Showing papers by "Evangelos Kranakis published in 2005"

Structural RNA has lower folding energy than random RNA of the same dinucleotide frequency

Abstract: We present results of computer experiments that indicate that several RNAs for which the native state (minimum free energy secondary structure) is functionally important (type III hammerhead ribozymes, signal recognition particle RNAs, U2 small nucleolar spliceosomal RNAs, certain riboswitches, etc.) all have lower folding energy than random RNAs of the same length and dinucleotide frequency. Additionally, we find that whole mRNA as well as 5′-UTR, 3′-UTR, and cds regions of mRNA have folding energies comparable to that of random RNA, although there may be a statistically insignificant trace signal in 3′-UTR and cds regions. Various authors have used nucleotide (approximate) pattern matching and the computation of minimum free energy as filters to detect potential RNAs in ESTs and genomes. We introduce a new concept of the asymptotic Z-score and describe a fast, whole-genome scanning algorithm to compute asymptotic minimum free energy Z-scores of moving-window contents. Asymptotic Z-score computations offer another filter, to be used along with nucleotide pattern matching and minimum free energy computations, to detect potential functional RNAs in ESTs and genomic regions.

DNS-based Detection of Scanning Worms in an Enterprise Network.

Abstract: Worms are arguably the most serious security threat facing the Internet. Seeking a detection technique that is both sufficiently efficient and accurate to enable automatic containment of worm propagation at the network egress points, we propose a new technique for the rapid detection of worm propagation from an enterprise network. It relies on the correlation of Domain Name System (DNS) queries with outgoing connections from an enterprise network. Improvements over existing scanning worm detection techniques include: (1) the possibility to detect worm propagation after only a single infection attempt; (2) the capacity to detect zero-day worms; and (3) a low false positive rate. The precision of this first-mile detection technique supports the use of automated containment and suppression strategies to stop fast scanning worms before they leave the network boundary. We believe that this technique can be applied with the same precision to identify other forms of malicious behavior within an enterprise network including: mass-mailing worms, network reconnaissance activity, and covert communications. Currently, it is unclear if our DNS-based detector will work for all network protocols. In some network environments, the DNS detection technique may need to be used as a secondary input to a more sophisticated anomaly detector.

Pretty Secure BGP (psBGP)

Abstract: The Border Gateway Protocol (BGP) is an IETF standard inter-domain routing protocol on the Internet. However, it is well known that BGP is vulnerable to a variety of attacks, and that a single misconfigured or malicious BGP speaker could result in large scale service disruption. We first summarize a set of security goals for BGP, and then propose Pretty Secure BGP (psBGP) as a new security protocol achieving these goals. psBGP makes use of a centralized trust model for authenticating Autonomous System (AS) numbers, and a decentralized trust model for verifying the propriety of IP prefix origination. We compare psBGP with S-BGP and soBGP, the two leading security proposals for BGP. We believe psBGP trades off the strong security guarantees of S-BGP for presumed-simpler operations, while requiring a different endorsement model: each AS must select a small number (e.g., one or two) of its peers from which to obtain endorsement of its prefix ownership assertions. This work contributes to the ongoing exploration of tradeoffs and balance between security guarantee, operational simplicity, and policies acceptable to the operator community.

Detecting impersonation attacks in future wireless and mobile networks

Abstract: Impersonation attacks in wireless and mobile networks by professional criminal groups are becoming more sophisticated. We confirm with simple risk analysis that impersonation attacks offer attractive incentives to malicious criminals and should therefore be given highest priority in research studies. We also survey our recent investigations on Radio Frequency Fingerprinting and User Mobility Profiles and discuss details of our methodologies for building enhanced intrusion detection systems for future wireless and mobile networks.

Anomaly-based intrusion detection using mobility profiles of public transportation users

Abstract: For the purpose of anomaly-based intrusion detection in mobile networks, the utilization of profiles, based on hardware signatures, calling patterns, service usage, and mobility patterns, have been explored by various research teams and commercial systems, namely the fraud management system by Hewlett-Packard and Compaq. This paper examines the feasibility of using profiles, which are based on the mobility patterns of mobile users, who make use of public transportation, e.g. bus. More specifically, a novel framework, which makes use of an instance based learning technique, for classification purposes, is presented. In addition, an empirical analysis is conducted in order to assess the impact of two key parameters, the sequence length and precision level, on the false alarm and detection rates. Moreover, a strategy for enhancing the characterization of users is also proposed. Based on simulation results, it is feasible to use mobility profiles for anomaly-based intrusion detection in mobile wireless networks.

Asynchronous deterministic rendezvous in graphs

Abstract: Two mobile agents (robots) having distinct labels and located in nodes of an unknown anonymous connected graph, have to meet. We consider the asynchronous version of this well-studied rendezvous problem and we seek fast deterministic algorithms for it. Since in the asynchronous setting meeting at a node, which is normally required in rendezvous, is in general impossible, we relax the demand by allowing meeting of the agents inside an edge as well. The measure of performance of a rendezvous algorithm is its cost: for a given initial location of agents in a graph, this is the number of edge traversals of both agents until rendezvous is achieved. If agents are initially situated at a distance D in an infinite line, we show a rendezvous algorithm with cost O(D|L min | 2 ) when D is known and O((D + |L max |) 3 ) if D is unknown, where |L min | and |L max | are the lengths of the shorter and longer label of the agents, respectively. These results still hold for the case of the ring of unknown size but then we also give an optimal algorithm of cost O(n|L min |), if the size n of the ring is known, and of cost O(n|L max |), if it is unknown. For arbitrary graphs, we show that rendezvous is feasible if an upper bound on the size of the graph is known and we give an optimal algorithm of cost O(D|L min |) if the topology of the graph and the initial positions are known to agents.

Approximate range mode and range median queries

Abstract: We consider data structures and algorithms for preprocessing a labelled list of length n so that, for any given indices i and j we can answer queries of the form: What is the mode or median label in the sequence of labels between indices i and j. Our results are on approximate versions of this problem. Using $O(\frac{n}{1-\alpha})$ space, our data structure can find in $O({\rm log}{\rm log}_\frac{1}{\alpha} n)$ time an element whose number of occurrences is at least α times that of the mode, for some user-specified parameter 0<α<1. Data structures are proposed to achieve constant query time for α=1/2,1/3 and 1/4, using storage space of O(n log n), O(n log log n) and O(n), respectively. Finally, if the elements are comparable, we construct an $O(\frac{n}{1-\alpha})$ space data structure that answers approximate range median queries. Specifically, given indices i and j, in O(1) time, an element whose rank is at least $\alpha \times \lfloor|j-i+1|/2\rfloor$ and at most $(2-\alpha)\times\lfloor|j-i+1|/2\rfloor$ is returned for 0<α<1.

Detecting intra-enterprise scanning worms based on address resolution

Abstract: Signature-based schemes for detecting Internet worms often fail on zero-day worms, and their ability to rapidly react to new threats is typically limited by the requirement of some form of human involvement to formulate updated attack signatures. We propose an anomaly-based detection technique detailing a method to detect propagation of scanning worms within individual network cells, thus protecting internal networks from infection by internal clients. Our software implementation indicates that this technique is both accurate and rapid enough to enable automatic containment and suppression of worm propagation within a network cell. Our approach relies on an aggregate anomaly score, derived from the correlation of address resolution protocol (ARP) activity from individual network attached devices. Our preliminary analysis and prototype indicate that this technique can be used to rapidly detect zero-day worms within a very small number of scans

Satellite transport protocol handling bit corruption, handoff and limited connectivity

Abstract: Being both wireless and mobile, low Earth orbiting (LEO) satellite access networks have a unique set of link errors including bit corruption, handoff, and limited connectivity. Unfortunately, most transport protocols are only designed to handle congestion-related errors common in wired networks. This inability to handle multiple kinds of errors results in severe degradation in effective throughput and energy saving, which are relevant metrics for a wireless and mobile environment. A recent study proposed a new transport protocol for satellites called STP that addresses many of the unique problems of satellite networks. There was, however, no explicit attempt to implement a differentiating error control strategy in that protocol. This paper proposes grafting a new probing mechanism in STP to make it more responsive to the prevailing error conditions in the network. The mechanism works by investing some time and transmission effort to determine the cause of error. This overhead is, however, recouped by handsome gains in both the connection's effective throughput and its energy efficiency.

Half-space proximal: a new local test for extracting a bounded dilation spanner of a unit disk graph

Abstract: We give a new local test, called a Half-Space Proximal or HSP test, for extracting a sparse directed or undirected subgraph of a given unit disk graph. The HSP neighbors of each vertex are unique, given a fixed underlying unit disk graph. The HSP test is a fully distributed, computationally simple algorithm that is applied independently to each vertex of a unit disk graph. The directed spanner obtained by this test is shown to be strongly connected, has out-degree at most six, its dilation is at most 2π+1, contains the minimum weight spanning tree as its subgraph and, unlike the Yao graph, it is rotation invariant. Since no coordinate assumption is needed to determine the HSP nodes, the test can be applied in any metric space.

Asynchronous deterministic rendezvous in graphs

Abstract: Two mobile agents (robots) having distinct labels and located in nodes of an unknown anonymous connected graph, have to meet. We consider the asynchronous version of this well-studied rendezvous problem and we seek fast deterministic algorithms for it. Since in the asynchronous setting meeting at a node, which is normally required in rendezvous, is in general impossible, we relax the demand by allowing meeting of the agents inside an edge as well. The measure of performance of a rendezvous algorithm is its cost: for a given initial location of agents in a graph, this is the number of edge traversals of both agents until rendezvous is achieved. If agents are initially situated at a distance D in an infinite line, we show a rendezvous algorithm with cost O(D|Lmin|2) when D is known and O((D + |Lmax|)3) if D is unknown, where |Lmin| and |Lmax| are the lengths of the shorter and longer label of the agents, respectively. These results still hold for the case of the ring of unknown size but then we also give an optimal algorithm of cost O(n|Lmin|), if the size n of the ring is known, and of cost O(n|Lmax|), if it is unknown. For arbitrary graphs, we show that rendezvous is feasible if an upper bound on the size of the graph is known and we give an optimal algorithm of cost O(D|Lmin|) if the topology of the graph and the initial positions are known to agents.

Distributed Dynamic Storage in Wireless Networks

Abstract: This paper assumes a set of identical wireless hosts, each one aware of its location. The network is described by a unit distance graph whose vertices are points on the plane two of which are connected if their distance is at most one. The goal of this paper is to design local distributed solutions that require a constant number of communication rounds, independently of the network size or diameter. This is achieved through a combination of distributed computing and computational complexity tools. Starting with a unit distance graph, the paper shows: 1. How to extract a triangulated planar spanner; 2. Several algorithms are proposed to construct spanning trees of the triangulation. Also, it is described how to construct three spanning trees of the Delaunay triangulation having pairwise empty intersection, with high probability. These algorithms are interesting in their own right, since trees are a popular structure used by many network algorithms; 3. A load balanced distributed storage strategy on top of ...

Routing and Traversal via Location Awareness in Ad Hoc Networks.

Abstract: We survey some recent results that make use of location awareness of the hosts of an ad-hoc network in order to provide for efficient information dissemination. We explore several new methodologies for constructing hopand geometric-spanners in a distributed manner, discuss advantages and disadvantages of preprocessing the network topology, and outline several algorithms for efficient traversal and route discovery in ad-hoc networks. 1 Challenges in Ad-Hoc Networking The current rapid growth in the spread of wireless devices of ever increasing miniaturization and computing power has greatly influenced the development of ad-hoc networking. Ad-hoc networks are wireless, self-organizing systems formed by co-operating nodes within communication range of each other that form temporary networks with a dynamic decentralized topology. It is desired to make a variety of services available (e.g., internet, GPS, service discovery) in such environments and our expectation is for a seamless and ubiquitous integration of the new wireless devices with the existing wired communication infrastructure. At the same time we anticipate the development of new wireless services that will provide solutions to a variety of communication School of Computer Science, Carleton University, Ottawa, Ontario, K1S 5B6, Canada. Department of Mathematics, Simon Fraser University, 8888 University Drive, Burnaby, British Columbia, Canada, V5A 1S6.