In this paper, we propose a scheme to strengthen network-based moving target defense with disposable identifiers. The main idea is to change disposable identifiers for each packet to maximize unpredictability with large hopping space and substantially high hopping frequency. It allows network-based moving target defense to defeat active scanning, passive scanning, and passive host profiling attacks. Experimental results show that the proposed scheme changes disposable identifiers for each packet while requiring low overhead.

Due to the slowdown of Moore's Law, power limitation has been one of the most critical issues for current and future HPC systems. To more efficiently utilize HPC systems when power budgets or deadlines are given, it is very desirable to accurately estimate the performance or power consumption of applications before conducting their tuned production runs on any specific systems. In order to ease such estimations, we showcase a straight-forward and yet effective method, based on the enhanced power management framework and DSL we developed, to help HPC users to clarify the performance and power relationships of their applications. This method demonstrates an easy process of profiling, modeling and management on both performance and power of HPC systems and applications. In our evaluations, only a few (up to 3) profiled runs are necessary before very precise models of HPC applications can be obtained through this method (and algorithm), which has dramatically improved the efficiency of and lowered the difficulty in utilizing HPC systems under limited power budgets.

Most Android applications are written in JAVA and run on a Dalvik virtual machine. For smartphone vendors and users who wish to know the performance of an application on a particular smartphone but cannot obtain the source code, we propose a new technique, Dalvik Profiler for Applications (DPA), to profile an Android application on a Dalvik virtual machine without the support of source code. Within a Dalvik virtual machine, we determine the entry and exit locations of a method, log its execution time, and analyze the log to determine the performance of the application. Our experimental results show an error ratio of less than 5% from the baseline tool Traceview which instruments source code. The results also show some interesting behaviors of applications and smartphones: the performance of some smartphones with higher hardware specifications is 1.5 times less than the phones with lower specifications. DPA is now publicly available as an open source tool.

With the development of the Internet, there are more and more shared resources on the Web. Personalized search becomes increasingly important as users demand higher retrieval quality. Personalized search needs to take users' personalized profiles and information needs into consideration. Collaborative tagging (also known as folksonomy) systems allow users to annotate resources with their own tags (features) and thus provide a powerful way for organizing, retrieving and sharing different types of social resources. To capture and understand user preferences, a user is typically modeled as a vector of tag: value pairs (i.e., a tag-based user profile) in collaborative tagging systems. In such a tag-based user profile, a user's preference degree on a group of tags (i.e., a combination of several tags) mainly depends on the preference degree on every individual tag in the group. However, the preference degree on a combination of tags (a tag-group) cannot simply be obtained from linearly combining the preference on each tag. The combination of a user's two favorite tags may not be favorite for the user. In this article, we examine the limitations of previous tag-based personalized search. To overcome their problems, we model a user profile based on combinations of tags (tag-groups) and then apply it to the personalized search. By comparing it with the state-of-the-art methods, experimental results on a real data set shows the effectiveness of our proposed user profile method.

The computing of applications in embedded devices suffers tight constraints on computation and energy resources. Thus, it is important that applications running on these resource-constrained devices are aware of the energy constraint and are able to execute efficiently. The existing execution time and energy profiling tools could help developers to identify the bottlenecks of applications. However, the profiling tools need large space to store detailed profiling data at runtime, which is a hard demand upon embedded devices. In this article, a reconfigurable multi-resolution profiling (RMP) approach is proposed to handle this issue on embedded devices. It first instruments all profiling points into source code of the target application and framework. Developers can narrow down the causes of bottleneck by adjusting the profiling scope using the configuration tool step by step without recompiling the profiled targets. RMP has been implemented as an open source tool on Android systems. Experiment results show that the required log space using RMP for a web browser application is 25 times smaller than that of Android debug class, and the profiling error rate of execution time is proven 24 times lower than that of debug class. Besides, the CPU and memory overheads of RMP are only 5% and 6.53% for the browsing scenario, respectively.

In the present paper, a method for extracting user interest by constructing a hierarchy of words from social bookmarking (SBM) tags and emphasizing nouns based on the hierarchical structure (folksonomy) is proposed. Co-occurrence of the SBM tags basically have a semantic relationship. As a result of an experimental evaluation using the user profiles on Twitter, the authors discovered that the SBM tags and their word hierarchy have a rich vocabulary for extracting user interest.

We propose a surface profiling algorithm by white-light interferometry that extends sampling interval to twice of the widest interval among those used in conventional algorithms. The proposed algorithm uses a novel function called an in-phase component of an interferogram to detect the peak of the interferogram, while conventional algorithms used the squared-envelope function or the envelope function. We show that the in-phase component has the same peak as the corresponding interferogram when an optical filter has a symmetric spectral distribution. We further show that the in-phase component can be reconstructed from sampled values of the interferogram using the so-called quadrature sampling technique. Since reconstruction formulas used in the algorithm are very simple, the proposed algorithm requires low computational costs. Simulation results show the effectiveness of the proposed algorithm.

For detecting the anomalous behavior of a user effectively, most researches have concentrated on statistical techniques. However, since statistical techniques mainly analyze the average behavior of a user's activities, some anomalies can be detected inaccurately. In addition, it is difficult to model intermittent activities performed periodically. In order to model the normal behavior of a user closely, a set of various features can be employed. Given an activity of a user, the values of those features that are related to the activity represent the behavior of the activity. Furthermore, activities performed in a session of a user can be regarded as a semantically atomic transaction. Although it is possible to apply clustering technique to these values to extract the normal behavior of a user, most of conventional clustering algorithms do not consider any transactional boundary in a data set. In this paper, a transaction-based clustering algorithm for modeling the normal behavior of a user is proposed. Based on the activities of the past transactions, a set of clusters for each feature can be found to represent the normal behavior of a user as a concise profile. As a result, any anomalous behavior in an online transaction of the user can be effectively detected based on the profile of the user.

Association mining extracts common relationships among a finite number of categorical data objects in a set of transactions. However, if the data objects are not categorical and potentially unlimited, it is impossible to employ the association mining approach. On the other hand, clustering is suitable for modeling a large number of non-categorical data objects as long as there exists a distance measure among them. Although it has been used to classify data objects in a data set into groups of similar objects based on data similarity, it can be used to extract the properties of similar data objects commonly appearing in a set of transactions. In this paper, a new clustering method, CLOCK, is proposed to find common knowledge such as frequent ranges of similar objects in a set of transactions. The common knowledge of data objects in the transactions can be represented by the occurrence frequency of similar data objects in terms of a transaction as well as the common repetitive ratio of similar data objects in each transaction. Furthermore, the proposed method also addresses how to maintain identified common knowledge as a summarized profile. As a result, any data difference between a newly collected transaction and the common knowledge of past transactions can be easily identified.

Online profiling methodologies are studied for exploiting dynamic optimization. On a dynamic optimizable system with online profilers, it has to get accurate profile in early step of the program execution for effective execution. However, for getting more effective profile by online profiling, it has to satisfy "Rapidness" and "Accuracy". They are conflicted requirements. Therefore, it has to choose trade-off point at implementation. We focused into online Hot Instruction Sequence (HIS) profiler to exploit reconfigurable functional units. To circumstantiate the effectiveness of online HIS profiling, we build some evaluation models for experimental evaluation. Our profiler models are SC/DM, SC/FA and JC/DM. These models have different policy of event counting and table lookup. Our event counting policies are simple-counting or jumble-counting. On the other hand, table lookup policies are direct-map or full-associative. In our experimental evaluation, SC/FA and JC/DM models scored higher accuracy than SC/DM. The JC/DM model is able to implement by lower cost for table lookup, but it scored high accuracy comparable to SC/FA.

This paper evaluates the code efficiency of the ARM, Java, and x86 instruction sets by compiling the SPEC CPU95/CPU2000/JVM98 and CaffeineMark benchmarks, from the aspects of code sizes, basic block sizes, instruction distributions, and average instruction lengths. As a result, mainly because (i) the Java architecture is a stack machine, (ii) there are only four local variables which can be accessed by a 1-byte instruction, and (iii) additional instructions are provided for the network security, the code efficiency of Java turns out to be inferior to that of ARM Thumb. Moreover, through this efficiency analysis it should be stressed that there exists the high potential of constructing a more efficient code architecture by taking minute account of the customization of an instruction set as well as the number of registers.

An airborne cloud profiling radar (SPIDER) which has several unique features has been developed at CRL. In this paper, the objectives and design considerations are outlined, and the system is described. The features of SPIDER are summarized below. (1) A W-band frequency (95 GHz) is used to provide very high sensitivity to small cloud particles. (2) The radar is carried by a jet aircraft that can fly high above most clouds. (3) Full-polarimetric and Doppler capabilities are incorporated in the unit. (4) Almost all radar operational parameters are under software control, and most processing is in real time. (5) The design gives consideration to the study of cloud radiation and microphysics. The system has been completed and is still undergoing performance testing. The functions and performance of the SPIDER system are currently fulfilling the intentions of its design. Several interesting cloud features that had not been seen with previous instruments have already been observed.

This paper presents a network surveillance technique for detecting malicious activities. Based on the hypothesis that unusual conducts like system exploitation will trigger an abnormal network pattern, we try to detect this anomalous network traffic pattern as a sign of malicious, or at least suspicious activities. Capturing and analyzing of a network traffic pattern is implemented with a concept of port profiling, where measures representing various characteristics of connections are monitored and recorded for each port. Though the generation of the port profiles requires the minimum calculation and memory, they exhibit high stability and robustness. Each port profile retains the patterns of the corresponding connections precisely, even if the connections demonstrate multi-modal characteristics. By comparing the pattern exhibited by live traffic with the expected behavior recorded in the profile, intrusive activities like compromising backdoors or invoking trojan programs are successfully detected.