CAFS : a novel lightweight cache-based scheme for large-scale intrusion alert fusion

In this paper, we present some practical experiences on implementing an alert fusion mechanism from our project. After investigation on most of the existing alert fusion systems, we found the current body of work alternatively weighed down in the mire of insecure design or rarely deployed because of their complexity. As confirmed by our experimental analysis, unsuitable mechanisms could easily be submerged by an abundance of useless alerts. Even with the use of methods that achieve a high fusion rate and low false positives, attack is also possible. To find the solution, we carried out analysis on a series of alerts generated by well-known datasets as well as realistic alerts from the Australian Honey-Pot. One important finding is that one alert has more than an 85% chance of being fused in the following five alerts. Of particular importance is our design of a novel lightweight Cache-based Alert Fusion Scheme, called CAFS. CAFS has the capacity to not only reduce the quantity of useless alerts generated by intrusion detection system, but also enhance the accuracy of alerts, therefore greatly reducing the cost of fusion processing. We also present reasonable and practical specifications for the target-oriented fusion policy that provides a quality guarantee on alert fusion, and as a result seamlessly satisfies the process of successive correlation. Our experiments compared CAFS with traditional centralized fusion. The results showed that the CAFS easily attained the desired level of simple, counter-escapable alert fusion design. Furthermore, as a lightweight scheme, CAFS can easily be deployed and excel in a large amount of alert fusions, which go towards improving the usability of system resources. To the best of our knowledge, our work is a practical exploration in addressing problems from the academic point of view. Copyright © 2011 John Wiley & Sons, Ltd.

Enhancing narrative coherence in simulated interviews about child abuse

Purpose – Simulated child interviews, where adults play the role of a child witness for trainee investigative interviewers, are an essential tool used to train investigators to adhere to non-leading, open-ended questions. The aim of this study is to examine whether the use of a training procedure that guides persons playing the role of a child in simulated interviews results in interviewees producing more coherent narratives (measured by the number of story grammar details).

Design/methodology/approach – A total of 80 police officers individually engaged in ten-minute interviews, whereby an untrained (colleague), or trained respondent, played the role of the child interviewee. For each child respondent condition, the interviews varied according to child age (five or eight years).

Findings – As predicted, trained respondents reported a higher proportion of story grammar elements and a lower proportion of contextual information than the untrained respondents, as well as more story grammar elements in response to open-ended questions. However, there were limitations in how well both groups tailored their story grammar to the age of the child they were representing.

Originality/value – These findings demonstrate that our training procedure promotes a more coherent interviewee account, and facilitates a response style that is more reinforcing of open-ended questions.

Mobile agents security protocols

Mobile agents are expected to run in partially unknown and untrustworthy environments. They transport from one host to another host through insecure channels and may execute on non-trusted hosts. Thus, they are vulnerable to direct security attacks of intruders and non-trusted hosts. The security of information the agents collect is a fundamental requirement for a trusted implementation of electronic business applications and trade negotiations. This chapter discusses the security protocols presented in the literature that aim to secure the data mobile agents gather while searching the Internet, and identifies the security flaws revealed in the protocols. The protocols are analyzed with respect to the security properties, and the security flaws are identified. Two recent promising protocols that fulfill the various security properties are described. The chapter also introduces common notations used in describing security protocols and describes the security properties of the data that mobile agents gather.

A cooperative cache architecture in support of caching multimedia objects in MANETs

This paper presents a cooperative caching architecture suitable for continuous media (CM) proxy caching in MANET environments. The proposed scheme introduces an application manager component, which is interposed between traditional Internet CM applications and the network layer. The application manager transparently performs data location and service migration of active CM streaming sessions so as to exploit nearby data sources based on the dynamic topology of a MANET. We propose two data location schemes - Cache-State - a link-state based scheme and Reactive - an on-demand scheme. Since service migration can occur frequently, the application manager uses soft-state signaling techniques to communicate between remote application managers by translating hard-state application signaling, such as Real Time Streaming Protocol (RTSP) into soft-state messages. The proposed schemes are evaluated through simulation studies using the NS simulator. Simulation studies show that both Cache-State and Reactive schemes demonstrate significant QoS improvements and reduced bandwidth consumption.

A flexible receiver-driven cache replacement scheme for continuous media objects in best-effort networks

In this paper, we investigate the potential of caching to improve quality of reception (QoR) in the context of continuous media applications over best-effort networks. Specifically, we investigate the influence of parameters such as loss rate, jitter, delay and area in determining a proxy's cache contents. We propose the use of a flexible cost function in caching algorithms and develop a framework for benchmarking continuous media caching algorithms. The cost function incorporates parameters in which, an administrator and or a client can tune to influence a proxy's cache. Traditional caching systems typically base decisions around static schemes that do not take into account the interest of their receiver pool. Based on the flexible cost function, an improvised Greedy Dual (GD) algorithm called GD-multi has been developed for layered multiresolution multimedia streams. The effectiveness of the proposed scheme is evaluated by simulation-based performance studies. Performance of several caching schemes are evaluated and compared with those of the proposed scheme. Our empirical results indicate GD-multi performs well despite employing a generalized caching policy.

Neighborhood coherence and edge based approaches to film scene extraction

In order to enable high-level semantics-based video annotation and interpretation, we tackle the problem of automatic decomposition of motion pictures into meaningful story units, namely scenes. Since a scene is a complicated and subjective concept, we first propose guidelines from film production to determine when a scene change occurs in film. We examine different rules and conventions followed as part of Film Grammar to guide and shape our algorithmic solution for determining a scene boundary. Two different techniques are proposed as new solutions in this paper. Our experimental results on 10 full-length movies show that our technique based on shot sequence coherence performs well and reasonably better than the color edges-based approach.

A cache-based mobility-aware scheme for real-time continuous media delivery in wireless networks

Providing real-time or continuous media (CM) application services in wireless networks poses a significant challenge, as it requires timely delivery of data in a best-effort network. In this paper, we propose a cache-based scheme for mobility-aware, CM applications. The proposed scheme exploits a previously proposed caching strategy to complement Mobile-IP by placing services closer to migrated mobile nodes. The central idea of this work is based on the migration of sessions in order to facilitate uninterrupted delivery of CM in mobile environments. The performance of the proposed scheme is investigated by simulation studies. In particular, the effect of the proposed scheme on several QoS parameters under varying conditions of mobility and CM data is measured.

Does the cognitive interview promote the coherence of narrative accounts in children with and without an intellectual disability?

We examined whether the cognitive interview (CI) procedure enhanced the coherence of narrative accounts provided by children with and without intellectual disabilities (ID), matched on chronological age. Children watched a videotaped magic show; one day later, they were interviewed using the CI or a structured interview (SI). Children interviewed using the CI reported more correct details than those interviewed using the SI. Additionally, children interviewed using the CI reported more contextual background details, more logically ordered sequences, more temporal markers, and fewer inconsistencies in their stories than those interviewed using the SI. However, the CI did not increase the number of story grammar elements compared with the SI. Overall children interviewed with the CI told better stories than those interviewed with the SI. This finding provided further support for the effectiveness of the CI with vulnerable witnesses, particularly children with ID.

Cache and carry : hoarding behavior of arctic fox

Food-hoarding animals are expected to preferentially cache items with lower perishability and/or higher consumption time. We observed arctic foxes (Alopex lagopus) foraging in a greater snow goose (Anser caerulescens atlanticus) colony where the main prey of foxes consisted of goose eggs, goslings, and lemmings (Lemmus and Dicrostonyx spp.). We recorded the number of prey consumed and cached and the time that foxes invested in these activities. Foxes took more time to consume a goose egg than a lemming or gosling but cached a greater proportion of eggs than the other prey type. This may be caused by the eggshell, which presumably decreases the perishability and/or pilfering risk of cached eggs, but also increases egg consumption time. Arctic foxes usually recached goose eggs but rarely recached goslings or lemmings. We tested whether the rapid-sequestering hypothesis could explain this recaching behavior. According to this hypothesis, arctic foxes may adopt a two-stage strategy allowing both to maximize egg acquisition rate in an undefended nest and subsequently secure eggs in potentially safer sites. Foxes spent more time carrying an egg and traveled greater distances when establishing a secondary than a primary cache. To gain further information on the location and subsequent fate of cached eggs, we used dummy eggs containing radio transmitters. Lifespan of primary caches increased with distance from the goose nest. Secondary caches were generally located farther from the nest and had a longer lifespan than primary caches. Behavioral observations and the radio-tagged egg technique both gave results supporting the rapid-sequestering hypothesis.