Abstract: In recent years, SQL injection attacks have been identified as being prevalent against web applications. They affect network security and user data, which leads to a considerable loss of money and data every year. This paper presents the use of classification algorithms in machine learning using a method to classify the login data filtering inputs into "SQLi" or "Non-SQLi,” thus increasing the reliability and accuracy of results in terms of deciding whether an operation is an attack or a valid operation. A method as a Web-App is developed for auto-generated data replication to provide a twin of the targeted data structure. Shielding against SQLi attacks (WebAppShield) that verifies all users and prevents attackers (SQLi attacks) from entering and or accessing the database, which the machine learning module predicts as "Non-SQLi", has been developed. A special login form has been developed with a special instance of the data validation; this verification process secures the web application from its early stages. The system has been tested and validated, and up to 99% of SQLi attacks have been prevented.
Abstract: Industry data centers often need to sync data changes reliably and instantly from a large-scale of heterogeneous autonomous relational databases accessed via the not-so-reliable Internet, for which a practical generic sync middleware of low maintenance and operation costs is most wanted. To this demand, this paper presented a generic sync middleware system (GSMS), which has been developed, applied and optimized since 2006, holding the principles or advantages that it must be SyncML-compliant and transparent to data application layer logic without referring to implementation details of databases synced, does not rely on host computer operating systems deployed, and its construction is light weighted and hence of low cost. Regarding these hard commitments of developing GSMS, in this paper we stressed the significant optimization breakthrough of GSMS sync delay being well below a fraction of millisecond per record sync. A series of ultimate tests with GSMS sync performance were conducted for a persuasive example, in which the source relational database underwent a broad range of write loads (from one thousand to one million intensive writes within a few minutes). All these tests showed that the performance of GSMS is competent and smooth even under ultimate write loads.
Abstract: One of the major challenges for sustainable smart
building systems is to support device interoperability, i.e. connecting
sensor or actuator devices from different vendors, and present their
functionality to the external applications. Furthermore, smart building
systems are supposed to connect with devices that are not available
yet, i.e. devices that become available on the market sometime later.
It is of vital importance that a sustainable smart building platform
provides an appropriate external interface that can be leveraged
by external applications and smart services. An external platform
interface must be stable and independent of specific devices and
should support flexible and scalable usage scenarios. A typical
approach applied in smart home systems is based on a generic
device interface used within the smart building platform. Device
functions, even of rather complex devices, are mapped to that generic
base type interface by means of specific device drivers. Our new
approach, presented in this work, extends that approach by using the
smart building system’s rule engine to create complex virtual devices
that can represent the most diverse properties of real devices. We
examined and evaluated both approaches by means of a practical
case study using a smart building system that we have developed.
We show that the solution we present allows the highest degree
of flexibility without affecting external application interface stability
and scalability. In contrast to other systems our approach supports
complex virtual device configuration on application layer (e.g. by
administration users) instead of device configuration at platform layer
(e.g. platform operators). Based on our work, we can show that
our approach supports almost arbitrarily flexible use case scenarios
without affecting the external application interface stability. However,
the cost of this approach is additional appropriate configuration
overhead and additional resource consumption at the IoT platform
level that must be considered by platform operators. We conclude
that the concept of complex virtual devices presented in this work
can be applied to improve the usability and device interoperability of
sustainable intelligent building systems significantly.
Abstract: The purpose of this study was to develop an energy management system for university campuses based on the Internet of Things (IoT) technique. The proposed IoT technique based on WebAccess is used via network browser Internet Explore and applies TCP/IP protocol. The case study of IoT for lighting energy usage management system was proposed. Structure of proposed IoT technique included perception layer, equipment layer, control layer, application layer and network layer.
Abstract: Software Defined Networking (SDN) is a new norm of networks. It is designed to facilitate the way of managing, measuring, debugging and controlling the network dynamically, and to make it suitable for the modern applications. Generally, measurement methods can be divided into two categories: Active and passive methods. Active measurement method is employed to inject test packets into the network in order to monitor their behaviour (ping tool as an example). Meanwhile the passive measurement method is used to monitor the traffic for the purpose of deriving measurement values. The measurement methods, both active and passive, are useful for the collection of traffic statistics, and monitoring of the network traffic. Although there has been a work focusing on measuring traffic statistics in SDN environment, it was only meant for measuring packets and bytes rates for non-web traffic. In this study, a feasible method will be designed to measure the number of packets and bytes in a certain time, and facilitate obtaining statistics for both web traffic and non-web traffic. Web traffic refers to HTTP requests that use application layer; while non-web traffic refers to ICMP and TCP requests. Thus, this work is going to be more comprehensive than previous works. With a developed module on POX OpenFlow controller, information will be collected from each active flow in the OpenFlow switch, and presented on Command Line Interface (CLI) and wireshark interface. Obviously, statistics that will be displayed on CLI and on wireshark interfaces include type of protocol, number of bytes and number of packets, among others. Besides, this module will show the number of flows added to the switch whenever traffic is generated from and to hosts in the same statistics list. In order to carry out this work effectively, our Python module will send a statistics request message to the switch requesting its current ports and flows statistics in every five seconds; while the switch will reply with the required information in a message called statistics reply message. Thus, POX controller will be notified and updated with any changes could happen in the entire network in a very short time. Therefore, our aim of this study is to prepare a list for the important statistics elements that are collected from the whole network, to be used for any further researches; particularly, those that are dealing with the detection of the network attacks that cause a sudden rise in the number of packets and bytes like Distributed Denial of Service (DDoS).
Abstract: Hazard management that can prevent fatal accidents and property losses is a fundamental process during the buildings’ construction stage. However, due to lack of safety supervision resources and operational pressures, the conduction of hazard management is poor and ineffective in China. In order to improve the quality of construction safety management, it is critical to explore the use of information technologies to ensure that the process of hazard management is efficient and effective. After exploring the existing problems of construction hazard management in China, this paper develops the griddization management model for construction hazard management. First, following the knowledge grid infrastructure, the griddization computing infrastructure for construction hazards management is designed which includes five layers: resource entity layer, information management layer, task management layer, knowledge transformation layer and application layer. This infrastructure will be as the technical support for realizing grid management. Second, this study divides the construction hazards into grids through city level, district level and construction site level according to grid principles. Last, a griddization management process including hazard identification, assessment and control is developed. Meanwhile, all stakeholders of construction safety management, such as owners, contractors, supervision organizations and government departments, should take the corresponding responsibilities in this process. Finally, a case study based on actual construction hazard identification, assessment and control is used to validate the effectiveness and efficiency of the proposed griddization management model. The advantage of this designed model is to realize information sharing and cooperative management between various safety management departments.
Abstract: A Distributed Denial of Service (DDoS) attack is a
major threat to cyber security. It originates from the network layer or
the application layer of compromised/attacker systems which are
connected to the network. The impact of this attack ranges from the
simple inconvenience to use a particular service to causing major
failures at the targeted server. When there is heavy traffic flow to a
target server, it is necessary to classify the legitimate access and
attacks. In this paper, a novel method is proposed to detect DDoS
attacks from the traces of traffic flow. An access matrix is created
from the traces. As the access matrix is multi dimensional, Principle
Component Analysis (PCA) is used to reduce the attributes used for
detection. Two classifiers Naive Bayes and K-Nearest neighborhood
are used to classify the traffic as normal or abnormal. The
performance of the classifier with PCA selected attributes and actual
attributes of access matrix is compared by the detection rate and
False Positive Rate (FPR).
Abstract: Voice Over IP (VoIP) is a technology that could pass
the voice traffic and data packet form over an IP network. Network
can be used for intranet or Internet. Phone calls using VoIP has
advantages in terms of cheaper cost of PSTN phone to more than
half, because the cost is calculated by the cost of the global nature of
the Internet. Session Initiation Protocol (SIP) is a signaling protocol
at the application layer which serves to establish, modify, and
terminate a multimedia session involving one or more users. This SIP
signaling has SIP message in text form that is used for session
management by the SIP components, such as User Agent, Registrar,
Redirect Server, and Proxy Server. To build a SIP communication is
required SIP Express Router (SER) to be able to receive SIP
messages, for handling the basic functions of SIP messages.
Problems occur when the NAT through which affects the voice
communication will be blocked starting from the sound that is not
sent or one side of the sound are sent (half duplex). How that could
be used to penetrate NAT is to use a given mediaproxy random RTP
port to penetrate NAT.
Abstract: Multirate multimedia delivery applications in multihop Wireless Mesh Network (WMN) are data redundant and delay-sensitive, which brings a lot of challenges for designing efficient transmission systems. In this paper, we propose a new cross layer resource allocation scheme to minimize the receiver side distortion within the delay bound requirements, by exploring application layer Position and Value (P-V) diversity as well as the multihop Effective Capacity (EC). We specifically consider image transmission optimization here. First of all, the maximum supportable source traffic rate is identified by exploring the multihop Effective Capacity (EC) model. Furthermore, the optimal source coding rate is selected according to the P-V diversity of multirate media streaming, which significantly increases the decoded media quality. Simulation results show the proposed approach improved media quality significantly compared with traditional approaches under the same QoS requirements.
Abstract: With the rapid usage of portable devices mobility in
IP networks becomes more important issue in the recent years. IETF
standardized Mobile IP that works in Network Layer, which involves
tunneling of IP packets from HA to Foreign Agent. Mobile IP suffers
many problems of Triangular Routing, conflict with private
addressing scheme, increase in load in HA, need of permanent home
IP address, tunneling itself, and so on. In this paper, we proposed
mobility management in Application Layer protocol SIP and show
some comparative analysis between Mobile IP and SIP in context of
mobility.
Abstract: A person-to-person information sharing is easily realized
by P2P networks in which servers are not essential. Leakage
of information, which are caused by malicious accesses for P2P
networks, has become a new social issues. To prevent information
leakage, it is necessary to detect and block traffics of P2P software.
Since some P2P softwares can spoof port numbers, it is difficult to
detect the traffics sent from P2P softwares by using port numbers.
It is more difficult to devise effective countermeasures for detecting
the software because their protocol are not public.
In this paper, a discriminating method of network applications
based on communication characteristics of application messages
without port numbers is proposed. The proposed method is based
on an assumption that there can be some rules about time intervals
to transmit messages in application layer and the number of necessary
packets to send one message. By extracting the rule from network
traffic, the proposed method can discriminate applications without
port numbers.
Abstract: This paper presents the design and implements the prototype of an intelligent data processing framework in ubiquitous sensor networks. Much focus is put on how to handle the sensor data stream as well as the interoperability between the low-level sensor data and application clients. Our framework first addresses systematic middleware which mitigates the interaction between the application layer and low-level sensors, for the sake of analyzing a great volume of sensor data by filtering and integrating to create value-added context information. Then, an agent-based architecture is proposed for real-time data distribution to efficiently forward a specific event to the appropriate application registered in the directory service via the open interface. The prototype implementation demonstrates that our framework can host a sophisticated application on the ubiquitous sensor network and it can autonomously evolve to new middleware, taking advantages of promising technologies such as software agents, XML, cloud computing, and the like.
Abstract: During more than a decade, many proposals and standards have been designed to deal with the mobility issues; however, there are still some serious limitations in basing solutions on them. In this paper we discuss the possibility of handling mobility at the application layer. We do this while revisiting the conventional implementation of the Two Phase Commit (2PC) protocol which is a fundamental asset of transactional technology for ensuring the consistent commitment of distributed transactions. The solution is based on an execution framework providing an efficient extension that is aware of the mobility and preserves the 2PC principle.
Abstract: In this paper, we first consider the quality of service
problems in heterogeneous wireless networks for sending the video
data, which their problem of being real-time is pronounced. At last,
we present a method for ensuring the end-to-end quality of service at
application layer level for adaptable sending of the video data at
heterogeneous wireless networks. To do this, mechanism in different
layers has been used. We have used the stop mechanism, the
adaptation mechanism and the graceful degrade at the application
layer, the multi-level congestion feedback mechanism in the network
layer and connection cutting off decision mechanism in the link
layer. At the end, the presented method and the achieved
improvement is simulated and presented in the NS-2 software.
Abstract: This paper is to present context-aware sensor grid
framework for agriculture and its design challenges. Use of sensor
networks in the domain of agriculture is not new. However, due to
the unavailability of any common framework, solutions that are
developed in this domain are location, environment and problem
dependent. Keeping the need of common framework for agriculture,
Context-Aware Sensor Grid Framework is proposed. It will be
helpful in developing solutions for majority of the problems related
to irrigation, pesticides spray, use of fertilizers, regular monitoring of
plot and yield etc. due to the capability of adjusting according to
location and environment. The proposed framework is composed of
three layer architecture including context-aware application layer,
grid middleware layer and sensor network layer.
Abstract: Wireless mobile communications have experienced
the phenomenal growth through last decades. The advances in
wireless mobile technologies have brought about a demand for high
quality multimedia applications and services. For such applications
and services to work, signaling protocol is required for establishing,
maintaining and tearing down multimedia sessions. The Session
Initiation Protocol (SIP) is an application layer signaling protocols,
based on request/response transaction model. This paper considers
SIP INVITE transaction over an unreliable medium, since it has been
recently modified in Request for Comments (RFC) 6026. In order to
help in assuring that the functional correctness of this modification is
achieved, the SIP INVITE transaction is modeled and analyzed using
Colored Petri Nets (CPNs). Based on the model analysis, it is
concluded that the SIP INVITE transaction is free of livelocks and
dead codes, and in the same time it has both desirable and
undesirable deadlocks. Therefore, SIP INVITE transaction should be
subjected for additional updates in order to eliminate undesirable
deadlocks. In order to reduce the cost of implementation and
maintenance of SIP, additional remodeling of the SIP INVITE
transaction is recommended.
Abstract: In real-time networks a large number of application programs are relying on video data and heterogeneous data transmission techniques. The aim of this research is presenting a method for end-to-end vouch quality service in surface applicationlayer for sending video data in comparison form in wireless heterogeneous networks. This method tries to improve the video sending over the wireless heterogeneous networks with used techniques in surface layer, link and application. The offered method is showing a considerable improvement in quality observing by user. In addition to this, other specifications such as shortage of data load that had require to resending and limited the relation period length to require time for second data sending, help to be used the offered method in the wireless devices that have a limited energy. The presented method and the achieved improvement is simulated and presented in the NS-2 software.