Showing papers in "The Computer Journal in 2013"

A Source Code Similarity System for Plagiarism Detection

Abstract: Source code plagiarism is an easy to do task, but very difficult to detect without proper tool support. Various source code similarity detection systems have been developed to help detect source code plagiarism. Those systems need to recognize a number of lexical and structural source code modifications. For example, by some structural modifications (e.g. modification of control structures, modification of data structures or structural redesign of source code) the source code can be changed in such a way that it almost looks genuine. Most of the existing source code similarity detection systems can be confused when these structural modifications have been applied to the original source code. To be considered effective, a source code similarity detection system must address these issues. To address them, we designed and developed the source code similarity system for plagiarism detection. To demonstrate that the proposed system has the desired effectiveness, we performed a well-known conformism test. The proposed system showed promising results as compared with the JPlag system in detecting source code similarity when various lexical or structural modifications are applied to plagiarized code. As a confirmation of these results, an independent samples t-test revealed that there was a statistically significant difference between average values of F-measures for the test sets that we used and for the experiments that we have done in the practically usable range of cut-off threshold values of 35–70%.

Fast Multi-Scale Detection of Relevant Communities in Large-Scale Networks

Abstract: Nowadays, networks are almost ubiquitous. In the past decade, community detection received an increasing interest as a way to uncover the structure of networks by grouping nodes into communities more densely connected internally than externally. Yet most of the effective methods available do not consider the potential levels of organisation, or scales, a network may encompass and are therefore limited. In this paper we present a method compatible with global and local criteria that enables fast multi-scale community detection on large networks. The method is derived in two algorithms, one for each type of criterion, and implemented with 6 known criteria. Uncovering communities at various scales is a computationally expensive task. Therefore this work puts a strong emphasis on the reduction of computational complexity. Some heuristics are introduced for speed-up purposes. Experiments demonstrate the efficiency and accuracy of our method with respect to each algorithm and criterion by testing them against large generated multi-scale networks. This study also offers a comparison between criteria and between the global and local approaches. In particular our results suggest that global criteria seem to be more robust to noise and thus more accurate than local criteria.

Efficient Linkable and/or Threshold Ring Signature Without Random Oracles

Abstract: Linkable ring signatures have found many attractive applications. One of the recent important extensions is a linkable threshold ring signature (LTRS) scheme. Unfortunately, the existing LTRS schemes are only secure in the random oracle model (ROM). In this paper, we make the following contributions. First, we construct the first LTRS scheme that is secure without requiring the ROM. Further, we enhance the security of a threshold ring signature (for both linkable or non-linkable) by providing a stronger definition of anonymity. This strengthened notion makes threshold ring signature schemes more suitable in real life. Finally, we provide efficient schemes that outperform the existing schemes in the literature. Our scheme is particularly suitable for electronic commerce or electronic government where anonymity and accountability are the most concerned factors.

An Empirical Investigation of the Impact of Server Virtualization on Energy Efficiency for Green Data Center

Abstract: The swift adoption of cloud services is accelerating the deployment of data centers. These data centers are consuming a large amount of energy, which is expected to grow dramatically under the existing technological trends. Therefore, research efforts are in great need to architect green data centers with better energy efficiency. The most prominent approach is the consolidation enabled by virtualization. However, little effort has been paid to the potential overhead in energy usage and the throughput reduction for virtualized servers. Clear understanding of energy usage on virtualized servers lays out a solid foundation for green data-center architecture. This paper investigates how virtualization affects the energy usage in servers under different task loads, aiming to understand a fundamental tradeoff between the energy saving from consolidation and the detrimental effects from virtualization. We adopt an empirical approach to measure the server energy usage with different configurations, including a benchmark case and two alternative hypervisors. Based on the collected data, we report a few findings on the impact of virtualization on server energy usage and their implications to green data-center architecture. We envision that these technical insights would bring tremendous value propositions to green data-center architecture and operations.

Semantic Subgroup Discovery Systems and Workflows in the SDM-Toolkit

Abstract: This paper addresses semantic data mining, a new data mining paradigm in which ontologies are exploited in the process of data mining and knowledge discovery. This paradigm is introduced together with new semantic subgroup discovery systems SDM-search for enriched gene sets (SEGS) and SDM-Aleph. These systems are made publicly available in the new SDM-Toolkit for semantic data mining. The toolkit is implemented in the Orange4WS data mining platform that supports knowledge discovery workflow construction from local and distributed data mining services. On the basis of the experimental evaluation of semantic subgroup discovery systems on two publicly available biomedical datasets, the paper results in a thorough quantitative and qualitative evaluation of SDM-SEGS and SDM-Aleph and their comparison with SEGS, a system for enriched gene set discovery from microarray data.

A Real-Time Self-Adaptive Classifier for Identifying Suspicious Bidders in Online Auctions

Abstract: With the significant increase of available item listings in popular online auction houses nowadays, it becomes nearly impossible to manually investigate the large amount of auctions and bidders for shill bidding activities, which are a major type of auction fraud in online auctions. Automated mechanisms such as data mining techniques were proved to be necessary to process this type of increasing workload. In this paper, we first present a framework of Real-Time Self-Adaptive Classifier (RT-SAC) for identifying suspicious bidders in online auctions using an incremental neural network approach. Then, we introduce a clustering module that characterizes bidder behaviors in measurable attributes and uses a hierarchical clustering mechanism to create training datasets. The neural network in RT-SAC is initialized with the training datasets, which consist of labeled historical auction data. Once initialized, the network can be trained incrementally to gradually adapt to new bidding data in real time, and thus, it supports efficient detection of suspicious bidders in online auctions. Finally, we utilize a case study to demonstrate how parameters in RT-SAC can be tuned for optimal operations and how our approach can be used to effectively identify suspicious online bidders in real time.

An Energy-Efficient Routing Protocol Using Movement Trends in Vehicular Ad hoc Networks

Abstract: Vehicular Ad hoc Networks (VANETs) are a killer application of Mobile Ad hoc Networks (MANETs), which exchange data among vehicles and vehicles to roadside infrastructures by routing. To save energy, various routing protocols for VANETs have been proposed in recent years. However, VANETs impose challenging issues to routing. These issues consist of dynamical road topology, various road obstacles, high vehicle movement and the fact that the vehicle movement is constrained on roads and traffic conditions. Moreover, the movement is significantly influenced by driving behaviors and vehicle categories. To this end, we incorporate them into routing and propose energy-efficient routing using movement trends (ERBA) for VANETs—an energy-efficient routing protocol. ERBA classifies vehicles into several categories, and then leverages vehicle movement trends to make routing recommendation. It predicts the movement trends by current directions and next directions after going through the road intersections. With the vehicular category information, the driving behavior patterns, the distance between the current sections and the next intersections, ERBA propagates information among vehicles with less energy consumption. The proposed scheme is validated by real urban scenarios extracted from ShanghaiGrid project. Experimental results show that ERBA outperforms the compared routing protocols with respect to the end-end delay, the packet delivery ratio and the path duration time.

All Graphs with at Most Seven Vertices are Pairwise Compatibility Graphs

Abstract: A graph $G$ is called a pairwise compatibility graph (PCG) if there exists an edge-weighted tree $T$ and two non-negative real numbers $d_{min}$ and $d_{max}$ such that each leaf $l_u$ of $T$ corresponds to a vertex $u \in V$ and there is an edge $(u,v) \in E$ if and only if $d_{min} \leq d_{T,w} (l_u, l_v) \leq d_{max}$ where $d_{T,w} (l_u, l_v)$ is the sum of the weights of the edges on the unique path from $l_u$ to $l_v$ in $T$. In this note, we show that all the graphs with at most seven vertices are PCGs. In particular all these graphs except for the wheel on 7 vertices $W_7$ are PCGs of a particular structure of a tree: a centipede.

Effective Pruning for the Discovery of Conditional Functional Dependencies

Abstract: Conditional functional dependencies (CFDs) have been proposed as a new type of semantic rules extended from traditional functional dependencies. They have shown great potential for detecting and repairing inconsistent data. Constant CFDs are 100% confidence association rules. The theoretical search space for the minimal set of CFDs is the set of minimal generators and their closures in data. This search space has been used in the currently most efficient constant CFD discovery algorithm. In this paper, we propose pruning criteria to further prune the theoretic search space, and design a fast algorithm for constant CFD discovery. We evaluate the proposed algorithm on a number of media to large real-world data sets. The proposed algorithm is faster than the currently most efficient constant CFD discovery algorithm, and has linear time performance in the size of a data set.

Parallel File System Analysis Through Application I/O Tracing

Abstract: Input/Output (I/O) operations can represent a significant proportion of the run-time of parallel scientific computing applications. Although there have been several advances in file format libraries, file system design and I/O hardware, a growing divergence exists between the performance of parallel file systems and the compute clusters that they support. In this paper, we document the design and application of the RIOT I/O toolkit (RIOT) being developed at the University of Warwick with our industrial partners at the Atomic Weapons Establishment and Sandia National Laboratories. We use the toolkit to assess the performance of three industry-standard I/O benchmarks on three contrasting supercomputers, ranging from a mid-sized commodity cluster to a large-scale proprietary IBM BlueGene/P system. RIOT provides a powerful framework in which to analyse I/O and parallel file system behaviour—we demonstrate, for example, the large file locking overhead of IBM's General Parallel File System, which can consume nearly 30% of the total write time in the FLASH-IO benchmark. Through I/O trace analysis, we also assess the performance of HDF-5 in its default configuration, identifying a bottleneck created by the use of suboptimal Message Passing Interface hints. Furthermore, we investigate the performance gains attributed to the Parallel Log-structured File System (PLFS) being developed by EMC Corporation and the Los Alamos National Laboratory. Our evaluation of PLFS involves two high-performance computing systems with contrasting I/O backplanes and illustrates the varied improvements to I/O that result from the deployment of PLFS (ranging from up to 25× speed-up in I/O performance on a large I/O installation to 2× speed-up on the much smaller installation at the University of Warwick).

Counter-Based Power Modeling Methods

Abstract: Counter-based power models have attracted the interest of researchers because they became a quick approach to know the insights of power consumption. Moreover, they allow one to overpass the limitations of measurement devices. In this paper, we compare different Top-down and Bottom-up Counter-based modeling methods. We present a qualitative and quantitative evaluation of their properties. In addition, we study how to extend them to support the currently ubiquitous dynamic voltage and frequency scaling (DVFS) mechanism. We propose a simple method to generate DVFS agnostic power models from the DVFS-specific models. The proposed method is applicable to models generated using any methodology and allows the reduction of the modeling time without affecting the fundamental properties of the models. The study is performed on an 18 DVFS states Intel® Core™ 2 platform using the SPECcpu2006, NAS and LMBENCH benchmark suites. In our testbed, a 6× reduction on the modeling time only increments 1% point on average the error in the predictions.

Comparing Degrees of Non-Determinism in Expression Evaluation

Abstract: Expression evaluation in programming languages is normally assumed to be deterministic; however, if an expression involves variables that are being modified by the environment of the process during its evaluation, the result of the evaluation can be non-deterministic. Two common scenarios in which this occurs are concurrent programs within which processes share variables and real-time programs that interact to monitor and/or control their environment. In these contexts, although any particular evaluation of an expression gives a single result, there is a range of possible values that could be returned depending on the relative timing between modification of a variable by the environment and its access within the expression evaluation. To compare the semantics of non-deterministic expression evaluation, one can use the set of possible values the expression evaluation could return. This paper formalizes three approaches to non-deterministic expression evaluation, highlights their commonalities and differences, shows the relationships between the approaches and explores conditions under which they coincide. Modal operators representing that a predicate holds for all possible evaluations and for some possible evaluation are associated with each of the evaluation approaches, and the properties and relationships between these operators are investigated. Furthermore, a link is made to a new notation used in reasoning about interference.

Cancellation Meadows

Abstract: Let ℚ0 denote the rational numbers expanded to a ‘meadow’, that is, after taking its zero-totalized form (0-1=0) as the preferred interpretation. In this paper, we consider ‘cancellation meadows’, i.e. meadows without proper zero divisors, such as ℚ0 and prove a generic completeness result. We apply this result to cancellation meadows expanded with differentiation operators, the sign function, and with floor, ceiling and a signed variant of the square root, respectively. We give an equational axiomatization of these operators and thus obtain a finite basis for various expanded cancellation meadows.

Bounded Leakage-Resilient Functional Encryption with Hidden Vector Predicate

Abstract: Recent research shows that many public-key or identity-based encryption schemes are vulnerable to side-channel attacks on the keys by the interaction of an adversary with a physical device. To tolerate the possible key leakage, leakage-resilient cryptography models a class of leakage output by allowing the adversary to be able to specify a computable leakage function and obtaining the partial keys or other possibly internal states from the output of function. In this article, we propose a leakage-resilient hidden-vector encryption (HVE) scheme that supports the predicate operators such as conjunction, disjunction, comparison, range query and subset query, etc. The proposed scheme is leakage-resilient attribute-hiding secure in the sense that the adversary cannot only obtain the tokens of non-match vectors but also learn amount of key information of the vector that matches the challenge vector. To the best of our knowledge, this is the first HVE that supports token-leakage resilience. We prove the security with a series of computationally indistinguishable games that uses the dual system encryption mechanism. We also analyze and discuss the performance of leakage bound parameters and leakage fraction in the practical security level. Finally, we also give an extensive scheme to achieve the security of both attribute-hiding and payload-hiding, and analyze the performance in larger alphabets.

Locality-Based Discriminant Neighborhood Embedding

Abstract: In this article, we develop a linear supervised subspace learning method called locality-based discriminant neighborhood embedding (LDNE), which can take advantage of the underlying submanifold-based structures of the data for classification. Our LDNE method can simultaneously consider both ‘locality’ of locality preserving projection (LPP) and ‘discrimination’ of discriminant neighborhood embedding (DNE) in manifold learning. It can find an embedding that not only preserveslocalinformationtoexploretheintrinsicsubmanifoldstructureofdatafromthesameclass, but also enhances the discrimination among submanifolds from different classes. To investigate the performance of LDNE, we compare it with the state-of-the-art dimensionality reduction techniques such as LPP and DNE on publicly available datasets. Experimental results show that our LDNE can be an effective and robust method for classification.

Dynamic Access Control Policies

Abstract: Security requirements deal with the protection of assets against unauthorized access (disclosure or modification) and their availability to authorized users. Temporal constraints of history-based access control policies are difficult to express naturally in traditional policy languages. We propose a compositional formal framework for the specification and verification of temporal access control policies for security critical systems in which history-based policies and other temporal constraints can be expressed. In particular, our framework allows for the specification of policies that can change dynamically in response to time or events enabling dynamic reconfiguration of the access control mechanisms. The framework utilizes a single well-defined formalism, interval temporal logic, for defining the semantics of these policies and to reason about them. We illustrate our approach with a detailed case study of an electronic paper submission system showing the compositional verification of their safety, liveness and information flow properties.

Bft-to

Abstract: State machine replication (SMR) is a generic technique for implementing fault-tolerant distributed services by replicating them in sets of servers. There have been several proposals for using SMR to tolerate arbitrary or Byzantine faults, including intrusions. However, most of these systems can tolerate at most f faulty servers out of a total of 3f+1. We show that it is possible to implement a Byzantine SMR algorithm with only 2f+1 replicas by extending the system with a simple trusted distributed component. Several performance metrics show that our algorithm, BFT-TO, fares well in comparison with others in the literature. Furthermore, BFT-TO is not vulnerable to some recently presented performance attacks that affect alternative approaches.

A Methodology for Mining Document-Enriched Heterogeneous Information Networks

Abstract: The paper presents a new methodology for mining heterogeneous information networks, motivated by the fact that, in many real-life scenarios, documents are available in heterogeneous information networks, such as interlinked multimedia objects containing titles, descriptions and subtitles. The methodology consists of transforming documents into bag-of-words vectors, decomposing the corresponding heterogeneous network into separate graphs, computing structural-context feature vectors with PageRank, and finally, constructing a common feature vector space in which knowledge discovery is performed. We exploit this feature vector construction process to devise an efficient centroid-based classification algorithm. We demonstrate the approach by applying it to the task of categorizing video lectures. We show that our approach exhibits low time and space complexity without compromising the classification accuracy. In addition, we provide a qualitative analysis of the results by employing a data visualization technique.

Maximizing the Total Resolution of Graphs

Abstract: A major factor affecting the readability of a graph drawing is its resolution. In the graph drawing literature, the resolution of a drawing is either measured based on the angles formed by consecutive edges incident to a common node (angular resolution) or by the angles formed at edge crossings (crossing resolution). In this paper, we evaluate both by introducing the notion of "total resolution", that is, the minimum of the angular and crossing resolution. To the best of our knowledge, this is the first time where the problem of maximizing the total resolution of a drawing is studied. The main contribution of the paper consists of drawings of asymptotically optimal total resolution for complete graphs (circular drawings) and for complete bipartite graphs (2-layered drawings). In addition, we present and experimentally evaluate a force-directed based algorithm that constructs drawings of large total resolution.

A Secure Automatic Fare Collection System for Time-Based or Distance-Based Services with Revocable Anonymity for Users

Abstract: Automatic Fare Collection (AFC) systems calculate the fare that the users must pay depending on the time of service (time-based) or the points of entrance and exit of the system (distance-based). The progressive introduction of Information and Communication Technologies (ICT) allows the use of electronic tickets, which helps to reduce costs and improve the control of the infrastructures. Nevertheless, these systems must be secure against possible fraud and they must also preserve users’ privacy. Therefore, we have studied the security requirements for the timebased and distance-based systems and we have proposed a protocol for each of the AFC systems. The protocols offer strong privacy for honest users, i.e., the service provider is not able to disclose the identity of its users and, moreover, different journeys of the same user are not linkable between them. However, anonymity for users could be revoked if they misbehave. The protocols have been implemented in the Android mobile platform and its performance has been evaluated in two Android smartphones. The results remark that protocols are suitable to be used on AFC system with a medium class mobile device although they offer a better experience with a high-class smartphone. The appearance in the market of more powerful mobile devices suggests a better usability of our proposal in a near future.

HISS: A HIghly Scalable Scheme for Group Rekeying

Abstract: Group communication is a suitable and effective communication model for large-scale distributed systems. To be fully exploitable, group communication must be protected. This is normally achieved by providing members with a group key which is revoked and redistributed upon every member’s joining (backward security) or leaving (forward security). Such a rekeying process must be efficient and highly scalable. In this paper, we present HISS, a highly scalable group rekeying scheme that efficiently rekeys the group into two broadcast rekeying messages. HISS features two novel contributions. First, it exhibits a rekeying cost which is constant and independent of the group size, thus being highly scalable with the number of users. At the same time, memory occupancy and computational overhead are affordable on customary platforms. Second, HISS considers collusion as a first-class attack and recovers the group in such a way that it does not require a total group recovery. Efficiency of collusion recovery gracefully decreases with the attack severity. We prove the correctness of HISS, analytically evaluate its performance and argue that it is deployable on customary platforms. Finally, we show that it is possible to practically contrast or even prevent collusion attacks by properly allocating users to subgroups.

On Selecting the Nonce Length in Distance-Bounding Protocols

Abstract: Distance-bounding protocols form a family of challenge–response authentication protocols that have been introduced to thwart relay attacks. They enable a verifier to authenticate and to establish an upper bound on the physical distance to an untrusted prover.We provide a detailed security analysis of a family of such protocols. More precisely, we show that the secret key shared between the verifier and the prover can be leaked after a number of nonce repetitions. The leakage probability, while exponentially decreasing with the nonce length, is only weakly dependent on the key length. Our main contribution is a high probability bound on the number of sessions required for the attacker to discover the secret, and an experimental analysis of the attack under noisy conditions. Both of these show that the attack’s success probability mainly depends on the length of the used nonces rather than the length of the shared secret key. The theoretical bound could be used by practitioners to appropriately select their security parameters. While longer nonces can guard against this type of attack, we provide a possible countermeasure which successfully combats these attacks even when short nonces are used

A Two-Step Secure Localization for Wireless Sensor Networks

Abstract: Accuratelylocatingunknownnodesisacriticalissueinthestudyofwirelesssensornetworks(WSNs). Many localization approaches have been proposed based on anchor nodes, which are assumed to know their locations by manual placement or additional equipments such as global positioning system. However, none of these approaches can work properly under the adversarial scenario. In this paper, we propose a novel scheme called two-step secure localization (TSSL) stand against many typical malicious attacks, e.g. wormhole attack and location spoofing attack. TSSL detects malicious nodes step by step. First, anchor nodes collaborate with each other to identify suspicious nodes by checkingtheircoordinates,identitiesandtimeofsendinginformation.Then,byusingamodifiedmesh generationscheme,maliciousnodesareisolatedandtheWSNisdividedintoareaswithdifferenttrust grades. Finally, a novel localization algorithm based on the arrival time difference of localization information is adopted to calculate locations of unknown nodes. Simulation results show that the TSSL detects malicious nodes effectively and the localization algorithm accomplishes localization with high localization accuracy.

Spatial Computers for Emergency Support

Abstract: We present two spatially distributed computing systems that operate in a building and provide intelligent navigation services to people for evacuation purposes. These systems adapt to changing conditions by monitoring the building and using local communication and computation for determining the best evacuation paths. The first system, called distributed evacuation system (DES), comprises a network of decision nodes (DNs) positioned at specific locations inside the building. DNs provide people with directions regarding the best available exit. The second system, called opportunistic emergency support system (OESS), consists of mobile communication nodes (CNs) carried by people. CNs form an opportunistic network in order to exchange information regarding the hazard and to direct the evacuees towards the safest exit. BothDESandOESSemploy sensor nodes deployed at fixed locations for monitoring the hazard.We evaluate the spatial systems using simulation experiments with a purpose-built emergency simulator called DBES.We show how parameters such as the frequency of information exchange and communication range affect the system performance and evacuation outcome.

Deriving a Quantum Information Retrieval Basis

Abstract: Indexing is a core process of an information retrieval (IR) system (IRS). As indexing can neither be exhaustive nor precise, the decision taken by an IRS about the relevance of the content of a document to an information need is subject to uncertainty. It is our hypothesis that one of the reasons that IRSs are unable to optimally respond to every query is that the document collections and the posting lists are modeled as sets of documents. In contrast, if vector spaces replace sets along the way given by quantum mechanics, it is possible to define a quantum information retrieval basis (QIRB) that at least in principle yields more effective document ranking than the ranking yielded by the current principles, with effectiveness being measured in terms of recall at every level of fallout. To this end, we show that the probability ranking principle and the Neyman–Pearson Lemma (NPL) are equivalent. The rest of the article follows from this result. In particular, we introduce the QIRB, link it to a generalization of the NPL and demonstrate its superiority through a concise mathematical analysis and an empirical study. The challenges posed by this basis and the research directions that would be opened are also discussed.

Decentralized monitoring of moving objects in a transportation network augmented with checkpoints

Abstract: This paper examines efficient and decentralized monitoring of objects moving in a transportation network. Previous work in moving object monitoring has focused primarily on centralized information systems, like moving object databases and geographic information systems. In contrast, in this paper monitoring is in-network, requiring no centralized control and allowing for substantial spatial constraints to the movement of information. The transportation network is assumed to be augmented with fixed checkpoints that can detect passing mobile objects. This assumption is motivated by many practical applications, from traffic management in vehicle ad hoc networks to habitat monitoring by tracking animal movements. In this context, this paper proposes and evaluates a family of efficient decentralized algorithms for capturing, storing and querying the movements of objects. The algorithms differ in the restrictions they make on the communication and sensing constraints to the mobile nodes and the fixed checkpoints. The performance of the algorithms is evaluated and compared with respect to their scalability (in terms of communication and space complexity), and their latency (the time between when a movement event occurs, and when all interested nodes are updated with records about that event). The conclusions identify three key principles for efficient decentralized monitoring of objects moving past checkpoints: structuring computation around neighboring checkpoints; taking advantage of mobility diffusion and separating the generation and querying of movement information.

A Vulnerability Life Cycle-Based Security Modeling and Evaluation Approach

Abstract: This paper presents a probabilistic model-based approach aimed at evaluating quantitative measures to assess the security risks faced by an information system in operation. The proposed approach takes into account the impact of three environmental factors and their interdependencies: the vulnerability life cycle, the behavior of the attackers and the behavior of the system administrator. Several quantitative security measures are defined and evaluated. Two different scenarios are distinguished corresponding to the case where the system vulnerabilities are discovered by a malicious user or by a non malicious user. The proposed models are based on stochastic activity networks and describe the system states resulting from the combined modeling of the three external factors. Five states are distinguished (vulnerable, exposed, compromised, patched and secure) and probability measures are associated to these states to assess the level of risk faced by the system as a result of the vulnerability exploitation process. The parameters of the models, e.g. those characterizing the occurrence of vulnerability life cycle events, are derived from the analysis of public information recorded in vulnerability databases. Several sensitivity analyses are carried out for the two scenarios, in order to quantify and illustrate the impact of various parameters, including the probability of security patch application, the attack rate, etc.