, The time at which the requests are generated. For example children's videos are likely to be popular early in the evening or in weekend mornings, but less popular late at night. The maximum total revenue the service provider can make is limited by the capacity of the server and number of active videos that are currently present in the cache, and hence the videos that are clustered into one should generate not only maximum revenue but also reduce the waiting time. The videos can be categorized into children videos, adult videos, house-wife videos and hot news videos. Thus the video steaming system should adopt rapidly and service the request using predictive prefetch to a widely varying and highly dynamic workload. 2.5 Advantages of neural networks and ART1 in clustering and prediction Neural network is highly tolerance of noise data, as well as their ability to classify pattern on which they have not been trained. They can be used when we may have little knowledge of the relationships between attributes and classes. Artificial neural networks are taught trained to perform specific functions in contrast to conventional computers that are programmed. Training in neural networks could be supervised or unsupervised. In supervised learning training is achieved using a data set by presenting the data as input-output pair of patterns, and the weights are accordingly adjusted to capture the relationship between the input and response. Unsupervised network are on the other hand are not aware of desired response and therefore learning is based on observation and self-organization. Adaptive Resonance Theory an unsupervised learning gives solutions for the following problems arising in the design of unsupervised classification systems [12] Adaptability : Refers to the capacity of the system to assimilate new data and to identify new clusters (this usually means a variable number of clusters) • Stability: Refers to the capacity of the system to conserve the clusters structures such that during the adaptation process the system does not radically change its output for a given input data. Neural networks can be used for prediction with various levels of success. The advantage of this includes automatic learning of dependencies only from measured data without any need to add further information (such as type of dependency like with the regression). The neural network is trained from the historical data with the hope that it will discover hidden dependencies and that it will be able to use them for predicting into future. In other words, neural network is not represented by an explicitly •

In the arena of multimedia communication, knowledge of demand and traffic characteristics between geographic area is vital for the planning and engineering of multimedia communications. Demand for any service in a network is a dynamically varying quantity subject to several factors. Prior knowledge of request patterns for various services will allow utilization of storage resources. This prior knowledge is essential for planning of multimedia server architecture for the future in an optimized manner, as well as for allocating available storage in an effective fashion, based on the current demand. In this paper we have proposed a generalized scheme for learning the behavior of video on demand characteristics on a daily and weekly basis using simulation data. 3 Related work We discuss the significant work in the area of clustering and prefetching. 3.1 Related work in clustering Clustering users based on their Web access patterns is an active area of research in Web usage mining. R. Cooley et al. [4] propose a taxonomy of Web Mining and present various research issues. In addition, the research in web mining is centered on extraction and applications of cluster and prefeching. Both of these issues are clearly discussed in [1].It has been proved in this scheme a 97.78% of prediction hierarchy. Clustering of multimedia request access pattern is defined by hierarchical clustering method to cluster the generalized session. G T Raju et al. [5] has proposed a novel approach called Cluster and PreFetch (CPF) for prefetching of web pages based on the Adaptive Resonance Theory (ART) neural network clustering algorithm. Experiments have been conducted and results show that prediction accuracy of our CPF approach is as high as 93 percent. 3.2 Related work in prefetching Prefetching means fetching the multimedia objects before the user request them. There are some existing prefetching techniques, but they possess some deficiency. The client will suffer from start-up delay for the first-time accesses since, prefetching action is only triggered when a client starts to access that object. However, an inefficient prefetching technique causes wastage of network resources by increasing the web traffic over the network.[6] J Yuan et al has proposed scheme, in which proxy servers aggressively prefetch media objects before they are requested. They make use of servers’ knowledge about access patterns to ensure the accuracy of prefetching, and have tried to minimize the prefetched data size by prefetching only the initial segments of media objects. [7] KJ Nesbit et al has proposed an prefetching algorithm which is based on a global history buffer that holds the most recent miss addresses in FIFO order. 4. Methology 4.1 Preprocessing the web logs

130 ISSN 1947-5500

The multimedia Web log file of a web server contains the raw data of the form <client_Id, User_Id, timestamp, requested_video,HTTP replay code,bytes sent>. The format of the log file is not suitable for directly applying ART1 algorithm on them. Therefore, the log data needs to be transformed into a <client_Id,date, requested_video> format. We have selected 50 clients requesting for 200 different videos. 4.2 Extraction of feature vectors For clustering, we need to extract the binary pattern vector P that represents the accessed requested_video’s URL by a client and is an instance of the base vector B ={URL1,URL2…..URLn}.The pattern vector maps the access frequency of each base vector element URLi to binary values. It is of the form P ={P1,P2,….Pn} where each Pi is either 0 or 1.Pi is 1 if URLi is requested by a client 2 or more times, it is 0 otherwise. 0 1 1 0 1 1 1 Fig 2 Sample Pattern Vector 0 1 1

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Fig 3 The ART1 neural network For (ρ→0) the model is expected to have minimum number of clusters. As (ρ→1) it is expected to form maximum number of clusters. Some times to an extent of one input prototype vector in each cluster. ART1 consists of comparison layer F1, recognition layer F2,and control gains G1 and G2.  The input pattern is received at F1, whereas classification takes place in F2 Each neuron in the comparison layer receives three inputs: a component of the input pattern, a component of the feedback pattern, and a gain G1. A neuron outputs a 1 if and only if at least three of these inputs are high: the 'two-thirds rule.' Each input activates an output node at F2.The F2 layer reads out the top-down expectation to F1, where the winner is compared with the input vector. The vigilance parameter determines the mismatch that is to be tolerated when assigning each host a cluster. If the new input is not similar to the specimen, it becomes the second neuron in the recognition layer. This process is repeated for all inputs (parts) [9]. ART learns to cluster the input pattern by making the output neurons compete with each other for the right to react to a particular input pattern. The output neuron which has the weight vector that is most similar to the input vector claims this input pattern by producing an output of ‘1’and at the same time inhibits other output neurons by forcing them to produce ‘0’s. in ART, only the winning node is permitted to alter its weight vector , which is modified in such a way that is brought near to the representative input pattern in cluster concerned. ART neural networks are known for their ability to perform plastic yet stable on-line clustering of dynamic data set. ART adaptively and autonomously creates a new category. Another advantage of using ART1 algorithm to group users is that it adapts to the change in users’ request access patterns overtime without losing information about their previous access pattern. The advantage comes from the fact that ART neural networks are tailored for systems with multiple inputs and multiple outputs, as well as for nonlinear systems. Besides this advantage, no extra detailed knowledge about the process is required to model using neural networks. The consideration of system dynamics leads to networks with internal and external feedback, where there are many structure variants.


Fig 2 is a sample of pattern vector generated during a session. Each pattern vector has a binary bit pattern of length 200.For each session we input 50 such pattern to an ART1, since we have 50 clients. 4.3 Session Identification A user requesting for a video may visit a Web site from time to time and spend arbitrary amount of time between consecutive visits. To deal with the unpredictable nature of generation of request arrival pattern, a concept called session is introduced. We cluster the request pattern in each session. The data collected during each session is used as historical data for clustering and prefetching purpose. Subsequent requests generated during a session is added as long as the elapse of time between two consecutive requests does not exceed a pre_defined parameter maximum_idle_time. Otherwise, the current session is closed and a new session is created. 4.4 Clustering users Adaptive Resonance Theory Figure 3 depicts the ART1 architecture and its design parameters bij (bottom-up weights) is the weight matrix from the interface layer to the cluster layer, tij (top-down weights) is the weight matrix from the cluster layer to the interface layer, N(number of input patterns or interface units), M (maximum allowed number of clusters) and ρ(vigilance parameter). The vigilance parameter ρ and the maximum number of clusters M has big impact on the performance[8]:


131 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

,from the previous history. Those videos for which the binary value set to one in the prototype will be prefetched. 5 Results and Discussion 5.1 Performance of ART1 clustering technique

Fig 6 A sample Input data Fig 6 above is a sample set of data from 10 different users. A value 1 represents that more than two clients have requested for a video and a 0 no one has requested for that particular video. A sample of 10 pattern vectors with N = 50 is taken from our simulation results and variation in number clusters formed with that of vigilance factor is observed[8]. The result is as shown in the graph below. The number clusters formed increases with the increase in vigilance parameter. It clear from the graph that a value of 0.3 to 0.5 forms ideal number of clusters.

Fig 4 An ART1 clustering Algorithm 4.5 Prefetching Scheme

Fig 7 Number of clusters verses vigilance parameter for sample input data The same when applied to 200 videos from different 50 clients with their frequency ranging from 27 to 1530. The value of the vigilance parameter is varied between 0.30 to 0.50.

Fig 5 ART1_based_Prefeching Algorithm


Fig 4 above is the binary ART1 algorithm used to cluster the requests . The number of clusters formed depends on the vigilance factor. Fig 5 is ART1 based prefetching algorithm. At any time instance the videos are prefetched and stored in the cache prior to the request. The prototype selected will depend on the cluster formed at the same instance of time

Table 1 Number of Clusters formed by varying the value of vigilance parameter

132 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Vigilance Parameter 0.3 0.35 0.40 0.45 0.475 0.50

Number of Clusters 18 23 30 34 39 42

session interval is defined on predefined parameter maximum_idle_time. Whenever a new request arrives, it is checked for the membership of matching cluster. All videos that are frequently requested by the members of that cluster might have been already present in the cache. Sometimes the new request may modify the prototype vector of a cluster. If a request arrives during a course of session the new prototype vector is computed using both historic data and also the current input vectors, so that accurate predictions can be done.

Table 2 Result of prefetching scheme

Num of members each cluster

Videos prefetced


Accuracy %

8 6

36 45

34 43

97% 93%

4 Fig 8 Variation in the number of clusters formed by increasing the vigilance parameter 5.2 Prefetching results We have conducted an performance analysis based on two parameters. (a) Hits and (b) Accuracy. Hits indicate the number of videos that are requested from the prefetched videos, and accuracy is the ratio to hits to the number of videos being prefetched. Most of the techniques for Predictive Prefetching is for a single user. Whereas ART1 neural network based clustering reduces the overload on the network by prefetching the videos not for a single user, but for a community of users. It prefetches request with an accuracy as high as 92%. Each prototype vector of a cluster represents a possibility of community of users requesting for videos. This predictive prefetch is performed periodically over a sliding window defined by a session. An accurate predictions are difficult since customer behavior change over time [11]. The extremely popular videos are accessed frequently and the frequency may change not only on a daily or weekly, but even on an hourly basis. For eg children videos are likely to be popular early in the evening or in weekend morning [11], but less popular late at night. The ART1 model reflects customer behavior over 24-hours period. From the historic data clusters are framed. Each cluster is represented by a prototype vector which is in the binary format and holds the information about most popular videos, requested by the members of that cluster. The historic data is collected at the end of each session. A








In Table 2, we have shown the result of our prefetching scheme by considering sample of four clusters. We prefetch the URLs for each client and verify the accuracy of our algorithm. The vigilance factor was set to 0.4. The average prediction accuracy of our scheme is 92.2%, which is considerably high.

6 Conclusion
In recent years, there have been a number of researches in exploring novel methods and techniques to group users based on the request access pattern. In this paper we have clustered and prefetched user request access pattern using ART1 clustering approach. The predictions were done over a time series domain. The proposed system has achieved good performance with high satisfaction and applicability. Effort on a way to improve by clustering the requests on demand. The future work is on to count the number of requests that were considered to form any cluster. The prefetching algorithm will prefetch the most popular cluster at that instance which may improve the performance. P Jayarekha holds M.Tech (VTU Belgaum ) in computer science securing second rank . She has one and a half decades experience in teaching field. She has published many papers. Currently she is working as a teaching faculty in the department of Information science and engineering at BMS College Of Engineering , Bangalore ,India.

133 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

T.R. Gopalakrishnan Nair holds M.Tech. (IISc, Bangalore) and Ph.D. degree in Computer Science. He has 3 decades experience in Computer Science and Engineering through research, industry and education. He has published several papers and holds patents in multi domains. He won the PARAM Award for technology innovation. Currently he is the Director of Research and Industry in Dayananda Sagar Institutions, Bangalore, India.

REFRENCES [1] S K Rangarajan, V V Phoha, K Balagani, R RSelmic “Web user caching and its application to prefetching using ART neural networks “ IEEE Internet Computing, Data & Knowledge Engineering, v.65 n.3, p.512-543, June, 2008 [2] K Santosh, V Vir, S Kiran, R Selmic, SS Iyengar “Adaptive Neural Network clustering of Web users “ IEEE Computer, 2004 [3] P Venketesh, R Venkatesan “A Survey on Applications of Neural Networks and Evolutionary Techniques in Web Caching” IETE Technical review. 2009 [4] Cooley R., Mobasher B., and Srivatsava J., “Web Mining: Information and Pattern Discovery on the World Wide Web.” ICTAI’97, 1997. [5] G. T. Raju and P. S. Satyanarayana “Knowledge Discovery From Web Usage Data :A Novel Approach for Prefetching of Web Pages based on ART Neural Network Clustering Algorithm” International Journal of Innovative Computing, Information and Control ICIC International 2008 ISSN 1349-4198 Volume 4, Number 4, April 2008 [6] J Yuan, Q Sun, S Rahardja “A More Aggressive Prefetching

Scheme for streaming Media Delivery over the Internet” Proceedings of SPIE, 2007. [7]KJ Nesbit, JE Smith “Data Cache Prefetching using a global history buffer” High Performance Computer Architecture, 2004 [8] L Massey “Determination of clustering tendency with ART neural networks” Proceedings of recent adavances in softcomputing (RASC02) 2002 [9] N. Kumar, R.S.Joshi “Data Clustering Using Artificial Neural Networks “ Proceedings of National Conference on Challenges & Opportunities in Information Technology (COIT-2007) [10] H. Chris Tseng, “Internet Applications with Fuzzy Logic and Neural Networks: A Survey” Journal of Engineering, computing and architecture 2007 [11] Xiaobo Zhou “ A video replacement Policy based on Revenue to cost ratio in a Multicast TV-Anytime system” [12] Heins, Lucien G., Tauritz, and, Daniel R., “Adaptive Resonance Theory (ART): An Introduction.” Internal Report 95-35, Department of Computer Science, Leiden University, pages 174-185, The Netherlands, 1995 [13] Dinkar Sitaram, Asit Dan, "Multimedia Servers Applications, Environment, and Design", Morgan Kaufmann Publishers, 2000 [14] J Jung, D Lee, K Chon “ Proactive Web caching with cumulative prefetching for large multimedia data”Computer Networks, 2000 - Elsevier

134 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Prefix based Chaining Scheme for Streaming Popular Videos using Proxy servers in VoD
M Dakshayini,
Research Scholar, Dr. MGR University. Working with Dept. of ISE, BMSCE, Member, Multimedia Research Group, Research Centre, DSI, Bangalore, India.
Abstract—Streaming high quality videos consumes significantly large amount of network resources. In this context request-toservice delay, network traffic, congestion and server overloading are the main parameters to be considered in video streaming over the internet that effect the quality of service (QoS). In this paper, we propose an efficient architecture as a cluster of proxy servers and clients that uses a peer-to-peer (P2P) approach to cooperatively stream the video using chaining technique. We consider the following two key issues in the proposed architecture (1) Prefix caching technique to accommodate more number of videos close to client (2) Cooperative client and proxy chaining to achieve the network efficiency. Our simulation results shows that the proposed approach yields a prefix caching close to the optimal solution minimizing WAN bandwidth usage on server-proxy path by utilizing the proxy-client and client-client path bandwidth, which is much cheaper than the expensive server –proxy path bandwidth, server load, and client rejection ratio significantly using chaining. Keywords-component: prefix caching, cooperative clients, video streaming, bandwidth usage, and Chaining.

Dr T R GopalaKrishnan Nair
Director, Research and Industry Incubation Centre, DSI, Bangalore, India

to address this problem: batching, patching, periodical broadcasting and prefix caching and chaining. In the batching scheme [5,8 &10], the server batches the requests for the same video together if their arrival times are close, and serve them by one multicast channel. In the patching scheme [2], the server sends the entire video clip to the first client. Later clients can join the existing multicast channel, and at the same time each of them requires a unicast channel to deliver the missing part of the video. Periodical broadcasting [12] is another innovative technique. In this approach, popular videos are partitioned into a series of segments and these segments are continually broadcasted on several dedicated channels. Before clients start playing videos, they usually have to wait for a time length equivalent to the first segment. Therefore, only near VoD service is provided. Proxy caching [1, 4 & 9] is also a promising scheme to alleviate the bandwidth consumption issue. In this approach, there exists a proxy between a central server and client clouds. Partial video (or entire video) files are stored in proxies and the rest are stored in the central server. Proxies send cached videos to clients, and request the remaining from servers on behalf of clients. Recent works investigate the advantages of connected proxy servers within the same intranet [3, 4 and 8]. II. RELATED WORK In this section we briefly discuss the previous work. Tay and pang has proposed an algorithm in [7] called GWQ (Global waiting queue) to reduce the initial startup delay by sharing the videos in a distributed loosely coupled VoD system. They have replicated the videos evenly in all the servers, for which the storage capacity of individual proxy server should be very large to store all the videos. In [11] Sonia Gonzalez, Navarro, Zapata proposed an algorithm to maintain a small initial start up delay using less storage capacity servers by allowing partial replication of the videos. They store the locally requested videos in each server. We differ by caching the partial prefix-I at proxy and prefix-II at tracker in proportion to popularity there by utilizing the proxy server and tracker storage space more efficiently. In

I.INTRODUCTION Generally streaming any multimedia object like high quality video consumes a significantly large amount of network resources. So request-to-service delay, network traffic, congestion and server overloading are the main parameters to be considered in video streaming over the internet that affect the quality of service (QoS). So providing video-on-demand (VoD) service over the internet in a scalable way is a challenging problem. The difficulty is twofold first; it is not a trivial task to stream video on an end-to-end basis because of a video’s high bandwidth requirement and long duration. Second, scalability issues arise when attempting to service a large number of clients. In particular, a popular video generally attract a large number of users that issues requests asynchronously [2]. There are many VoD schemes proposed

135 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

[3] authors have proposed an hybrid algorithm for chaining, but they do not discuss about the scenario of client failure. LEMP in [6] also have proposed a client chaining mechanism and a solution for handling client failure situation involving too many messages which increases the waiting time for playback start to tw. Another approach to reduce the aggregated transmission cost has been discussed in [12] by caching the prefix and prefix of suffix at proxy and client respectively. But they have not considered chaining. [5 and 8] proposes a batching technique, which increases the client initial waiting time. Edward Mingjun Yan and Tiko kameda in [10] proposes a broadcasting technique which requires huge amount of storage capacity and sufficient bandwidth. Yang Guo in [2] has suggested an architecture to stream the video using patching technique. Hyunjoo and Heon in [13] have proposed another chaining scheme with VCR operations. But they do stream the video data from main server and considered a constant threshold value, due to which more number of clients may not be able to share the same chain. And WAN bandwidth usage on server-proxy path may be comparatively high. In this paper, we propose an efficient load sharing algorithm and a new VoD architecture for distributed VoD system. This architecture consists of a centralized Main multimedia server [MMS] which is connected to a set of trackers [TR]. Each tracker is in turn connected to a group of proxy servers [PS] and these proxy servers are assumed to be interconnected using ring pattern. To each of this PS a set of clients are connected. And all these clients are connected among themselves. This arrangement is called as Local Proxy Servers Group[LPSG(Lp)]. Each of such LPSG, which is connected to MMS, is in turn connected to its left and right neighboring LPSG in a ring fashion through its tracker. And an efficient prefix caching based chaining (PC+Chaining) scheme using proxy servers to achieve the higher network efficiency. The organization of rest of the paper is as follows: Section 3 analyzes various parameters used in the problem. In section 4 we present a proposed approach and algorithm in detail, Section 5 describes Simulation model and section 6 describes the PC+Chaining scheme in detail, Section 7 presents the performance evaluation, Finally, in section 8, we conclude the paper and refer to further work. III. MODEL OF THE PROBLEM Let N be a stochastic variable representing the group of videos and it may take the different values (videos) for Vi (i=1,2 . . N). And the probability of asking for the video Vi is p(Vi), let the set of values p(Vi) be the probability mass function. Since the variable must take one of the values, it follows that

Where I is the total number of observations and ni is the number of requests for video Vi. We assume that client’s requests arrive according to Poisson process with the arrival rate λ. Let Si be the size (duration in minutes) of ith video(i=1..N) with mean arrival rates λ1 . . . λ N respectively that are being streamed to the users using M proxy servers (PSs) of J LPSGs (Lp p=1..J). Each TR and PSq (q=1..M), has a caching buffer large enough to cache total P and B minutes of H and K number of video prefixes respectively. The complete video is divided into three parts, first W1 minutes of each video Vi is referred to as prefix-1(pref-1)i of Vi and is cached in any one of the proxy servers of the group only once. and next W2 minutes of video Vi is referred to as prefix-2(pref-2)i of Vi is cached at TR of Lp. i.e. P=



i =1

(pref-2 )i and B=



i= 1

(pref-1 )i

Based on the frequency of user requests to any video, the popularity of the videos and size of (pref-1) and (pref-2) to be cached at PS and TR respectively is determined. And the size (W) of (pref-1) and (pref-2) for ith video is determined as.

W (pref −1 )i = xi×Si where 0<



W (pref − 2 )i = xi × ( Si- (pref-1 )i ) where 0< i




i= 1

p (vi ) =1 .

So the estimation of the probability of requesting Vi video, is p(Vi) =

<1 Where xi is the probability of occurrence of user requests with frequency for video i from last t minutes. This arrangement caches maximum portion of most frequently requesting videos at Lp. So most of the requests are served immediately from Lp itself, which reduces the network usage on server-proxy path significantly and makes the length of the queue Ql almost negligeble. Let bi be the available bandwidth for Vi between the proxy and main Server. After requesting for a video Vi at PSq, the WAN bandwidth required on server-proxy path for the video Vi may be S −P S −P bwi = bw( S − (pref-1 ) − ( pref − 2))i where i=1..N, and bwiS −P is the WAN bandwidth usage required for ith video on server to proxy path. This

ni . I

136 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

depends on the amount of Vi (S-(pref-1)-(pref-2)) to be streamed from main server to the proxy. So the aggregate server-proxy bandwidth usage would be S −P WAN bw =


S −P


Q i −1

bw( S − ( pref − 1)( pref − 2))i

S −P

bw() is a non linear function of Sz[(pref-1) & (pref-2)]. And another output stochastic variable Rrej is the request rejection ratio, which is the ratio of the number of requests rejected (Nrej) to total number of requests arrived at the system (R), which is inversely proportional to system efficiency S eff .

That is
S eff =

S eff =

1 where Rrej

Rrej =

Nrej R


is the ratio of number of requests served (Q) to

total number of requests arrived (R) at the system. The optimization problem to maximize S eff , thereby minimizing the client rejection ratio R rej at the PS, and
S− average WAN bandwidth usage WAN bw P is.

Maximize System Efficiency

S eff =


And each TR is in turn connected to a set of PSs. These PSs are connected among themselves in a ring fashion. Each PS has various modules like Interaction Module of PS (IMPS)– Interacts with the client and TR. Service Manager of PS (SMPS)–Handles the requests from the user, Client Manager (CM) – Observes and updates the popularity of videos at PS as well as at TR as shown in Fig.3. And also to each of these PSs a large number of users are connected [LPSG]. Each proxy is called as a parent proxy to its clients. All these LPSGs are interconnected through their TR in a ring pattern. The PS caches the (pref-1) of videos distributed by VDM, and streams this cached portion of video to the client upon the request through LAN using its less expensive bandwidth. We assume that, 1. The TR is also a PS with high computational power and large storage compared to other proxy servers, to which clients are connected. It has various modules, using which it coordinates and maintains a database that contains the information of the presence of videos, and also size of (pref-1) and (pref-2) of video in each PS and TR respectively 2. Proxies and their clients are closely located with relatively low communication cost[1]. The Main server in which all the videos completely stored is placed far away from LPSG, which involves high cost remote communication.

Minimize Avg WAN Bandwidth usage S −P WAN bw =


Q i −1

bw( S − ( pref −1)( pref − 2))i

S −P

Subject to


1 Q



i= 1

(pref −1 )i ,
P =




i =1


i =1

(pref − 2 )i

W ( pref −1) & W ( pref − 2) > 0
IV.PROPOSED ARCHITECTURE AND ALGORITHM A. Proposed Architecture The proposed VoD architecture is as shown in Fig.2. This architecture consists of a MMS, which is connected to a group of trackers (TRs), As shown in Fig.3, each TR has various modules like Interaction Module (IMTR) – Interacts with the PS and MMS. Service Manager (SMTR) – Handles the requests from the PS. Database – Stores the complete details of presence and size of (pref-1) of videos at all the PSs. Video distributing Manager(VDM) – Responsible for deciding the videos, and sizes of (pref-1), (pref-2) of videos to be cached. Also handles the distribution and management of these videos to group of PSs, based on video’s popularity.

3. The MS, the TR and the PSs of LPSG are assumed to be interconnected through high capacity optic fiber cables. In the beginning, all the Nv videos are stored in the MMS. The distribution of the selected N of Nv videos among M PSs in an LPSG is done by Video Distribution Manager of TR as follows. First, all the N videos are arranged with respect to their popularity at jth LPSG . The popularity of a video is defined as the frequency of requests to this video per

137 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

threshold time t by the clients. Here, we assume that the frequency of requests to a video follows Zipf law of distribution. B. Proposed Algorithm

W (pref − 2 )i = xi × ( Si- (pref-1 )i )
where 0<



Whenever a client Ck request for the video Vi at PS, requesthandler (req-handler) checks whether IS-STREAMING flag of that video is true and the arrival time difference of the new client and the most recent client of the existing chain of Vi is below the threshold W(pref-1) then the servicemanager (service-mgr) adds Ck to the existing client chain of Vi and instructs it to get streamed from any one of the last d clients of the chain. Then by adding Ck to the client list of Vi, service-mgr updates the Streaming Clients List (SCL), which is the list with complete details of list of videos being streamed from that PS and the corresponding chain of clients of that video [line 3-7 of proposed algorithm]. Otherwise PS starts the new stream to Ck and new chain to Vi and SCL is updated by creating a new entry for Vi [line 8]. If it is not present in its cache, the IMPSq forwards the request to its parent TR, VDM at TR searches its database using perfect hashing to see whether it is present in any of the PSs in that Lp. If it finds starts streaming from that PS to Ck and updates the SCL accordingly [line 9,10 &11]. Otherwise request is passed to TR of [NBR[Lp]]. If Vi is found there it will be streamed from that PS to Ck and SCL is updated accordingly by service-manager [line 12,13 & 14]. If Vi is not found at NBR[Lp] also then the Vi is downloaded from the MMS and is streamed to Ck. While streaming the W(pref-1) and W(pref-2) of Vi is calculated as

and cached at PS and TR respectively, if sufficient space is available. Otherwise an appropriate buffer allocation algorithm is executed to make space to cache these prefixes of Vi according to popularity [line 15,16 17 and 18]. So most of the requests are served immediately from the client, who is already being served or from Lp by sharing the videos present among the PSs, which reduces the client rejectionrequest ratio R rej , load at the server SL, and increases the video hit ratio VHR.

W (pref −1 )i = xi×Si where 0< i <1 and


138 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

V. SIMULATION MODEL In our simulation model we have a single MMS and a group of 6 TRs. All these TRs are interconnected among themselves in a ring fashion. Each of these TR is in turn connected to a set of 6 PSs. These PSs are again interconnected among themselves in a ring fashion. To each of these PS a set of 25 clients are connected and all these clients are interconnected among themselves. We use the video hit ratio (VHR), the average client waiting time y to measure the performance of our proposed approach more correctly. In addition we also use the WAN bandwidth usage on MMS-PS path and probability of accessing the main server as the performance metrics. Table .1 Simulation Model
Notation S CMMS CTR CPS λ System Parameters Video Size Cache Size(MMS) Cache Size(TR) Cache Size(PS) Mean request arrival rate Default Values 2-3hrs, 200units/hr 1000 400(40%) 200(20%) 44 reqs/hr

contrast, we propose two schemes to address these issues 1) Local group of interconnected proxies’ and clients architecture with prefix caching technique and load sharing among the proxies of the group reduces the frequent access to MMS which in turn reduces the amount of bandwidth consumption between client and main server. 2) PC+Chaining, where the clients not only receive the requested stream, but also contribute to the overall VoD service by forwarding the stream to other clients, whose request arrives within the threshold time of W(pref-1). In PC+Chaining all the clients are treated as potential server points. When there is a request for a video Vi from the client Ck at particular proxy PSq, if the requested video Vi is present at PSq, then the service will be provided to Ck in the following stages C. Client admission phase When the request arrives at PSq, the request-handler (reqhandler) of that proxy checks for the presence of the video at PSq. If it is present then it checks the flag IS-STREAMING of the video Vi. If it is not true indicates that, there are no clients existing having streamed with the same video object Vi. Then the req-handler informs the service-manager (service-mgr) to provide the streaming of Vi to Ck. So the service-mgr starts new stream and updates the streaming clients list (SCL) by adding a new entry for the video Vi along with its (pref-1) size. The format of each entry of SCL is <video id sz(pref-1)- list of clients being streamed with Vi> If the flag IS-STREAMING is true, indicating that there is already a chain of clients being streamed with the same video. Then the req-handler looks into the corresponding entry for Vi in SCL to check whether the arrival time difference of the new client and the most recent client of the existing chain of Vi is below the threshold W(pref-1), if so Ck is added to the existing chain of Vi and sends the sub list of d applicant clients (LAC) to Ck, along with the msg to get streamed from the last client of the list LAC. Also sends the msg to all d clients of LAC, so that the client agent of these clients sends ready signal to Ck. Then Ck sends start signal generally to the most recent client being streamed with Vi, and starts getting the stream. This client becomes the parent client(PC) of Ck. In case any problem with this client, Ck can request the other clients. At the end of this client admission phase, SCL will have the complete details of list of videos being streamed and the corresponding chain of clients of that video along with the prefix size. Also each client knows its applicant ancestors to change its parent client (PC) in case of PC failure. D. Streaming phase We assume that the client has sufficient buffer space and network bandwidth to accommodate the (pref-1) of Vi. when the client Ck requested for Vi starts getting the stream from the last client of LAC, the buffer manager (buf-mgr)

We assume that the request distribution of the videos follows a zipf-like distribution. The user request rate at each PS is 35-50 requests per minutes. The ratio of cache sizes at different elements like MMS, TR and PS is set to CMMS : CTR : CPS = 10:4:2 and transmission delay between the proxy and the client, proxy to proxy and TR to PS as 100ms, transmission delay between the main server and the proxy as 1200ms, transmission delay between tracker to tracker 300ms, the size of the cached [(pref-1)+(pref-2)] video as 280MB to 1120MB(25min – 1hr) in proportion to its popularity. VI.PC+CHAINING Our proposed scheme PC+Chaining is an efficient streaming technique that combines the advantages of proxy prefix caching and both client-server and peer-to-peer approaches to cooperatively stream the video using chaining. The main goal of PC+Chaining is to make each client act as a server while it receives the video, so that the available memory and bandwidth of the clients can be utilized more efficiently. The un-scalability of traditional client-server unicast VoD service lies in the fact that the server is the only contributor and can thus become flooded by a large number of clients submissively requesting the service. In the client-server service model, a client sets up a direct connection with the server to receive the video. In this case an amount of WAN bandwidth requirement on server-proxy path equal to the playback rate is consumed along the route. As the number of requests increases, the bandwidth at the server and in the network is consumed so network becomes congested and the incoming requests must eventually be rejected [2]. In

139 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

starts buffering the video clips received from its parent client. And media-player starts playing it from the buffer. E. Closing Phase Any client Ck in the chain may wants to close the connection in the following two cases case1: Once the streaming of the complete video is finished. The client agent closes the connection with its parent client (PC) by sending close signal to it, but checks whether this client is PC for any other clients in the chain before sending close signal to its parent proxy server(PPS). If so, it waits until the streaming of the complete video to its child client (CC) finishes and then sends the close signal to its PPS and then closes the connection. The service-mgr updates the case2: In the middle of the streaming, if the Ck wants to stop watching the video, first client-agent of Ck checks whether it is a parent for any other client in the chain. If so it checks (tpc(Ck) –tcc(Ck))Vi <W(pref-1)Vi where tpc(Ck) is the arrival time of PC of Ck and tcc(Ck) is the arrival time of CC of Ck. If yes it sends the close flag to its PC, CC and to its PPS indicating that it is going to be closed and also gives the details of its CC to its PC. So the CC of Ck can continue getting the stream from PC of Ck and informs PPS about the change of its PC. Then service-mgr of PPS updates the SCL by removing the presence of Ck from the client list of Vi F. Client Failure recovery At any time it is possible for clients to fail, withdraw or operate in a lossy network environment [3]. A client’s failure may break the chain causing all its descendant clients loosing the streaming data. Because a failed client can no longer stream the video data to its descendant clients, so the buffered video data of its CC may fall below the threshold, thus the CC can detect the failure of its PC. So after a failure, its CC can detect the failure and notify the PC of the failed client. Also notify the PPS about the failure of its PC. So the service–mgr of PPS can update the SCL accordingly. Fig.4 shows an example of client chain for video56 and for video 14. Also shows the SCL with complete details of the video-id, sz(pref-1) and the list of clients in the chain. Fig.5 shows a situation when one of the clients C4 of the chain for the video 14 fails C5 which is the CC of C4, detects the failure of C4, when it does not receive the video data even after g seconds. C5 then notifies both the PPS and C3 which is PC of C4 along with its address and the details of its streaming like where it was stopped. Then PC of C4 stops streaming to C4 starts streaming to C5 and becomes the PC of C5, shown as a thick line between C3 and C5 in the fig.5. PPS updates the entry for video in SCL by removing C4 from the client list is shown in fig.5 If it is not present in its cache, the IMPSq forwards the request to its parent TR, VDM at TR searches its database using perfect hashing to see whether it is present in any of the PSs in that Lp. If the Vi is present in any of the PSs in that Lp, then the VDM intimates the same to SMTR which initiates the streaming of the (pref-1)Vi from that PS, and (pref-2)Vi from

its cache, to the requested PSq and the same is intimated to the requested PSq. Then the IMTR coordinate with MMS to download the remaining portion (S-(pref-1)-(pref-2))Vi, and hence the request-service delay is very small

If the Vi is not present in any of the PSs in that Lp, then the IMTR Passes the request to the tracker of NBR(Lp). Then the VDM(NBR(Lp)) checks its database using perfect hashing, to see whether the Vi is present in any of the PSs of its Lp. If it is present, then the SM(Lp) in turn initiates the streaming of Vi to the requested PSq through the optimal path, and the same is intimated to the requested PSq and hence request-

140 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

service delay is comparatively high but acceptable because it bypasses the downloading of the complete video from MMS using MMS-PS WAN bandwidth. If the Vi is not present in any of the PSs of its NBR(Lp) also, then the TR(Lp) modules decides to download the Vi from MMS to PSq. So the IMTR coordinates with MMS to download the Vi, and hence the request-service delay is very high, but the probability of downloading the complete video from MMS is very less as shown by our simulation results. Whenever the sufficient buffer and bandwidth is not available in the above operation the user request is rejected VII. PERFORMANCE EVALUATION In comparison with the prefix caching without chaining (PCChaining), we use T=sz(pref-1) as the threshold value and following performance metrics in our evaluation i) Client rejection ratio Rrej=
Nrej R

(pref-1)-(pref-2)), and for the complete video very rarely, which has reduced the server load significantly as shown in fig.10. This in turn reduces the WAN bandwidth usage from MMS to PS as shown in the Fig. 9. Impact of PC+Chaining on Client waiting Time :   Our proposed approach increases the aggregate storage space of Lp by distributing the large number of videos across the PSs and TR of Lp, and hence achieves the high cache hit rate there by reducing the client waiting time significantly. For example, if 10 PSs within a LPSG managed 500 Mbytes each, total space available is 5 GB. 200 proxies of LPSG could store about 100 GB of movies. Generally the

where Nrej is the number of requests

rejected, R is the total number of requests arrived ii) Average Q network bandwidth usage on MS-PS path BW= ∑ = bwi iii) i 1 Main Server load SL iv) Number of requests served from Lp. Client rejection ratio & Video hit ratio: Fig.8 shows the client rejection ratio of our proposed system, which is very less. We can observe that PC+Chaining allows more clients to join the chain, because as the request arrival rate increases T W(pref-1) is also increases. This keeps IS-STREAMING flag of some client in the chain true. So the request can be served immediately from the PS by adding it to the existing chain, which increases the video hit ratio as shown in fig.7 and significantly reduces the client waiting time as shown in the fig.11 Average server-proxy bandwidth usage: The main server may reject many requests due to its bandwidth constraints, when the clients directly request the main server. Our proposed Lp architecture and a scheme of caching maximum portion of (pref-1) and (pref-2) of most frequently asked videos at PS and at TR respectively, and load sharing algorithm with PC+Chaining increases the system efficiency and reduces the average MMS-PS network bandwidth usage as shown in fig.6. and fig.9 Table.2 Simulation results
Notation Q (Total) Q (PS) System Parameters Total No. of requests served at Lp No. of requests served with PC+Chaining from Lp No. of requests served with PCChaining from Lp Mean bandwidth usage from server to Proxy Average Video Hit ratio Client waiting time MMS Load reduction Results 320 296(93%) 198(65%) 21% 92% 2sec - 3Sec 70%


scalability of PC-Chaining improves because of the popularity based presence of the video at any one of the PS in Lp. As the size of the (Pref-1) increases, more and more number of clients can be joined to the existing chain of the video and they can be served immediately from the Lp itself. This reduces the client waiting time significantly as shown in the fig.11, which also reduces the WAN bandwidth usage along server-proxy path as depicted in the fig.9.

Main Server load: As popularity based (pref-1) and (pref-2) of most of the videos are cached and streamed from Lp itself, main server is contacted for least amount of video data ((S-

141 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

object with other existing clients. And the popularity based W(pref-1) allows more number of clients to get benefit from the existing chain. Our simulation results demonstrated that our proposed approach has reduced the average bandwidth usage on server-proxy path, and also the load of main server, client rejection ratio and achieves the client failure recovery successfully. The future work is being carried out to improve the performance using dynamic buffer management at PS. REFERENCES
[1] LiZhu,Gang Cheng, NirwanAnsari,Zafer Sahinoglu ”Proxy Caching for Video on Demand Systems in Multicacsting” CISS, The Johns Hopkins University, March 12-14, 2003. [2] Yang Guo, Kyoungwon Suh, Jim Kurose ”P2Cast:Peer-to-Peer patching scheme for VoD Service”www2003,May20-24, 2003,Budapest, Hungary ACM 1-58113-680-3/03/0005 [3] Fouliras P, Xanthos S, Tsantalis N, Manitsaris A (2004) LEMP: lightweight efficient multicast protocol for video on demand. ACM Symposium on Applied Computing, pp 14–17, March [4] Lian Shen, wei Tu, and Eckehard Steinbach “ A Flexible Starting point based Partial Caching Algorithm for Video On Demand” 1-4244-1017/07 @2007 IEEE. [5] Wallace K. S. Tang, Eric W M. Wong “Optimal Video Placement Scheme for Batching VOD services” IEEE TRANSACTIONS ON BROADCASTING, VOL 50 NO.1 MARCH2004. [6] Roopalakshmi.R . and Ashok kumar ” Hybrid Chaining Scheme for Video-on-Demand Applications Based on Popularity “ Proceedings of the 8th conference on Applied informatics and communications Pages 546-553 Year of Publication: 2008. ISBN ~ ISSN:1790-5109 , 978-960-6766-94 [7] Y.C Tay and HweeHwa Pang, “Load Sharing in Distributed Multimedia-On-Demand Systems”, IEEE Transactions on Knowledge and data Engineering, Vol.12, No.3, May/June 2000. [8] Simon Sheu,Kien A. Hua “Chaining: A Generalized Batching Technique for Video-On-Demand”, 0-8186-7819-4/97 @1997 IEEE [9] Yang Guo, Subhabrata Sent and Don Towsley “Prefix caching assisted Periodic Broadcast for Streaming popular Videos” 0-7803-7400-2/02 @2002 IEEE [10] Edward Mingjun Yan and Tiko kameda “ An Efficient VOD Broadcasting Scheme with User Bandwidth Limit”, SPIE/ACM MMCN2003, Santa Clara, CA, Jan. 2003. [11] S. González, A. Navarro, J. López and E.L. Zapata, "Load Sharing in Distributed VoD (Video on Demand) Systems". (SSGRR 2002w), L'Aquila, Italy, January 21-27, 2002.

VIII.CONCLUSION In this paper we have proposed an efficient video sharing mechanism with chaining and an architecture where proxies and clients cooperate with each other to achieve reduced network bandwidth usage on the server-proxy path and client rejection ratio, by caching and streaming maximum portion of the most frequently requested videos from Lp. and by sharing the video data of the currently played video

142 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

[12] “COPACC:An Architecture of cooperative proxy-client caching System for On-Demand Media Streaming. A report Alan T.S lp, Jiangchuan Liu, John C.S.Lui. [13] Hyunjoo Kim. Heon Y. Yeom “P-chaining: a Practical VoD service scheme automatically handling interactive operations” @springer Science+Business Media, 11 July 2007. AUTHORS PROFILE M Dakshayini holds M.E degree in Computer science. She has one and half decades of teaching experience. she has published many papers. She is currently working as teaching faculty at Information and science and engineering department, BMS College of engineering, Bangalore, India. T.R. Gopalakrishnan Nair holds M.Tech. (IISc, Bangalore) and Ph.D. degree in Computer Science. He has 3 decades experience in Computer Science and Engineering through research, industry and education. He has published several papers and holds patents in multi domains. He won the PARAM Award for technology innovation. Currently he is the Director of Research and Industry in Dayananda Sagar Institutions, Bangalore, India.

143 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Convergence Time Evaluation of Algorithms in MANETs
Annapurna P Patil
Abstract Since the advent of wireless communication, the need for mobile ad hoc networks has been growing exponentially. This has opened up a Pandora’s Box of algorithms for dealing with mobile ad hoc networks, or MANETs, as they are generally referred to. Most attempts made at evaluating these algorithms so far have focused on parameters such as throughput, packet delivery ratio, overhead etc. An analysis of the convergence times of these algorithms is still an open issue. The work carried out fills this gap by evaluating the algorithms on the basis of convergence time. Algorithms for MANETs can be classified into three categories: reactive, proactive, and hybrid protocols. In this project, we compare the convergence times of representative algorithms in each category, namely Ad hoc On-Demand Distance Vector (AODV)-reactive, Destination Sequence Distance Vector protocol (DSDV)-proactive, and Temporally Ordered Routing Algorithm (TORA)-hybrid. The algorithm performances are compared by simulating them in ns2. Tcl is used to conduct the simulations, while perl is used to extract data from the simulation output and calculate convergence time. The design of the experiments carried on is documented using Unified modeling Language. Also, a user interface is created using perl, which enables the user to either run a desired simulation and measure convergence time, or measure the convergence time of a simulation that has been run earlier. After extensive testing, it was found that the two algorithms AODV and DSDV are suited to opposite ends of the spectrum of possible scenarios. AODV was observed to outperform DSDV when the node density was low and pause time was high (sparsely populated very dynamic networks), while DSDV performed better when the node density was high and pause time was low (densely populated, relatively static networks). The implementation of TORA in ns2 was found to contain bugs, and hence analysis of TORA was not possible. Future enhancements include rectifying the bugs in TORA and performing convergence time analysis of TORA as well. Also, a system could be developed which can switch between protocols in real time if it is found that another protocol is better suited to the current network environment.

Narmada Sambaturu

Krittaya Chunhaviriyakul

Department of Computer Science and Engineering, M.S. Ramaiah Institute of Technology,Bangalore-54,India.

information has also grown. In areas in which there is little or no communication infrastructure or the existing infrastructure is expensive or inconvenient to use, wireless mobile users will still be able to communicate through the formation of a Mobile Ad Hoc Network (MANET). In a MANET, each node participates in an ad hoc routing protocol that allows it to discover multi-hop paths through network from itself to destination. There are three types of routing protocols used in MANETs namely: proactive, reactive and hybrid routing protocols. Each type of protocols performs differently under different network scenarios. One protocol might perform better than others in specific situation. To compare performance of each type of protocol, a representative routing protocol is chosen from each type, namely: DSDV (proactive), AODV (reactive), and TORA (hybrid). These protocols are compared in terms of convergence time to uncover in which situations these types of algorithms have their strengths and weaknesses. II. RELATED WORK Extensive work has been done on evaluating algorithms for MANETs. In [16], AODV and DSDV have been compared with average throughput, packet loss ratio, and routing overhead as the evaluation metrics, [17] has compared AODV and DSDV in terms of delay and drop rate, [18] compares AODV and DSDV in terms of throughput, packets received, delay and overload. Similarly, [19] compares AODV, DSDV and DSR in terms of throughput, delay, drop rate. This paper has also varied the mobility model used as Random Waypoint and Social Networking models. III. OVERVIEW OF THE DOCUMENT Section 1 gives a general introduction to the project while section 2 explores related work. An overview of MANETs is given in section 4, along with a brief explanation of the chosen algorithms. Section 5 gives the system design and Implementation. Section 6 describes the testing of the system.

I. INTRODUCTION Recently there has been tremendous growth in the number of laptops and mobile phones. With the increase in their number, their participation in people’s basic needs to share

144 ISSN 1947-5500


(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1 2009

Conclusion and future enhancements is provided in Section 7 followed by references. IV. BACKGROUND A. MANETs In MANETs, each mobile device operates as a host and also as a router [10], forwarding packets for other mobile device when they are not within direct wireless range of each other. Each node participates in an ad hoc routing protocol that allows it to discover multi-hop paths through network from itself to a destination. MANET is an infrastructure less network [8] since the mobile nodes in the network dynamically establish routing among themselves to form their own network on the fly. Ad hoc networks are very different from wired networks since they have many constraints which are not present in wired networks e.g. limited bandwidth, limited battery and dynamic topology. Since the nodes are mobile, the network topology may change rapidly and unpredictably over time. The network is decentralized, and all network activity including discovering the topology and delivering messages must be executed by the nodes themselves, i.e., routing functionality is incorporated into the mobile nodes. Since the topology in a MANET environment is highly dynamic, the path information the routing algorithm may have acquired can become invalid. The algorithm has to detect that the information it possesses is invalid, and find the new correct path to the destination. The time between a fault detection, and restoration of a new, valid path, is referred to as convergence time [6]. This is a very important metric in MANET scenarios, and reflects the ability of the algorithm to adapt to the changing network dynamics. The algorithms must aim to minimize convergence time as much as possible. There are three types of routing protocols used in MANETs: proactive, reactive and hybrid routing protocol. Proactive protocols are the ones which maintain routing information for all mobile nodes and keep this updating information periodically. An example of proactive protocols is DSDV (Destination Sequenced Distance Vector). Reactive protocols are the protocols which do not maintain routing information. Rather, they discover the path to destination on demand. This saves memory, battery power, and bandwidth. An example is AODV, or Ad hoc On demand Distance Vector. Hybrid protocols combine the advantages of both proactive and reactive protocols. An example is TORA, or Temporally Ordered Routing Algorithm. B. DSDV DSDV is a table-driven routing scheme for ad hoc mobile networks based on the Bellman-Ford algorithm. The main

contribution of the algorithm was to solve the Routing Loop problem which is present in Bellman-Ford algorithm. To do so, DSDV makes use of sequence numbers. Each entry in the routing table contains a sequence number; the sequence numbers are generally even if a link is present; else, an odd number is used. The number is generated by the destination, and the emitter needs to send out the next update with this number. Routing information is distributed between nodes by sending full dumps infrequently and smaller incremental updates more frequently. C. AODV AODV is a reactive routing protocol, meaning that it establishes a route to a destination only on demand. When there is no need of a connection, the network remains silent. It is a distance-vector routing protocol. AODV avoids the countto-infinity problem by making use of sequence numbers. When a connection is needed, the network node that needs the connection broadcasts a request for finding a route to the destination .Other nodes forward the message, and record the id of the node that they heard it from, creating temporary routes back to the needy node. When a node receives such a message and already has a route to the destination, it sends a message backwards through a temporary route to the requesting node. The needy node then begins using the route that has the least number of hops to the destination. Unused entries in the routing tables are recycled after a time. When a link fails, a routing error is passed back to a transmitting node, and the process repeats. D. TORA TORA is a hybrid protocol which combines the advantages of both proactive and reactive protocols. TORA does not use a shortest path solution. It builds and maintains a Directed Acyclic Graph rooted at a destination. No three nodes may have the same height. TORA makes use of height in order to prevent loops in routing. Information may flow from nodes with higher heights to nodes with lower heights, but not viceversa [22]. V. SYSTEM DESIGN AND IMPLEMENTATION A. Main design criteria Simulator chosen: The network simulator ns2 [11] (version 2.33) was chosen, as this has become a de facto standard for networking research. It was necessary to use available implementations of algorithms rather than implement them freshly ourselves, as it is important for the acceptance of an evaluation that the implementation used for evaluation has been scrutinized and accepted as correct by the community. Else the evaluation results will not be accepted as

145 ISSN 1947-5500


(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No.1, 2009

doubt will exist about the correctness of the implementation of the algorithms. Algorithms chosen: One representative algorithm from each type was chosen for comparison, as this would give a broad picture of which type of algorithm performs well in which environments. Further experiments can be built based on the results of this project, to compare convergence time performance of algorithms within the same category as well. The specific algorithm chosen within each category was DSDV for proactive, AODV for reactive, and TORA for hybrid. These algorithms embody the principles of the type of algorithm they represent. Also, they have been implemented previously in ns2, and have been under community scrutiny for a long time. However it was found that ns2’s implementation of TORA contains bugs [20. 21, 22], and forms loops. Hence only DSDV and AODV have been actually simulated. The hybrid algorithm has been left as a future enhancement. Mobility mode:. The Random Waypoint Model was chosen as the mobility model for the simulations. According to this model, a node waits in its current position for a duration of time specified by pause time. At the expiration of this pause time, it chooses a destination randomly, and moves to it with a speed chosen from the uniform distribution [0, max_speed]. This process is repeated until the end of the simulation. Specific scenarios: The parameters that define the MANET scenario are node density, and node mobility. In this project, the node density can be varied by varying the number of nodes, while the mobility can be varied by varying the pause time. That is, if a node pauses for a longer time at each waypoint, its overall mobility is less, while pausing for a very short time, say 1s, means its mobility is very high. B. Implementation • Network scenario


Convergence time measurement

The simulations are conducted using the network simulator ns2 [11]. Random Waypoint mobility model is used. The physical layer simulates the behavior of IEEE 802.11 (as included with ns2). Each node has a radio range of 250 meter, and uses TwoRayGround as the radio propagation model. All the scenarios are based on the following basic parameters: cbr (constant bit rate) traffic topology of size 500 m x 500 m maximum speed of each node 20 m/s simulation time 180s transmission rate (packet rate) 10 m/s The number of nodes is varied in the range [10,100] in steps of 10 (to represent 10 node densities). Pause time is varied in the range [0,180] in steps of 20 (to represent 10 pause times).

In [5], convergence time has been defined as the time between detection of an interface being down, and the time when the new routing information is available. [6] defines a route convergence period as the period that starts when a previously stable route to some destination becomes invalid and ends when the network has obtained a new stable route for. Similarly, we define convergence time as the time between a fault detection, and restoration of new, valid, path information. [5] calculates convergence time in the IP backbone. The authors arrive at the value of convergence time by deploying entities called ‘listeners’, which listen to every link state PDU being sent by the is-is protocol. The time when the first ‘adjacency down’ packet is observed is taken as the time of detection of an interface being down. This failure event is said to end when the listener receives link state PDUs from both ends of the link. We arrive at the convergence time by measuring the interval between the detection of route failure and successful arrival of a packet at the destination over the newly computed route. This includes not only the routing convergence time, but also the time taken for the packet to traverse the network from the source to the destination over the newly discovered path. Since this is a comparative analysis, and both the routing protocols use shortest distance with number of hops as the metric for distance calculation, both protocols will arrive at the same new route, and the time taken to reach the destination over this new route will be the same (since all physical characteristics are the same). Hence this extra time measured does not affect the comparative analysis. In any case, the time taken for a packet to travel from the source to the destination is negligible when compared to the time taken for the algorithm to discover the new route, either through route request - route reply sequences as in reactive protocols, or by waiting for an update that contains new route information as in proactive protocols. Also, this automatically verifies that the new path calculated is correct. The cycle of invalidation of old path and discovery of a new path might occur many times, and for many sourcedestination pairs over the course of the simulation. Hence the average value of these times is taken as the convergence time of that algorithm for that scenario. This procedure has been carried out in perl. VI. TESTING In order to be able to cover most if not all the types of scenarios the algorithms might face, we varied both the node density (number of nodes) and the node mobility (pause time). The node density (number of nodes) was varied in the range [10,100] in steps of 10 (10 different node densities). The upper limit of this range was chosen to be 180 because the simulation time is 180s in all the cases. Thus a pause time

146 ISSN 1947-5500


(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

of 180 implies that the nodes pause in their initial positions for 180 seconds – the entire duration of the simulation. Hence this represents the case where nodes are completely static. Similarly, pause time 0 represents very high mobility where the nodes are in constant motion. Thus we tested each algorithm over 10 node densities x 10 pause times = 100 scenarios. Also, each scenario was generated 3 times with the same parameters but with different seeds to the random number generators. This gave us a different set of connections and a different mobility signature each time. The convergence time was measured for each of these three scenarios, and the average of these was used in the final analysis. Thus every single point in the graphs shown below is the result of 3 simulations. At the conclusion of the project, a total of 600 simulations ((100 scenarios x 3 runs of each scenario) x 2 algorithms) had been run. All the graphs shown below plot the value of convergence time against pause time. In each graph, the node density is fixed.

Figure 4. 40 nodes, varying pause time

Figure 5. 50 nodes, varying pause time

Figure 6. 60 nodes, varying pause time

Figure 1. 10 nodes, varying pause time

Figure 7. 70 nodes, varying pause time Figure 2. 20 nodes, varying pause time

Figure 8. 80 nodes, varying pause time Figure 3. 30 nodes, varying pause time

147 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Figure9. 90 nodes, varying pause time

Figure 10. 100 nodes, varying pause time

Figures 1, 2 and 3 give the graphs of convergence times when the number of nodes were fixed to 10, 20 and 30, respectively (low node density). AODV was found to converge in less than 1 second most of the time, while DSDVs convergence characteristics varied with changes in the pause time. However, DSDV’s performance matched that of AODV when pause time was 160s, and 180s. Figures 4, 5, 6 and 7 describe the cases when there were 40, 50, 60 and 70 nodes in the scenario (intermediate node densities). DSDV was observed to converge faster than AODV at pause times of 140s, 160s, and 180s (when nodes are almost immobile). When the pause time was low (high mobility), AODV continued to outperform DSDV. In figures 8, 9 and 10, the number of nodes in the scenario is 80, 90 and 100, respectively. DSDV was observed to converge faster than AODV in all cases except in extremely high mobility (at 0s, 20s, 40s pause times). AODV’s convergence time degraded to its worst, standing at 8s for 100 nodes and pause time 60s. VII. CONCLUSION AND FUTURE ENHACEMENTS A.Conclusion The aim of this project was to compare representative algorithms - DSDV (proactive), AODV (reactive) and TORA (hybrid) in terms of convergence time, and uncover in which situations these types of algorithms have their strengths and weaknesses. Ns2 [11] was chosen to simulate these algorithms, and a perl script was written to measure convergence time by parsing the output of the simulations. The implementation of TORA in ns2 was found to contain bugs which caused it to form long living loops [20, 21, 22]. Hence an analysis of

TORA was not possible. 600 simulations of the algorithms DSDV and AODV were conducted, over a wide range of network scenarios. When the results of the simulations were analyzed, it was found that AODV was able to converge in less than 1s for scenarios where there was low node density (of the order of 30 nodes or lower) and high to very high mobility (of the order of 60 pause time or lower). In these scenarios, DSDV was found to perform very poorly, taking upto 18s to converge. However, with increase in node density, the convergence time of AODV was found to increase steadily, while that of DSDV was found to decrease. For the case when node density was high (of the order of 80 nodes or higher) and mobility was low (of the order of 100s pause time or higher), DSDV was found to converge faster than AODV, with AODV taking as much as twice as long to converge. For intermediate node densities (40 to 70 nodes) and intermediate mobilities (60s to 80s pause time), the convergence time performances of the two algorithms were found to be comparable (of the order of 4s). Thus AODV and DSDV were together found to cover the two ends of the spectrum of possible network scenarios, with AODV providing fast convergence with low node densities and high mobilities, and DSDV performing well with high node densities and low mobilities. B. Future Enhancements The project developed was a primitive attempt and can be further improved to include the following features: • To correct the errors present in TORA routing protocol and perform convergence time analysis. • Analysis of various other hybrid routing protocols could be experimented. • The switching from one routing protocol to another routing protocol can be made possible when the current network scenario can perform better with another protocol. Hence in real time application, this switching mechanism can provide a better performance routing when the real time information is necessary. • Different routing protocols from each type of MANET routing algorithms can be determined and compared to find the performance. ACKNOWLEDGMENT We wish to acknowledge the efforts of our Professor and Head of the Department at CSE Dr. V. K. Aanthashayana for his guidance which helped us work hard towards producing an innovative work.

148 ISSN 1947-5500


(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

[1] Charles E. Perkins and Elizabeth M. Royer. "Ad hoc On- Demand Distance Vector Routing." Proceedings of the 2nd IEEE Workshop on Mobile Computing Systems and Applications, New Orleans, LA, February 1999, pp. 90-100. [2] “Ad hoc On Demand Distance vector (AODV) Routing protocol”, RFC 3561, at [3] Charles E.Perkins and Pravin Bhagwat, “Highly Dynamic DestinationSequenced Distance-Vector Routing (DSDV) for Mobile Computers” In Proceedings of SIGCOM ’94 Conference on Communications Architecture, protocols and Applications August 1994. [4] V. Park, M. Corson "A highly adaptive distributed routing algorithm for mobile wireless networks", INFOCOM'97 Proceeding, April 1997. [5] G. Iannaccone, C.-N. Chuah, R. Mortier, S. Bhattacharyya, and C. Diot, “Analysis of link failures over an IP backbone,” in ACM SIGCOMM Internet Measurement Workshop (IMW), Nov. 2002. [6] D. Pei, X. Zhao, L. Wang, D. Massey, A. Mankin, S. F. Wu, and L. Zhang, “Improving bgp convergence through consistency assertions,” in Proc. of IEEE INFOCOM, 2002. [7] Barry M. Leiner, Robert J. Ruth, and Ambatipudi R. Sastry. Goals and challenges of the DARPA GloMo program. IEEE Personal Communications, 3(6):34–43, December 1996. [8] National Science Foundation. Research priorities in wireless and mobile communications and networking: Report of a workshop held March 24– 26, 1997, Airlie House, Virginia. Available at [9] Neil Siegel, Dave Hall, Clint Walker, and Rene Rubio. The Tactical Internet Graybeard Panel briefings. U.S. Army Digitization Office. Available at, October 1997. [10] The National Institute of Standards and Technology. Mobile ad hoc networks (MANETs) at [11] The Network Simulator - ns-2 at [12] RWTH university of Aachen, Bionics: from biology to technology at of new trace format at [13] Explanation ttp:// [14] NTHU National Tsing Hua University, Mobile Ad hoc Networks at [15] Wikipedia, The free encyclopedia at [16] R. Khalaf, A. El-Haj-Mahmoud, and A. Kayssi (Lebanon) “Performance Comparison of the AODV and DSDV Routing Protocols in Mobile Ad Hoc Networks”, From Proceeding (371) Communication Systems and Networks - 2002 [17] Ebrahim Mahdipour, Ehsan Aminian, Mohammad Torabi, Mehdi Zare, "CBR Performance Evaluation over AODV and DSDV in RW Mobility Model," Computer and Automation Engineering, International Conference on, pp. 238-242, International Conference on Computer and Automation Engineering (iccae 2009), 2009. [18] Muazzam Ali Khan Khattak, Khalid Iqbal, Prof Dr. Sikandar Hayat Khiyal, “Challenging Ad-Hoc Networks under Reliable & Unreliable Transport with Variable Node Density”, Journal of Theoretical and Applied Information Technology. [19] REN Wei, YEUNG D.Y, JIN Hai1” TCP performance evaluation over AODV and DSDV in RW and SN mobility models” (School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, China) (Department of Computer Science, Hong Kong University of Science and Technology, Hong Kong, China) 2005. [20] Failed simulation with TORA protocol, problem with creating nodes in wireless + TORA at[ns]. [21] [ns] Problem in TORA simulation at [22] [ns] MANET : TORA Routing Protocol at


The authors are Faculty and Students at M S Ramaiah Institute of Technology, Bangalore working in the area of Bio-inspired computing in the RD labs, Department of Computer Science.

149 ISSN 1947-5500


(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

RASDP: A Resource-Aware Service Discovery Protocol for Mobile Ad Hoc Networks
Abbas Asosheh
Faculty of Engineering Tarbiat Modares University Tehran, Iran
Abstract— Nodes in Mobile Ad hoc NETworks (MANETs) in real world applications are different in resources such as memory size, battery power and processing power and highly heterogeneous. This fact either has been paid a little attention or ignored in most of proposed Service Discovery Protocols (SDPs) for ad hoc environments. Nodes that are selected to maintain directory in directory-based SDPs, demand more battery power and need more memory and processing power than the other nodes which are not directory nodes. In this paper a novel directory-based SDP has been proposed that regards this heterogeneity and selects most proper nodes, according to some criteria, as directory agent nodes. Also, by saving reverse track of service advertisement and discovery messages accelerates joining of service requester and provider nodes of a specific service. This protocol includes two distinct parts: The first part, selects a set of the network nodes to form a subset of relatively stable directory nodes regarding some criteria and maintains built mesh structure against topology changes by inserting or removing nodes to/from this subset; and the second part, is used to efficiently distribute the service request, registration, and reply messages among service requester, intermediate or provider nodes. Also, proposed protocol has been simulated by GloMoSim which is one of wellknown simulation tools. Simulation results based on some parameters prove this assertion that the protocol in an ad hoc environment has high performance, more scalability and uses critical resources of the nodes more efficiently. Keywords- SDP; directory-based; MANET; heterogenity; resource-awareness

Gholam Abbas Angouti
Faculty of Engineering Tarbiat Modares University Tehran, Iran transmissions, to reduce power consumption in these devices. Because devices join and leave the network dynamically, it is also important to implement mechanisms to detect availability and unavailability of services, as soon as possible. Finally, the broadcast capability of wireless medium, the multicast support of the underlying routing protocols, and the cooperation potential of the devices must be used to gain optimal results. In this paper, the problem of how mobile nodes in an ad hoc network announce their offered services and discover demanded services in the network has been addressed. We propose a new directory-based SDP which has been designed to fulfill the requirements of ad hoc networks and is suitable for real world applications. Because of using directory, Resource-Aware Service Discovery Protocol for Mobile Ad Hoc Networks, reduces number of transmitted control packets. So, it is more energy efficient than directory-less protocols. Our protocol is a fully distributed protocol in which services that offered by devices can be discovered by others, without a central server. This protocol emphasizes on this fact that all devices in ad hoc networks are not same in resources that they have. This fact has been ignored or been paid negligible attention in most of SDPs that have been proposed for ad hoc networks till now [1-11]. These protocols encounter with all nodes in same way and have no or a few attention to heterogeneity of mobile nodes in ad hoc networks. This protocol does not need a central server, so no infrastructure is required. It puts most burden of service discovery overhead on nodes with less constraints. One of the key contributions of this protocol is to minimize power consumption in all devices, especially in the most limited ones. This means that the number of transmissions necessary to discover or advertise services will be decreased as much as possible. The remaining of the paper is organized as follows. In section-II, an overview of previously proposed mechanisms to service discovery problem is introduced. Section-III reviews main specifications of the protocol. Section-IV defines some terms and notations that are used throughout the paper. In section-V, the algorthms of managing mesh structure are proposed. Mechanisms for distribution of service advertisement and service discovery messages are explined with more details in section-VI. Performance evaluation and describing simulation parameters and environment which has been done by GloMoSim, are the content of section-VII.



MANETs have special characteristics like potentially highly dynamic network topology and having heterogeneous wireless devices. In addition this type of networks does not rely on any fixed physical infrastructure. Nodes in these networks are much differentiated in capabilities such as memory size and processing power. So, heterogeneity and other special characteristics that MANETs have, require a novel approach to the problem of service discovery in these networks. Power is one of the crucial resources that a device mobile has. Because, as battery of a device mobile be discharged, it will die and be deleted completely from the network. So, mobile devices need to minimize power consumption to enhance their existence and offering their services in the network. Because cost of receiving is significantly less than of transmitting [19], it is very important to minimize the total number of

150 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Finally, section-VIII, contains conclusion and our future work about this protocol. II. RELATED WORKS

theoretic approach[10], and DSD[11] are examples for SDPs that do not rely on directories. III. BACKGROUND It seems that mechanisms that don’t use directory be must proper to MANET scenarios [6], because in this type of SDPs there is no need for any infrastructure and there is not any bootstrapping phase that is required to selecting nodes to put directories on them. Furthermore, there are no needs special algorithms to control exit or entrance of nodes to network. Hence, nodes may show low latency in forming a network and join and leave the network. In addition, network support for broadcasting, multicasting, or anycasting is adequate to implement this client-server model. In directory-based algorithms information about services is saved and their servers that may not be used or lose their validity as a result of nodes mobility. For implementing a directory-based method, it is necessary to assign directory to predetermined nodes or select them dynamically via certain algorithms depending on some criteria. Because of dynamism and other limitations that exist in ad hoc networks, the first choice is not possible. Also, selecting directory node dynamically and inform the other nodes of the network about the identities of these directory nodes incurs extra load to the network. In addition, because of dynamically change of network topology; it is necessary to handle topology changes of the network. So, this approach is not suitable for MANET environments. But, there are some reasons that make use of directories reasonable. In directory-based SDPs, after selecting directory nodes, it is possible to have a controlled multicast. In both advertising and requesting services, messages not been broadcasted throughout the network. Messages only will be multicasted between directory nodes. In other words, discovery of the directory by service seekers and providers is in general based on multicasting. As a result, there is not any flooding in network. So, network traffic decreases and high scalability will be achieved. In directory-based methods, because there is a central node, security policies may be applied more effectively. Another reason is the fact that in directory-based SDPs response time, time period between service request and find an appropriate server, is more less than directory-less protocols. Also, directory nodes can apply load balancing techniques to reduce load on certain servers to increase network performance. Another main reason to use of directories in SDPs comes from this fact that overhead imposed by dynamically selecting the directory nodes is justified with the overall efficiency provided that SBNs in other layers such as routing. In other words, constituted structure can be used in routing protocols too. In summarize, which approach achieves a better trade-off depends on the traffic and mobility patterns. For example in case of scalable and dense ad hoc networks, directory-based protocols provide enhanced performances compared to directory-less protocols, or in ad hoc networks with high mobility, vice versa.

Service discovery in wireless mobile ad hoc networks has recently gained a lot of attention in research. In wired networks many service discovery protocols have being suggested and some of them have gained the status of industry standard. For example, Jini [12] by Sun, Universal Plug and Play (UPnP) [13] by Microsoft, Salutation [14] by IBM, Service Location Protocol (SLP) [15] by IETF, Bluetooth SDP [17] and DEAPSpace [16] are famous SDPs that are used in industry and have been standardized. In MANETs, in spite of relatively many efforts, there are not such standardized protocols. Because SDPs in wired networks are based on specific assumptions, protocols that have been developed for such networks are not suitable for ad hoc environments. The main characteristic of SDPs in MANETs is their architectures [20]. Architecture of an SDP is mainly dependent on use or not use of directory. Directory is a data structure that stores information about services that various devices in the network have. So, there are two main group of SDPs: SDPs that use directory(directory-based) and SDPs that do not use directory (directory-less). In directory-based SDPs nodes that offer any services, register their services in directory and nodes that need services, send service request message to that nodes. In this type of SDPs some nodes are selected to maintain directories. Network nodes start a bootstrapping phase in which after a predefined time, some nodes are selected to put directories on (directory nodes). There are some criteria for selecting directory nodes. These criteria are differnet in protocols that proposed till now. In bootstrapping phase nodes start to transmit some messages to determine directory nodes. In ad hoc environments, because of nodes mobility, there are mechanisms that check directory nodes to have required criteria. In situaions that a directory node leaves network or does not satisfy these measurements, another node will be selected to be directory node. For example, SDPs like Service Rings[1] , Lanes[2], mechanism proposed by Kozart et al[3], mechanism proposed by Tyan et al[4], mechanism proposed by Mohammad Nazeeruddin et al[18], and Splendor[5] have directory-based architecture. In directory-less architectures there is not any bootstrapping phase. Protocols that have such distributed architecture, can be dichotomized into reactive (pull) or proactive (push) mode. In push mode, nodes that offer any services, periodically broadcast their services information in network. Nodes that receive these announcements, extract the information about available services in the network and forward these announcements to their neighbors. In pull mode, nodes that need a service, broadcast a request message in network. If a node that offers this service receive this message, reply it. SDPs like mechanism proposed by Cheng et al[6], GSD[7], Konark[8], algorithm proposed by Varshavsky et al[9], Field

151 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009



Resource-Aware Service Discovery Protocol for Mobile Ad Hoc Networks consists of two parts. The first part, managing mesh structure phase, selects a subset of the network nodes to form a relatively stable directory nodes set, determining gateway nodes to specify the paths between these nodes and reacts to the topology changes by inserting or deleting network nodes to/from this set. Selecting directory nodes is done according to some criteria. Nodes that are the strongest among other nodes in their neighborhood will be selected as directory nodes. First part constitutes a mesh structure with the directory nodes and the gateway nodes that connecting them. The second part is used to efficiently distribute the request and registration messages from the service provider or requester nodes to the directory nodes. In second part, some algorithms are developed to distribute these messages efficiently. Unlike most of the other backbone or clustering algorithms, our protocol utilizes only a 1-hop local broadcast control message (Hello Beacon) for selecting the directory nodes, creating routes between them, and maintaining the set of directory nodes [22]. Hello beacons are also light-weight, because they do not carry all the neighborhood information of the transmitting nodes. Both parts of our protocol are described in details later. Before explaining the phases of protocol, it is necessary to define some terms and notations that are used throughout the paper. The next section is dedicated to this purpose. A. Assumptions We have some general assumptions for network in our protocol. All of nodes in the network have an Omnidirectional antenna and have the same transmission range. It means that all links are bi-directional. Nodes of network share the same communication channel to transmit and receive messages. Hence no node is allowed to transmit and receive at the same time. No particular assumption is made on medium access control (MAC) and access scheme can be random, reservation based, or any variant of both. Without loss of generality, topology graph of network is assumed to be connected in any particular time, because each component of the network can be treated as an independent network. B. Definitions rolei: role of node i in the network. In each particular time a node can be a normal node (NN), gateway node (GN) or directory node (DN). In the beginning, all nodes role is normal. ANNi: average number of neighbors of node i. This parameter represents the average number of neighbors that node i in a fixed time window has. This parameter is set to zero at the start time, for all nodes. NNCi: number of neighbor changes of node i. This parameter utters the number of different neighbors that node i has have in a fixed time window.

Strengthi: Strength of a mobile node i; that is a float number that indicates level of recourses which node i has. Some resources that are critical are applied in calculating strength of a node. To do this, a linear combination of these resources is defined. Because each resource may be varied in a different range of values, all resources are mapped to [0,1] interval. For example if resources like power, processing power, and memory are selected as critical resources, strength of mobile node i is calculated by below equation: strengthi= α1*pi+ α2*wi+α3*mi (Eq. 1); In which, pi, wi, and mi all are float numbers in [0,1] interval and represent power, processing power, and memory of node i respectively. α1, α2, and α3 are coefficients that can be set manually. According to importance of each factor in a specific application or network properties, it is possible to adjust the coefficients to apply required conditions. Stabilityi: stability of node i. This parameter indicates mobility of node i against its neighbors. Lower stability implies higher relative mobility. min_stability: a threshold for stability. IDi: unique identifier for node i. This identifier is an integer number and can be compared with other identifiers. DNi: directory node of node i. Each node has a correspondent directory node which sends service request or registeration message to it. statei: indicates that node i knows its directory node or not. If knows statei will be appointed else statei will be disappointed. N: number of all nodes in the network. NTi: neighbors table of node i. All necessary information about neighbors is maintained in this table. V. MANAGING MESH STRUCTURE PART

This part of protocol has two disjoint mechanisms: building mesh structure and maintaining established mesh structure. In building mesh structure mechanism, directory nodes and gateway nodes between them are determined, and in maintenance mechanism, established structure is maintained against mobility and topology changes. A. Building mesh structure As any other directory-based SDP, there is a bootstrapping time (tb) in which, DNs and GNs are determined for first time. In start, each node triggers prepare() procedure to initialize parameters:
prepare(mobile_node i) { NNCi:=0; statei:=disappointed; rolei:=normal; DNi:=IDi; stabilityi:=0; ANNi:=0; NTi:=ф; Calculate_Strength(i,parameter_list); }

152 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Everything is based on hello messages. These messages sent periodically each th and contains these information about transmitter node i: {IDi, stabilityi, strengthi, rolei, statei, flags}. Each node sends these messages only to its 1-hop neighbors. If node i receive a hello message from its neighbor j, updates NTi in such a way that if node j does not exist in NTi, adds an entry in table for node j. In each th if node i does not receive hello beacon from any of its neighbors, it supposes that this node has exited from its neighborhood. So, removes it from NTi and increases NNCi by one. Before sending the last hello message in tb, each node compares its own stability with min_stability. If it satisfies this threshold, it will compare its strength with its neighbors’ one that satisfy min_stability condition. If it has maximum strength between all such neighbors, it will set its state as appointed and role as directory node. It is possible that an instance node i and all of its neighbors have less stability than min_stability. In this case, node i ignores stability criterion and decides only based on strength criterion. After the last hello beacon in tb, if a node such as i receives a hello message from a directory node such as j, DNi will become IDj and statei will become appointed. In this time if a node is left as the only disappointed node among its neighbors, then this node must set its state to appointed and one of its appointed neighbors will be selected as its DN node that has better conditions firstly in the min_stability requirements and secondly have a higher strength value among the other neighbors. At the end of this process, each mobile node in the MANET will know its directory node and its state will be appointed. This procedure has been depicted in Figure 1. B. Maintaining Mesh Structure Maintaining this structure against topology changes that occur as a result of frequent nodes mobility is very important. If a non-directory node i does not receive hello message from its directory node, it will choose one of its neighbors as its new DN by giving strict priority to first, DNs and second, normal nodes that satisfy min_stability threshold and have higher strength. Also, if a normal node i receive a hello message from node j that DNj=IDi, set its role to directory node. If a normal node such i receives a hello message from one of its neighbors such j which DNj≠DNi, node i will change its role to gateway. Similarly, if a gateway node such as i does not receive any hello messages from any of its neighbor nodes such as j which DNj≠DNi, it will change its role to normal. Also, it is possible that a DN such as i migrate to a location where none of the neighbor nodes have this node as their directory node. In this case, i must change its role to normal and if it has any directory node in its neighborhood set it as its directory node. Otherwise one of its neighbors will be selected as its DN node that has better conditions firstly in the min_stability requirements and secondly has a higher strength value among the other neighbors. Because of mobility, DNs can be located in the each other neighborhood.

Figure. 1 Building mesh structure [23]

When normal neighbors which has node i as their directory node receive this hello message, they compute the best directory neighbor from their own NT. If the best directory neighbor is not node i, they simply assign the best directory neighbor as their new directory node. Otherwise they set the flag in their own hello messages indicating i as the best node. As long as directory node i receive hello messages from its normal neighbors indicating i as the best directory node, node i remains directory node. If no such messages are received for a time period, then node i changes its state into normal. At the end of this process, all nodes’ state will be appointed. Also, nodes have at most 1-hop distance from their directory nodes. Figure 2 is showing this algorithm.

153 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Figure 1. service advertisement in origin node

Figure. 2 Maintaining mesh structure



As directory node of a service provider node i is changed, as it has depicted in figure 3, it registers its services in its new directory node. Each service is registered independent from the other services. If service provider i is a non-directory node, creates a first type message with fields= {IDi, sequence number, DNi, service specification, advertisement} and sends it to its directory node. Then, the directory node updates its SIT and creates a second type message, fills out the new message fields and advertises this service to other directory nodes by multicasting prepared message to other directory nodes via its gateway neighbors (neighbor nodes that their role is gateway). For filling out message fields, IDi, sequence number, service specification, and message type fields are copied from received first type message that has been sent by service provider i. Also, directory node writes its ID as origin DN and previous DN fields. For each of directory neighbors (directory nodes that are two or three hops away from this directory node), it creates a distinct message. These messages are different in gateway field in which this field is ID of gatway neighbors. AR field is set too, that is number of directory nodes that this service should be registered in. Then created messages are broadcasted to neighbors.

Else if service provider i is directory node itself, it first updates its SIT and then, puts its ID and the service specification as ID and service specification fields respectively. Other fields is filled out as above. Then prepared message is sent to directory neighbors as above. Each directory node that receives this message, checks whether this message is new or not. For this, it uses pair <IDi, sequence number>. If it has any entry with same <IDi, sequence number> in its SIT, discards the received message. Else, updates its SIT in such a way that adds a new entry in table and inserts IDi, sequence number, previous DN and service information in it. Then, decreases AR by one. If AR>0, applys necessary changes to the message and sends it to all its directory node neighbors. Two fields will be changed: previous DN and gateway. Directory node puts its ID as previous DN and its gateway neighbors as gateway field. It creates a different message to each of its gateway neighbors with distinct gateway fields. Else if AR=0, it discards the message. In other words, each directory node has a reverse path to all of providers of the services that are saved in its SIT. So, each directory node can access such service provider nodes by traversing reverse order of previous DNs that are saved in directory nodes. For example, if directory node j has an entry such: <IDi=15, sequence number=633, previous DN=20, service specification, expiration time> in its SIT, it means that for accessing mobile node i which IDi=15, it should start by its directory node neighbor such k which IDk=20. Also the directory node k has node i in its neighborhood or another entry in its SIT that contains a previous DN. So, it should follow this directory neighbo and so on.

154 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Figure 3. service discovery in origin node

Figure 2. service advertisement in intermediate nodes

When a gateway node receives an advertisement message, it also checks whether this message is new or not. If isn’t new, discards it. Else if it is new, it first saves ID and sequence number fields vale in its cache memory and then sends the message to other neighbors. After a determined time, this node will remove this information from its cache memory. Graphical view of this algorithm can be viewed at figure 4. A. 4.4.2 Service discovery When a mobile node such as i demands a specific service, it will use service discovery algorithm. For this purpose, if node i is a non-directory node, it will create a request message and send it to its directory node j. This message is of first type and has fields= {IDi, sequence number, IDj, service information, request}; in which IDi is ID of node i that requests a service with specifications that are represented by service information field, sequence number is value of MCi, IDj is ID of directory node that should receive this message, and request field indicates that this is a service discovery message. As directory node received this message, it will search its SIT to find an entry with same specifications that request message has needed. If it found any node k that provides this service and is in neighborhood of this DN, will reply i by IDk, as it is depicted in figure 5. Else if it found information about any provider in its SIT that isn’t in its neighborhood, will reply i by previous DN field of this entry.

So, when node i receives this reply message, knows complete reverse route between itself and provider of its requested service. Because it can access the provider by traversing reverse order of previoud DNs as we have seen before. In the case that there is no information about requested service in SIT, directory node would create a second type message, fill out fields and multicast it to all its DN neighbors. To fill out various fields of new created message, IDi, sequence number, service information, and message type fields are copied from received first type request message. origin DN and previous DN fields would be filled out by its ID, and for each of gateway neighbor nodes, it would be created copy of this message with different gateway fields. AR field is set too, that is the number of directory nodes that this service should be searched in. Else if node i is itself a directory node, first it will search for any service with its needed specifications in its SIT. If found such service, it can access the provider of this service by reverse traversing of previous DNs order, else it would create a second type message and put its ID and the service specification as IDi and service specification fields respectively. Other fields would be filled out as above. Each directory node k that receives this request message, checks whether this message is new or not. For this, it uses pair <IDi, sequence number>. If k has received a request message with same <IDi, sequence number> recently, discards the received message. Else, if this message is new, k searches its SIT to finding a service with same specifications that request message has needed. If it found a node such as j that is providing a service with demanded specifications (figure 6), it will reverse the path between itself and requester node i. Node k will create a reply message and puts its ID as origin DN and previous DN fields,

155 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

value of RMCk as reply sequence number field, sequence number and origin DN fields of request message as sequence number and destination DN fields respectively, and previous DN field of found service entry in SIT as next DN field. For each of its gateway neighbors, it will create a copy of this message with different gateway field only. Then, it will send the new created reply message to next DN directory node via gateway nodes. Each gateway node which receives this message, if it has next DN or a node with DN=next DN, will send message to it, else will discard it. When a directory node m receives a new reply message (according to cache its memory) which next DN field of it is IDm and it isn’t destination of this message, it will save sequence number, previous number and origin DN fields in its cache and puts its ID as previous DN field, previous DN field of its SIT entry with sequence number and origin DN fields equal to respectively sequence number and destination DN fields of received reply message. For each of gateway neighbors a copy of this message only with different gateway fields will be created and sent via gateway neighbors. When destination node receives this message, it has complete route to the provider of its needed service. Else if k, hasn’t any service with requested specifications, it will decrease AR by one. If AR<0 it will discard the message and reply to service requester by no. Otherwise, if AR>o, k will save IDi, sequence number, and previous DN and then put its ID as previous DN and ID of its gateway neighbor nodes as gateway field. Finally it would multicast the message to all of its neighbors. When a gateway node receives a request message, it also checks whether this message is new or not. If isn’t new, it will discard the message. Else if it is new, first it would save IDi and sequence number fields of the received message then will broadcast it to other neighbors. In figure 7 it is figured that how an intermediate node handles a request message. After a determined time, if node i doesn’t rececive any reply message, it will assume that there is not any service with specified features. Also as the service requester received the first reply message, selects the found provider to use and discards the other reply messages if there. Because it assumes that this provider is the closest provider to it than the others (if any). VII.

Figure 4. service discovery in intermediate nodes [23]

In this section we present a performance evaluation study of RASDP in an ad hoc environment. We compare our protocol with the service discovery protocols proposed in the AODVSD. This study was done through simulation by the GloMoSim[21] which is a well-known simulation tool.

Figure 6. required service has been discovered in node k

A. Simulation environment RASDP has been simulated using the well-known simulator, GloMoSim, under different mobility scenarios. Significant modifications are applied to original version of GloMoSim to make it suitable for simulating RASDP. The main efforts are in MAC, routing and application layers. A brief discussion about applied change is explained below. Because the structure of a node originally doesn’t contain fields like role, number of neighbors, number of neighbor changes, and status these fields are added to it. Also, when a hello beacon is received, based on its fields the demanded decisions are made and necessary changes are applied. The main mechanisms of RASDP, service advertisement and discovery are implemented in routing layer. We have used functions in AODV routing protocol, which has been implemented in GloMoSim, as a base of service advertisement and discovery mechanisms. The modifications are applied in a manner in which the AODV can do routing and service advertisement and service discovery simultaneously. For replying service discovery messages, we have used available route reply functions in AODV routing protocol. For traffic generation and triggering service discovery and service advertisement functions, we have used FTP with a bit customization. A negative number in destination field of the FTP packet indicates that current package is a service discovery rather than normal traffic generator packet.

156 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Several interesting experiments were carried out to test the scalability and the efficiency of RASDP in discovering services in a MANET. We carried out simulations ranging from a topology consisting of 50 nodes to topologies consisting of 200 nodes. In this section, we report a few of the experiments carried out. Due to space limitations, we are unable to provide all the results. We used a random-waypoint [7] movement pattern of the nodes. We used an application layer packet generation function to generate service requests at regular time intervals. For the purposes of the simulation and without losing generality, we assumed that we have only one service in the MANET. We used an Acknowledge-noise model [7] to simulate the radio model. Radio range of each node was assumed to be 31 meters. We carried out this experiment with a relatively highly mobile environment with node movement (under random-waypoint pattern) being defined by P(Sm, SMax) where: P= Pause (in seconds) after the node has moved to a new position Sm= Minimum speed (meters/sec) of movement of the node SMax= Maximum speed (meters/sec) of movement of the node. The node moves with a speed within the range (Sm, SMax). The other simulation parameters and correspondent values have been depicted in the TABLE I.
We considered three performance metrics to evaluate both protocols: 1. Control message overhead. The amount of messages generated by the service discovery protocol and by the routing protocol. This metric allows us to observe the efficiency of a service discovery protocol regarding the use of the available bandwidth. 2. Service request, discovery and reply and route request packets overhead. These metrics indicate that how many packets are transmitted in the MANET. The lower number is the lower energy consumption and higher life time for MANET nodes. 3. Number of packets is sent to MAC. This number is an index to show that how many packet are delivered from network layer to MAC layer to be sent to another nodes. Generating MAC layer packets wastes processor time and battery power of the node. As a result, the lower number indicates higher efficiency for a protocol in a MANET.

Number of CTRL Packets Txed
30000 25000 20000 15000 10000 5000 0 50 100 150 2

Figure 8. Control messages overhead in RASDP and AODV-SD

B. Simulation results Figures 5 through 8 contain the results. In these figures x-axis indicates number of nodes and in all of them, the relation between number of servers and the other node is a constant value. Based on figure 5, the total number of transmitted control messages in RASDP, is significantly less than AODV-SD. As a result, RASDP uses the available bandwidth of a MANET efficiently and is more scalable than it. Regarding the other metrics, Service request, discovery and
reply and route request packets overhead and total number of packets is sent to MAC layer, RASDP has remarkably higher performance than AODV-SD. Because it generates and broadcasts less service request, discovery and reply packets and consumes letter battery power than AODV-SD. Also, RASDP sends fewer packets to be sent to MAC layer. As a result, it wastes processor time and battery power of the node fewer than AODV-SD. So, RASDP is more efficient than AODV-SD in a MANET.

All in all, the results validate our intuitive claim. As it provided by simulation results, RASDP is more efficient than AODV-SD.
Number of Route Requests Txed
30000 25000 20000 15000 10000 5000 0 50 100 150 200

Parameter Simulation time Simulation Area Node placement Mobility model MAC layer protocol Network layer protocol Routing Protocol

Value 60 minutes 1000*1000 RANDOM Random Way Point 802.11 IP AODV



Figure 9. Total number of route requests in RASDP and AODV-SD

157 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Number of Replies Txed
16000 14000 12000 10000 8000 6000 4000 2000 0 50 100 150 2

Also, efficiency and high performance of RASDP is proved by simulation in an ad hoc environment. Simulation results shows that based on defined various performance metrics,
Control message overhead, service request, discovery and reply and route request packets overhead and number of packets is sent to MAC, RASDP is an efficient service discovery protocol and

fulfills all of the expected performance parameters. Future work is analyzing complexity and designing more efficient algorithms for both managing mesh structure and service advertisement and discovery mechanisms. Implementation of this protocol on real mobile devices is another future work.

Figure 10. Total number of reply packets in RASDP and AODV-SD

[1] Michael Klein, Birgitta Konig-Ries and Philipp Obreiter. Service rings – a semantic overlay for service discovery in ad hoc networks. In DEXA Workshops, pages 180-185, 2003 Michael Klein, Birgitta Konig-Ries and Philipp Obreiter. Lanes – a light weight overlay for service discovery in mobile ad hoc networks. Technical Report 2003-6, University of Karlsruhe, May 2003 Ulas C. Kozart and Leandos Tassiulas. Network layer support for service discovery in mobile ad-hoc networks. Proceeding of IEEE/INFOCOM-2003, April 2003 Jerry Tyan and Qusay H. Mahmoud. A network layer based architecture for service discovery in mobile ad hoc networks. CCECE 2004, May 2004 IEEE. Feng Zhu, Matt Mutka and Lionel Ni. Splendor: A secure, private and location-aware service discovery protocol supporting mobile services. Proceedings of the First International Conference on Pervasive Computing and Communication PerCom`03, Pages 235-242 L. Cheng and I. Marsic. Service discovery and invocation for mobile ad hoc networked appliances, December 2000 Dipan Chakraborty, Anupam Joshi, Tim Finin and Yelena Yesha. GSD: A .novel group-based service discovery protocol for MANETs. In 4rth IEEE Conference on Mobile and Wireless Communications Networks (MWCN). IEEE, September 2002. S. Helal, N. Desai, V. Verma and C. Lee. Konark- a service discovery and delivery protocol for ad hoc networks. Proceeding of the Third IEEE Conference on Wireless Communication Networks WCNC, March 2003 Alex Varshavsky, Bradley Reid and Eyal de Lara. A cross layer approach to service discovery and selection in MANETs. January 2004. Vincent Lenders, Martin May and Berhard Plattner. Service discovery in mobile ad hoc networks: A field theoretic approach. Pervasive and Mobile Computing 2005. Dipanjan Chakraborty, Anupan Joshi, Yelena Yesha and Tim Finin. Toward distributed service discovery in pervasive computing environments. IEEE Transactions on Mobile Computing, February 2006. Jini Architectural Overview, White Paper, 1999. UPnP Device Architecture 1.0, UpnP Forum, Dec. 2003 resources/ documents/ CleanUPnPDA10120031202s.pdf Salutation Architecture Specification, Salutation Consortium, 1999 E.Guttman et al., Service Location Protocol, v. 2, IETF RFC 2608, June 1999 rfc/ rfc2608.txt. M. Nidd, “Service Discovery in DEAPspace,” IEEE Personal Comm., August 2001, pp. 39–45. Specification of the Bluetooth System, Bluetooth SIG, Feb. 2003. Mohammad Nazeeruddin, Gerard Parr, Bryan W. Scotney: An efficient and robust service discovery protocol for dynamic MANETs. MMNS 2006: 49-60

Number of Packets is Sent to MAC
25000 20000




15000 10000 5000 0 50 100 150 20
[6] [7] [5]

Figure 11. Total number of packets is sent to MAC in RASDP and AODV-SD [8]



In this paper, a new directory-based SDP for MANETs has been presented. RASDP regards heterogeneousness of mobile devices in a MANET. The protocol defines a factor for each network node, strength, which demonstrates status of each node relative to other nodes that are in its neighborhood. Strength of each node is depended on various resources that it has. RASDP is flexible about number of resources and effect of them. Because directory nodes consume more resources than other nodes, the strength of each node may be defined based on these resources. Also, by saving track of each service advertisement and service discovery message, appropriate algorithms may join service requester and provider very soon and because of mobility it is so important to find provider of a specific service. These approaches will lead to 1) less energy consumption in limited nodes; 2) joining requester and provider of a service as soon as possible and 3) high scalability; and as a result it is possible to have more nodes in a mobile ad hoc network

[9] [10]


[12] [13]

[14] [15] [16] [17] [18]

158 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009
[19] Laura Marie Feeney, Martin Nilsson, Investigating the energy consumption of a wireless network interface in an ad hoc networking environment, in: IEEE INFOCOM, 2001. [20] Chunglae Cho and Duckki Lee. Survey of service discovery architectures for mobile ad hoc networks. Unpublished 2005, Computer and information sciences and Engineering Department, University of Florida Gainesville, USA. [21] Mario Gerla Xiang Zeng, Rajive Bagrodia. Glomosim: A library for parallel simulation of large-scale wireless networks. Proc. 12th Workshop on Parallel and Distributed Simulations, 1998. [22] Abbas Asosheh, Gholam A. Angouti, A Novel Resource-Aware Service Discovery Protocol for Mobile Ad Hoc Networks, 17th ICEE, 2009

159 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Tool Identification for Learning Object Creation
Sonal Chawla Ist Author
Dept. of Computer Science and Applications Panjab University Chandigarh INDIA

Dept. of Computer Science and Applications Panjab University Chandigarh INDIA E-mail:

Abstract Learning objects are a collection of chunks organized into a whole that covers a topic or logical sequence of instruction. The creation of Learning Objects is an activity that involves many intricacies in regards of the effectiveness they must possess in order to serve as a usable tool to aid or accelerate the process of learning in students. Learning objects have numerous features of which Interoperability enables content from multiple sources to work well together with different systems. Reusablity enables content to be transferable to other contexts allowing for chunks of information to communicate with learning systems using a standardized method. Deciding upon the tool to use for creating interoperable, reusable Learning Objects ,thus, becomes a difficult task. This paper tries to identify the parameters based on which the tools can be compared and then goes ahead to compare the tools for Learning Object Creation.Thus, the purpose of this paper is threefolds. Firstly, to define the learning objects and their purpose . Secondly, to identify the tools available for effective creation of Learning Objects and finally compare and find which amongst them offers better facilities for content creation.. Keywords: Learning objects, authoring tools,comparison,XERTE,eXe,RELOAD,GLO Maker

INTRODUCTION Learning Objects have multiple definitions . [1], defines a learning object as “an independent and self-standing unit of learning content that is predisposed to reuse in multiple instructional contexts.” It considers the size of a learning object to be important and provides debate about this.[4] Other researchers have tried to approach the structure of the learning object by defining its contents or its constituent parts. Most definitions are influenced by instructional design theory. In order for a digital source to be considered as a learning object it “must include or link to: 1) a learning objective; 2) a practice activity, and 3) an assessment.”[2] A similar definition has been provided by Mortimer (2002),[3] who argues that a learning object should include metadata, a learning objective, and the actual content, as well as activities and assessments that support the specified objective. Finally, Macromedia MX suggests that the main components of a learning object should include the existence of content, metadata, and interoperability mechanisms that facilitate its exchangeability across authoring tools and virtual learning environments (VLEs) [5] They can also be defined as a collection of chunks organized into a whole that covers a topic or logical sequence of instruction. David Wiley (2000) outlines the basic idea behind learning objects: “Instructional designers can build small (relative to the size of an entire course) instructional components that can be reused a number of times in different learning contexts” (p.3). Wiley defines reusable learning objects as being “digital entities deliverable over the internet” (2000, p.3).Another definition of learning objects is “Learning objects are the core concept in an approach to learning content in which content is broken down into "bite size" chunks. These chunks can be reused, independently created and maintained, and pulled

160 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

apart and stuck together legos.”(Eduworks, 2006)




Research Questions
The Research Questions that this study tries to answer are      What are Learning Objects? Why they need to be created? Which Tools are available for the Learning Object Creation? and What are the advantages disadvantages of them ? Amongst them which one scores over the other in terms of features and ease of use?

The creation of Learning Objects is an activity that involves many intricacies in regards of the effectiveness they must possess in order to serve as a usable tool to aid or accelerate the process of learning in students. Learning objects have numerous features of which Interoperability enables content from multiple sources to work well together with different systems. Reusablity enables content to be transferable to other contexts allowing for chunks of information to communicate with learning systems using a standardized method. HTML, the most common medium for content, is not suitable for course material such as LOs. Although it is useful, particularly in working with Microsoft´s FrontPage or Macromedia´s Dreamweaver, tools that enable the creation of quite sophisticated pages, it is not adaptable and portable for LOs. A web page designed for one course at one university will contain course and university specific information: the name of the course, the name of the university, and even a colour scheme. To be used or adapted by another course, the pages need to be redesigned.” Downes confirms that an LO must be “portable” hence, “first, structured, and second, separated from presentation information.” XML is most suitable for authoring LOs in that it “uses tags to structure information and refer presentation information to a separate document entirely.” XSL is a family of recommendations for defining XML document transformation and presentation. An XML file and an XSL file merge to create an HTML file. Downes has provided an interesting illustration:

The Study identifies a framework to compare the qualities of each software tool against the requirements set . It takes into account factors such as who the system is intended for , what its intended purpose is and what theoretical base are the designers of the software working from.On the basis of these parameters each of the software tool is evaluated and a comparative chart is drawn .This way the features of these tools are classified and summarized.

Tools for creating Learning objects
Learning objects by themselves are effective but, in order to obtain the best results, learning objects must be used in conjunction with alternate technologies that allow for the use of multiple learning objects, to reuse them, to observe user behavior in order to select the most suitable objects for every student, to establish a way to store, arrange, classify and extract learning objects and to display them in a proper manner so the user can manipulate them. This is achieved by the use of repositories and Learning Management Systems.As has been identified, the maximum level of adaptation to a user’s behavior and learning needs is achieved by the interaction between learning objects, a learning management system and a repository combined with tracking a student’s behavior in order to select the objects that are more suitable for his/her level of advancement in the learning process. There are many open source softwares used in Elearning .These range from HTML editors to learning management systems. Below given list gives an indication of the range of OSS dedicated to e-learning


Downes’ illustration of an HTML file

In order to have sytems that are distributed and interoperable they must be able to communicate, not only about the same things but also in a common language such as XML. It is this language that has been adopted by database programmers, librarians and designers around the world and developed by the World Wide Web Consortium. Courseware, a book or a song can all be represented in XML [4] “XML is to structured information what HTML is to structured documents” which permits learning material to be integrated into a course, as long as the sematics are the same [4]

161 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Category LMS LCMS CMS Tools

OSS Example Moodle,ILIAS,ATutor,Claroline,Docebo,OLAT,SAKAI Fedora(not the Linux version from RedHat),DOOR(Digital Open Object Repository) Plone,Joomla Xerte(XML Editor and Run-Time Editor) eXe(eLearning XHTML Editor) RELOAD(Reusable E-learning Object Authoring and Delivery) FLE3(Future Learning Environment)

Learning Environment Assessment APIS(Assessment Provision through Interoperable Segments) Table 1 : Open Source softwares

Comparative Review authoring tools



The number of software tools available for authoring web based content in education is overwhelming.But many of these tools have a quite different purposes and target varied user groups. So it becomes essential to identify the characteristics on the basis of which the softwares need to be judged and shortlisted. Based on the set of contextual drivers which shaped the design of these authoring tools the below given criteria have been identified by the reseracher. Requirements:  Easy to use for non-technical educational practitioners.  Freely available to all  Facilitates variety of pedagogical models and techniques  Supports pedagogical innovations  Efficient to use ,not dependent on high width connection server  Exports interoperable content  Separation of presentation and content for reusing in multiple contexts

The major features of the tools are Burrokeet [11] Burrokeet is a FLOSS initiative to produce a software tool that allows both easy authoring of content and structuring of IMS content packages in a single environment. Lectora[12] Lectora is a leading e-learning authoring tool that is both powerful and easy to use with offline editing capability Lersus[13] Lersus is another powerful desktop authoring environment that both exports interoperable content and has pedagogical structuring tools as well as being relatively easy to use. Lessonbuilder[14] Lessonbuilder is a very easy to use desktop tool with some learning activity devices and a clean and intuitive user interface.It also exports interoperable content. eXe[16] eXe is a tool for authoring and structuring educational content around pedagogical objects.It is intended for use by teachers who don’t necessarily have a great deal of technical knowledge but wish to build a web portfolio of learning experiences . XERTE[17] XERTE is an xml editor and run time engine that makes it easy to create and deploy interactive learning objects that are highly accessible and SCORM compliant. It helps to focus on interactive design by providing tools that are fit for purpose and easy to use. Although many other tools like Toolbook Assisstant ,Accelerator ,Coursegenie exist yet this research has been selective and leaves out these tools which partially fulill the criteria RELOAD[15] RELOAD is a project funded under the JISC Exchange for Learning Programme (X4L). The

Following the above set of requirements a search was conducted for e-learning authoring tools that could satisfy at least half of the requirements based on subjective assessments of researchers.The search methods used involved a combination of trawling the web and targeted enquiries of e-learning expert groups. Using these methods the tools selected for comparison were  Burrokeet  Lectora  Lersus  Lessonbuilder  eXe  XERTE.  RELOAD  GLO MAKER

162 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

based on emerging learning technology interoperability specifications and includes; RELOAD Content Package and Metadata Editor, and SCORM Player as well as the Learning Design Editor and Player. The primary aims of this project are to:   facilitate the creation, sharing and reuse of learning objects and services enhance the range of pedagogical approaches realisable through the use of lesson plans .

GLO Maker The purpose of the GLO Maker authoring tool is to empower teachers, and other users, to develop highly adaptable multimedia learning objects. The authoring process is design driven. The tool has two major parts: a Planner where the basic ‘storyline’ of the learning design is constructed, and a Designer where the screens are created based on flexible templates. The built-in design patterns can be used to structure the learning object All the designs are ‘executable’ & they enable direct creation of multimedia learning objects that will run on the Web or in a Managed Learning Environment, such as Moodle or Blackboard. Technical aspects of the software  To see if the software is offline or online  the technical requirements to run the software  To see if the software is proprietry or Open Source On the basis of the responses drawn from the above questions the comparison chart was drawn. This framework was applied to each of the selected authoring tools

Below given table is organised according to the original criteria set with only the addition of one extra criterion which is the range and power of the editing tools incorporated into the software It can be seen from the above Table that overall the weakest tool evaluated was Burrokeet. For each tool, taking the first two rows together provides a picture of the ease of use against the power and range of editing tools provided. As has been said above that more powerful software is generally more difficult to use. In this study we found that XERTE, eXe and LessonBuilder were easiest to use, whereas LessonBuilder and Lectora had the best variety of editing tools. This provides a clear indication that no tool is perfect and even the near best could be improved by expanding the range of editing tools from text only to include support for tables, formatting, drawing, images and so on. In contrast, when we compared tools on the support provided for pedagogical structuring and innovation eXe and XERTE outperformed all the other tools. Lersus and LessonBuilder both provide some .

An evaluation framework for analysis and comparison of selected software.
A framework has been designed as part of this research to compare the qualities of each software tool against the requirements set and take into account factors such as who the system is intended for , what its intended purpose is and what theoretical base are the designers of the software working from. So three major categories have been identified for testing the authoring tools shortlisted above  Intended purpose of the software  Design characteristics and functionality of the software  Technical aspects of the software and These authoring of the solutions they provided on the underlying heads Design characteristics and functionality of the software involved      the main structural concepts or entities built into the software? the workflow model built into the software run-time dependencies associated with the content the UI characteristics of the software Adaptability of the content after creation

163 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Ease of Use

Burrokeet No Quite complex UI No None at present but planned Yes FLOSS No No support provided No

Lectora Yes

Lersus Yes


XERTE YES Templates

GLO Maker

Lesson Builder Yes

Yes Templates,

Range and power of editing features

Yes Text only

Yes Wide range of features No

Yes Good range of features No

YES Good range of features YES

Yes Very wide range of features YES

Freely available and extendable / customisable Supports a variety of pedagogical models and techniques Supports pedagogical innovation

Yes FLOSS Yes I-Devices support a variety of techniques Yes I-Device editor planned for future release Offline editing with instant preview SCORM

Yes Good range of features YES

Yes Very useful features No

Yes Supports content + test model No

Yes Templates




Yes Games,

Efficient to use, Not bandwidth dependent

Exports interoperable content

Offline editing with preview button IMS-CP

Offline editing with preview button SCORM

Yes Can construct templates or free structures Offline editing with preview button SCORM


YES Through templates and tree structures Offline editing with preview button SCORM


Offline editing with preview button SCORM

Offline editing with preview button SCORM

No No facility for user defined activities Offline editing with preview button SCORM

Table 2: Comparative analysis of the OSS tools for Learning Object Creation

support here and LessonBuilder’s tools are especially easy to use but because both are proprietary software and lack a facility like the IDevice editor for user-generated templates / activities, this is an area where eXe is in front of the field. One other notable advantage of eXe over the other tools is that owing to the choice of architecture where the user works directly in a browser environment on the desktop, eXe provides a WYSIWYG view of the HTML presentation of content it generates whereas the other tools rely on a button to switch between design and preview modes which inherently more time consuming. But eXe lacks finer control over content packaging

process and metadata addition. It does not provide easy support for Multimedia objects an area where XERTE scores over since it is a FLASH based learning object editor. Also it being XML editor and runtime engine ,makes creating and deploying SCORM compliant interactive learning objects easier. Below given table summarises the comparative advantages and disadvantages of these software tools

164 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Software Tool

• Difficult to use • no pedagogical support • Editing environment not yet available • No support for pedagogical structuring beyond creation of tests • Not at as easy to use • Proprietary software • A more complicated user interface when measured against the target audience • A confusing classification framework used for elements and components. • The activity set is not extensible • the software is proprietary  Does not Support HTML Editing and Exam editing that provided by eXe . Difficult to use and requires a professional person to deal with. This software is more of a SCORM Editor than an Authoring Tool  No fine control over content packaging process and metadata addition  Not very easy support for multiple media objects  object oriented inheritance for navigation elements and action control units is needed.  Needs hyperlink to a file, object, existing Node in the content tree, a reference and glossary module. Supports SCORM 1.2 standard , and does not support SCORM 2005 3rd edition . Does not support sequencing , it only supports simple sequencing provided by arranging the activities in the activity tree



LessonBuilder RELOAD


 

GLO Maker


Its a standalone application that unfortunately only runs on Windows platforms. Also only the Beta version has been released till the writing of this research paper.  not as flexible as online tool based on only one pattern  Early teething problems, due to the rigidity of the templates  More complex animations require developer  unusual or bespoke presentations or interactivity require specialist help.  Currently some incompatibility with Flash versions  Inflexible in some areas eg italics, bulleted lists, have to be generated by adding html commands.


Table 3: Tabular depiction of the disadvantages of the Tools

165 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

Conclusions and Recommendations
This study concludes that all the above projects are significant . Their major contributions are ease of use for less technically confident educational practitioners combined with a focus on extending the range of pedagogical techniques that are used in online environments. Very few designers of authoring environments have recognised the value of educational technology in supporting teachers in constructing effective learning designs. Amongst the above authoring tools tested eXe ,XERTE and GLO Maker have targeted this area of space. GLO Maker ,however, is still in the testing stage and therefore needs careful observation. This study has tried to provide indications of areas these tools need improvement and currently lag behind .FLOSS software (like eXe and XERTE ) are strategically important because they provide reliable and costeffective solutions for educational institutions that cannot afford expensive license fees. More importantly in some ways there is a responsive development and user support culture associated with popular FLOSS applications (e.g. Moodle ) unparalleled in the commercial software world. With the narrowing down of FOSS authoring tools to eXe and XERTE we find that XERTE when compared is easy to use, allowing authors with no programming skills to build elearning activities through a simple browser interface. Authors use a wizard to enter text, media and interactions into a range of template pages. There are nine types of interaction available including multiple choice, gap fill, open answer, hotspot and diagram labeling, Images, movies and multimedia elements can be added to XERTE. Authors can also integrate content from external sources such as Wikipedia, YouTube, Flickr, Google Maps and Delicious.As a server-based system, XERTE enables team members at multiple locations to collaboratively develop content. Xerte was designed from the outset with accessibility in mind. The interface is consistent with navigation buttons on the top strip. The user can resize text and select a contrasting colour scheme. All interactions and navigation can be controlled by the keyboard as well as the mouse. Text to speech is enabled to allow all content to be heard as well as read. Completed Xerte projects can be exported as zip files for web publication or as SCORM 1.2 compliant learning objects for importing into a VLE such as Blackboard or Moodle.

Like Flashform, Xerte projects are written in XML and interpreted by a Flash player at runtime. Programming skills are necessary to create new templates or additional functionality.In comparison with eXe, XERTE is also easy-to-use and suitable for use by academics or other authors without programming skills. XERTE has several significant advantages over eXe: • Additional interactions such as drag and drop and open answer questions • Entire project can be exported as a SCORM compliant object • Allows collaborative online development On the downside, XOLT (XERTE Online Learning toolkit) • Lacks a visual interface for text formatting which has to be done manually using HTML tags • Is difficult to install (or at least would benefit from better installation documentation) Having said that, the development team provided excellent support. XERTE is undergoing considerable development at the moment and Version 2.6 of Xerte and version 1.5 of Xerte Online Toolkits have been released . The developers are quick to answer questions and it has an active online community. However , depending on the type of content to be uploaded as Learning Object XERTE or eXe or RELAOD editors could be used. Xerte doesn't really compare with Reload, even though it is believed it does: they do different things. Reload does not create content, it creates IMS and SCORM packages of content. eXe and Xerte are like Dreamweaver and Flash - different content creation tools, with a different emphasis on various aspects of creating content. The optimal condition for reaching a common consensus on the ideal tool for creation of a learning object should involve collaboration among learning content providers, researchers, and elearning practitioners. Thus, future research should be directed towards investigating the opinions, beliefs, and perceptions of e-learning practitioners and researchers with the concept of a learning object, its components, and its relationship with the concept of a lesson. The editor and runtime can be enhanced to enable the richer content structure Future developments at this level can be enhanced to allow grouped and collaborative learning roles that interact at specified points and with specified environments and services. Further enhancements involving the development of middleware applications composed of intelligent agents would enable interaction with the learning objects metadata for searching and collecting appropriate objects, as well as delivering learning objects to the learner based on content requests and specifications.

166 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

[1] Polsani, P. R. (2003). Use and abuse of reusable learning objects. Journal of Digital Information, 3(4). Retrieved Sept 03, 2009, from ni/. [2] Metros, S. E. (2005, July/August). Learning objects: A rose by any other name. [EDUCAUSE review] Retrieved Sept 03, 2009, from M05410.pdf. [3] Mortimer, L. (2002). (Learning) objects of desire: Promise and practicality. Learning Circuits. Retrieved Sept 03, 2009 from 002/mortimer.html. [4] Downes, S. (2003). Design and reusability of learning objects in an academic context: A new economy of education.JSDLA Journal, 17(1). Retrieved Sept 03, 2009, from Issue/ article01.html. [5] Gallenson, A., Heins, J., & Heins, T. (2002). Macromedia MX: Creating learning objects [white paper]. Retrieved Sept 3,2009 from rning/objects/mx_creating_lo.pdf.

[6] Heins, T. & Hilmes, F. (2002). Creating learning objects with macromedia Flash MX [white paper]. Retrieved sept 3,2009 from tions/downloads/elearning/flash_mxlo.pdf. [7] Beetham H (2004) Review: developing for the JISC eLearning Models Practitioner Communities online: _projects [8] Britain S (2004) A Review of Learning Design: Concept, Specifications and Tools online: _projects [9] Britain S and Liber O (2004), Framework for the Pedagogical Evaluation of Virtual Learning Tools online: _projects [10] [11] [12] [13] [14] [15] [16] [17] [18] Mayes T and de Freitas S (2004) Review of elearning Theories, Frameworks and Models online: _projects

167 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

A Framework For Intelligent Multi Agent System Based Neural Network Classification Model
Roya Asadi1, Norwati Mustapha2, Nasir Sulaiman3

Faculty of Computer Science and Information Technology, University Putra Malaysia, 43400 Serdang, Selangor, Malaysia.

1,2,3, 2,3{norwati, nasir}
agent technology and learning in real environment [15, 1]. For solving this gap, we consider new SMFFNN model as intelligent core of intelligent agent based learning framework [13]. The framework earns the information from the respective environment and its behavior can be recognized by the weights. Supervised Multi-layer Neural Network (SMNN) models need suitable data pre-processing techniques to find input values while pre-training techniques to find desirable weights that in turn will reduce the training process. Without preprocessing, the classification process will be very slow and it may not even complete. Potential Weights Linear Analysis (PWLA) is new technique for reducing training process and fast classification in new SMFFNN model with high accuracy. The first PWLA normalizes input values as data preprocessing and then uses normalized values for pre-training, at last reduces dimension of normalized input values by using their potential weights. SMNN models can changed to new models by using PWLA [12]. All agents of system can apply the outputs of PWLA technique and new SMFFNN model. This paper is organized as follows: To discuss and survey some related works in intelligent agents based systems and their components. Proposed framework is intelligent agent system based neural network classification by using new SMFFNN model and PWLA technique. Clinical organization and its domain are considered for illustration of our framework. Finally, the conclusion with future works is reported respectively. II. RELATED WORKS In this section, we discuss two applicable flows of intelligent agent based system and neural network model as learning model. In neural network section, we consider new supervised multi-layer feed forward neural network model and PWLA as preprocessing and pre-training technique exclusively in using our proposed methodology. A. Intelligent Multi Agent Based System Intelligent is general terms to describe some of mind activities such as judging, logical thinking, planning and learning. Artificial Intelligence (AI) is based on intelligent behavior. Machine learning, expert systems and data mining

Abstract—Intelligent multi agent systems have great potentials to use in different purposes and research areas. One of the important issues to apply intelligent multi agent systems in real world and virtual environment is to develop a framework that support machine learning model to reflect the whole complexity of the real world. In this paper, we proposed a framework of intelligent agent based neural network classification model to solve the problem of gap between two applicable flows of intelligent multi agent technology and learning model from real environment. We consider the new Supervised Multi-layers Feed Forward Neural Network (SMFFNN) model as an intelligent classification for learning model in the framework. The framework earns the information from the respective environment and its behavior can be recognized by the weights. Therefore, the SMFFNN model that lies in the framework will give more benefits in finding the suitable information and the real weights from the environment which result for better recognition. The framework is applicable to different domains successfully and for the potential case study, the clinical organization and its domain is considered for the proposed framework. Keywords-Intelligent agents; Multi agent systems; Learning systems; Neural networks; New SMFFNN model; PWLA technique; Intelligent classification; Preprocessing; Pre-training.

I. INTRODUCTION Neural networks are the branch of psychology and neurobiology for developing and testing computational analogues of neurons. The best features in neural networks are their non-missing values and high tolerance to noisy data, as well as their ability to classify data pattern on which they have not been trained. The main advantage of neural networks lies in its scaling and learning abilities as intelligent system in machine learning algorithms [4]. Multi agent technology is applied by intelligent systems to solve the problems of analysis of complex systems and intelligent management activities. Intelligent Multi Agent Systems (MAS) based learning combine collection of information from their environment, recognition data, intelligent classification data and prediction future data, storage data, delivery data to knowledge management systems such as Decision Support System (DSS) and Management Information System (MIS) [1, 5, 2]. Currently, there is the lack of one united framework for combination of the two applicable flows of intelligent multi

Corresponding Author: Roya Asadi, Faculty of Computer Science and Information Technology, University Putra Malaysia, 43400 Serdang, Selangor, Malaysia
168 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

such as neural network models can help to implement AI for learning of virtual environments. Intelligent Agent (IA) is made by using artificial intelligence properties [3, 14, 10]. Wooldridge (2002) and Langseth et al. (2005) explained some aspects of IA which are capable of flexible autonomous action to meet their design objectives [17, 5]. They are: • Reactivity: IA receives information of its environment by its sensors, changes internal design objectives of its structure and has suitable actions with feedback periodically. • Pro–activeness: IA can show goal directed behavior by taking the initiative, responding to changes in their environment in order to satisfy their design objectives. • Sociability: IA has capability of interacting with other agents for negotiation and/or cooperation to satisfy their design objectives. Other properties of IA are self-analysis, learning, adapting and improving through interaction with the environment. Padghan and Winikopff (2004) explained that the term of Agent refers to an entity that acts on behalf of other entities or organizations; and Multi Agent System (MAS) consists of several agents with capable of common interaction with selforganization [11]. Generally, the structure of multi agent system is as follow: • • • • • • • • Actions: of agent in front of environment events and changes, Percepts: Accumulating environment, information from the

• Intelligent modeling: To create intelligent agent based system frameworks in predicting of data handling, future events and intelligent rules and plans. • Intelligent delivery: To proactive delivery of selected the suitable information and advanced report to approach the special strategies. B. Neural networks and Learning system Neural networks are suitable for extracting rules, quantitative evaluation of these rules, clustering, selforganization, classification, regression feature evaluation, and dimensionality reduction. Learning is the important property of neural networks. Neural networks are able to dynamically learn types of input information based on their weights and properties. Suitable data preprocessing and pre-training techniques are necessary to find input values while pre-training techniques to find desirable weights that in turn will reduce the training process. This is the essence of Supervised Multi-layer Neural Network (SMNN) [4, 8] that will be used in our framework. Perspectives of learning consist of three majors: supervised learning, unsupervised learning, and reinforcement learning. Supervised training is similar to unsupervised training in the sense that training sets are provided. The difference between these two is that in supervised training, the desired output is provided and weight matrix is applied based on the difference between the predicted output and the actual output of the neural network. In reinforcement learning, the model has capable of generating certain effects, interactions to the environment and estimation of the unknown item. Neural networks are frequently used in reinforcement learning as part of the overall algorithm. The tasks include control problems and sequential decision making tasks [6, 8]. The best features in neural networks are their non-missing values and high tolerance to noisy data, as well as their ability to classify data patterns on which they have not been trained. The best and popular method in neural networks is backpropagation network (BPN) by Werbos (1974) as Supervised Multi-layer Neural Network model [4, 16]. Back-propagation network learning uses gradient-based optimization methods in two basic steps: calculate the gradient of error function, and employ the gradient. The optimization procedure includes of a high number of small steps, causing the learning to be considerably slow [7]. Optimization problem in supervised learning can be shown as sum of squared errors between output activations and target activations in neural network as well as the minimum weights. BPN can be changed to new SMFFNN model with high accuracy and low processing time by using PWLA technique [12, 13]. 1) Potential Weights Linear Analysis Potential Weights Linear Analysis (PWLA) is one technique for reducing training process and fast classification in new SMFFNN model with high accuracy [12]. The key ideas in PWLA technique and new SMFFNN model are to recognize high deviations of input values matrix from global mean and next is pre-training using the meaning of vector

Events: Processing of updating beliefs and to operate actions, Goals: Considering objectives accomplish and can be updated, of system to

Beliefs: Handling accumulated information about the environment, Plans: Using plan library for handling events and achieve goals, Messages: Necessary for agents to interact, Protocols: Rules of interaction.

Yoav and Kevin (2009) and Michael (2001) explained about Agent Based System (ABS) and intelligent agent as two relevant streams and the gap of one united framework for combination these two [18, 9]. Intelligent multi agent systems have great potentials and relevant to use in different research areas especially in virtual environments to support machine learning model with the whole complexity of the real world [15]. Bobek and Perko (2006) showed that intelligent agents can be used for [1]: • Intelligent Acquisition: To collect unstructured data from environment of system. The suitable input values and their weights will be recognized by multi-agents.

169 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

torque formula. The aim of applying PWLA technique is to recognize and find which input values have more differences and deviations to global mean. These deviations cause more scores for their values. After illustration of weak and strong weights, PWLA can omit weak weights and just enter strong weights to training process of SMFFNN model. Input values of PWLA can be from numeric type, range and measurement unit. If the dataset is large, there is a high chance that the vector components are highly correlated (redundant). PWLA method is able to solve this problem. There are three phases in implementing PWLA: a) Data preprocessing: This phase is normalization of input values. The technique of "Min and Max" is used. Each value is computed to find the ratio to average of all columns. b) Pre-training: In improving pre-training performance, potential weights are initialized. The first distribution of standard normalized values is computed. Therefore, PWLA does not need to use any random number for initialization of potential real weights and input of pre-training phase is normalized input values. The input values vectors create vector torques. Distributions of standard normalized values show the arms of vector torques which are weights. Global mean is the center of vectors torques. The weights show deviations of input values matrix from global mean. Each weight is equivalent to sum of all absolute of normal values in each instance. This definition of weight is based on statistical and mathematical definition of normalization distribution and vector torque. c) Dimension reduction: PWLA can map high dimension matrix to lower dimension matrix based on strong potential weights, and the suitable sub-matrix of necessary attributes can be selected. The strong weight causes high variance. If the dimension of the input vectors be large, the components of the vectors are highly correlated (redundant). PWLA can solve this problem in two ways. First, after equivalence, the global mean take place as one constant at special point of axis of vector torques and the weights are distributed between vectors. In other way, it can solve redundancy by dimension reduction. This phase of PWLA can be performed in hidden layer during pruning. PWLA technique outputs are dimension reduction of normalized input values and potential weights. 2) New Supervised Multi-layer Feed Forward Neural Network Model (SMFFNN) New SMFFNN model will process based on the algebraic consequence of vectors torques [13]. Each torque shows a real worth of each value between whole values in matrix. Recall that BPN uses sigmoid activation function to transform actual output between domain [0, 1] and to compute error by using the derivative of the logistic function in order to compare actual output with true output. True output forms the basis of the class labels in a given training dataset. Here, PWLA computes potential weights and new SMFFNN computes desired output by using binary step function instead of sigmoid function as activation function. Also there is no need to compute error and the derivative of the logistic function for the purpose of comparison between the actual output and the true output. New SMFFNN applies

PWLA similar to the simple neural network. The number of layers, nodes, weights, and thresholds in new SMFFNN using PWLA pre-processing is logically clear without presence of any random elements. New SMFFNN will classify input data by using output of PWLA, whereby there is one input layer with several input nodes, one hidden layer, and one output layer with one node. Here, new SMFFNN exists only in one epoch during training processing without the need to compute bias and error in hidden layer. In evaluating the test set and predicting the class label, weights and thresholds are clear and class label of each instance can be predicted by binary step function. III) A FRAMEWORK FOR INTELLIGENT MULTI AGENT SYSTEM BASED NEURAL NETWORK CLASSIFICATION MODEL This section has a discussion on solving the gap of lacking in one united framework for combination of two relevant flows which are intelligent multi agent systems in real world and learning systems. The proposed framework in virtual environment is intelligent agent based neural network classification using new SMFFNN model. For illustration of framework, we select the clinical organization and its environment. There are several issues in this system such as intelligent acquisition, intelligent modeling and intelligent delivery. Figure 1 shows outline of intelligent multi agent based neural network classification system.

Figure 1. Outline of intelligent multi agent based neural network classification system

• Intelligent acquisition: To generate knowledge based on gathering data by PWLA preprocessing and pre-training technique about population, health centers, distribution of offices and branches of clinical organization, staffs, etc. Outputs of PWLA are normalized input values and potential real weights. • Intelligent modeling: To handle data, rules, plans, and future prediction. In this paper, one framework using new SMFFNN model for intelligent classification with high accuracy and speed is proposed [13]. This framework earns its information from the respective environment and PWLA technique helps to prepare suitable and real values and weights. New SMFFNN model uses outputs of PWLA and classifies and predicts desired output. If selection of the attributes and input values be good and suitable, the accuracy of classification can be reach to 100% [12]. The intelligent multi agent framework has several agents that apply the outputs of PWLA technique and the output of new SMFFNN model. The argument is capable of handling regulated, structured data, enhanced with unstructured data, derived from

170 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

various and distributed sources, investment records, plans, realizations and etc. • Intelligent delivery: Advanced reporting based on managers' views by using management and decision systems such as MIS and DSS, and so ability to proactively respond to exceptional events, to decide and upgrade rules and plans. Output of framework will be intelligent results and advanced report via MIS, DSS and so on that they help managers to act best rules in front of events of environment. This intelligent agent system has feedback for updating believes and rules too. Suppose that the government tries to cover all over the country with health network. If it is considered one branch of clinical organization with full facilities and appliances for each zone, it is not economical and it has a lot of cost. Therefore the government's analyzers and designers have to classify the zones based on two class labels. The zones with class label 1 are main or central zones and the zones with class label 2 are depended zones. The government constructs or improves big hospital with full facilities and appliances for main zones. Main zones must support depended zones. So depended zones will have health centers or clinics with limited facilities. Classification of zones and management of clinical organization are very difficult in the traditional system and using an intelligent classification model is necessary. Therefore, a clinical organization based on multi agent system must be considered and then an intelligent agent for classification with high accuracy and low processing time must be considered as well. The traditional organization chart has several problems in managing, especially in managing of information and earning the desired outputs such as redundancy of data, multiple updating in Data Base Management System (DBMS). The traditional chart can be changed to intelligent multi agent system based neural network classification. The figure 2 shows pyramid of clinical organization which is one simple purposed chart with two main agents and one head.

information is distributed and we need one system with several branches for gathering data. Therefore, there are several different sub-agents in this system such as agent of intelligent classification, agent of staff management, agent of facilities management and etc. Figure 3 shows details of the management information agent of clinical organization:

Figure 3. Details of the management information agent of clinical organization

The information is collected in one database and classified by intelligent classification model. The information of clinical environment is stored in one database, and it will be controlled in the Data Base Management System by DBA (Data Base Administrator). Advantages of DBMS are: • • Minimizing redundancy, high security, integrity and reliability of data Considering three layers for data: Internal/physical layer, Conceptual/abstract layer, External layer/high level view for query. Creating relational dataset


Figure 2. Pyramid of clinical organization

DBMS collects different databases from clinical environment with their attributes, instances and relation sets. Intelligent classification agent classifies instances and predicts their situations, based on different goals of system and selected attributes, by sub-agents of management information agent. the the

The management information agent information from Clinical environment.

collects Usually,

171 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

The management information agent sends the reports of knowledge to planning and management of activation agent for applying by DSS, MIS, statistical and scientific software, and other management systems. The plans and rules will be updated and advanced reports will send to organization head for confirmation and action permission. For best clinical services to all people in all over the country, the country must be considered as environment of system. Health centers, hospitals and branches of clinical organization must be distributed on everywhere of the country. For approach to this goal, we select one type of two special clinical organization chart types for every zone based on social, political and economical conditions of the zones. Therefore, the zones must be classified based on their information. Predicting the class label of each zone will help to managers which type of charts is suitable for each zone. Figures 4 and 5 show two special clinical organization chart types of A and B [ 017.htm] as follow:

Figure 5. Type B: Health center with simple organization for small and depended zones

Main zones will have big hospitals with complex organization and they will be selected as central zones for depended zones in around of them. Small zones are depended zones and will have health centers with simple organization. The managers must select necessary attributes to classify zones and PWLA technique is able to help them. They must illustrate which zones must be centers, which zones must be around of central zones and use conveniences and facilities of them. For classification of zones, the first necessary attributes of each database must be selected. For example, they can select eight attributes: 1-City population of each zone, Rural population of each zone from database of Social status of zones, 2-Area of each zone, 3-The number of neighbors of each zone, 4-The distance between each zone and capital from database of 5Geographical and Political status of zones, 6-The number of local employees in each zone from database of Staffs in each zone, 7-The number of persons with medical insurance in each zone, 8-The number of health centers or hospital in each zone from database of Clinical organization and its branches in each zones. Subagent of intelligent classification receives those attributes via DBMS in physical layer and classified zones by using new SMFFNN model and PWLA. Figure 6 shows intelligent classification of zones.

Figure 4. Type A: Big hospital with complex organization for central or main zones

172 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

This example was one case which applies intelligent classification. There are several goals and plans in this system that they need intelligent classification. These processes can be run in parallel. Intelligent multi agent based neural network classification system has capability of predicting future status and showing complex relations between components of systems. IV) CONCLUSIONS AND FUTURE WORK Agent based system and intelligent agents are two important issues in research area. Intelligent multi agent systems have great potentials to use in different purposes. We consider the problem of lacking in one united framework for combination of two relevant flows which are intelligent multi agent systems in real world and learning systems for creation one intelligent framework in virtual environment. The traditional prototypes and old systems can be changed to intelligent multi agent system with clear components, relationships, and better control of them. We discussed about this framework by using new SMFFNN model as neural network classification in the environment of the clinical organization. As mentioned that the new SMFFNN model is derived by applying PWLA technique to BPN. Therefore, other neural network models can also be changed to new the one by applying PWLA as well. Then, for future work, we will improve this intelligent framework by using other new models and apply them to other environments.
Figure 6. Intelligent classification of zones

[1] Bobek, S. and Perko, I., 2006. Intelligent Agent Based Business Intelligence. University of Maribor, Faculty of Economics and Business, Razlagova ulica14, SI-2000 Maribor, Slovenia. [2] Bobek, S., Sternad, S. and Perko, I., 2005. Business Performance Models In Management Information Systems: [3] David, P., Alan, M. and Randy, G., 1998. Computational Intelligence: A Logical Approach. New York: Oxford University Press. [4] Han, J. and Kamber, M. 2001. Data Mining: Concepts and Techniques. Simon Fraser University, Academic Press. Information Quality Issues. International Institute for Advanced Studies in Systems Research and Cybernetic, IIAS. [5] Langseth, J. and Vivarat, N., 2005. Why Proactive Business Intelligence Is A Hallmark Of The Real-Time Enterprise: Outward Bound. Intelligent enterprise. [6] Lin, L., Osan, R. and Tsien J.Z. 2006. Organizing Principles of Real-time Memory Encoding: Neural Clique Assemblies and Universal Neural Codes. Center for Systems Neurobiology, Departments of Pharmacology and Biomedical Engineering, Boston University, Boston, MA 02118, USA. Shanghai Institute of Brain Functional Genomics, and the Key Laboratory of Chinese Ministry of Education, East China Normal, University, Shanghai 200062, China. [7] Mark, W.C. and Jude, W.S. 1999. Using Neural Networks for Data Mining. Computer Science Department, Carnegie Mellon University, University of Wisconsin-Madison. [8] Mitra, S. Pal, S.K. and Mitra, P. 2002. Data Mining in Soft Computing Framework: A Survey. IEEE Trans. Neural Networks, 13(1):3–14. [9] Michael W., 2001. An Introduction to Multi agent systems. Department of Computer Science, University of Iiverpool, UK. ISBN 0-471-49691X. [10] Nils, N., 1998. Artificial Intelligence: A New Synthesis. Morgan Kaufmann Publishers. ISBN 978-1-55860-467-4.

Physical layer earns its input values of necessary attributes for classification of zones from different data bases of system. The class of each zone will show that the zone is main zone or depended zone and which type of clinical organization charts is necessary for this zone. Figure 7 shows four main zones with big equipped hospital that are able to cover and support depended zones surround them.

Main zone with big hospital and chart type: A Depended zone with health center and chart type: B Figure 7. Covering all depended zones by four main central zones

173 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

[11] Padghan, L. and Winikopff, M., 2004. Developing Intelligent Agent Systems. Wiley. [12] Roya, A., Norwati, M., Nasir, S. (2009). Training Process Reduction Based On Potential Weights Linear Analysis To Accelerate Back Propagation Network, Accepted by International Journal of Computer Science and Information Security (IJCSIS), Vol. 3, No. 1, July. [13] Roya, A., Norwati, M., Nasir, S. and Nematollah S. (2009). New Supervised Multi layer Feed Forward Neural Network model to accelerate classification with high accuracy, Accepted by European Journal of Scientific Research (EJSR), ISSN 1450-216X, Vol. 33 Issue 1, pp.163-178. [14] Stuart J. R. and Peter N., 2003. Artificial Intelligence: A Modern Approach . Second edition, Upper Saddle River, NJ: Prentice Hall, ISBN 0-13-790395-2. [15] Vijayan S. 2006.Application of agents and Intelligent Information Technologies. ISBN 1-59904-265-7.Published in USA by Idea group publishing. [16] Werbos, P.J. 1974. Beyond Regression: New Tools for Prediction and Analysis in the Behavioral Sciences. PhD Thesis, Harvard University, Cambridge, MA. [17] Wooldridge, M., 2002. An Introduction To Multi Agent Systems. West Sussex, Willey. [18] Yoav Sh. and Kevin L., 2009. Multi Agent Systems: Algorithmic, GameTheoretic, and Logical Foundation. First published. Printed in the USA. ISBN 978-0-521-89943-7.

AUTHORS PROFILE Dr. Prof. Md. Nasir bin Sulaiman is a lecturer in Computer Science in Faculty of Computer Science and Information Technology, UPM and as an Associate Professor since 2002. He obtained Ph. D in Neural Network Simulation from Loughborough University, U.K. in 1994. His research interests include intelligent computing, software agents and data mining. Dr. Norwati Mustapha is a lecturer in Computer Science in Faculty of Computer Science and Information Technology, UPM and head of department of Computer Science since 2005. She obtained Ph. D in Artificial Intelligence from UPM, Malaysia in 2005. Her research interests include intelligent computing and data mining. Roya Asadi received the Bachelor degree in Computer Software engineering from Electronical and Computer Engineering Faculty, Shahid Beheshti University and Computer Faculty of Data Processing Iran Co. (IBM), Tehran, Iran. She is a research student of Master of Computer science in database systems in UPM university of Malaysia. Her professional working experience includes 12 years of service as Senior Planning Expert 1. Her interests are in Intelligent Systems and Neural Network modeling.

174 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

' "
! " $ % " # & & ( % ! # & & ! , ! , 0 16# 7# 8# 9# :# ;# 2<# 22# (

! 234&
! " ! # $ " % !

! ! , 1254# ,


, 0# , ! 125# 26# 27# 28# 29 & ! & =

2:4# , , 0 ! ' &


, 0

! & ! " ! "

126# 274 , > & ( & ! + 0 !

, -+ ! ! + , , + ! & + , 0 1294# ! ! , &( / ! # ! ((+ .& 12:4? , ! & , , & # ((+ .# &( , ! ! .


, 1284 , ,

& + ! # ! '

)( *

( *)

! ! !! & *. # / ! , 0 , 0 154& ( ! & #, 164& ( ! , 0 , ! & ( , 0 12# 34# !! ! ! !! , ' , -( ( ( 12:4 ! # ! ! , # # ,

12:4# , + !



* -" *.# !




# # #,


/ ((+ ((+ & & , ! # /

, -




, , , &

# ,

175 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

" $

# , 0, &= , *$( ! 2 &( , ! 0 , & = , 0 ! # & A B@ 0 A ! & , !! ! ) ,# , ' , ! &A 3 , & ! / 0 , ' ! # E2 $. & ! # # , 0 &(
2 2

!$ %& '


! !

3 )

2 2 '

1 1 # ! ' !! ' 12:4 #

2 # , & ' !!

1 0 $& # &

* A (

! 0 0! , , 0 0 , -!.

- )). *%&*' &* , 0 @") =") , ! !+ 0 ))& , 0 -" ,.& " !

126# 27# 28 &( !

294 , , 0 ! 12:4& = ! ! ! , , &


, B ( ' , ' 0 ' !



C--.# BD C-.. , 0

0 , # BA ,C-!.# C - .&


( #'$

4! ? ! & #($ ( !! ! , & #)$ / & #*$ ( F , ' ! ! .# 12;# 3<4? / # ! F & #+$ & . ! / @ 0 F # , , 0 ,

/ F # ! , ! ! ! 1 G !

0 '

! ! -!


, ! ! !! / @ 0 HG , ! / # ? ! ! ! / !! #2 # 1 &*

-'. -(.

0@ 0


= !!


! -2. -3. & ! #

0 0

" , /


& 2& ) , 0

# , 12;# 3<4#

• "56 - $ 7 5 8 7 $


! -.,


, % & )1 ( (
7 $/ 9 ) / 0
A 3& (


1 / ! !!

1 , ! , ! ! ! / - .& ) / # # ! . - .& , 132# 334& & ! / #



- . & ) / # .

176 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

! #,

, # # ! ' .# -*.
   

& #)$ > !! ! > ! 0 # 0 ,

0 , &=

# & #+$ + & , >


, ,

' . !& #*$ , ,

  %  ; ' 4       %  ' 4    

&( ! , 1354?

 +ε 42  

 4 :  

   


-+. -,. , ! ! ! ! & # β # #ε ,

) ,, , C


4 1)

A ,& #'$ , ,.# ! ! ! 0 , & 0, 0


! ! 1 /

,& #($ = ,.# ! , !! & #*$ + 0 , .& = BD @ C ! # , A ,# , #

! ! ! ! , ' . , ! 0! # B@ 0 A C BD @

! ! B@ 0 A 0 0 , & #)$ " 0# & #+$ CA , C& ! & A = 0 D

&+ , , 1364& ( ! !

# B@ 0 A #

( , > , BG 5 4!45& ' ! >5

  %  ; ' 4       %  ' 4      %   + 
A ! E2#3#

 4β  

 4 1  

 +ε  


' '
' '

   



1364? --. !

! 12:4




   

! ! - E2 $.# ' ! ! - E2 $.& !

-.. -23.? -/.

! -6. -8. ! > & -2<.

/ & &
*)I ( *) *)( *@ *




# ! / !

, 0 12:4 ! & # ! &

$     % α  ' 4  4 β ! ? δ     ? ='   !    !  %'  + ε 4 25  01 % !  ' 4     !      $  5 1 6 + 5@∑ ! % 5 ! 4 1  δ !1    =' 




#''$ #'($


" ((+ ! -9. -2<.# ! -25. -27.#, , .?
 4β 

12:4# , # ((+ -



49 2 <






  % α  ' 4   

$ ? ='


! , # & > I ! !, # # , ? #'$ , ! ( , -!. , 0 > > ! "D , ! ( -"D . - & & .# # "D ! , 0 ,& #($ = # , > 0 , ' , ! & #

$   !  5 =' −η % 5 ϕ $ 5+  5+ !  =' 

 %!   

 !  ' 4 +ε   !  

  +!?  

5 5 +!
      



   





∑! + 5 + ∑!


177 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

, , 5

! !# A 2 !! !5

, ! ! !


# β ! !

5 !! !! 5& θ -+.& &)

$ ( ((+ " ' 1 # #

% ! F )) )) D )) E < ! $ 31 2 $ $ 5 D 5 & % ((+ 0 , 0 ? ' 1 < + $ 5 G " , + $ 5 1 + 1 3 $ 3 1 + ! ! ((+ 0 !! ! ,? F ∈ 1 3 $ / ! &


5 , !

-25. -27. ! , 0 0& ( ! ! ' ! &

/ !

0 !# > , # !

, , 0 ! , ' & & -+B$.# , ' -+.& = ! , !


, ' & ! 0 0#

$ , !

! 0 ! # ,

( 0 # 0 , &

/ ((+

, %+B !

&= ! ?

α =+

=δ =

= 2 = ϕ =θ =η = ' A=β = C


= +B
# ? -25. ! 0 -26. !5 ! -25. & -28. 0 -28. # ,

#',$ ' ! , + ' 1 1 0

+ • • • > ' > ( > -" .& + = ((+ " , > ,

! -25. -27.

% ((+ < " $

F ! ! $ 1 3 0 0 G G H F
+! 42

$ 0& + <
5 5 +!   01  

? 5 4



! &

!! ! , & ! ! ! > ,


 %!   


 !  ' 4 +ε   !  


) 0


K ! , & G&
@@ ( "( G

K 0

! , 0 #

-25. -27. ! 1364

& = ((+ , !



#))+ J"D , 0 & @0 ( , , -26. , , -! . # # , ! ! 5 7 $+ 0 K & 5

# & 0


& " 12:4# , , 0 ! A 2 , 0 , 0 7< 0 J (( -! / ! ))E3< ' E27<< + # , ! .& * 0 ! , 0 , 0 J ((& = ! , # , >& -28.# -25. -27. ! , ! , 0?
  !'  % ' 4  4 C ! +  C   '  + ! ! + +
   

! 0 ! 5< ! 2<< &+

! 0

E )1 7 ! E )1 7 "# E 3 ((+ K

!D !D +


!I !I +

   


1 ? & K #

!'  % !'  (' 4 !'  

C) + C

+ !'


5 5 + !'


178 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009


 % !  (' 4 !  

C) + C



5 5 +!

   


!! ' ! ! ! & -6. " ! , ! >

& -3. ! & -5. ! ! > & ! & , > , 0


!D  % !D  (' 4 !D   !I  % !I  (' 4 !I  

C) + C C) + C

5   4 + !D 5 + !D   5 5 + !I    



+ !I




 !' + ! + !D + !I % 5 ! +! +! +! + 5 4 5 + D I  '

(5 + !' + ! + !D + !I I )   (5 + !' + ! + !D + !I I )  #(($ 
# ? % !D 0 %' !I 6; ! ! 0 ! $ ! ! ! , $ ! , , , ' .& ( &* # , & %D ! 7<&

= / ) + ' "! , ! , ? ' 1 , A > > ( 2 , ' ( ! ) 3 ' ,


, 9&2 %' !

%C 5%C !'

>& -33. , # 2J7< ! > ! 5%C

! 0 ! ((+ A & -5. -6.& ! #, ? 5& / ?A ! 2<<M& ?" > > , !, 2< 0 & $ > # 4 6# 0 0 , & , F ! 5 ! 6 , ! ! > 137# 384.& , 0& " #


> ! ' A 0 ! 0 5" , # > & ( ! 6

' # ! 0 0 > & & (

A / > !

* & 5

& A

' ! A ! 8&

! ((+ -2<. -23. ! ! ! G& , &( , ? -2. !

, , ((+ > &
*) @

A &

7 ((+


# !






! ((+




' -! .

179 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

A A 6& ( > ((+ K


! ((+ >

K 12:4




A 124 134 154 & K ?" & ! #" " A& # !! ) , 0 + 3;# 3<<7& & = # " ( > & A # , , 0 ,# 2;;2& & # & A -(A .? ( 0A # 3<<5& & # G& # ! # & & @ ,# A& ( J & & @ ,# @& # !" A& N # ( ( A& N # "& , 0? , * & & @ ,# & & @ & & " # & + *) ( # 3<<8& # & A #" # "

) " # ! # !) , H" * ! # , # ! !! # & = # ( # A 528:# A / # 2;;;& " ,# ! ? ! , # 3<<7& 0 # 2;;8&

164 174

# , 2? * # &


194 1:4 1;4 12<4 1224



! ((+




' -! .# 12:4

1234 1254

& ( , # =& I # " ! # 3<<2& # &= # & & # @ ! # ) , 0 # # 3<<5& # @&= # G ? # 3<<3& ! !! # # 2;;9& # & ( # ! # ! # ! # 2;;:& #* ' ! , ? J" ( ) , 0 # 2;;;& # " A , 0 ! + ) , 0# J"

180 ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 5, No. 1, 2009

1264 (

& "



# ) , 0# 3<<8# ? # + # ) ) 0 # ?

! #

1324 A ! 1334


& &# =


# 3<<9& # & A , 0# " # 3<<9& 1284 & " # & & " -@) # + # + & ' # # #

# +

1354 1364 ( 1374 1384


& "

12:4 ! 12;4


13<4 & &

# = )" 3<<9#@ .# ) & 6739# 3<<9& & # > + # ! @) + -( +.# 3<<9& & # A ) # # 28-2.# 3<<:& "& # # 3<<5& + ? & # 3<<3&

( ? ! ) , 0 + # ( ? " #

# "&# , 93?:;8# 2;;2& & # &A # !! ! , #" ) &N & # ( @ #$ ! A& N # 3<<2 + # & " # & # ( ! # 3<<7&

# &# B C# &+ # (& B

! & 55?379# 2;99& ! C

! 2# 3<<<& A , # & 2-3.# 3<<6& ! # G #+ # 3<<2& A ( # 3<<7#


181 ISSN 1947-5500

Assist Prof (Dr.) M. Emre Celebi, Ph.D., Department of Computer Science, Louisiana State University in Shreveport, USA Dr. Lam Hong Lee, Universiti Tunku Abdul Rahman, Malaysia Dr. Shimon K. Modi, Director of Research BSPA Labs, Purdue University, USA Dr. Emanuele Goldoni, University of Pavia, Dept. of Electronics, Italy Assoc. Prof. N. Jaisankar, VIT University, Vellore,Tamilnadu, India Dr. Amogh Kavimandan, The Mathworks Inc., USA Dr. Ramasamy Mariappan, Vinayaka Missions University, India Dr. Yong Li, School of Electronic and Information Engineering, Beijing Jiaotong University, P.R. China Assist. Prof. Sugam Sharma, NIET, India / Iowa State University, USA Dr. Neeraj Kumar, SMVD University, Katra (J&K), India Dr. Junjie Peng, Shanghai University, P. R. China Dr. Ilhem LENGLIZ, HANA Group - CRISTAL Laboratory, Tunisia Prof. Dr. Durgesh Kumar Mishra, Acropolis Institute of Technology and Research, Indore, MP, India Jorge L. Hernández-Ardieta, University Carlos III of Madrid, Spain Prof. Dr.C.Suresh Gnana Dhas, Anna University, India Prof. Pijush Biswas, RCC Institute of Information Technology, India Dr. Siddhivinayak Kulkarni, University of Ballarat, Ballarat, Victoria, Australia Dr. A. Arul Lawrence, Royal College of Engineering & Technology, India Mr. Wongyos Keardsri, Chulalongkorn University, Bangkok, Thailand Mr. Somesh Kumar Dewangan, CSVTU Bhilai (C.G.)/ Dimat Raipur, India Mr. Hayder N. Jasem, University Putra Malaysia, Malaysia Mr. A.V.Senthil Kumar, C. M. S. College of Science and Commerce, India Mr. R. S. Karthik, C. M. S. College of Science and Commerce, India Mr. P. Vasant, University Technology Petronas, Malaysia Mr. Wong Kok Seng, Soongsil University, Seoul, South Korea Mr. Praveen Ranjan Srivastava, BITS PILANI, India Mr. Kong Sang Kelvin, Leong, The Hong Kong Polytechnic University, Hong Kong Mr. Mohd Nazri Ismail, Universiti Kuala Lumpur, Malaysia Dr. Rami J. Matarneh, Al-isra Private University, Amman, Jordan Dr Ojesanmi Olusegun Ayodeji, Ajayi Crowther University, Oyo, Nigeria Dr. Riktesh Srivastava, Skyline University, UAE Dr. Oras F. Baker, UCSI University - Kuala Lumpur, Malaysia Dr. Ahmed S. Ghiduk, Faculty of Science, Beni-Suef University, Egypt and Department of Computer science, Taif University, Saudi Arabia Mr. Tirthankar Gayen, IIT Kharagpur, India Ms. Huei-Ru Tseng, National Chiao Tung University, Taiwan

Prof. Ning Xu, Wuhan University of Technology, China Mr Mohammed Salem Binwahlan, Hadhramout University of Science and Technology, Yemen & Universiti Teknologi Malaysia, Malaysia. Dr. Aruna Ranganath, Bhoj Reddy Engineering College for Women, India Mr. Hafeezullah Amin, Institute of Information Technology, KUST, Kohat, Pakistan Prof. Syed S. Rizvi, University of Bridgeport, USA Mr. Shahbaz Pervez Chattha, University of Engineering and Technology Taxila, Pakistan Dr. Shishir Kumar, Jaypee University of Information Technology, Wakanaghat (HP), India Mr. Shahid Mumtaz, Portugal Telecommunication, Instituto de Telecomunicações (IT) , Aveiro, Portugal Mr. Rajesh K Shukla, Corporate Institute of Science & Technology Bhopal M P Dr. Poonam Garg, Institute of Management Technology, India Mr. S. Mehta, Inha University, Korea Mr. Dilip Kumar S.M, University Visvesvaraya College of Engineering (UVCE), Bangalore University, Bangalore Prof. Malik Sikander Hayat Khiyal, Fatima Jinnah Women University, Rawalpindi, Pakistan Dr. Virendra Gomase , Department of Bioinformatics, Padmashree Dr. D.Y. Patil University Dr. Irraivan Elamvazuthi, University Technology PETRONAS, Malaysia Mr. Saqib Saeed, University of Siegen, Germany Mr. Pavan Kumar Gorakavi, IPMA-USA [YC] Dr. Ahmed Nabih Zaki Rashed, Menoufia University, Egypt Prof. Shishir K. Shandilya, Rukmani Devi Institute of Science & Technology, India Mrs.J.Komala Lakshmi, SNR Sons College, Computer Science, India Mr. Muhammad Sohail, KUST, Pakistan Dr. Manjaiah D.H, Mangalore University, India Dr. S Santhosh Baboo, D.G.Vaishnav College, Chennai, India Prof. Dr. Mokhtar Beldjehem, Sainte-Anne University, Halifax, NS, Canada Dr. Deepak Laxmi Narasimha, Faculty of Computer Science and Information Technology, University of Malaya, Malaysia Prof. Dr. Arunkumar Thangavelu, Vellore Institute Of Technology, India Mr. M. Azath, Anna University, India Mr. Md. Rabiul Islam, Rajshahi University of Engineering & Technology (RUET), Bangladesh Mr. Aos Alaa Zaidan Ansaef, Multimedia University, Malaysia Dr Suresh Jain, Professor (on leave), Institute of Engineering & Technology, Devi Ahilya University, Indore (MP) India, Mr. Mohammed M. Kadhum, Universiti Utara Malaysia Mr. Hanumanthappa. J. University of Mysore, India Mr. Syed Ishtiaque Ahmed, Bangladesh University of Engineering and Technology (BUET) Mr Akinola Solomon Olalekan, University of Ibadan, Ibadan, Nigeria Mr. Santosh K. Pandey, Department of Information Technology, The Institute of Chartered Accountants of India

Dr. P. Vasant, Power Control Optimization, Malaysia Dr. Petr Ivankov, Automatika - S, Russian Federation Dr. Utkarsh Seetha, Data Infosys Limited, India Mrs. Priti Maheshwary, Maulana Azad National Institute of Technology, Bhopal Dr. (Mrs) Padmavathi Ganapathi, Avinashilingam University for Women, Coimbatore Assist. Prof. A. Neela madheswari, Anna university, India Prof. Ganesan Ramachandra Rao, PSG College of Arts and Science, India Mr. Kamanashis Biswas, Daffodil International University, Bangladesh Dr. Atul Gonsai, Saurashtra University, Gujarat, India Mr. Angkoon Phinyomark, Prince of Songkla University, Thailand Mrs. G. Nalini Priya, Anna University, Chennai Dr. P. Subashini, Avinashilingam University for Women, India Assoc. Prof. Vijay Kumar Chakka, Dhirubhai Ambani IICT, Gandhinagar ,Gujarat Mr Jitendra Agrawal, : Rajiv Gandhi Proudyogiki Vishwavidyalaya, Bhopal Mr. Vishal Goyal, Department of Computer Science, Punjabi University, India Dr. R. Baskaran, Department of Computer Science and Engineering, Anna University, Chennai Assist. Prof, Kanwalvir Singh Dhindsa, B.B.S.B.Engg.College, Fatehgarh Sahib (Punjab), India Dr. Jamal Ahmad Dargham, School of Engineering and Information Technology, Universiti Malaysia Sabah Mr. Nitin Bhatia, DAV College, India Dr. Dhavachelvan Ponnurangam, Pondicherry Central University, India

CALL FOR PAPERS International Journal of Computer Science and Information Security IJCSIS 2009-2010 ISSN: 1947-5500
International Journal Computer Science and Information Security, now at its fourth edition, is the premier scholarly venue in the areas of computer science and security issues. IJCSIS 2009-2010 will provide a high profile, leading edge platform for researchers and engineers alike to publish state-of-the-art research in the respective fields of information technology and communication security. The journal will feature a diverse mixture of publication articles including core and applied computer science related topics. Authors are solicited to contribute to the special issue by submitting articles that illustrate research results, projects, surveying works and industrial experiences that describe significant advances in the following areas, but are not limited to. Submissions may span a broad range of topics, e.g.:

Track A: Security Access control, Anonymity, Audit and audit reduction & Authentication and authorization, Applied cryptography, Cryptanalysis, Digital Signatures, Biometric security, Boundary control devices, Certification and accreditation, Cross-layer design for security, Security & Network Management, Data and system integrity, Database security, Defensive information warfare, Denial of service protection, Intrusion Detection, Anti-malware, Distributed systems security, Electronic commerce, E-mail security, Spam, Phishing, E-mail fraud, Virus, worms, Trojan Protection, Grid security, Information hiding and watermarking & Information survivability, Insider threat protection, Integrity Intellectual property protection, Internet/Intranet Security, Key management and key recovery, Languagebased security, Mobile and wireless security, Mobile, Ad Hoc and Sensor Network Security, Monitoring and surveillance, Multimedia security ,Operating system security, Peer-to-peer security, Performance Evaluations of Protocols & Security Application, Privacy and data protection, Product evaluation criteria and compliance, Risk evaluation and security certification, Risk/vulnerability assessment, Security & Network Management, Security Models & protocols, Security threats & countermeasures (DDoS, MiM, Session Hijacking, Replay attack etc,), Trusted computing, Ubiquitous Computing Security, Virtualization security, VoIP security, Web 2.0 security, Submission Procedures, Active Defense Systems, Adaptive Defense Systems, Benchmark, Analysis and Evaluation of Security Systems, Distributed Access Control and Trust Management, Distributed Attack Systems and Mechanisms, Distributed Intrusion Detection/Prevention Systems, Denial-of-Service Attacks and Countermeasures, High Performance Security Systems, Identity Management and Authentication, Implementation, Deployment and Management of Security Systems, Intelligent Defense Systems, Internet and Network Forensics, Largescale Attacks and Defense, RFID Security and Privacy, Security Architectures in Distributed Network Systems, Security for Critical Infrastructures, Security for P2P systems and Grid Systems, Security in ECommerce, Security and Privacy in Wireless Networks, Secure Mobile Agents and Mobile Code, Security Protocols, Security Simulation and Tools, Security Theory and Tools, Standards and Assurance Methods, Trusted Computing, Viruses, Worms, and Other Malicious Code, World Wide Web Security, Novel and emerging secure architecture, Study of attack strategies, attack modeling, Case studies and analysis of actual attacks, Continuity of Operations during an attack, Key management, Trust management, Intrusion detection techniques, Intrusion response, alarm management, and correlation analysis, Study of tradeoffs between security and system performance, Intrusion tolerance systems, Secure protocols, Security in wireless networks (e.g. mesh networks, sensor networks, etc.), Cryptography and Secure Communications, Computer Forensics, Recovery and Healing, Security Visualization, Formal Methods in Security, Principles for Designing a Secure Computing System, Autonomic Security, Internet Security, Security in Health Care Systems, Security Solutions Using Reconfigurable Computing, Adaptive and Intelligent Defense Systems, Authentication and Access control, Denial of service attacks and countermeasures, Identity, Route and

Location Anonymity schemes, Intrusion detection and prevention techniques, Cryptography, encryption algorithms and Key management schemes, Secure routing schemes, Secure neighbor discovery and localization, Trust establishment and maintenance, Confidentiality and data integrity, Security architectures, deployments and solutions, Emerging threats to cloud-based services, Security model for new services, Cloud-aware web service security, Information hiding in Cloud Computing, Securing distributed data storage in cloud, Security, privacy and trust in mobile computing systems and applications, Middleware security & Security features: middleware software is an asset on its own and has to be protected, interaction between security-specific and other middleware features, e.g., context-awareness, Middleware-level security monitoring and measurement: metrics and mechanisms for quantification and evaluation of security enforced by the middleware, Security co-design: trade-off and co-design between application-based and middleware-based security, Policy-based management: innovative support for policy-based definition and enforcement of security concerns, Identification and authentication mechanisms: Means to capture application specific constraints in defining and enforcing access control rules, Middleware-oriented security patterns: identification of patterns for sound, reusable security, Security in aspect-based middleware: mechanisms for isolating and enforcing security aspects, Security in agent-based platforms: protection for mobile code and platforms, Smart Devices: Biometrics, National ID cards, Embedded Systems Security and TPMs, RFID Systems Security, Smart Card Security, Pervasive Systems: Digital Rights Management (DRM) in pervasive environments, Intrusion Detection and Information Filtering, Localization Systems Security (Tracking of People and Goods), Mobile Commerce Security, Privacy Enhancing Technologies, Security Protocols (for Identification and Authentication, Confidentiality and Privacy, and Integrity), Ubiquitous Networks: Ad Hoc Networks Security, DelayTolerant Network Security, Domestic Network Security, Peer-to-Peer Networks Security, Security Issues in Mobile and Ubiquitous Networks, Security of GSM/GPRS/UMTS Systems, Sensor Networks Security, Vehicular Network Security, Wireless Communication Security: Bluetooth, NFC, WiFi, WiMAX, WiMedia, others

This Track will emphasize the design, implementation, management and applications of computer communications, networks and services. Topics of mostly theoretical nature are also welcome, provided there is clear practical potential in applying the results of such work. Track B: Computer Science Broadband wireless technologies: LTE, WiMAX, WiRAN, HSDPA, HSUPA, Resource allocation and interference management, Quality of service and scheduling methods, Capacity planning and dimensioning, Cross-layer design and Physical layer based issue, Interworking architecture and interoperability, Relay assisted and cooperative communications, Location and provisioning and mobility management, Call admission and flow/congestion control, Performance optimization, Channel capacity modeling and analysis, Middleware Issues: Event-based, publish/subscribe, and message-oriented middleware, Reconfigurable, adaptable, and reflective middleware approaches, Middleware solutions for reliability, fault tolerance, and quality-of-service, Scalability of middleware, Context-aware middleware, Autonomic and self-managing middleware, Evaluation techniques for middleware solutions, Formal methods and tools for designing, verifying, and evaluating, middleware, Software engineering techniques for middleware, Service oriented middleware, Agent-based middleware, Security middleware, Network Applications: Network-based automation, Cloud applications, Ubiquitous and pervasive applications, Collaborative applications, RFID and sensor network applications, Mobile applications, Smart home applications, Infrastructure monitoring and control applications, Remote health monitoring, GPS and location-based applications, Networked vehicles applications, Alert applications, Embeded Computer System, Advanced Control Systems, and Intelligent Control : Advanced control and measurement, computer and microprocessor-based control, signal processing, estimation and identification techniques, application specific IC’s, nonlinear and adaptive control, optimal and robot control, intelligent control, evolutionary computing, and intelligent systems, instrumentation subject to critical conditions, automotive, marine and aero-space control and all other control applications, Intelligent Control System, Wiring/Wireless Sensor, Signal Control System. Sensors, Actuators and Systems Integration : Intelligent sensors and actuators, multisensor fusion, sensor array and multi-channel processing, micro/nano technology, microsensors and microactuators, instrumentation electronics, MEMS and system integration, wireless sensor, Network Sensor, Hybrid

Sensor, Distributed Sensor Networks. Signal and Image Processing : Digital signal processing theory, methods, DSP implementation, speech processing, image and multidimensional signal processing, Image analysis and processing, Image and Multimedia applications, Real-time multimedia signal processing, Computer vision, Emerging signal processing areas, Remote Sensing, Signal processing in education. Industrial Informatics: Industrial applications of neural networks, fuzzy algorithms, Neuro-Fuzzy application, bioInformatics, real-time computer control, real-time information systems, human-machine interfaces, CAD/CAM/CAT/CIM, virtual reality, industrial communications, flexible manufacturing systems, industrial automated process, Data Storage Management, Harddisk control, Supply Chain Management, Logistics applications, Power plant automation, Drives automation. Information Technology, Management of Information System : Management information systems, Information Management, Nursing information management, Information System, Information Technology and their application, Data retrieval, Data Base Management, Decision analysis methods, Information processing, Operations research, E-Business, E-Commerce, E-Government, Computer Business, Security and risk management, Medical imaging, Biotechnology, Bio-Medicine, Computer-based information systems in health care, Changing Access to Patient Information, Healthcare Management Information Technology. Communication/Computer Network, Transportation Application : On-board diagnostics, Active safety systems, Communication systems, Wireless technology, Communication application, Navigation and Guidance, Vision-based applications, Speech interface, Sensor fusion, Networking theory and technologies, Transportation information, Autonomous vehicle, Vehicle application of affective computing, Advance Computing technology and their application : Broadband and intelligent networks, Data Mining, Data fusion, Computational intelligence, Information and data security, Information indexing and retrieval, Information processing, Information systems and applications, Internet applications and performances, Knowledge based systems, Knowledge management, Software Engineering, Decision making, Mobile networks and services, Network management and services, Neural Network, Fuzzy logics, Neuro-Fuzzy, Expert approaches, Innovation Technology and Management : Innovation and product development, Emerging advances in business and its applications, Creativity in Internet management and retailing, B2B and B2C management, Electronic transceiver device for Retail Marketing Industries, Facilities planning and management, Innovative pervasive computing applications, Programming paradigms for pervasive systems, Software evolution and maintenance in pervasive systems, Middleware services and agent technologies, Adaptive, autonomic and context-aware computing, Mobile/Wireless computing systems and services in pervasive computing, Energy-efficient and green pervasive computing, Communication architectures for pervasive computing, Ad hoc networks for pervasive communications, Pervasive opportunistic communications and applications, Enabling technologies for pervasive systems (e.g., wireless BAN, PAN), Positioning and tracking technologies, Sensors and RFID in pervasive systems, Multimodal sensing and context for pervasive applications, Pervasive sensing, perception and semantic interpretation, Smart devices and intelligent environments, Trust, security and privacy issues in pervasive systems, User interfaces and interaction models, Virtual immersive communications, Wearable computers, Standards and interfaces for pervasive computing environments, Social and economic models for pervasive systems, Active and Programmable Networks, Ad Hoc & Sensor Network, Congestion and/or Flow Control, Content Distribution, Grid Networking, High-speed Network Architectures, Internet Services and Applications, Optical Networks, Mobile and Wireless Networks, Network Modeling and Simulation, Multicast, Multimedia Communications, Network Control and Management, Network Protocols, Network Performance, Network Measurement, Peer to Peer and Overlay Networks, Quality of Service and Quality of Experience, Ubiquitous Networks, Crosscutting Themes – Internet Technologies, Infrastructure, Services and Applications; Open Source Tools, Open Models and Architectures; Security, Privacy and Trust; Navigation Systems, Location Based Services; Social Networks and Online Communities; ICT Convergence, Digital Economy and Digital Divide, Neural Networks, Pattern Recognition, Computer Vision, Advanced Computing Architectures and New Programming Models, Visualization and Virtual Reality as Applied to Computational Science, Computer Architecture and Embedded Systems, Technology in Education, Theoretical Computer Science, Computing Ethics, Computing Practices & Applications

Authors are invited to submit papers through e-mail Submissions must be original and should not have been published previously or be under consideration for publication while being evaluated by IJCSIS. Before submission authors should carefully read over the journal's Author Guidelines, which are located at .


To top