Heterogeneous multiprocessor platforms are the foundation of systems that require high computational power combined with low energy consumption, like the IoT and mobile robotics. In this paper, we ...present five new algorithms for the design space exploration of platforms with elements grouped in clusters with very few connections in between, while these platforms have favorable electric properties and lower production costs, the limited interconnectivity and inability of heterogeneous platform elements to execute all types of tasks, significantly decrease the chance of finding a feasible mapping of application to the platform. We base the new algorithms on the Non-dominated Sorting Genetic Algorithm II (NSGA-II) meta-heuristic and the previously published SDSE mapping algorithm designed for fully interconnected multiprocessor platforms. With the aim to improve the chance of finding feasible solutions for sparsely connected platforms, we have modified the parts of the search process concerning the penalization of infeasible solutions, chromosome decoding, and mapping strategy. Due to the lack of adequate existing benchmarks, we propose our own synthetic benchmark with multiple application and platform models, which we believe can be easily extended and reused by other researchers for further studying this type of platform. The experiments show that four proposed algorithms can find feasible solutions in 100% of test cases for platforms with dedicated clusters. In the case of tile-like platforms, the same four algorithms show an average success rate of 60%, with one algorithm going up to 84%.
Botnets are considered as the primary threats on the Internet and there have been many research efforts to detect and mitigate them. Today, Botnet uses a DNS technique fast-flux to hide malware sites ...behind a constantly changing network of compromised hosts. This technique is similar to trustworthy Round Robin DNS technique and Content Delivery Network (CDN). In order to distinguish the normal network traffic from Botnets different techniques are developed with more or less success. The aim of this paper is to improve Botnet detection using an Intrusion Detection System (IDS) or router. A novel classification method for online Botnet detection based on DNS traffic features that distinguish Botnet from CDN based traffic is presented. Botnet features are classified according to the possibility of usage and implementation in an embedded system. Traffic response is analysed as a strong candidate for online detection. Its disadvantage lies in specific areas where CDN acts as a Botnet. A new feature based on search engine hits is proposed to improve the false positive detection. The experimental evaluations show that proposed classification could significantly improve Botnet detection. A procedure is suggested to implement such a system as a part of IDS.
Early application timing estimation is essential in decision making during design space exploration of heterogeneous embedded systems in terms of hardware platform dimensioning and component ...selection. The decisions which have the impact on project duration and cost must be made before a platform prototype is available and software code is ready to be linked and thus timing estimation must be done using high-level models and simulators. Because of the ever increasing need to shorten the time to market, reducing the amount of time required to obtain the results is as important as achieving high estimation accuracy. In this paper, we propose a novel approach to source-level timing estimation with the aim to close the speed-accuracy gap by raising the level of abstraction and improving result reusability. We introduce a concept – elementary operations as distinct parts of source code which enable capturing platform behaviour without having the exact model of the processor pipeline, cache etc. We also present a timing estimation method which relies on elementary operations to craft hardware profiling benchmark and to build application and platform profiles. Experiments show an average estimation error of 5%, with maximum below 16%.
Distributed Denial of Service (DDoS) attacks are a serious threat to Internet security. A lot of research effort focuses on having detection and prevention methods on the victim server side or source ...side. The Bloom filter is a space-efficient data structure used to support pattern matching problems. The filter is utilised in network applications for deep packet inspection of headers and contents and also looks for predefined strings to detect irregularities. In intrusion detection systems, the accuracy of pattern matching algorithms is crucial for dependable detection of matching pairs, and its complexity usually poses a critical performance bottleneck. In this paper, we will propose a novel Dual Counting Bloom Filter (DCBF) data structure to decrease false detection of matching packets applicable for the
SACK
2
algorithm. A theoretical evaluation will determine the false rate probability of detection and requirements for increased memory. The proposed approach significantly reduces the false rate compared to previously published results. The results indicate that the increased complexity of the DCBF does not affect efficient implementation of hardware for embedded systems that are resource constrained. The experimental evaluation was performed using extensive simulations based on real Internet traces of a wide area network link, and it was subsequently proved that DCBF significantly reduces the false rate.
This paper presents a review of current denial of service (DoS) attack and defence concepts, from a theoretical ad practical point of view. Seriousness of DoS attacks is tangible and they present one ...of the most significant threats to assurance of dependable and secure information systems, which is growing in importance. Rapid development of new and increasingly sophisticated attacks requires resourcefulness in designing and implementing reliable defences. We focus on providing a both fresh and relevant state of art reference with included different perspectives, such as economic DoS (EDoS) or offensive countermeasures in the cyber space. Considering the elaborated DoS mechanisms and state of art review, our considerations of main challenges are discussed. Directions are proposed for future research, considered required in defending against the DoS threat, which is evolving into a potentially major disruptive factor for global security models on all levels.
In today's world, apart from the fact that systems and products are becoming increasingly complex, electronic technology is rapidly progressing in both miniaturization and higher complexity. ...Consequently, these facts are accompanied with new failures modes.
This paper explores modern open-source cloud platforms giving insight into the theoretical concepts they are based on, along with the analysis of challenges they face when deployed in business ...environment. In the first part of the paper, theoretical concepts like cloud computing, virtualization and software as a service paradigm, which form the basis for this new concept - the SaaS cloud platform, are discussed. Afterwards, the analysis of performance and deployment issues of the two most prominent open-source platforms Ulteo and LTSP Cluster is presented. We also discuss proposed solution to the issue of user application profile persistence between sessions. PUBLICATION ABSTRACT
In this paper the authors propose new heuristics for automation of software partitioning and mapping onto heterogeneous multiprocessor System-on-Chip (MPSoC) platform - Longest Parallel Path mapping ...algorithm (LPP). In contrast with traditional approach to solving this NP-complete problem - the Integer Linear Programming (ILP), our method uses a modified version of Critical Path Method with additional heuristics that rely on greedy approach. The algorithm performs one-to-many mapping of application to platform with minimizing the overall execution time of the application as the main objective. Our experiments with generic application model and several different platform layouts show that the proposed algorithm provides an efficient mapping scheme enabling significant execution speedup. In addition, the comparison with another greedy mapping algorithm shows that LPP algorithm exploits available task level parallelism better.
From the security point, low-cost domain names and simplified registering procedures present a potential threat. Malicious attackers could register a domain to use in a single attack campaign and ...then discard it. At some point, the malicious domain will be red-flagged by the reputable service, but by that time the attacker has moved onto the next one. This creates the difficult and inefficient task to detect the malicious domain. In this paper, the search engine creditworthiness algorithm is used to detect malicious domains. This algorithm is created for bot detection in a local network. In an experimental study algorithm is tested as a detection system for malicious domain found in spam. With the analyzation of the URLs in the e-mail body known fraud or hoax spam can be blocked at the entrance of the mail server or even the local network.
One of the most common threats to internet security is the Denial of Service attack. There are numerous methods and protocol changes in an effort to detect them. The most common DoS attack detection ...method relies on the number of the TCP control packet in the network flow. The Bloom filter represents a space efficient data structure that is commonly utilized to detect matching pairs. There are multiple algorithms for the DoS attack detection based on the Bloom filter. The SACK 2 algorithm uses the SYN/ACK - ACK matching pair detection with the Bloom filter data structure. The false positive error introduced by the Bloom filter influences on the matching pair detection in the algorithm. The improved SACK 2 algorithm significantly reduces the false positive error by replacing the Counting Bloom Filter (CBF) data structure with the Dual Counting Bloom Filter (DCBF) data structure. This improvement significantly improves the matching pair detection. It is expected that the false positive error should influence on the detection of the DoS attack. In this paper, the experimental study is performed to analyse this influence. This study confirms the correlation between the false positive error and the DoS attack detection.
PDF
