A widely-used query on a graph is a regular path query (RPQ) whose answer is a set of tuples of nodes connected by paths corresponding to a given regular expression. Traditionally, evaluating an RPQ on a large graph takes substantial memory spaces and long response time. Recently, several studies have focused on improving response time for evaluating an RPQ by splitting an original RPQ into smaller subqueries, evaluating them in parallel and combining partial answers. In these works, how to choose split labels in an RPQ is one of key points of the performance of RPQ evaluation, and rare labels of a graph can be used as split labels. However there is still a room for improvement, because a rare label cannot guarantee the minimum evaluation cost all the time. In this paper, we propose a novel approach of selecting split labels by estimating evaluation cost of each split subquery with a unit-subquery cost matrix (USCM), which can be obtained from a graph in prior to evaluate an RPQ. USCM presents the evaluation cost of a unit-subquery which is the smallest possible subquery, and we can estimate the evaluation cost of an RPQ by decomposing into a set of unit-subqueries. Experimental results show that our proposed approach outperforms rare label based approaches.

In a smart home environment, sensors generate events whenever activities of residents are captured. However, due to some factors, abnormal events could be generated, which are technically reasonable but contradict to real-world activities. To detect abnormal events, a number of methods has been introduced, e.g., clustering-based or snapshot-based approaches. However, they have limitations to deal with complicated anomalies which occur with large number of events and blended within normal sensor readings. In this paper, we propose a novel method of detecting sensor anomalies under smart home environment by considering spatial correlation and dependable correlation between sensors. Initially, we pre-calculate these correlations of every pair of two sensors to discover their relations. Then, from periodic sensor readings, if it has any unmatched relations to the pre-computed ones, an anomaly is detected on the correlated sensor. Through extensive evaluations with real datasets, we show that the proposed method outperforms previous approaches with 20% improvement on detection rate and reasonably low false positive rate.

Distributed Reflective Denial of Services (DRDoS) attacks have gained huge popularity and become a major factor in a number of massive cyber-attacks. Usually, the attackers launch this kind of attack with small volume of requests to generate a large volume of attack traffic aiming at the victim by using IP spoofing from legitimate hosts. There have been several approaches, such as static threshold based approach and confirmation-based approach, focusing on DRDoS attack detection at victim's side. However, these approaches have significant disadvantages: (1) they are only passive defences after the attack and (2) it is hard to trace back the attackers. To address this problem, considerable attention has been paid to the study of detecting DRDoS attack at source side. Because the existing proposals following this direction are supposed to be ineffective to deal with small volume of attack traffic, there is still a room for improvement. In this paper, we propose a novel method to detect DRDoS attack request traffic on SDN(Software Defined Network)-enabled gateways in the source side of attack traffic. Our method adjusts the sampling rate and provides a traffic-aware adaptive threshold along with the margin based on analysing observed traffic behind gateways. Experimental results show that the proposed method is a promising solution to detect DRDoS attack request in the source side.