Medical Image Fusion Based on Wavelet TransformGanesh J. Jagtap

Lecturer in Information Technology,SVPM’s Institute of Technology & Engineering, Malegaon(Bk),

Tal: Baramati, Dist: Pune 413102Abstract:If the analysis of the characters of CT medical image is carried out, it seems that a novel method for this particular image fusion is using discrete wavelet transform and independent component analysis. Firstly, each of CT images is de-composed by 2-D discrete wavelet transform. Then independent component analysis is used to analyze the wavelet coefficients in different level for acquiring independent component. At last, the use of wavelet reconstruction for synthesizing one CT medical image, which could contain more integrated accurate detail information of different soft tissue such as muscles and blood vessels is made. By contrast, the efficiency of method is better than weighted average method or laplacian pyramid method in medical image fusion field. Nowadays, the study of multimodality medical image is very important because of increasing clinical application demanding. We can get the different benefits from the information in the images of different modalities.

1. INTRODUCTIONIn the recent years, the study of multimodality medical image fusion attracts much

attention with the increasing of clinic application demanding. Radiotherapy plan, for instance, often benefits from the complementary information in images of different modalities. Dose calculation is based on the computed tomography (CT) data, while tumor outlining is often better performed in the corresponding magnetic resonance (MR) scan. For medical diagnosis, CT provides the best information on denser tissue with less distortion, MRI provides better information on soft tissue with more distortion, and PET provides better information on blood flow and flood activity with low space resolution in general. With more available multimodality medical images in clinical applications, the idea of combining images from different modalities becomes very important and medical image fusion has merged as a new and promising research field. The general object of image fusion is to combine the complementary information from multimodality images. Some image fusion methods have been introduced in the literatures, including statistical method (Bayesian's decision), Fuzzy set method, neural network method, Laplacian pyramid method and wavelet transform method. It should be noted that the fusion methods are application-dependent.

2. LITERATURE REVIEW In the signal processing theory, the nature of non-periodic and transient signals

cannot easily be analyzed by conventional transforms. So, an alternative mathematical tool-wavelet transform, developed by MATLAB is used to extract the relevant time-amplitude information from a signal.

Woei-Fuh Wang ital[1] worked on PET-MRI image registration and fusion, providing fused image which gives both physiological and anatomical information with high spatial resolution for use in clinical diagnosis and therapy.

Gemma Piella[2] presents new approach for accessing quality in image fusion by constructing ideal fused image, used it as reference image and compare with the experimental fused results. Mean Squared Matrices are widely used for these comparisons.

Paul Hill, Nishan Canagarajah and Dave[3] Bull have introduced novel application of shift- invarient and directionally selective Dual Tree Complex wavelet transform (DT-CWT) to image fusion, providing improved qualitative and quantitative results.Myungjin Choi, Rae Young Kim, Myeong-Ryong NAM, and Hong Oh Kim[4] proposed the curvelet transform for image fusion .The curvelet-based image fusion method provides richer information in the spatial and spectral domains simultaneously. They performed Landsat ETM+ image fusion and found optimum fusion results.

Yu Lifeng, Zu Donglin, Wang Weidong , Bao Shanglian[5] have proposed integrated scheme to fuse medical images from different modalities. First they have registered images using SVD-ICP (Iterative Closest Points) method and evaluated the different fusion results by applying different selection rules.

QU Xiao have associated NSCT (Non Subsampled Countourlet Transform) with PCNN (Pulse Coupled Neural Networks) and employed in image fusion. Spatial frequency in NSCT domains is input to motivate PCNN and coefficients in NSCT with large firing times are selected as coefficients of the fused image[6].3. PROBLEM DESCRIPTION AND SPECIFICATION3.1. Problem Statement

Take a more than two images reconstruction using Wavelet Transform to these images and the process of combining relevant information from two or more images into a single image. The resulting image will be more informative than any of the input images. 3.2. Block Diagram

Figure. 3.1. Image Fusion Scheme

3.3. Module Wise DescriptionFirst, the CT and MRI images to be fused are decomposed by discrete wavelet

transform. The images should be decomposed into same levels. These sub-band images constitute the details of the original images.

Using IDWT, have to combine the information from each image by fusion rules, taking significant components from each level.3.3.1. Multiresolution Analysis

Although the time and frequency resolution problems are results of a physical phenomenon (the Heisenberg uncertainty principle) and exist regardless of the transform used, it is possible to analyze any signal by using an alternative approach called the multiresolution analysis (MRA). MRA, as implied by its name, analyzes the signal at different frequencies with different resolutions. Every spectral component is not resolved equally as was the case in the Short Time Fourier Transform (STFT).

MRA is designed to give good time resolution and poor frequency resolution at high frequencies and good frequency resolution and poor time resolution at low frequencies. This

approach makes sense especially when the signal at hand has high frequency components for short durations and low frequency components for long durations. Fortunately, the signals that are encountered in practical applications are often of this type.

The wavelet transform is a powerful tool for multiresolution analysis. The multiresolution analysis requires a set of nested multiresolution sub-spaces as illustrated in the following figure:

Figure. 3.2. Nested Multiresolution Spaces

The original space V0 can be decomposed into a lor resolution sub-space V1, the difference between V0 and V1 can be represented by the complementary sub-space W1. Similarly, can continue to decompose V1 into V2 and W2. The above graph shows 3-level decomposition. For an N-level decomposition, will obtain N+1 sub-spaces with one coarsest resolution sub-space Vn and N difference sub-space Wi, i is from 1 to N. Each digital signal in the space V0 can be decomposed into some components in each sub-space. In many cases, it's much easier to analyze these components rather than analyze the original signal itself.

3.3.2. Filter Bank Analysis

The corresponding representation in frequency space is intuitively shown in the following graph: Can apply a pair of filters to divide the whole frequency band into two subbands, and then apply the same procedure recursively to the low-frequency band on the current stage. Thus, it is possible to use a set of FIR filters to achieve the above multiresolution decomposition. Here is one way to decompose a signal using filter banks.

Figure. 3.3. Multiresolution frequency bands

The effect of this shifting and scaling process is to produce a time-scale representation, as depicted in Figure 4. As can be seen from a comparison with the STFT, which employs a windowed FFT of fixed time and frequency resolution, the wavelet transform offers superior temporal resolution of the high frequency components and scale

(frequency) resolution of the low frequency components. This is often beneficial as it allows the low frequency components, which usually give a signal its main characteristics or identity, to be distinguished from one another in terms of their frequency content, while providing an excellent temporal resolution for the high frequency components which add the nuance's to the signals behavior.

Unlike STFT, in Wavelet Transform, the width of the wavelet function changes with each spectral component. The Wavelet Transform, at high frequencies, gives good time resolution and poor frequency resolution, while at low frequencies, the Wavelet Transform gives good frequency resolution and poor time resolution.3.3.3. Discrete Wavelet Transform

When analyzing signals of a non-stationary nature, it is often beneficial to be able to acquire a correlation between the time and frequency domains of a signal. The Fourier transform, provides information about the frequency domain, hover time localized information is essentially lost in the process. The problem with this is the inability to associate features in the frequency domain with their location in time, as an alteration in the frequency spectrum will result in changes throughout the time domain. In contrast to the Fourier transform, the wavelet transform allows exceptional localization in both the time domain via translations of the mother wavelet, and in the scale (frequency) domain via dilations .The translation and dilation operations applied to the mother wavelet are performed to calculate the wavelet coefficients, which represent the correlation between the wavelet and a localized section of the signal. The wavelet coefficients are calculated for each wavelet segment, giving a time-scale function relating the wavelets correlation to the signal. A wavelet family with mother wavelet ψ(x) consists of functions ψa,b(x) of the form,

(1)

Where b is the shift or center of ψa,b, and a is the scale. Alternatively, the scaling factor 1/a may be used. If a > 1, then ψa,b is obtained by stretching the graph of ψ, and if a < 1, then the graph of ψ is contracted. The value a corresponds to the notion of frequency in Fourier analysis.

Given a mother wavelet, an orthogonal family of wavelets can be obtained by properly choosing a = am0 and b = nb0, where m and n are integers, a0 > 1 is a dilation parameter, and b0 > 0is a translation parameter. To ensure that wavelets ψa, b, for fixed a, “cover” f(x) in a similar manner as m increases, choose b0 = βam0. For rapid calculation of the wavelet coefficients, choose β = 1 and a0 = 2. Note that by choosing b0 < 2m, obtain a redundant wavelet family, whereas choosing b0 > 2m leads to an incomplete representation of the transformed function. Therefore b0 = 2m is the optimal choice, and in fact leads to an orthogonal family. With these choices of a and b, the DWT of a function f(x) is given by,

(2)

Where,

(3)

The inverse transform is given by,

(4)

It should be noted that even though the integral defining Wf (m, n) is on an unbounded interval, it is effectively on a finite interval if the mother wavelet has compact support, and therefore can easily be approximated numerically. A function ψ(x) is a wavelet if it satisfies these conditions,

3.4. Pixelbased Image Fusion MethodIn this fusion scheme the subband signal of fused image is acquired by simply

picking high frequency coefficients with larger absolute value.

(5) In the lost special resolution, the subband signal is Cj(F,p) acquired by averaging Cj(A,p) and Cj(B,p) of A and B. Cj(F,p)=0.5*Cj(A,p)+0.5*Cj(B,p) (6) 4. BASIC SYSTEM IMPLEMENTATION 4.1. Algorithm For Pixelbased11) Read the CT image.2) Read MRI image. 3) Resize the both images to 256x256.4) Decompose the each image at one level using DWT. 5) Compare the absolute values for each pixel and the pixel with higher value is selected in the final subband.6) Reconstruct the fused image using IDWT (inverse discrete wavelet transform) using the same wavelet filter used for decomposition.4.2. Resultant Images Fusion at single level using ‘db10’

Figure. 4.1 a) CT Image, b) MRI Image, c) Pixelbased Fusion Image, .4.3. Results

Table 4.1: Fusion at Single level using ‘bior.4.4’

Method Standard deviation Entropy OCE

Pixelbased1 59.340 6.7049 1.4771

5. CONCLUSIONIn the project different methods are compared for the fusion of CT and MRI images

based on DWT. Standard deviation ,entropy ,overall cross entropy are the criteria’s used for evaluating the fusion result. For the medical image fusion technique based on the multiresolution wavelet decomposition is wonderful trade-off between spectral and spatial information. Among the entire methods pixel based 1 is having the highest entropy. Gradient and Convolution based methods are also having good performance, as it have high entropy, less OCE and good standard deviation. Pixel based 2 is having good visual perception.

In comparison of different wavelet filters applied for the decomposition and reconstruction 'db5',db7,'db10','bior4.4' performance is good, since the reconstruction becomes better. Multilevel decomposition fusion is having better results at the cost of increased computations. Fused image provides the complementary features which will make the diagnosis easy.

6. REFERENCES[1]. Zhiming Cui, Guangming Zhang, Jian Wu “Medical Image Fusion Based on Wavelet Transform and Independent Component Analysis” 2009 International Joint Conference on Artificial Intelligence 978-0-7695-3615-6/09 2009 IEEE DOI 10.1109/JCAI.2009.169. IEEE Computer Society.[2]. Progress in Electromagnetic Research C, Vol. 3, 215–224, 2008 CURVELET FUSION OF MR AND CT IMAGES F. E. Ali, I. M. El-Dokany, A. A. Saad and F. E. Abd El-Samie Department of Electronics and Electrical Communications Faculty of Electronic Engineering Menoufia University 32952, Menouf, Egypt.[3]. H. Li, B.S. Manjunath, and S.K. Mitra, “Multisensor image fusion using the wavelet transform, ” Graphical Models and Image Processing 57, 235-245 (1995)[4]. W. B. Penne baker, J. L. Mitchell, JPEG - still image data compression standards, Van No strand Reinhold, 1993.[5]. Paul Hill, Nishan Canagarajah and Dave Bull “Image Fusion using Complex Wavelets” BMVC 2002[6]. Independent Component Analysis Algorithms and Applications Aapo Hyvärinen and Erkki Oja Neural Networks Research Centre Helsinki University of Technology P.O. Box 5400, FIN-02015 HUT, Finland Neural Networks, 13(4-5):411-430, 2000.[7]. D. A. Bluemke et al., “Detection of Hepatic Lesions in Candidates for Surgery: Comparison of Ferumoxides-Enhanced MR Imaging and Dual-Phase Helical CT,” AJR 175, pp. 1653–1658, December 2000.[8]. W. D. Withers, “A rapid entropy coding algorithm”, (Technical report, Pegasus Imaging Corporation).[9]. C. S. Kidwell et al., “Comparison of MRI and CT for Detection of Acute Intra-cerebral Hemorrhage,” JAMA, Vol. 292, No. 15, pp. 1823-1830, 2004.[10]. The Wavelet Tutorial By Robi Plokar.

[11]. M.M and A.S. Willsky, a multiresolution methodology for singal level fusion and data assimilation application to remote sensing.Proc.IEEE,85:164-180, 1997.

PAPER PRESENTATION ON

“BRAIN GATE SYSTEM”

ByMr. Kumbhar S.l.

Computer DepartmentSBPCOE, Indapur.

meet_satishkumbhar@rediffmail.com

ABSTRACT: The mind-to-movement system that allows a quadriplegic man to control a computer using only his thoughts is a scientific milestone. It was reached, in large part, through the brain gate system. This system has become a boon to the paralyzed. The Brain Gate System is based on Cyber kinetics platform technology to sense, transmit, analyze and apply the language of neurons. The principle of operation behind the Brain Gate System is that with intact brain function, brain signals are generated even though they are not sent to the arms, hands and legs.The signals are interpreted and translated into cursor movements, offering the user an alternate Brain Gate pathway to control a computer with thought, just as individuals who have the ability to move their hands use a mouse. The 'Brain Gate' contains tiny spikes that will extend down about one millimetre into the brain after being implanted beneath the skull, monitoring the activity from a small group of neurons.It will now be possible for a patient with spinal cord injury to produce brain signals that relay the intention of moving the paralyzed limbs, as signals to an implanted sensor, which is then output as electronic impulses. These impulses enable the user to operate mechanical devices with the help of a computer cursor. Matthew Nagle,a 25-year-old Massachusetts man with a severe spinal cord injury,has been paralyzed from the neck down since 2001.After taking part in a clinical trial of this system,he has opened e-mail,switched TV channels,turned on lights.He even moved a robotic hand from his wheelchair. This marks the first time that neural movement signals have been recorded and decoded in a human with spinal cord injury.The system is also the first to allow a human to control his surrounding environment using his mind.

How does the brain control motor function? The brain is "hardwired" with connections, which are made by billions of neurons that make electricity whenever they are stimulated. The electrical patterns are called brain waves. Neurons act like the wires and gates in a computer, gathering and transmitting electrochemical signals over distances as far as several feet. The brain encodes information not by relying on single neurons, but by spreading it across large populations of neurons, and by rapidly adapting to new circumstances.Motor neurons carry signals from the central nervous system to the muscles, skin and glands of the body, while sensory neurons carry signals from those outer parts of the body to the central nervous system. Receptors sense things like chemicals, light, and sound and encode this information into electrochemical signals transmitted by the sensory neurons. And interneurons tie everything together by connecting the various neurons within the brain and

spinal cord. The part of the brain that controls motor skills is located at the ear of the frontal lobe.

How does this communication happen? Muscles in the body's limbs contain embedded sensors called muscle spindles that measure the length and speed of the muscles as they stretch and contract as you move. Other sensors in the skin respond to stretching and pressure. Even if paralysis or disease damages the part of the brain that processes movement, the brain still makes neural signals. They're just not being sent to the arms, hands and legs. A technique called neurofeedback uses connecting sensors on the scalp to translate brain

waves into information a person can learn from. The sensors register different frequencies of the signals produced in the brain. These changes in brain wave patterns indicate whether someone is concentrating or suppressing his impulses, or whether he is relaxed or tense.

NEUROPROSTHETIC DEVICE:A neuroprosthetic device known as Brain gate converts brain activity into computer commands. A sensor is implanted on the brain, and electrodes are hooked up to wires that travel to a pedestal on the scalp. From there, a fiber optic cable carries the brain activity data to a nearby computer.

PRINCIPLE : "The principle of operation of the BrainGate Neural Interface System is that with intact brain function, neural signals are generated even though they are not sent to the arms, hands and legs. These signals are interpreted by the System and a cursor is shown to the user on a computer screen that provides an alternate "BrainGate pathway". The user can use that cursor to control the computer, just as a mouse is used."

Brain Gate is a brain implant system developed by the bio-tech company Cyber kinetics in 2003 in conjunction with the Department of Neuroscience at Brown University. The device was designed to help those who have lost control of their limbs, or other bodily functions, such as patients with amyotrophic lateral sclerosis (ALS) or spinal cord injury. The

computer chip, which is implanted into the patient and converts the intention of the user into computer commands. NUERO CHIP:

Currently the chip uses 100 hair-thin electrodes that 'hear' neurons firing in specific areas of the brain, for example, the area that controls arm movement. The activity is translated into electrically charged signals and is then sent and decoded using a program, which can move either a robotic arm or a computer cursor. According to the Cyberkinetics' website, three patients have been implanted with the BrainGate system. The company has confirmed that one patient (Matt Nagle) has a spinal cord injury, whilst another has advanced ALS. In addition to real-time analysis of neuron patterns to relay movement, the Braingate array is also capable of recording electrical data for later analysis. A potential use of this feature would be for a neurologist to study seizure patterns in a patient with epilepsy. Braingate is currently recruiting patients with a range of neuromuscular and neurodegenerative

conditions for pilot clinical trials in the United States.

WORKING: Operation of the BCI system is not simply listening the EEG of user in a way that let’s tap this EEG in and listen what happens. The user usually generates some sort of mental activity pattern that is later detected and classified. PREPROCESSING: The raw EEG signal requires some preprocessing before the feature extraction. This preprocessing includes removing unnecessary frequency bands, averaging the current brain activity level, transforming the measured scalp potentials to cortex potentials and de-noising. Frequency bands of the EEG:.

Occipital/Parietal regions

DETECTION:The detection of the input from the user and them translating it into an action could be considered as key part of any BCI system. This detection means to try to find out these mental tasks from the EEG signal. It can be done in time-domain, e.g. by. Comparing amplitudes of the EEG and in frequency-domain. This involves usually digital signal processing for sampling and band pass filtering the signal, then calculating these time -or frequency domain features and then classifying them. These classification algorithms include simple comparison of amplitudes linear and non-linear equations and artificial neural networks. By constant feedback from user to the system and vice versa, both partners gradually learn more from each other and improve the overall performance.CONTROL: The final part consists of applying the will of the user to the used application. The user chooses an action by controlling his brain activity, which is then detected and classified to corresponding action. Feedback is provided to user by audio-visual means e.g. when typing with virtual keyboard, letter appears to the message box etc.TRAINING : The training is the part where the user adapts to the BCI system. This training begins with very simple exercises where the user is familiarized with mental activity which is used to relay the information to the computer. Motivation, frustration, fatigue, etc. apply also here and their effect should be taken into consideration when planning the training procedures. BIO FEEDBACK: The definition of the biofeedback is biological information which is returned to the source that created it, so that source can understand it and have control over it. This biofeedback in BCI systems is usually provided by visually, e.g. the user sees cursor moving up or down or letter being selected from the alphabet.

A boon to the paralyzed -Brain Gate Neural Interface System

The first patient, Matthew Nagle, a 25-year-old Massachusetts man with a severe spinal cord injury, has been paralyzed from the neck down since 2001. Nagle is unable to move his arms and legs after he was stabbed in the neck. During 57 sessions, at New England Sinai Hospital and Rehabilitation Center, Nagle learned to open simulated e-mail, draw circular shapes using a paint program on the computer and play a simple videogame, "neural Pong," using only his thoughts. He could change the channel and adjust the volume on a television, even while conversing. He was ultimately able to open and close the fingers of a prosthetic hand and use a robotic limb to grasp and move objects. Despite a decline in neural signals after few months, Nagle remained an active participant in the trial and continued to aid the clinical team in producing valuable feedback concerning the Brain Gate` technology.

NAGLE’S STATEMENT:“I can't put it into words. It's just—I use my brain. I just thought it. I said, "Cursor go up to the top right." And it did, and now I can control it all over the screen. It will give me a sense of independence.”

OTHER APPLICATIONS:

Rats implanted with BCIs in Theodore Berger's experiments.Several laboratories have managed to record signals from monkey and rat cerebral cortexes in order to operate BCIs to carry out movement. Monkeys have navigated computer cursors on screen and commanded robotic arms to perform simple tasks simply by thinking about the task and without any motor output. Other research on cats has decoded visual signals.

Garrett Stanley's recordings of cat vision using a BCI implanted in the lateral geniculate nucleus (top row: original image; bottom row: recording)In 1999, researchers led by Garrett Stanley at Harvard University decoded neuronal firings to reproduce images seen by cats. The team used an array of electrodes embedded in the thalamus (which integrates all of the brain’s sensory input) of sharp-eyed cats. Researchers targeted 177 brain cells in the thalamus lateral geniculate nucleus area, which decodes signals from the retina. The cats were shown eight short movies, and their neuron firings were recorded. Using mathematical filters, the researchers decoded the signals to generate movies of what the cats saw and were able to reconstruct recognisable

scenes and moving objects. In the 1980s, Apostolos Georgopoulos at Johns Hopkins University found a mathematical relationship between the (based on a cosine function). He also found that dispersed groups of neurons in different areas of the brain collectively controlled motor commands but was only able to record the firings of neurons in one area at a time because of technical limitations imposed by his equipment.[4]

There has been rapid development in BCIs since the mid-1990s. [5] Several groups have been able to capture complex brain motor centre signals using recordings from neural ensembles (groups of neurons) and use these to control external devices, including research groups led by Richard Andersen, John Donoghue, Phillip Kennedy, Miguel Nicolelis, and Andrew Schwartz.

Diagram of the BCI developed by Miguel Nicolelis and collegues for use on Rhesus onkeys

Later experiments by Nicolelis using rhesus monkeys, succeeded in closing the feedback loop and reproduced monkey reaching and grasping movements in a robot arm. With their deeply cleft and furrowed brains, rhesus monkeys are considered to be better models for human neurophysiology than owl monkeys. The monkeys were trained to reach and grasp objects on a computer screen by manipulating a joystick while corresponding movements by a robot arm were hidden. The monkeys were later shown the robot directly and learned to control it by viewing its movements. The BCI used velocity predictions to control reaching movements and simultaneously predicted hand gripping force. Other labs that develop BCIs and algorithms that decode neuron signals include John Donoghue from Brown University, Andrew Schwartz from the University of Pittsburgh and Richard Andersen from Caltech. These researchers were able to produce working BCIs even though they recorded signals from far fewer neurons than Nicolelis (15–30 neurons versus 50–200 neurons).Donoghue's group reported training rhesus monkeys to use a BCI to track visual targets on a computer screen with or without assistance of a joystick (closed-loop BCI). [10] Schwartz's group created a BCI for three-dimensional tracking in virtual reality and also reproduced BCI control in a robotic arm.

CONCLUSION: The idea of moving robots or prosthetic devices not by manual control, but by mere “thinking” (i.e., the brain activity of human subjects) has been a fascinated approach. Medical cures are unavailable for many forms of neural and muscular paralysis. The enormity of the deficits caused by paralysis is a strong motivation to pursue BMI solutions. So this idea helps many patients to control the prosthetic devices of their own by simply thinking about the task. This technology is well supported by the latest fields of Biomedical Instrumentation, Microelectronics; signal processing, Artificial Neural Networks and Robotics which has overwhelming developments. Hope these systems will be effectively implemented for many biomedical applications.

REFERENCES:- www.myreaders.info/08_Neural_Networks. pdf http://techhouse.org/~dmorris/publications/braingate.2003.sfn.poster.pdfwww. brain line.org/ Brain Interactive

4G Networks

By Mr.Nalawade V.S. Mr.Jagtap V.B.

Computer Department E&TC Department SBPCOE,Indapur SBPCOE,Indapur

vinaynalawade2007@gmail.com vjagtap1987@gmail.com

Abstract:This paper gives an overview of the current research activities in mobile communications networks at INESC Porto, with emphasis on fourth generation (4G) networks and ambient networks. The main topics covered are the development of a generic link layer for heterogeneous networks, the automatic and dynamic creation of networks, including ad-hoc and multihoming,mechanisms to provide Quality of Service (QoS) over wireless links, test and monitoring tools required to validate these networks, and emerging multicast solutions. A testbed is being deployed to support these research activities as well as the integration and demonstration of results with real services.

I. INTRODUCTIONThe Communications Networks and Services group, which is integrated into the Telecommunications and Multimedia Unit at INESC Porto, has been active for more than fifteen years through the participation in a large number of European and national R&D projects, as well as in contracts with the industry and telecom operators. The main research topics addressed include broadband networks, with emphasis on ATM and at present on all-IP networks, protocol and service engineering (specification, validation, test and evaluation),resource management and Quality of Service (QoS) and,more recently, wireless and mobile communications.This paper focus on the main research activities in mobile communications, which builds on and extends the experience of the group in all the above topics, while opening new directions of research in line with the current trends in fourth generation (4G) networks.

II. RESEARCH IN MOBILE COMMUNICATIONS Mobile communications networks differ from fixed networks by a set of characteristics that include (1) mobility of the terminals, (2) properties of wireless links, which are characterized by variable bit rates and variable bit error ratios (BER), (3) low processing and memory capabilities of the terminals, and (4) low consumption requirements. Two important research areas are currently emerging in the mobile communications field: fourth generation (4G) networks and ambient networks.4G networks are an extension of current mobile communications networks, such as GPRS and UMTS.Besides the assumptions made by GPRS and UMTS that Internet and mobile communications will

evolve side by side,4G introduces the concept that a mobile terminal will be The work described in this paper has been partially developed in the projects WANDER funded by FCT and DAIDALOS, Ambient Networks and VISNET of FP6 of the EC. Always Best Connected (ABC) to the available networks. This is possible since a terminal may have multiple network interfaces, of different radio technologies, which are usedaccording to the user requirements and, possibly,simultaneously. 4G also considers that all the information is conveyed as IP packets. Research problems include the support of mobility, routing, QoS and radio resource management, security, and traffic accounting. Ad-hoc and mobile networks, which will expand the coverage of the telecom operator networks, are also highly relevant topics of research, as well as those related with network planning,management and operation. Ambient networks support, from the communications point of view, the concept of ambient intelligence. The latter is a vision of the future where people are immersed in the environment, which is sensible and reacts to their presence. Persons are expected to carry small devices, embedded in their clothes or even in their body and interconnected by means of personal area networks (PAN). Those devices will communicate over radio links to establish connections with neighbour networks. Communications may include aspects such as composition, security and mobility.III. STRATEGY AND MAIN RESEARCH TOPICS Research in Mobile Communications at INESC Porto is being carried out by a group of senior researchers and post-graduate students, mainly in the framework of EC funded R&D projects, thus continuing a strategy that has been pursued overthe years with success. Five main lines of research are currently being explored: ad-hoc networking, generic link layer, QoS and congestion avoidance, testing and multicast.

Fig 1 : Block Diagram For Wireless 4G CommunicationA. Ad-hoc networking In ad-hoc networking, the first aspect being addressed is the spontaneous formation of networks. Existing ad-hoc routing protocols are being studied and characterized in order to assess their adequacy for networks supporting multiple types of interfaces and devices, such as laptops and PDAs. Particularly interesting is the improvement of these protocols and solutions so that multipath, multicast and QoS may be used. A second research topic is the integration of ad-hoc networks with infrastructure networks. In this context, address autoconfiguration and gateway discovery are hot issues, but the support of fast handover using these nodes, the node handover between ad-hoc and infrastructure mode and the adoption of multipaths are also being considered. A third line of action is the definition of a new ad-hoc communication concept. It is based on the assumption that the computer is configured as in current networks, but simple signaling allows that when two computers or networks meet they can exchange information about routes, security and QoS and form a new network. Aspects such as mobility and multihoming are also included.

B. Generic link layer The generic link layer research line tries to unify the access to the various radio technologies that are relevant in 4G. Although IP could, in theory, be used for this purpose, there is a set of issues, including QoS, security and efficiency, for which the IP layer is not offering adequate answers. An intermediate layer, similar to Multiprotocol Label Switching (MPLS), but taking advantage of cross-layer mechanisms, is the solution being pursued.On one hand this means that the IP layer can always find the same interface for configuring very different layer 2technologies. Hence, this layer must provide additional functions, such as link detection and adaptation, as well as interoperation with fast handover mechanisms, so that mobility with QoS can be supported. For this purpose, the layer helps the handover by means of functions that first request resources and then book them.In addition, this layer will also make communications more efficient. IP packets that carry voice are small, thus meaning that the packet header introduces high overhead; the solution points to the adoption of Forward Error Correction (FEC) and robust header compression techniques that may take advantage of cross-layer information and thus reduce the overhead. Finally, security is another important issue in this layer. Traditional layer 3 or layer 4 security solutions do not work well with header compression; for this reason, new schemes that make use of existing layer 2 mechanisms need to beprovided.

C. Quality of Service and congestion avoidance In the Quality of Service research line, problems are addressed from two complementary points of view.In the first one, a traditional approach is followed.It uses DiffServ, plus signaling adequate to mobility, combined with resource reservation at the access networks. The aim is developing a solution that enables the usage of IntServ like services in the access network, which can be deployed over heterogeneous layer 2 technologies and book resources for flows. New and more advanced radio resource management techniques are needed. InterServ must then be mapped into DiffServ in the core network; this requires the development of signaling to transport flow information and request resources and capable of working in highly mobile environments. In the second one, it is assumed that networks only provide best effort services; the aim is the provision of acceptable levels of QoS, even in the presence of highly mobile nodes, which generate large amounts of real-time, non-congestion controlled traffic. The main objective is designing new congestion avoidance algorithms and signaling mechanisms that, in order to be useful, may need information available from the lower layers, such as the current BER, the bandwidth in use or the queues lengths.

D. Testing Testing is one of the strongest research lines, having matured over the years, covering both performance and behaviour aspects.From the performance point of view, passive

testing components that monitor traffic and model it as flows are being developed. Flows are assumed to be mobile, and the tools being developed need to be capable to follow them so that the network operator always has a correct view of the traffic and also understands whether the flow, when moving, still continues to receive adequate service.On the other hand, active test components, which are used to estimate the available bandwidth between network entry and exit points, are also being investigated. This will help a source to decide whether new flows can be transported to the destination, in a network that only provides best effort services From the behavior point of view, work is directed to automatic test generation derived from protocol specification. The protocol is modeled as in formal languages like SDL or Promela. High level formal languages based on state machines that communicate by means of queues and messages are used. The model obtained is then randomly explored so that a new message is selected and sent to an implementation of the protocol. The messages received by the implementation are then evaluated against the model which,in case the message is valid, selects another message to stimulate the implementation. The value of the method resides on the algorithm defined for selecting the next message/parameter to send and in the tool itself.E. Multicast Multicast and broadcast are considered as a horizontal issue and, as a rule, they are relevant in most of the other topics, namely in ad-hoc routing, QoS and security. Existing ad-hoc routing protocols are being extended in order to support multicast. As far as QoS, a new solution that allows the reservation of resources for multicast groups has been specified and implemented.Finally, security mechanisms that enable groups to access and decipher video and audio streams have been developed and are being improved.

IV. MOBILE COMMUNICATIONS TESTBED A mobile communications testbed is being deployed with the main goal of providing the basic infrastructure and tools necessary to support advanced research in 4G networks. It constitutes the platform for integrating and demonstrating the innovative results of this research, as well as offering services to users, thus by allowing the assessment of users’ requirements in a real environment. The test bed was specified taking into account a number of requirements driven by the outlined research objectives.In the first place, it includes heterogeneous layer 2 network technologies and offers a solution for integrating and abstracting the QoS mechanisms provided by each technology. Two communication modes (infrastructure and ad-hoc) are supported. The infrastructure component is aimed at emulating 4G telecom networks; it includes access routers to which IP terminals are connected and provides mobility support by means of MIPv6 and fast handover ,while QoS is negotiated and enabled by the QoS Abstraction Layer. The ad-hoc component is mainly used to demonstrate integration with infrastructure networks. It will also be used in Ambient Intelligence scenarios that provide ambient services with QoS requirements to terminals (PDAs and mobile phones) that communicate directly with each other, using multiple layer 2 technologies. Ad-hoc routing protocols and

light QoS mechanisms (mainly for congestion avoidance) are currently being investigated for this purpose. Finally, cross-layer mechanisms allow applications and intermediate network communication layers to adapt to the dynamics of wireless and mobile communications. A prototype version of an ad-hoc network has already been implemented with the main purpose of creating a simple Ambient Intelligence scenario, capable of demonstrating its mains concepts, such as the adaptation of the environment to the immersed elements, automatic service discovery and network auto-configuration. It is based on current wireless network technologies (WLAN 802.11 and Bluetooth) and offers services that adapt to the preferences and characteristics of the human users in the ambient, reacting to their presence. The testbed will be progressively upgraded with new functions and services. While simple solutions have been used to demonstrate the basic concepts and features at an early stage of development, the network will be further enhanced with new services, including real-time ones, in more complex scenarios. Moreover, network automatic configuration mechanisms will be improved, QoS and IP macro and micro mobility will be introduced and ad-hoc multicast routing will be supported, thus allowing the fully integration between the infrastructure and the ad-hoc networks.

V. CONCLUSIONS This paper described the current research activities in mobile communications networks at INESC Porto, focused on some of the most important and challenging topics in 4G networks.This area is becoming quite appealing and rewarding notonly from the research point of view but also because of the business opportunities it offers to all players in the field and the promise of new applications and more advanced services to users. As a result of the research strategy adopted, the group has grown and matured and is quite active, both at national and international level. Other research groups are having similar growth, thus meaning that in Portugal we are starting to reachthe critical mass required to enable mobile communications to emerge as a relevant industry, mainly from the communications software point of view.This has already been recognised and lead recently to the creation of a thematic network on mobile communications, which integrates a number of institutions (academic, industryand operators) that decided to join efforts around common scientific and technical objectives.

References:1., “Mobile data traffic surpasses voice,” press release March 23, 2010,http://www.ericsson.com/thecompany/press/releases/2010/03/13969282. Ericsson, Annual Report 2010, March 2011, http://www.ericsson.com/thecompany/investors/financial_reports/2010/annual10/sites/default/files/Ericsson_AR_2010_EN.pdf3. GSM Association (GSMA), http://www.gsmworld.com/our-work/mobile_broadband4. ITU, “Requirements related to technical performance for IMT-Advanced radio interface(s),”ITU-R M.2134, http://www.itu.int/dms_pub/itu-r/opb/rep/R-REP-M.2134-2008-PDF-E.pdf5. ITU, “ITU paves way for next-generation 4G mobile technologies,” press release

October 21, 2010, http://www.itu.int/net/pressoffice/press_releases/2010/40.aspx6. TeliaSonera, “4G Coverage Sweden,” http://teliasonera4g.com/archives/87. “Russia’s Yota picks LTE over WiMax for expansion,”http://www.reuters.com/article/idUSLDE64K1E820100521

Achieving Efficient Load Balancing In Peer to Peer Network

Mr. Ritesh Dayama, Mr. Ranjeet Kagade, Mr. Kedar Ghogale

M.E. (2nd Year), Department of Computer Engineering, Smt. Kashibai Navale college of Engineering, Vadgaon(Bk.) Pune-41

ritesh_dayama@yahoo.co.in

Abstract:The Internet traffic is growing, and its nature changes because of new applications. Multimedia applications require bandwidth reservations that were not needed initially when the file transfers dominated the Internet. P2P applications are making traffic patterns impossible to predict, and the traffic loads generated at nodes need to be routed regardless of the traffic pattern. When the guaranteed node traffic loads are known, bandwidth reservations can be made simple as will be explained in the paper. The shortest path routing (SPR) protocols used on the Internet today do not maximize the guaranteed node traffic loads, and do not provide scalable and fast bandwidth reservations. Load balancing can improve the network throughput for arbitrary traffic pattern. In this paper we analyze and implement a routing protocol that is based on load balancing and a commonly used shortest path routing protocol, and is, consequently, termed as LB-SPR. LB-SPR is optimized for an arbitrary traffic pattern, i.e. it does not assume a particular traffic matrix. Optimization assumes only the weights assigned to the network nodes according to their estimated demands. It will be shown that the optimized routing achieves the throughputs which are significantly higher than those provided by the currently used SPR protocols, such as OSPF or RIP. Importantly, LB-SPR calculates the guaranteed traffic loads and so allows fast autonomic bandwidth reservations which are the key for the successful support of triple-play applications, including video and audio applications that require high QoS.

KEYWORDS

Shortest path routing (SPR), Open Shortest Path First (OSPF).

1. INTRODUCTION The Internet traffic has experienced some major changes lately, which require modifications in the network planning and routing protocols. Heavy traffic loads are generated by the multimedia applications, and the actual traffic distribution in the network becomes very hard to predict, due to the developing peer-to-peer services. On the other hand, the traditional approach to traffic grooming and routing optimization in the optical networks assumes that the traffic demands between pairs of nodes are known, which often not the case is. New routing protocols should be able to optimally utilize the network without knowing the actual traffic distribution. It is widely accepted that the next-generation networks should become more autonomic in the process of the network configuration,

topology change detection and adaptation to the traffic load changes. Some of these features are incorporated into today’s IP networks: they have the ability to detect the topology changes and change the routing accordingly, the TCP congestion control mechanism adapts the transmission speed to the traffic load changes, etc. These applications require high quality of service: bandwidth reservations and delay guarantees. Centralized bandwidth reservations can obviously become a bottleneck in large-scale networks, as well as the reservations which require each router to know about the available link capacities in the whole network. So, a new mechanism for fast bandwidth reservations is needed. Because of the traffic unpredictability, the customers attached to the network nodes should be served regardless of the traffic pattern between them. In other words, the guaranteed node traffic loads should be sufficient to support all the users attached to these nodes. When the guaranteed node traffic loads are determined, the bandwidth reservations through the network become simple. Each session learns from its router (node) if it can be passed through the network, since the router knows its guaranteed traffic load and the already reserved capacity. If the session can be passed, its request for the bandwidth reservation is passed to the destination router, which checks if there is sufficient capacity on its links toward customers since it knows its guaranteed traffic load and the already reserved capacity. In this way, bandwidth reservations are distributed and are consequently agile. For each session, only two edge routers check their available capacities. And, each router handles bandwidth reservation only for the flows that are either entering or leaving the network through that router. Fast automated bandwidth reservations are very important for growing multimedia applications that demand high QoS, i.e. bandwidth and delay guarantees. If all the flows of equal priority negotiate certain policing interval, the delay guarantees can be achieved when the bandwidth is reserved.

2. LOAD BALANCED SHORTEST PATH ROUTING (LB-SPR) As already described, the proposed routing strategy uses the standard OSPF combined with load balancing, to route the traffic between a pair of nodes in two phases. It distributes the load more evenly among all the links in the network, thereby lowering the average link utilization for congested links, and avoiding bottlenecks. The routing algorithm was proposed, that uses load balancing, and the traffic between every pair of nodes in the network is routed in two phases. First, portions of the routed flow are directed to the balancing routers, according to the balancing coefficients assigned to the routers in the network. Then, in the second phase, every balancing router sends the traffic to its final destination. In this each phase uses the standard shortest path routing (SPR) protocol. In LB-SPR, every packet is routed in two phases, with SPR as the underlying routing protocol in both of the phases. When a packet arrives to the source router, its intermediate router is determined. The packet is sent to the intermediate router using the standard SPR protocol, and from the intermediate router to the destination router again using the standard SPR protocol. The load is balanced across the intermediate routers, meaning that the specified portions of each flow are transmitted through the intermediate routers. These portions are referred to as the balancing coefficients. A balancing coefficient depends only on the associated balancing router. Balancing coefficients are optimized to maximize the network throughput while ensuring that nodes can generate and receive loads which are proportional to the allocated weights. The node weights are chosen to reflect the expected demands at the nodes. The LB-

SPR protocol uses the signaling of the OSPF protocol. Through this signaling, each router in the network is learning the network topology, and the capacity of the nodes’ external (customer) links. The external link capacities are taken to be the node weights. The OSPF signaling had to be extended, to distribute the information about the link capacities, as well. Based on the information provided through the OSPF signaling, the OSPF routing tables are calculated and the routing optimization is performed. The optimal values of the balancing coefficients are determined for all the routers, using linear programming. Now, the packets are routed based on the balancing coefficients, using the standard OSPF and the loose source routing. Consequently, LB-SPR maintains autonomic fault recovery mechanism developed within OSPF. Namely, whenever there is a network topology change, the routing is adjusted accordingly. In the proposed routing scheme, the traffic between a node pair (i, j) is routed in two phases. First, portions of the flow from i to j are routed to the intermediate nodes m .. V (V is the set of network nodes). In the next phase, every intermediate node forwards the traffic to its final destination j. The traffic from i to m, and from m to j is routed along the shortest paths. The portion of the flow that is balanced across node m equals km, and does not depend on i and j. Of course, E m ..V km = 1. Fig. 1 illustrates the case of routing the traffic between the nodes 1 and 5. The first phase of the flow routing is represented by the dashed arrows, and the second phase of the flow routing by the solid ones.

Fig.1: Routing Scheme illustration.

3. SHORTEST PATH ROUTING First we see what is shortest path, Suppose you want to find the shortest path between two intersections on a city map, a starting point and a destination. The order is conceptually simple: to start, mark the distance to every intersection on the map with infinity. This is done not to imply there is an infinite distance, but to note that that intersection has not yet been visited. (Some variants of this method simply leave the intersection unlabeled.) Now, at each iteration, select a current intersection. For the first iteration the current intersection will be the starting point and the distance to it (the intersection's label) will be zero. For subsequent iterations (after the first) the current intersection will be the closest unvisited intersection to the starting point—this will be easy to find. From the current intersection, update the distance to every unvisited intersection that is directly connected to it—this is done by relabeling the intersection with the minimum of its current value and value of the current intersection plus the distance between. In effect, the intersection is relabeled if the path to it, through the current intersection is shorter than the previously known paths. To facilitate shortest path identification, in pencil, mark the road with an arrow pointing to the relabeled intersection if you label / reliable it, and erase all others pointing to it. After you have updated the distances to each neighboring intersection, mark the current intersection as visited and select the unvisited intersection with lowest distance (from the starting point) -- or lowest label—as the current intersection. Nodes marked as visited are

labeled with the shortest path from the starting point to it and will not be revisited or returned to. Continue this process of updating the neighboring intersections with the shortest distances, then marking the current intersection as visited and moving onto the closest unvisited intersection until you have marked the destination as visited. Once you have marked the destination as visited (as is the case with any visited intersection) you have determined the shortest path to it, from the starting point, and can trace your way back, following the arrows in reverse.

Fig.2: The scheme of the LB-SPR implementation.

4. IMPLEMENTATIONIn this section, the implementation of the previously analyzed LB-SPR routing protocol. In order to make LB-SPR as compatible as possible to OSPF, it is implemented in each OSPF area separately. When a packet enters the OSPF area, its intermediate router is determined. The proposed routing scheme uses OSPF to route the packets between the source router and the intermediate router, as well as between the intermediate router and the destination router. Here, the source router is the first router that the packet encounters when it enters the OSPF area, and the destination router is the last router that the packet passes in the OSPF area under consideration. In a common IP router that uses the OSPF protocol, when a packet arrives to the router, it is first processed by the packet processor. The packet processor uses its lookup table to determine the router output port to which the packet should be forwarded based on its destination IP address. The lookup table is updated whenever the network topology changes, which provides an autonomic reliability. A software module calculates new lookup table based on the LSA (Link State Advertisement) control packets exchanged through the OSPF protocol, and sends it to the packet processor. The balancing coefficients are recalculated whenever the network topology changes, which provides the same autonomic reliability as does the OSPF. The LB-SPR implementation is illustrated in Fig. 2. The solution is based on the OSPF implementation, which is extended to support load balancing. First, it was necessary to allow the retrieval and distribution of the specific information needed by the linear program for the routing optimization, such as the node weights Ci. Finally, the load balancer was implemented to route the packets entering the OSPF area according to LB-SPR. Load balancer first has to determine the intermediate router for each incoming packet, and then to direct the packet accordingly. Specified portions of all the flows entering source routers have to be directed to the intermediate routers, according to the calculated optimal values of the coefficients ki. We chose the loose source routing as the simplest IP-based solution. Namely, the destination IP address of a packet entering the OSPF area is replaced with the IP address of the intermediate router, while the destination address becomes part of the loose source routing option field.

Let us summarize how the packets are processed in the router shown in Fig. 2. The path for the ”new” packet entering the OSPF area is represented with the full line in Fig. 2. The packet which is entering the OSPF area has to be processed by the load balancer, which determines the intermediate router for the packet, and modifies the IP header accordingly. Once the packet has been modified by the load balancer, it is forwarded through the network using the standard OSPF routing tables. On the other hand, the path of the ”old” packet that has already been modified by its source router is represented by the dashed line. This packet is only passing through the given router, and does not need to be processed by the load balancer. The information needed to route this packet can be obtained from the standard OSPF routing table.

4.1 EXTENDED OSPF MODULE In the case of the regular OSPF, the changes of the network topology trigger the recalculation of the OSPF routes. For LBSPR, every time the topology changes it is also necessary to repeat the routing optimization and recalculate the balancing coefficients ki, based on the updated OSPF routing tables. The node weights Ci are needed to run the optimization. These weights can be set by the administrator, or can be, more desirably, autonomic. Therefore, we use the SNMP protocol to detect the operational state of the router interfaces in the network, as well as their speeds. The use of the SNMP to detect the changes of the interface operational states (up or down), and their capacities allow together with the OSPF mechanism full automation of the topology change discovery and distribution. Using SNMP, each router learns the operational state of its interfaces and their speeds, and distributes this control information inside the OSPF area. The opaque LSAs with the area-local scope are used to convey this information according to the OSPF standard. Opaque LSAs were introduced to provide a generalized mechanism to allow for the future extensibility of OSPF. Opaque LSA consists of the standard LSA header followed by the 32-bit application-specific information field. In our implementation, the opaque type value is selected from the range reserved for experimental and private use. The routers’ weights, i.e. external link capacities, are transferred as the 64-bit integer values. Incoming and outgoing opaque LSAs are processed and stored into the LSA database. Whenever the external link capacity changes, the router learns about the change through the SNMP protocol, and distributes the updates by the opaque LSAs. Using this information, the OSPF module calculates the IP routing table and sends this table to the packet processor of the router. Whenever the network topology changes, the OSPF module recalculates the IP routing table and sends its updates to the packet processor. In the LB-SPR implementation, the selected information about the network topology and the capacity of the routers’ external (customer) links is transmitted to the optimization module. The OSPF obtains this information from standard LSAs and opaque LSAs. Using this information, the optimization module determines the parameters required to perform load balancing.

4.2 OPTIMIZATION MODULEThe optimization module gets the required information from the OSPF module which performs the signaling, as we have described in the previous subsection. Based on this information, it optimizes the routing based on load balancing, and sends the required parameters to the load balancer which performs the actual routing of incoming packets.

Fig. 3: The scheme of the optimization module

The optimization module is shown in Fig. 3. Based on the network topology information obtained from the OSPF module, the Dijkstra module calculates forwarding trees for all nodes in the network according to the Dijkstra algorithm. The Dijkstra module also calculates the IP network address of each intermediate router through which the traffic will be balanced. This IP address will replace the destination IP address when the source routing is used in the load balancer. Using the calculated trees, the next module in line, the LP preparation module calculates coefficients Fl

ij, i, j .. V which are required for the linear program. Finally, the LP Solve module optimizes the routing and calculates the balancing coefficients ki, i .. V , which are necessary to the load balancer.

4.3 LOAD BALANCER The load balancer receives the balancing coefficients from the optimization module. It also receives the information about the IP network addresses of the intermediate routers. These addresses are calculated by the Dijkstra module, which is the part of the optimization module. The load balancer gets the information that it requires through a TCP connection. Based on this information, the load balancer determines the router output port for each packet entering the router and the OSPF area, and modifies its header in order to balance the traffic appropriately. For each destination router j, the load balancer of the given source router i stores the information about the currently used intermediate router mj. We will call router mj the active intermediate router. It also maintains a counter with the number of bytes Bj that remain to be balanced across that intermediate router. The initial value of the counter is proportional to the balancing coefficient kmj of the intermediate router mj . When a packet enters the OSPF area, it has to be processed by the load balancer. First, the destination router for the packet is determined, based on the IP address of the packet destination. Let us say that it is a destination router j. Then, the corresponding IP network address of mj is found, as well as the counter Bj by the search through a Patricia tree. The Patricia tree allows for a fast lookup. Then, the packet header is modified: the destination address is replaced by the IP network address of the intermediate router mj , and the original destination address is placed in the option field for the loose source routing. The counter Bj is then decremented by the length of the packet (in bytes). When the counter Bj is smaller than the packet length, the active intermediate router is updated. The next router from the list of possible intermediate routers, mj = next (mj), becomes active, and the counter Bj is set to the value proportional to the balancing coefficient corresponding to that intermediate router, kmj.

5. FUNCTIONAL VERIFICATION OF THE L LB-SPR IMPLEMENTATION The performance of LB-SPR was analyzed in the network represented in Fig. 4. This is, in fact, the simplified version of the Exodus network topology. For the purpose of this

simulation, all the nodes in one city were represented by a single node, and the equivalent link weights were calculated. This network was emulated using seven computers and one Ethernet switch as represented in Fig. 5. Depending on the processor speed and RAM size, the number of the virtual routers executed on a single computer ranges from two to five. The virtual routers X and Y on a single computer are connected through the Xen bridge Xenbr XY.

Fig. 4: The simulation environment

Each virtual router is configured using the configuration script. For the analyzed network, the worst-case traffic pattern for OSPF was determined using the maximum matching algorithm. The critical link for OSPF is the link between Tukwila and Santa Clara. It gets congested when the following pairs of nodes communicate with the maximum speeds: Oak Brook - San Jose, Toronto - Palo Alto, Amsterdam – Santa Clara, Tukwila - Irvine, Chicago - Tokyo, and Waltham - El Segundo. The traffic between these nodes was set to the value that causes the critical link utilization to be 100%. Then, the LB-SPR is applied for the same traffic pattern.

6. CONCLUSION This protocol is automated as the existing routing protocols such as OSPF, and adapts to the changes of the network topology. LBSPR calculates the traffic loads that the nodes can guarantee to carry. Using the information about the guaranteed node traffic loads, the bandwidth reservations become simple in such a network, and, consequently can be made fast. Fast and autonomic bandwidth reservations are important for the multimedia applications whose popularity is growing. At the same time, the LB-SPR protocol maximizes the node traffic loads that can be guaranteed in the given network. It was shown that LB-SPR improves the guaranteed traffic up to 7.7 times for the real networks that we considered, compared to the shortest path routing protocols such as OSPF. Since LB-SPR is using the OSPF signaling, it inherits its recovery speed which is insufficiently low for the interactive applications. If a faster recovery mechanism is needed, it can be employed at the lower layers as it is typically done. Alternatively, the capacities can be over provisioned to account for the failures to compare the costs of the networks using LB-SPR and OSPF in which the link capacities are over provisioned to pass given node traffic loads even when single failures, of nodes or links, occur.

7. REFERENCES[1] Marija Anti´c, Nataˇsa Maksi´c, Petar Kneˇzevi´c, and Aleksandra Smiljani´c ,“Two

Phase Load Balanced Routing using OSPF” IEEE Journal on selected areas in Communications, vol. 28, No. 1, January 2010.

[2] Maksic, N.; Knezevic, P.; Antic, M.; Smiljanic, A.; “On the performance of the load balanced shortest path routing” Communications, Computers and Signal Processing, 2009. PacRim 2009. IEEE Pacific Rim Conference on.

[3] M. Anti´c, A. Smiljani´c, ”Oblivious Routing Scheme Using Load Balancing Over Shortest Paths”, in Proc. ICC 2008, 2008.

[4] Addicam .V.Sanjay “Overview of OSPF routing protocol”.[5] Andrew S. Tanenbaum “Computer Networks” 4th edition.[6] H. R¨acke, ”Min.Congestion in General N/W”

A Multimodal Biometrics for Personal IdentificationAuthor1.:

Miss. Mhaske Varsha DattatrayaPG student, Dept. of computer Engg.

D. Y. Patil College of Engg.Akurdi, Pune.

E-mail: varshamhaske13@gmail.com

Auther2.:Prof A. J. Patankar

Assistant Professor Dept. of computer Engg.D. Y. Patil College of Engg.

Akurdi, Pune.

Abstract: Multimodal Biometrics uses a combination of different biometric recognition technologies. Most biometric systems deployed in real world applications are unimodal, such as they use a single source of information for authentication, e.g. single fingerprint, face, voice. Some of the limitations imposed by unimodal biometrics systems can be overcome by including multiple sources of information for establishing personal unique identity. In this paper I am preseningt a multimodal biometrics system that combines features of fingerprint and palmprint to overcome several limitations of unimmodal biometrics. The features of fingerprint and palmprint images are first enhanced using a series of preprocessing techniques. Following a Modified Gabor filter is used to independently extract fingerprint and palmprint features. We conclude that proposed methodology has better performance and is more reliable compared to unimodal approaches using solely fingerprint or palmprint. The fusion of multiple biometrics helps to minimize the system error rate. Keywords: fingerprint, palmprint, multimodal, unimodal, biometrics, MGF, ROI, fusion

1. INTRODUCTIONThis is integration of fingerprint and palmprint image for individual identification. Initially MBPI (Multimodal Biometrics for Personal Identification) apply a 2D discrete wavelet transform (2D-DWT) to decompose the image into lower resolution before performing feature extraction. Image decomposition using 2D-DWT is able to conserve the energy signals and redistribute them into a more compact form. Also we use a Modified Gabor Filter (MGF) as a feature extractor for both biometrics as they share some common characteristics such as ridges. In image preprocessing this system uses guassian low pass filter to smoothen the palmprint images, and short time fourier transform (STFT) to enhance fingerprint images quality. Finally the extracted fingerprint and palmprint images are combined to utilize the proposed feature level fusion method and at the last stage the features are classified using Euclidean distance to match the resultant image with database templates. The proposed system will perform Personal identification by integrating features of fingerprint and palmprint image. The first phase of proposed project is preprocessing. Image enhancement is an important preprocessing task in image processing. This will apply only Gaussian low pass filter to smoothen the palmprint images. In addition to Gaussian filter Short Time Fourier Transform (STFT) analysis is adopted to enhance finger image quality. The proposed system has following features:1. Secure2. Fast3. Better Performance4. More reliable as compared to unimodal biometrics.2. SYSTEM STRUCTURE AND BLOCK DIAGRAMThe complete system architecture with block diagram is explained in this section,

Fig. System Architecture

In this system there are five basic steps as discussed below: Image Preprocessing:

The basic preprocessing step is Image Enhancement. Before doing anything first of all we are trying to crop the image by using Gaussian low pass filter. In addition to this we apply Short Time Fourier Transform (STFT) analysis to enhance fingerprint image quality.

The ROI of palmprint images is located by using the right angle coordination system. Subsequently, the ROI of each image is resized to 150×150 pixels.

Wavelet Transform:

Wavelet Transform (WT) is used to decompose images into different frequency components. With the lower resolution of each component, computational complexity is reduced. The proposed system will use WT to decompose the enhanced palmprint images and fingerprint images into lower resolution representation. Generally, 1D DWT of a signal cA can be obtained by convolving

it with decomposition filters,

(1)

(2)

Where n denotes the resolution level, h and g denote the decomposition low-pass and high-pass filters, respectively. Two-dimensional (2D) DWT for 2D signal such as images can be implemented by performing 1D DWT in each signal dimension. An image is decomposed into four frequency sub-bands at each resolution level n by applying 2D DWT. The resulted four sub-bands are, an approximation sub-band (LLn), and three detailed subbands (HLn, LHn, and HHn).

Feature Extraction :Palmprint and fingerprint share some common characteristics such as creases and ridges. Other palmprint characteristics are principle lines and wrinkles. A bank of

2D MGF’s is used to filter palmprint and fingerprint images in different directions to high-light these characteristics and remove noises.

Normalization: The filtered images are normalized to the same domain using the following method:

(3)Where I (x, y) denotes the pixel intensity at coordinate (x, y), µ1 denotes the intensity mean, and σ1 denotes the intensity standard deviation. Normalization is important as the filtered palmprint and fingerprint images may not share the same intensity domain.

Feature Level Fusion:This phase will combine the normalized LL sub-band images and divide it into none overlapping blocks of size mXn pixels each. Then, the resulting magnitude will be converted to a scalar number by calculating its standard deviation value. The size of each block is carefully chosen, so that no repeated feature is extracted. At last, a feature vector with 8XNXN sub-Gabor features is extracted from each image, where N denotes the number of rows and columns.

Matching Module: In matching module the result of fused fingerprint image and palmprint image are matched with database template by using Euclidean distance, in order to provide final decision i.e. Accept/Reject user identity.

Most of the biometric systems deployed in real world applications are unimodal which rely on the evidence of single source of information for authentication (e.g. fingerprint, face, voice etc.). These systems are vulnerable to variety of problems such as noisy data, intra-class variations, inter-class similarities, non-universality and spoofing. It leads to considerably high false acceptance rate (FAR) and false rejection rate (FRR), limited discrimination capability, upper bound in performance and lack of permanence. Some of the limitations imposed by unimodal biometric systems can be overcome by including multiple sources of information for establishing identity. These systems allow the integration of two or more types of biometric systems known as multimodal biometric systems. These systems are more reliable due to the presence of multiple, independent biometrics. The proposed system is able to meet the stringent performance requirements imposed by various applications. They address the problem of non-universality, since multiple traits ensure sufficient population coverage. They also deter spoofing since it would be difficult for an impostor to spoof multiple biometric traits of a genuine user simultaneously. Furthermore, they can facilitate a challenge response type of mechanism by requesting the user to present a random subset of biometric traits thereby ensuring that a live user is indeed present at the point of data acquisition. To overcome the problems faced by recognizers of palmprint, fingerprint and face, a novel combination is proposed

for the recognition system. The integrated system also provide anti spoofing measures by making it difficult for an intruder to spoof multiple biometric traits simultaneously.

3. EXECUTION SEQUENCE OF A SYSTEM:The complete algorithmic description can now be given on the next section,Algorithm MBPI ()Input: Fingerprint Image, Palmprint ImageOutput: User Identity (Accept/Reject)Begin

Step 1. Read input image fingerprint/palmprint from database.Step 2. Perform image cropping:

a).Convert input image into Grayscale.Step 3. Decide ROI of cropped image.Step 4. Apply 2D DWT on resultant image from step 3. This will extract features

of input image i.e. fingerprint/palmprint image.Step 5. Apply MGF on output of step 4. This will apply different orientations and

scaling on input images. Palmprint and fingerprint share some common characteristics such as creases and ridges. Other palmprint characteristics are principle lines and wrinkles. A bank of MGF filters is used to filter palmprint and fingerprint images in different directions at different orientations and scaling factors, to highlight these characteristics and remove noises.{Step 1 to 4 will be applied sequentially on both fingerprint and palmprint separately}.

Step 6. Apply Normalization on resultant images from step 5. This will combine the normalized features of both fingerprint and palmprint images. Normalization is important as the filtered palmprint and fingerprint images may not share the same intensity domain.

Step 7. Apply feature level fusion where it will combine the normalized LL sub-band images and divide it into none overlapping blocks of size m×n pixels each. Then, the resulting magnitude will be converted to a scalar number by calculating its standard deviation value. The size of each block is carefully chosen, so that no repeated feature is extracted. At last, a feature vector with 8×N×N sub-Gabor features is extracted from each image, where N denotes the number of rows and columns.

Step 8. Finally apply decision module where the user identity will be decided which is either Accept/Reject.

End MBPI ().

5. CONCLUSIONBiometrics, for instance fingerprint, can be used to improve the level of security. This system formulates the multimodal biometric system. This is the proof that it is possible to improve performance by integrating multiple biometrics. This is the novel feature level fusion method for palmprint and fingerprint biometrics. WT is applied to reduce the image resolution while retaining important palmprint and fingerprint characteristics. The proposed fusion method combines unique characteristics of palmprint and fingerprint to

enable better discrimination against imposters. In addition, it requires only the same amount of memory for storage purposes. Besides that, bimodal biometrics makes it harder for adversaries to succeed in an attack as they have to spoof both biometrics simultaneously.

6. REFERENCES[1] Cheng Lu, Jisong Wang, Miao (2009) Second International Symposium on

Electronic Commerce and Security “Multimodal Biometric Identification Approach Based on Face and Palmprint”

[2] Asim Baig, Ahmed Bouridane, Fatih Kurugollu,(2009) "Fingerprint Iris Fusion based Identification System using a Single Hamming Distance Matcher".

[3] Lin Hong, Anil Jain, and Sharath Pankanti (2000) "Can Multibiometrics Improve Performance".

[4] Ajay Kumar, David Zang (2009) "Combining Fingerprint, Palmprint And Hand-Shape For User Authentication".

[6] Li, Q., Qiu, Z., Sun, D., (2005)"Feature-Level Fusion of Hand Biometrics for Personal Verification Based on Kernel PCA ", Lecture Notes in Computer Science, 3832/2005, pp. 744-750.

[7] FVC2004 Fingerprint Database, http://bias.csr.unibo.it/fvc2004/ [8] PolyU Palmprint Database, http://www4.comp.polyu.edu.hk/ biometics/2

A Survey of Advance Resource Reservation in Scheduling in Grid Computing

FARAHNAJ ABDULLA INAMDARDepartment of Computer Engineering,

Dr. B. A. Technological University, Lonere, Raigad, Indiafarahinamdar@gmail.com

Abstract:Grid computing is a form of distributed computing that involves coordinating and sharing computational power, data storage and network resources across dynamic and geographically dispersed organizations. Scheduling onto the Grid is NP-complete, so there is no best scheduling algorithm for all grid computing systems.The goal of scheduling is to achieve highest possible system throughput and to match the application need with the available computing resources. Some computational grid applications have very large resource requirements and need simultaneous access to resources from more than one parallel computer with Qos. The end-to-end QoS can be achieved and guaranteed through proper configuration, reservation and allocation of corresponding resources. Advance reservation as an effective technique to support QoS guarantees the availability of resources at specific time as per the user’s requirement.Motivation of the survey is to encourage the amateur researcher in the field of grid computing, so that they can understand easily the concept of advance resource reservation in scheduling and can contribute in developing more efficient algorithm. This will benefit interested researchers to carry out further work in this thrust area of research. Keywords: Grid Computing, Scheduling, Request, Resource, Reservation, Backfilling , Slack Values, Priority

1.Introduction

COMPUTATIONAL Grid is a new trend in distributed computing systems. They allow the management of heterogeneous, geographically distributed and dynamically available resources in an efficient way, extending the boundaries of what we perceive as distrib-uted computing. For running applications, resource management and job scheduling are the most crucial problems in grid computing systems.

1.1 BASIC GRID MODEL : The basic grid model generally composed of a number of hosts, each composed of several compu-tational resources, which may be homogeneous or heterogeneous. The four basic building blocks of grid model are user, resource broker, grid information service (GIS) and lastly resources. When user req-uires high speed execution, the job is submitted to the broker in grid.

Figure1. Grid Structure

Broker splits the job into various tasks and distributes to several resources according to user’s requirements and availability of resources. GIS keeps the status information of all resources which helps the broker for scheduling.1.2 Scheduling :Job scheduling is the mapping of jobs to specific physical resources, trying to minimize some cost function specified by the user. This is a NP-complete problem and different heuristics may be used to reach an optimal or near optimal solution. Effective computa-tion and job scheduling is rapidly becoming one of the main challenges in grid comput-ing and is seen as being vital for its success.1.3 Advance Resource Reservation :It is a contract between the resources owner and consumer that commits a certain resource for a defined time to the resource consumer. It can ensure the future availability of the Grids heterogeneous respurces and help a scheduler to produce better schedules.

2. Literature Survey2.1 Resource Scheduling: The grid resource scheduling process can be defined as the process of matching a query for resources, described in terms of required characteristics, to a set of resources that meet the expressed requirements. To make information availab-le to users quickly and reliably, an effective and efficient resource scheduling mechanism is crucial. Generally grid resources are potentially very large in number with various individual resources that are not centrally controlled. These resources can enter as well as leave the grid systems at any time. For these reasons resource scheduling in large-scale grids can be very challenging.

A. Research on Novel Dynamic Resource Management and job scheduling in grid computing (RNDRM).Description: This scheduling model is based on Heap Sort Tree (HST) for computing the available computational power of the nodes (resource) as well as whole grid system. Here the resource with largest available computational ability among the whole grid system is selected to be the root node of the HST and it is ready for the scheduler to submit a job. The algorithm design for job scheduling is well suitable for the complex grids environment and it is based onagents.Advantages: 1) This algorithm makes the system more scalable, robust, fault-tolerant and high performance.2) This strategy provides dynamic status information of the resources in an unpredictable fast changing grid environment.Disadvantages:1) This algorithm is silent at the condition of job submission failure.2) The job scheduling strategy may not utilize resource sufficiently.3) Job waiting time is high.4) It does not provide real time dynamic grid environment.

B. Agent Based Resource Management with Alternate Solution (ABRMAS).Description: Agent based Resource Management with Alternate Solution gives an alte-rnate solution at the situation when resource discovery fails. Algorithm identifies an equivalent resource without affecting the performance and it also avoids unnecessary resource discovery.Sometimes resource discovery is done for time bound task and required resource is unavailable at that situation. Alternate solution reduces delay overhead in waiting for the unavailable resource and enhances the system’s efficiency. Implementation result shows the system success rate is 30% higher with alternate solution.Advantages:1) It limits and steer the search towards the anticipated result and provide efficient resource discovery.2) Useful in both cases when discovery fails and more than one solution proposal offered.Disadvantages:1) For large agent hierarchy proposal‘s invitations may be restricted to sub hierarchy.2) It is not explicit.

C. New Resource Mechanism with Negotiate Solution based on agent in grid environments (NRMNS).Description: Agent Based Resource Management with Negotiate Solution gives an alternate solution at the situation of resource discovery failure. Algorithm adds the middleware Grid Architecture for Computational Economy (GRACE) with Resource Pricing Fluctuation Manager (RPFM) into ABRMAS in order to improve the efficiency of the resource management scheduling allocation in Grid Computing. The feedback

model plays a very important role in the agent-based system when resource discovery failed for cost bound.Advantages:1) The resource provider can get the maximum investment profit.2) Feedback capability of RPFM is used to adapt the highly dynamic grid environment.3) Simulation result shows successful rate of resource discovery increases by about 10%.Disadvantage:1) The resource discovery is aborted when the RPA (resource provider agent) refuses to decrease the cost of the resource; this one is the major drawback.

D. Improved Resource discovery approach using P2P model for condor (IRP2P).Description: IRP2P is a grid middleware. It is a decentralized technique which opposes traditional client- server model. Goal of the model is to improve performance of condor middleware. Proposed hybrid model uses four axis frameworks in P2P approach. Each framework overcome some limitations of condor middleware and makes it more reliable, robust and scalable. By implementing membership protocol, network communication is easy and using overlay construction algorithm interprocess communication is also allowed which is restricted in condor.Advantages:1) Independence from central global control.2) Fast discovery of resources using DHTs and indexing concept.3) Scalability.4) Support for intermittent resource participation.Disadvantages:1) Need to have strong self organization capabilities in order to be able to maintain their rigid structure.2) High maintenance cost in the presence of high churn.

E. Virtual Computing Grid using Resource Pooling (VCGRP).Description: The System is based on loosely coupled concept.Virtual Computing Grid means the system can choose a resource and allocate tasks to it. Here, it is a single point web based access known as Virtual Computing Grid Portal and the Virtual Computing Grid Monitor is a central resource manager for the System.Advantage:1) Cost Effective model.Disadvantages:1) Not much Reliable because of only one central manager and single point web access.2) Since it is cost effective solution quality of service has been play down in the prototype model. F. ANALYSIS Analysis and Comparisons between various papers depending upon various parametersResearch on novel dynamic resource management and job scheduling in grid computing makes system more scalable, robust and fault-tolerant with high load balance but time complexity is high whereas virtual resource pooling fully utilizes resources with less reliability. An improved resource discovery approach using p2p model for condor along

with grid middleware makes condor more reliable, scalable and robust for working in heterogeneous environment. But it needs some strong self managing organization capab-ility. Alternate solution helps during resource discovery failure which is not explicit. Negotiation solution is much adaptive in grid, higher resource discovery success rate, high resource utilization and also cost bounded. Referring table I and simulation result, it is concluded that a Research on novel dynamic resource management and job scheduling [RNDRM] in grid computing is best for resource scheduling.2.2. Advance Resource Reservation Scheduling :2.2.1. MPRAR : A resource reservation algorithm with Muti-Parameters called MPRAR for short which processes reservation requests more flexible. MPRAR creates a global queue and a local queue named FIFO and Heap respectively. New reservation requests are stored in FIFO from which the processor draws each request in sequence and calculates a weight value by three parameters: user priority, job urgency and requesting start-time, and then puts them into Heap which sorted by weight. It is acceptable if the resource for the request with minimum weight value is available, otherwise the processor should predict a del-ayed start-time to replace the original start-time. This mechanism avoids high frequency negotiation between user and system, and decreases the high rejection rate.User submits a new reservation request with the variables of start-time, end-time or duration-time, as well as type of reservation and resource demand. The request will berejected if the resource is not able to support advance reservation, otherwise it will be added to FIFO by the reservation processor which plays the most important part inthe process of reservations. There are five steps for the processor to deal with reservation requests.Step1: The processor adds requests into FIFO order by requested time when receiving a new reservation. A weight value is calculated by start-time, priority of user and joburgency for every request. And then requests are added to Heap arranged in order of weight value, to Step 2.Step2: Search available resource for the request with minimal weight value, if so, to Step 3; otherwise, to Step 4.Step3: Mark the current request with acceptance. After the task submit by user, add the marked request to scheduler for resource allocation, to Step 5.Step4: If there is not available resource for the minimal weight value request, the request should be deleted from Heap. The processor will predict a delayed start-time called Ta at that point which the resource is available, and calculate a new weight value to replace the old one, to Step 1.Step5: Return the result to user.2.2.2. SLACK-BASED SCHEDULING (Relaxed Backfilling Scheduling with Multiple Reservations)In strict backfill scheduling, each reserved job will begin to run exactly at its assigned start time, and a queued job could be moved ahead to run on condition that it will notdelay the execution of any reserved jobs. In order to make the strict scheduling more flexible, the actual start time of each reservation can be relaxed from its rigid start time(ST) to a time span [ST,ST+slack], in which slack expresses the maximum amount of delay allowable for the job. A tunable system parameter, slack factor, can be used to calculate the slack of each job by multiplying its user-specified estimated runtime

together. For example, if slack factor is 0.2, then a reserved job can be delay by other jobs by no more than 20 percent of its estimated runtime. Different from existing slack-back scheduling, in which only the situation is concerned that there is at most one backfill or advance reservation in the scheduler, this paper proposed a flexible and practical mechanism to support slack-based scheduling with more than one reservation.Assume the total number of PEs, slack factor, reservation depth and the numbers of running jobs, queued jobs and reserved jobs are known, the slack-based backfill scheduling algorithm with multiple reservations works as follows:1) Firstly, this algorithm creates three queues for storing the queued jobs, the running jobs, and the reserved jobs, and sorts the jobs in each queue non-decreasingly according to the arrival time, the end time and the start time of each job respectively.2) Then the queued jobs are checked to see if they can be backfilled or reserved.a) If it is feasible to allocate enough PEs for current queued job to run, no matter by relaxing other jobs or not, it will be backfilled to start immediately, and it will be moved to the running job queue.b) If it cannot be backfilled now and current total number of reservations is less than the reservation depth, the scheduler will make a reservation for the job and move it to the reserved job queue.3) For each reserved job, it will begin to run at its start time and will be moved from the reserved job queue to the running job queue. If it is necessary to relax itself for other jobs, its slack and new start time will be updated.

Figure 2. Relaxed Backfilling Scheduling2.2.3.PB-FCFS Task Scheduling ModelOn the basis of structure of traditional model, the model structure adopts the multi-level

updating strategy, as shown in the Figure 3

The PB-FCFS task scheduling model integrates the advantages of priority and backfilling,

etc. and expects to relieve resource slot to enhance the resource utilization rate. There are three rest-rictions for the PBFCFS task scheduling model :

Figure 3. Structure of PB-FCFS task scheduling model

Firstly, task will be selected and run orderly by FCFS strategy when entering the scheduling center for the first time. If it does not have sufficient resource and task priority level, the task priority level is set as initial value by the scheduler, otherwise increase task priority level dynamically Figure 4. The

effect ofPB-FCFS task scheduling model until the highest priority level. Secondly, the remaining tasks will re-enter the loop scheduling process when a task implement is accomplished. Firstly, the task is selected and run orderly in terms of priority level. For tasks with the same priority level, the selection and implement of onetask is according to FCFS strategy. Otherwise the scheduler will continue to increase task priority level until the highest priority is reached. Finally, if there is insufficient resource, the first task in waiting queue must wait for theaccomplishment of tasks in running queue and as well release resource. Immediately, the backfilling strategy is applied to insert some tasks with fewer resource requirements from waiting queue into the running queue.The Figure 4 shows an effect image of PB-FCFS model under an ideal state. The scheduler submits tasks to wait queue in sequence. We regard the first box as the first task, namely task 1, the rest may be deduced by analogy, as shown in (a). Task is runorderly according to FCFS strategy when enters the scheduling center for the first time. Moreover, due to insufficiency of resources, task 4 begins to wait, whilst the scheduler sets priority level as the initial value for task 4. At the same time, backfilling strategy isapplied to insert some tasks with fewer resource requirements from waiting queue into the running queue, as shown in (b). Then the task 1 is accomplished, as shown in (c). At the same time, scheduler selects tasks to run according to priority.

3. Conclusion :In this paper, various Advance Resource Reservation Scheduling algorithms in grid computing have been surveyed. A comparison on various parameters like distributed, hierarchical, centralized, response time, load balancing, resource utilization was done get feedback on different types of job and resource scheduling. The researchers can use these facts to develop better algorithms. In the above study it was found that no paper has specified memory requirement of the jobs while submitting the jobs to the selected resources. Memory requirement of a job is vital in completing the execution of jobs at the selected resources within a time bound in realizing a real grid system. Our future work will be based on the above findings to develop a more efficient algorithm for jobscheduling and resource selection that will reduce the preprocessing time of jobs and considering memory constraint for resource selection.

4. Reference:[1] Ahmar Abbas , Grid Computing : “A practical Guide To Technology and

Applications”, Firewall Media,2008[2] “The Anatomy of the Grid”, 2001, I.Foster, Carl Kesselman, Steven Tuecke[3] “The Physiology of the Grid”, 2002, I.Foster, Carl Kesselman, Steven Tuecke[4] “A Survey of Job Scheduling and Resource Management in Grid Computing”, by

Raksha Sharma, Vishnu Kant Soni, Manoj Kumar Mishra, Prachet Bhuyan , World Academy of Science, Engineering and Technology 64 2010

[5] “A Resource Reservation Algorithm with Muti-Parameters” by Ningning GAO,Hong JIANG, 2011 Sixth Annual ChinaGrid Conference

[6] “Scheduling of a Relaxed Backfill Strategy with Multiple Reservations” by Bo Li, Ying Li, Min He, Hao Wu and Jundong Yang , The 11th International Conference on Parallel and Distributed Computing, Applications and Technologies ,2010

[7] “PB-FCFS--A Task Scheduling Algorithm Based on FCFS and backfilling Strategy for Grid Computing” by Hong JANG, Tianwei NI, 978-1-4244-5228-6/09,2009 IEEE

[8] “Scheduling with Advanced Reservations”, Warren Smith, Ian Foster, Valerie Taylory,2000

Classifier Based Intrusion Detection System

Mr. Sable Nilesh P.#, Ms. Kharade Snehal G.*

1 Lecturer Department of Computer Engineering, University of Pune, Pune, India2 Student Department of Computer Engineering, University of Pune, Pune, India

(nileshraje143@gmail.com)

Abstract: The paper describes the design of a genetic classifier-based intrusion detection system, which can provide active detection and automated responses during intrusions. It is designed to be a sense and response system that can monitor various activities on the network (i.e. looks for changes such as malfunctions, faults, abnormalities, misuse, deviations, intrusions, etc.). In particular, it simultaneously monitors networked computer’s activities at different levels (such as user level, system level, process level and packet level) and use a genetic classifier system in order to determine a specific action in case of any security violation. The objective is to find correlation among the deviated values (from normal) of monitored parameters to determine the type of intrusion and to generate an action accordingly. We performed some experiments to evolve set of decision rules based on the significance of monitored parameters in UNIX environment, and tested for validation.

I. INTRODUCTIONThis paper describes the design and implementation of a classifier-based decision

support component for an intrusion detection system (IDS). This classifier-based IDS monitors the activities of Unix machines at multiple levels (from packet to user-level) and determines the correlation among the observed parameters during intrusive activities. For example, at user level – searches for an unusual user behavior pattern; at system level – looks at resource usage such as CPU, memory, I/O use etc.; at process level – checks for invalid or unauthenticated processes and priority violations; at packet level – monitors number, volume, and size of packets along with source and type of connections. We developed a Java-based interface to visualize the features of the monitored UNIX environment. We used some built-in tools (such as vmstat, iostat, mpstat, netstat, snoop, etc.), syslog files and shell commands for simultaneously monitoring relevant parameters at multiple levels. As the data collector sensors observe the deviations, the information is sent to the classifier system in order to determine appropriate actions

I. Problem Statement

The problem of detecting anomalies, intrusions, and other forms of computer abuses can be viewed as finding non-permitted deviations (or security violations) of the characteristic properties in the monitored (network) systems. This assumption is based on the fact that intruders activities must be different (in some ways) from the normal users activities. However, in most situations, it is very difficult to realize or detect such differences before any damage occur during break-ins.

II. OBJECTIVESTo develop Intrusion detection system based on artificial intelligence, genetic

approaches and agent architectures for detecting coordinated and sophisticated attack instead by developing an evolvable system that can adapt to environment of referring some static database and updating it time to time.

III. PROPOSED SYSTEMOur aim to develop a Java-based interface to visualize the features of the monitored

UNIX environment. We used some built-in tools (such as vmstat, iostat, mpstat, netstat, snoop, etc.), syslog files and shell commands for simultaneously monitoring relevant parameters at multiple levels. As the data collector sensors observe the deviations, the information is sent to the classifier system in order to determine appropriate actions

In this application I propose design and implementation of a classifier-based decision support component for an intrusion detection system (IDS). This classifier-based IDS monitors the activities of UNIX machines at multiple levels (from packet to user-level) and determines the correlation among the observed parameters during intrusive activities. For example, at user level – searches for an unusual user behavior pattern; at system level – looks at resource usage such as CPU, memory, I/O use etc.; at process level – checks for invalid or unauthenticated processes and priority violations; at packet level – monitors number, volume, and size of packets along with source and type of connections

A. System Overview

B. Modules in the system with detail description

1. Multi-level Parameter Monitoring: -

Our prototype system currently monitors the parameters USER, SYSTEM, PROCESS, NETWORK; some of these parameters are categorical in natures, (e.g. type of user, type of connections) which are represented numerically for interpretation. However, the selection of these parameters is not final and may vary (based on their usefulness) in our future implementation.

2. Setting Thresholds:-

Historical data of relevant parameters are initially collected over a period of time during normal usage (with no intrusive activities) to obtain relatively accurate statistical measure

of normal behavior patterns. Accordingly, different threshold values are set for different parameters.

1. classifier-based intrusion detection system:-The best approach may be to design an evolvable system that can adapt to

environment. A classifier system is an adaptive learning system that evolves a set action selection rules to cope with the environment. The condition-action rules are coded as fixed length strings (classifiers) and are evolved using a genetic search. These classifiers are evolved based on the security policy.

2. Creating a High-Level Knowledge Base :-The degree of importance of each level (of monitored parameters) is hypothesized

based on the domain knowledge. The purpose is to generate rules from a general knowledge base designed by experts. Though the accuracy of this knowledge base will result in more realistic actions, the heuristic rule set that we used can provide similar detection ability.

3. Classifier Systems in Rule Discovery:-Classifier systems are dynamical systems that evolve stimulus-response rules or

classifiers (using Genetic Algorithms), each of which can interact with the problem solving environment.

4. Genetic Algorithm: - Genetic algorithms operate on a population of candidate solutions applying the

principle of survival of the fittest to produce better and better approximations to a solution. In general, in order to successfully employ GA to solve a problem.

5. Fitness Evaluation: -The purpose of the fitness function is to measure how good each rule is in solving the

problem. In our approach, we consider the following elements while generating the rule set

C. Application of the system1. Effective dynamic, evolving Intrusion Detection System2. Manual updating of database is not required as it is intelligence based 3. Complete evaluation of system to maintain track of attacks (User, system,

process, network)4. Verification of action and respective action for attack takes place

As internet and network is becoming part of everyone’s commercial, social, personnel life, it is very important to keep our private data safe, secure. In order to do that effective Intrusion Detection System to cope up with intruder’s database. As a complete solution this system can be in every computer which is supposed to be kept secure.

IV. CONCLUSIONMost existing intrusion detection systems either use packet-level information or

user activities to make decisions on intrusive activities . In this paper, we described an intrusion detection system that can simultaneously monitor network activities at different levels (such as packet level, process level system level and user level), it can detect both inside misuse and outside attacks. The main emphasis of this work is to examine the feasibility of using a classifier-based intelligent decision support subsystem for robust intrusion detection.

VI. FUTURE WORK

The proposed system has some unique features of simultaneous monitoring at multi-level to detect both known and unknown intrusions and generate specific response. The developed system will perform real-time monitoring, analyzing, and generating appropriate response to intrusive activities. This work is a part of a larger research project on developing an intelligent intrusion detection system. In this paper, we emphasized on the design and implementation of classifier system as decision support component. We are currently experimenting in a simulated environment as a part of an early development. We anticipate that a more effective and practical rule base will emerge after the implementation and observation of the network

REFERENCES

1. D Anderson, T Frivold, and A Valdes. Next-generation intrusion-detection expert system (NIDES). Technical Report SRI-CSL-95-07, Computer Science Laboratory, SRI International, Menlo Park, CA 94025-3493, USA, May 1995.

2. Christina Warrender, Stephanie Forrest, and Barak Perlmutter. Detecting intrusions using system calls: Alternative data models. In IEEE Symposium on Security and Privacy, pages 133.145, Berkeley, California, May 1999.

3. Steven R Snapp, Stephen E Smaha, Daniel M Teal, and Tim Grance. The DIDS (distributed Intrusion detection system) prototype. In Proceedings of the Summer USENIX Conference, pages 227.233, San Antonio, Texas, 8.12 June 1992. USENIX Association.

4. Herv´e Debar, Marc Dacier, and Andreas Wespi. Towards a taxonomy of intrusion detection Systems. Computer Networks, 31(8):805.822, April 1999.

5. MEsmaili, R Safavi, Naini, and J Pieprzyk. Intrusion detection: A survey. In Proceedings of ICCC'95. (12th International Conference on Computer Communication), volume xxxxii+862, pages 409.414. IOS Press, Amsterdam, Netherlands, 1995.

6. Koral Ilgun. USTAT: A real-time intrusion detection system for UNIX. In Proceeding of the 1993 IEEE Symposium on Security and Privacy, pages 16.28, Oakland, California, 24.26 May 1993. IEEE Computer Society Press.

7. Kathleen A Jackson, David H DuBois, and Cathy A Stallings. An expert system application for network intrusion detection. In Proceedings of the 14th National Computer Security Conference, pages 215.225,Washington, D.C., 1.4 October 1991. National Institute of Standards and Technology/National Computer Security Center.

Content Based Image Processing on Plant Images

Mr.Rajan JamgekarAsst Prof NBNSCE

Contact:9665645312 Email: rs.jamgekar@gmail.com

Mr. S V ChobeAsst.Prof,DYPIET

Contact:9822808289 Email: svchobe@yahoo.com

Abstract:Content Based Image Retrieval (CBIR), is focusing on developing a Fast And Semantics-Tailored (FAST) image retrieval methodology. Image retrieval is very important step for computer aided plant species recognition. In this project we are using different transform techniques for plant image recognition on the basis of shape and texture features. Basically we are calculating Euclidean distance of plant image in the database from query image by applying following transforms.

1. Gabor Zernike.2. Fourier Descriptor 3. Generic Fourier Descriptor4. Curvature Scale Space

By applying all these transforms to plant image we are characterizing shape and texture features of plant. In this project we have 100 plant images in the database. We calculated Euclidean distance of every plant image in the database from the query image. On the basis of Euclidean distance of query image all the plant images are arranged as per ascending order of Euclidean distance. The experimental result showed that Gabor Zernike transform gives better results to retrieve plant images from the database on the basis of feature vector of plant. Finally we did comparative study of all these transform by drawing precision and recall graph which gives percentage retrieval result of plant image from the database.

Keywords: Fourier descriptors, shape, CBIR, retrieval., Gabour Zernike, Curvature Scale Space.

1 INTRODUCTIONDue to the rapid development of digital and information technologies, more and more images are generated in digital form. This requires image to be effectively and efficiently described to facilitate automatic searching. Content Based Image Retrieval (CBIR) is a technique whereby images are described by a few top level features such as color, texture, shape or the combination of them. There is an increasing trend towards the digitization of plant imagery. Shape is the fundamental visual features in CBIR. Various shape techniques exist in the literature, these methods can be classified into two categories: Region-based and Contour-based. Contour-based shape descriptors use only the boundary information, ignoring the shape interior content. Examples of contour based shape descriptors include Fourier descriptors , Wavelet descriptor , Curvature scale space descriptor . Since they are computed using only boundary pixels, their computational complexity is low, but they cannot represent shapes for which the complete boundary information is not available.2 SYSTEM ARCHITECTURE In contrast to conventional text-based retrieval, a CBIR system uses image content instead of text to retrieve the counterparts in the database. In general, there are two ways to retrieve information from a database: one is the global approach which uses the complete information

contained in an image to search the database; the other is the local approach which selects a region-of-interest (ROI) as the base to perform search. The advantage of the former is that less human intervention is involved, but at the sacrifice of retrieving relatively incorrect data to introduce too much irrelevant results.

3 FEATURE EXTRACTION In image processing, Feature extraction is a special form. When the input data to an algorithm is too large to be processed and it is suspected to be notoriously redundant (much data, but not much information) then the input data will be transformed into a reduced representation set of features (also named features vector). Transforming the input data into the set of features is called features extraction. If the features extracted are carefully chosen it is expected that the features set will extract the relevant information from the input data in order to perform the desired task using this reduced representation instead of the full size input. Feature extraction involves simplifying the amount of resources required to describe a large set of data accurately.3.1 ShapeThe human vision system identifies objects with the edges they contain, both on the boundary and in the interior based on the intensity differences among pixels. These intensity differences are captured as the shape content of salient objects with respect to their centroids in images. The shape descriptors are classified in two groups: contour-based (e.g., Turning Angle representation and Fourier descriptors) and region-based (e.g., moment descriptors, generic Fourier descriptors, and grid descriptors). 3.2 TextureTexture is an important feature since the images can be considered as the composition of different texture regions. There are various techniques for texture feature extraction. The statistical approaches make use of the intensity values of each pixel in an image, and apply various statistical formulae to the pixels in order to calculate feature descriptors

4 PREPROCESSING OF SHAPE IMAGEThe shapes in the database are plants images in the form of gray level images. The preprocessing is to extract the boundary information, or coordinates of the boundary, from the shape. The block diagram for preprocessing is shown above. The first step in the preprocessing is to binarizing the shape image; a simple threshold is applied to convert the gray level shape image into binary image. In reality, shape images are often corrupted with noise, as a result, the shape obtained from the thresholding usually has noise around the shape boundary, therefore, a denoise process is applied. The denoising process eliminates those isolated pixels and those isolated small regions or segments. For the nonsilhouette shape, the shape boundary is not always connected; therefore, a m-connectivity connection technique is used to fill the gaps between boundary points. The shape is then traced using a 8- connectivity contour tracing technique to obtain the shape boundary coordinates.

5 RELATED WORK Spectral descriptors include Fourier descriptors (FD) and wavelet descriptors (WD), they are usually derived from spectral transform on shape signatures. With Fourier descriptors, global shape features are captured by the first few low frequency terms, while higher frequency terms capture finer features of the shape. Apparently, Fourier descriptors not only overcomes the weak discrimination ability of the moment descriptors and the global descriptors but also overcome the noise sensitivity in the shape signature representations. Other advantages of FD method include easy normalization and information preserving. Recently, wavelet descriptors have also been used for shape representation.5.1 Shape signaturesIn general, a shape signature is any 1-D function representing 2-D areas or boundaries. Four shape signatures are considered in this paper, these are central distance, complex coordinates (position function), curvature and cumulative angular function. The reason for choosing these four shape signatures for test and comparison is because they are mostly used in recent FD implementations and have been shown practical for general shape representation. The shape boundary coordinates have been extracted in the preprocessing stage.(x(t), y(t)), t = 0, 1, …, L-1,

5.2 Complex coordinatesA complex coordinate’s function is simply the complex number generated from the boundary coordinates:

In order to eliminate the effect of bias, we use the shifted coordinates function:

where (xc, yc) is the centroid of the shape, which is the average of the boundary coordinates

This shift makes the shape representation invariant to translation.

5.3 Centroid distanceThe centroid distance function is expressed by the distance of the boundary points from the centroid (xc, yc) of the shape

Due to the subtraction of centroid, which represents the position of the shape, from boundary coordinates, the centroid distance representation is also invariant to translation.

5.4 Curvature signatureCurvature represents the second derivative of the boundary and the first derivative of the boundary tangent. The curvature function used is defined as the differentiation of successive boundary angles calculated in window however, this curvature function defined in this way has

discontinuities at size of 2π in the boundary, therefore,

Where θ (t) is defined as above. Curvature is invariant under translation and rotation.

5.5 Cumulative angular functionShape can also be represented by boundary angles, but due to that the tangent angle function θ (t) can only assume values in a range of length 2π, usually in the interval of [-π, π] or [0, 2π]. Therefore θ (t) in general contains discontinuities of size 2π. Because of this, a cumulative angular function is introduced to overcome the discontinuity problem. The cumulative angular function θ (t), is the net amount of angular bend between the starting position z(0) and position z(t) on the shape boundary In order to make it accord with human intuition that a circle is “shapeless”, a normalized cumulative angular function ψ(t) is used as the shape signature (assuming shape is traced in anti-clockwise direction)

Three of the smoothed shape signatures of the shape in Figure 2(b) are shown in Figure 5.

Figure 3: Shape Indexing Using Fourier

5.6 Texture feature extraction

Texture, a global shape feature could be used to associate related shapes. Here we combine the Gabor filters and Zernike moments to form a set of features suitable for texture shape features.

6 SHAPE BASED PLANT IMAGE RETRIEVAL Fourier transformation on shape signatures is widely used for shape analysis, there are also some recent attempts to exploit it for shape retrieval The Fourier transformed coefficients form the Fourier descriptors of the shape. These descriptors represent the shape of the plant in a frequency domain.Along with this descriptors we have implemented different transform to recognize plant image on the basis of features extracted from the plant image 6.1 Generic Fourier DescriptorGeneric Fourier Descriptor proposed by is extracted from spectral domain by applying 2-D Fourier transform (FT) on polar raster sampled shape image. Shape analysis using FT is backed by well developed and well understood Fourier theory6.2 Fourier descriptorThe multiscale Fourier descriptor is formed by applying the complex wavelet transform to the boundary function of an object extracted from an image. After that, the Fourier transform is applied to the wavelet coefficients in multiple scales.6.3 Gabor ZernikeWith an optimized implementation, retrieval rates of several 10Hz can be reached, which makes the fast Gabor transform a superior one-to-one replacement even in applications that require video-rate update. Parameters of the Gabor wavelets, namely frequency and orientation, are adjusted to gain better performance. The processing of plant images by Gabor filter is chosen for its technical properties. The Gabor filter kernels have similar shapes as the receptive fields of simple cells in the primary visual cortex. They are multi-scale and multiorientation kernels.6.4 Curvature Scale SpaceIn curvature scale space (CSS) representation the first step is to extract edges from the original plant image using a Canny detector. The corner points of an image are defined as points where plant image edges have their maxima of absolute curvature. The corner points are detected at a high scale of the CSS image and the locations are tracked through multiple lower scales to improve localization. Corner detection is an important task in various machine vision and image processing systems. Applications include motion tracking, object recognition, and stereo matching.Curvature Scale Space1. Corner:- The process of CSS image corner detection is as follows:

Utilize the Canny edge detector to extract edges from the original image. Extract the edge contours from the edge image: Fill the gaps in the edge contour Find T-junctions and mark them as T-corners Compute the curvature at highest scale _high and declare the corner candidates as the

maxima of absolute curvature above a threshold t. Track corners to lowest scale to improve localization. Compare the T-corners to the corners found using the curvature procedure and remove

very close corners.2. Canny: - This function is used to detect edges of the image.3. Extract_curve :- This function is used to find number of curves of the image. It gives starting and ending point of the curve.4. Get corner: - This function is used to find T corners in the image5. Edge direction :- This function is used to detect curves in the image.

7. APPLICATIONSContent Based Image Retrieval (CBIR), is focusing on developing a Fast And Semantics-Tailored (FAST) image retrieval methodology. Specifically, the contributions of FAST methodology to the CBIR literature include: (1) Development of a new indexing method based on fuzzy logic to incorporate color, texture, and shape information into a region based approach to improve the retrieval effectiveness and robustness. (2) Development of a new hierarchical indexing structure and the corresponding Hierarchical, Elimination-based A* Retrieval algorithm (HEAR) to significantly improve the retrieval efficiency without sacrificing the retrieval effectiveness; it is shown that HEAR is guaranteed to deliver a logarithm search in the average case.(3) Employment of user relevance feedbacks to tailor the semantic retrieval to each user's individualized query preference through the novel Indexing Tree Pruning (ITP) and Adaptive Region Weight Updating (ARWU) algorithms.

8 SAMPLE TEST RESULTS TO RECOGNIZE PLANT IMAGEThe performance of all descriptors is evaluated by using plant database. The precision and recall graphs are drawn for each descriptor. The database created in this way makes the evaluation more reliable. The performance of the retrieval is evaluated using precision and recall. Precision P is defined as the ratio of the number of relevant retrieved shapes r to the total number of retrieved shapes n. Recall R is defined as the ration of the number of retrieved relevant images to the total number m of relevant shapes in the whole database. Therefore

Query image is Christmas Tree. The related plant images retrieved by applying all Transform are six . The Euclidean distance of these images is approximately same to the query image. Out of six plant images three plant images are retrieved within first twenty five images.

CURVATURE SCALE SPACE

Curvature Scale Space gives results for some plants. In result of Curvature Scale Space Original plant image is Papaya for which we are getting edge map and corners properly

9 CONCLUSION AND DISCUSSION← Gabour ZernikeAs compared to Fourier Descriptor Gabour Zernike transform gives seventy percent accurate results to retrieve plant images.← Fourier DescriptorFourier Descriptor gives forty percent accurate results to retrieve plant images.← Generic Fourier DescriptorGeneric Fourier Descriptor gives forty percent correct results to retrieve plant images.← Generic Fourier Descriptor and Fourier Descriptor (Combined)As per the Precision and Recall graph Generic Fourier Descriptor and Fourier Descriptor (Combined) the accuracy of result to retrieve plant images is fifty percent.← Generic Fourier Descriptor, Fourier Descriptor and Gabour Zernike (Combined)By observing the Precision and Recall graph of Generic Fourier Descriptor, Fourier Descriptor and Gabour Zernike (Combined) the percentage of accuracy to retrieve plant images is fifty.← Curvature Scale SpaceBy observing the results and Precision and Recall graphs of all methods it can be said that Curvature Scale Space is not applicable for plant type of images because shape of plant is not regular and plants don’t have proper edges and corner points. The Curvature Scale Space method gives better results for images having regular shape (Like rectangle, square, triangle) in which

getting proper edges and corner points is possible. In plant images it is not possible to extract proper edges and corner points. So Curvature Scale Space results are not satisfactory to retrieve plant image.Finally it can be said that Gabour Zernike is the best technique to retrieve plant images because the results getting by applying Gabour Zernike to plant database are more accurate as compare to other techniques which are used in this project. It is proved by drawing Precision and Recall graph for plant database and results

10 REFERENCES[1] Multiscale Fourier Descriptor for Shape-Based Image Retrieval Iivari Kunttu1, Leena Lepistö1, Juhani Rauhamaa2, and Ari Visa IEEE Transactions on Image Processing, Vol. 5, No. 1, 1996, pp. 56-70.[2] A Comparative Study on Shape Retrieval Using Fourier Descriptors with Different Shape Signatures Dengsheng Zhang and Guojun Lu IEEE Trans. On Systems, Man and Cybernetics, Vol.SMC- 7(3):170-179, 1977.[3] Hannu Kauppinen, Tapio Seppanen and Matti Pietikainen. An Experimental Comparison of Autoregressive and Fourier-Based Descriptors in 2D Shape Classification. IEEE Trans. PAMI-17(2):201- 207[4] [PF77] Eric Persoon and King-sun Fu. Shape Discrimination Using Fourier Descriptors. IEEE Trans. On Systems, Man and Cybernetics, Vol.SMC- 7(3):170-179, 1977[5] Advantages of Using a Space Filling Curve for Computing Wavelet Transforms of Road Traffic Images 10th International Conference on Image Analysis and Processing 1999 Venice p.618-623[6] Image Coding Using Wavelet Transform Marc Antonini, Michel Barlaud, Member, IEEE, Pierre Mathieu, and Ingrid Daubechies, Member, IEEE Technical Report. Bell Laboratories, Lucent Technologies 1996.[7] Facial Expression Recognition Based on Gabor Wavelet Transformation and Elastic Templates Matching ZHAN Yong-zhao YE Jing-fu NIU De-jiao CAO Peng IEEE Trans. Pattern Anal.Machi ne Intel1. 1994.

Optimization of gap between Visual Features and high level Human Semantics in Content Based Image Retrieval

Pranoti P. ManeMES college of Engineering, Pune

Dr. N. G. BawaneSenior member, IEEE, G. H. Raisoni College of Engineering,

Abstract:CBIR can be viewed as a methodology in which field of study is concerned with searching & browsing digital images from database collection. Human beings are able to interpret images of different levels, both in low level features (color, shape, texture ,Spatial layout etc.) and high level semantic concepts (abstract objects like table, chair, animal, building, tumor image, etc.) However, an automated extraction system used in machine is only able to interpret images based on low-level image features. Bridging the semantic gap in Content Based Images Retrieval has become a hot research area. This paper gives a comprehensive survey on current techniques for bridging the semantic gap in CBIR (Content Based Images Retrieval) and technical achievements in this area. The survey includes the study of a large number of papers covering the research aspects of system designs and applications of CBIR, difference between low-level image features and high level semantics. In addition it not only focuses on the semantic image retrieval systems but also throws the lights on various techniques used to reduce semantic gap in CBIR. Furthermore, several recommendations have been suggested based on the limitations of current techniques.

KeywordsContent Based Image Retrieval (CBIR), semantic gap, image annotation, relevance feedback.

Introduction

Image retrieval is the field of study concerned with searching and browsing digital images from database collection. With many potential multimedia applications, content-based image retrieval (CBIR) has recently gained more attention for image management. Content-based image retrieval is a very active research topic in all the fields of image processing, multimedia, digital libraries, remote sensing, astronomy, database applications and other related area. Since many images have been generated in digital form, image retrieval is gaining more and more importance in all the fields where images carry relevant information particularly in clinical medicine and biomedical research, where imaging is present for diagnosis, therapy or education [13,14]. In CBIR system, to build an image database ,the feature vectors are extracted from images. These features can be color, shape, texture, region or Spatial features. Then feature vectors are stored in another database for future use. When a query image is given, similar feature vectors are extracted from it and compared or matched with those already in the database. Then the distance between the two image vectors is calculated and when it is small, enough, that image in the database is considered as a match to the query image. The search is usually based on similarity rather than on exact match and the retrieval results are then ranked according to a similarity index [5]. Semantic gap in content based image retrieval An effective image retrieval system needs to operate on the collection of images to retrieve the relevant images based on the query image that conforms as closely as possible to human perception. For an example finding an image of a little girl playing a ball on the lawn. Human beings are able to interpret images at different levels, both in low-level features (color, shape, texture and object detection) and high-level semantics (abstract objects, an event, etc.).However, a machine is only able to interpret images based on low-level image features. Besides, users prefer to articulate high-level queries, but research in CBIR systems has mainly focused on extracting low-level visual features and then using them directly to compute image similarity. This is mainly due to the unavailability of low-level image features in describing high-level concepts in the human’s mind. Although the retrieval quality is sufficient for some tasks and the

automatic extraction of visual features is rather convenient, there is still a semantic gap between the low-level visual features (textures, colors) automatically extracted and the high-level concepts (tumors, abnormal tissues) that users normally search for. Semantic features differ from visual features in many aspects. While visual features are general and could be used with different image types and modalities, semantic features are domain specific. For example in the domain of Lung CT, a combination of visual features may be used such as gray-scale histograms and wavelet transforms coefficients to compose the feature vector. On the other hand, a semantic feature vector may be composed of the semantic categories existing in the image such as “Soft tissue”, “Lung tissue”, “Heart” etc. While gray-scale histograms and wavelet transforms coefficients are common features that could be used to describe other image modalities, semantic features mentioned above are suitable only for Lung CT’s [9]. Semantic Image Retrieval System In [2] the author has proposed to use heuristic information and intermediate features from images to develop a general semantic image retrieval system with similar functionality to the conventional SQL system. The proposed system is consisted of two parts: offline processing units and online processing units as illustrated in Figure 1. The offline process starts by segmenting input crude images into regions; it is followed by extraction of primitive image features; a converting machine then interprets the regions into heuristic information or translates the primitive features into intermediate features; finally, images are represented as heuristics and intermediate features to be indexed into the database. The online process is initiated by a query submitted by the user, the system then applies three stages of retrieval processing to return all images similar to the query. The three

stages of retrieval consist of heuristic filter, intermediate filter and relevance feedback. The online processing is typically conducted on a client terminal using a web browser [2]. Fig.1 Block diagram of a general semantic image retrieval system

Review state-of-the-art techniques in narrowing down the 'semantic gap' Some of the major categories of the state-of-the-art techniques in narrowing down the 'semantic gap' are manual image semantic extraction using manual annotation, supervised learning methods to associate low-level features with query concepts, unsupervised learning techniques, use of relevance feedback to learn users' intention and ontology and fuzzy logic. One conventional way to describe the image in high level is using the manual annotation which needs to annotate every image where users enter some descriptive keywords when the images are loaded/registered/browsed. Existing applications are based on whole images and cannot annotate based on the objects or regions of the images. Inotes and facebook are most popular annotation approaches [12]. Supervised image learning is an important process to increase image retrieval speed, improve retrieval accuracy, and perform annotation automatically [11]. In this off-line process, a collection of category labels and related visual features are used. Support Vector Machine is a machine-learning tool used for multiple concepts learning in image retrieval. SVM methods have been often used when user provides some relevant or irrelevant feedbacks [2]. Tao et al. [2] claims that the small number of positive feedback affects the effectiveness of SVM classification method. Liu's comparative study [3] found that the decision tree induction method is an effective candidate for the mapping between visual features and high-level semantic concepts of an image. Furthermore, user's feedback is no necessary in this regard. Their precise experimental results in precision (Pr) and recall (Re) of 40 queries with various numbers of images demonstrate an improvement of 10% in retrieval accuracy compared with other CBIR systems.. Unsupervised clustering is another important technique used in content-based image retrieval. The aim of this approach is to categorize a collection of image data in a way to maximize the similarity within clusters (high intra-cluster similarity) and minimize the similarity between the clusters (low inter-cluster similarity)[3] . Li et al. [7] presented an annotation system named automatic linguistic indexing of pictures (ALIP), in which each semantic category is characterized by a statistical model named 2D multi-resolution hidden Markov. To reduce the Semantic gap in CBIR, the user interacts with the CBIR system by providing additional information during the retrieval process. This is known as relevance feedback (RF). The conventional process of RF is given as follows: firstly, from the retrieved images, the user labels a number of relevant samples as positive feedbacks, and a number of irrelevant samples as negative feedbacks and secondly the CBIR system then refines its retrieval procedure based on these labeled feedback samples to improve retrieval performance. These two steps can be carried out iteratively. As a result, the performance of the system can be enhanced by gradually learning the user’s preferences. However, there is still a big room to improve further the RF performance, because the popular RF algorithms ignore the manifold structure of image low-level visual features. In [10], the author has proposed the biased discriminative Euclidean embedding (BDEE) which parameterizes samples in the original high-dimensional ambient space to discover the intrinsic coordinate of image low-level visual features. BDEE precisely models both the intra class geometry and interclass discrimination and never meets the under sampled problem [10].

To reduce the Semantic gap, a universal Semantic Description model Based on Fuzzy Domain Ontology (SDMFDO) is constructed. Ontology is a kind of model that is used to describe the concepts and the relations of them, and fuzzy set theory can make image retrieval apart from precision of calculating. By adding fuzzy membership to the concepts and the relations of them in the domain ontology, a Fuzzy Domain Ontology (FDO) is obtained which can be used to describe the semantic features of an image in a way catering for human's fuzzy thoughts. Then the mapping from low-level features to high-level semantic features is realized using FSVMs [8].

Conclusion Although manual annotation of image content is considered a “best case” in terms of accuracy, since keywords are selected based on human determination of the semantic content of images, it is a labor intensive and tedious process. So, researchers are moving toward automatic extraction of the image semantic content. The performance of SVM-based RF approaches is often poor when the number of labeled feedback samples is small. The main drawback of unsupervised clustering methods [3] is the lack of solution to reduce the uncertainty involved in the meaningful image concepts. Another disadvantage of clustering methods [7] is the high computational cost. The approach that asks to the user to set the relevance of the images to a given query and to reprocess it based on the user’s feedback is called as relevance feedback and is been proven to be quite effective in bridging the semantic gap in image retrieval[1]. Relevance feedback as a real time classification technique can be integrated with other supervised and unsupervised learning techniques to provide meaningful image retrieval [6].This paper presents study of Content Based Image Retrieval as well as the problem of Semantic gap between low-level features and high-level semantics in CBIR. In addition, a comprehensive review of different techniques to reduce the semantic gap in CBIR is presented. The major categories of state-of-the-art techniques including manual image semantic extraction using manual annotation, supervised learning methods, un supervised learning methods, Fuzzy domain ontology and relevance feedback approaches in reduction of the semantic gap between low level image features and high level human semantics have been explored.

References[1] Agma J. M. Traina, Joselene Marques, Caetano Traina Jr , “Fighting the Semantic Gap on CBIR

Systems through New Relevance Feedback Techniques”, Proceedings of the 19th IEEE Symposium on Computer-Based Medical Systems (CBMS'06)

[2] D. Zhang, Y.Liu1, and J.Hou ,“Digital Image Retrieval Using Intermediate Semantic Features and Multistep Search”, International Conference on Computing:Techniques and Applications, DICTA,2008,pp.513-518.

[3] G.Rafiee, S.S.Dlay, and W.L.Woo, “A Review of Content-Based Image Retrieval”,CSSNDSP 2010,pp.775-779.

[4] R.Datta,Weina G.,J.Li, J.Z.Wang , “Toward bridging the annotation- retrieval gap in image search by a generative modeling approach”, Proceedings of the 14th annual ACM international conference on Multimedia, Vol. 14,2006.

[5] M.B .Kokare, B.N. Chatterji and P.K. Biswas, “A Survey On Current Content Based Image Retrieval Methods”, IETE Journal of Research, 2002,pp. 261-271

[6] J. Tao, X. Tang, X. Li, and X. Wu, "Asymmetric bagging and random subspace for support vector machines-based relevance feedback in image retrieval," Pattern Analysis and Machine Intelligence, IEEE,2006,vol. 28, pp.1088- 1099.

[7]Jia Li and J. Z. Wang, “Automatic Linguistic Indexing of Pictures by a Statistical Modeling Approach”, IEEE Transaction on Pattern Analysis and Machine Intelligence, vol. 25, no.9, September 2003,pp.1075-1088.

[8] Vasileios Mezaris, Ioannis Kompatsiaris, and Michael G. Strintzis, “An Ontology based approach to object based Image retrieval” ,ICIP 2003.

[9] O.Karam, A.Hamad, and M.Attia,“Exploring the Semantic Gap in CBIR: with application to Lung CT” , GVIP 05 Conference, 19-21 December 2005, CICC, Cairo,pp. Egypt,422-426.

[10] Wei Bian and Dacheng Tao, Member, IEEE, “Biased Discriminant Euclidean Embedding for CBIR”, IEEE Transaction on Image processing, vol. 19, NO. 2, February 2010, pp.545-554.

[11] Datta R., Joshi D., Li J. and Wang J.Z., “Image Retrieval: Ideas, Influences, and Trends of the New Age”, ACM Comput. Surv,Vol 40, 2008,pp. 1–60.

[12] J Fan, Daniel A Keim, Hangzai Luo, Zongmin Li ,” Personalized Image Recommendation via Exploratory Search from Large-Scale Flickr Image Collections”, IEEE Transactions on Circuits and Systems, Vol 18 , Issue: 8, 2008,pp.1-20

[13] Ying Liu,Dengsheng Zhang,Guojun Lu and Wie-Ying Ma,“A survey of content-based image retrieval with high-level semantics”,Pattern Recognition,Vol 40,issue1,January 2007,pages 262-282.

[14] J.S Hare , “Mind the gap: another look at the problem of the semantic gap in image retrieval”, Proceedings of SPIE, Vol: 6073 , Issue1,2006.

Network Intrusion Detection SystemPratibha Wagaj

prati.wagaj@gmail.com Dr.Babasaheb Ambedkar Technological University, Lonere, Raigad,

Maharashtra,IndiaAbstract:

An Intrusion on network means anonymous entity trying to leak out confidential data and interfering with different networking services to malfunction it by any means. Now days the number of intrusions are increasing rapidly along with rise of new technologies. We need to protect our network in order to prevent it from Intrusions.

A Network Intrusion Detection System (NIDS) is responsible for detecting anomalous, inappropriate, and unwanted things occurring on the network. The function of the NIDS is to check the traffic over the network for any malicious or unauthorized activities which may lead to Network Intrusion.

The main objective of NIDS is to detect some of the well known attacks and give warnings to the corresponding user so that user will take necessary actions for preventing the system from the Intrusion.

Introduction:The rapid progress of communication technologies brings numerous benefits to the

human society, but it also increases dependencies on information systems. The growing potential of threats that make these systems more and more vulnerable is caused by the complexity of the technologies themselves and by the growing number of individuals, which are able to abuse the systems.

The research and development of intrusion detection technology take place since about 20 years. During this time, numerous ambitious approaches have been proposed, which led to the first commercial solutions available Today’s intrusion detection solutions are less suited for the deployment in large computer networks, especially for tight time constraints. Growing communication infrastructures (e.g. networks with switches) and increasing user requirements (e.g. privacy) raise additional problems, which are not covered by existing concepts.

The Architectural Design is depicted as a block diagram where each box in the diagram represents a sub-system. The arrows indicate data or control flow in the direction as specified. The Architectural block diagram presents an overview of the system architecture (Figure 1).

Figure 1. Architectural diagram of NIDSThe above diagram is the structural model of architecture for the present system. In this

system, the Sniffer sub-system captures the packets which flow into and out of the system. This

sub-system then formats these packets in a format that is convenient for further processing. Jpcap is a part of this Sniffer sub-system .The packet capturing function is accomplished via Jpcap.

There are various Intrusion units each for a specific attack. So, there are individual intrusion units which detect Port Scanning, Smurf Attack, synflood Attack.

All these intrusion units are independent of each other and interact only with the Control Unit. They run simultaneously continuously scanning for occurrence of specific attacks and report the attacks to the Control Unit when detected. The Store sub-system stores the various Rules defined and given to it by the Control Unit. It consists of various other sub-systems for data processing. The Owner-GUI sub-system displays to the user the defined Rules, the attack logs and the running status of the Intrusion units. It also provides facilities for starting and stopping intrusion units, clearing attack logs, adding new Rule to the store and deleting existing Rule from the store.

The Control Unit sub-system manages the sub-systems for detection of attacks by taking the packets from the Sniffer, sending relevant packets to the Intrusion Units, gives Rules to the store and retrieves them and displays necessary messages to the user through the user interface.

Design goals of the system To develop an application that is capable of sniffing the traffic, to and from the host machine. To develop an application that is capable of analyzing the network traffic and detects several

pre-defined intrusion attacks. To develop an application that warns the owner of the host machine, about the possible

occurrence of an intrusion attack and provides information regarding that attack. To develop an application that is capable of blocking traffic to and from a machine that is

identified to be potentially malicious and that is specified by the owner of the host machine. To develop an application capable of detecting occurrence of Denial of Service attack such as

Smurf Attack and Syn-Flood Attack. To develop an application capable of detecting activities which attempt to gain unauthorized

access to the services provided by the host machine using techniques such as Port Scanning.

Implementation Technique: (Jpcap and Winpcap)In the field of computer network administration, pcap (packet capture) consists of an

application programming interface (API) for capturing network traffic. Unix-like systems implement pcap in the libpcap library; Windows uses a port of libpcap known as WinPcap.

If you want to capture network packets in your Java program, you'll need a little help because no parts of the core Java API give access to low-level network data. However, Jpcap is a Java API that provides you with this access on Windows or UNIX systems. Jpcap is a Java library to capture and send network packets. Jpcap is open source, and supports Windows, Linux,

What is Jpcap? Jpcap is an open source library for capturing and sending network packets from Java

applications. It provides facilities to: Capture raw packets live from the wire.  Save captured packets to an offline file, and read captured packets from an offline

file. Automatically identify packet types and generate corresponding Java objects (for

Ethernet, IPv4, IPv6, ARP/RARP, TCP, UDP, and ICMPv4 packets).

Filter the packets according to user-specified rules before dispatching them to the application.

Send raw packets to the networkJpcap is based on libpcap WinPcap, and is implemented in C and Java. Jpcap has been tested on Microsoft Windows (98/2000/XP/Vista), Linux (Fedora, Ubuntu), Mac OS X (Darwin)Some unique features of this Jpcap are:

Simpler API Packet sending supported IPv6 supported Still in active development

Attack detection and their implementation:The NetShield software detects following well known attacks:

1. Syn-Flood Attack2. Smurf Attack

Syn-Flood AttackThe Syn-flood attack is type of denial of service (DoS) attack. It will deny services of

web servers by any means from clients and separating the victim system from network.

Figure: Fig 2: Normal TCP Connection Fig 3: Syn flood attack behaviorThe first step required to detect any type of above intrusions is to sniff packets that transit

on network. For this purpose NetShield uses Jpcap and Winpcap as described earlier.There are 3 preliminary steps described as follows:

1. Retrieving Network Interfaces available on the system:2. Open network interface from which packets has to be captured:3. Capture packets from the interface:

Smurf Attack:The Smurf attack is a way of generating significant computer network traffic on a victim

network. This is a type of denial-of-service attack that floods a target system via spoofed broadcast ping messages. Smurf attack is achieved by using ICMP echo requests and ICMP echo reply. The Intruder first of all does an efficient mapping knowing the live hosts over network. Then Intruder broadcasts ICMP echo request to all of the hosts in that network, along with spoofed IP address of the victim system, so all other system think that this request is from victim, hence all systems in that network sends ICMP echo reply to the victim resulting into DoS attack.

Figure 4: Smurf attack scenario

Result:The IDS is designed to provide the basic detection techniques so as to secure the systems

present in the networks that are directly or indirectly connected to the Internet, performing such a duty always goes in hand on hand diving success as well as failure in fulfilling the objective. At least it does it job. But finally at the end of the day it is up to the Network Administrator to make sure that his network is out of danger. This software does not completely shield network from Intruders, but IDS helps the Network Administrator to track down bad guys on the Internet whose very purpose is to bring your network to a breach point and make it vulnerable to attacks. The following is just a first and of what should be the source of action while using the software and after an attack has been detected by IDS.

The system can be extended by incorporating Data Mining techniques to analyze the information in the log records which may help in efficient decision making. The present system only detects the attacks only the known attacks. This can be extended by incorporating Intelligence into it in order to gain knowledge by itself by analyzing the growing traffic and learning new Intrusion patterns. The present system runs on an individual host machine and is not a distributed application. This can be extended to make it a distributed application where different modules of the same system running on different machines may interact with each other thus providing distributed detection and protection for all those machines on which the system is running

References:[1] William Stallings, “Cryptography and Network Security”, Principles and Practices, Third Edition.[2] D. E. Denning, "An intrusion-detection model". IEEE Transactions on Software Engineering, Vol. SE-13(No. 2):222-232, Feb. 1987.[3] Stephen Northcutt, Judy Novak, “Network Intrusion Detection”, Third Edition, Pearson Education 2003.

Evaluation of a Distributed Detecting Method for SYN Flood Attacks Using a Real Internet Trace

Rajasrhee KarandeDepartment Of Computer Engineerig,

JSPM’s Imperial College Of Engineering & Researchrajashree.karande@gmail.com

Abstract:Damage caused by DoS attacks is serious and financial losses have become social problems in recent years. Any computers connected to the Internet have a possibility to be a victim at any time. Therefore, it is important for network administrators to develop means to comprehend the latest trend of DoS attacks. In our previous work, we proposed a distributed detecting method for the SYN Flood attack, which is one of the DoS attacks. In this paper, we evaluate our method using a real Internet trace which reflects the trends in SYN Flood attacks on the Internet. We show the applicability of our method to the Internet with prospective evaluation results.

Keywords-DoS attacks; SYN Flood attacks; distributed detecting method; mobile agents; real Internet trace.

I. INTRODUCTIONThe Internet is indispensable not only for our daily life but also for business. With such a situation, any computers connected to the Internet are subject to danger all the time. Symantec Corporation reported that 75% of all enterprises have experienced cyber attacks in 2009 [1].One of the threats on the Internet is DoS (Denial-of-Service) attacks. DoS attacks are malicious actions which place burden on network servers intentionally to bring down or hinder the services. DoS attacks have a long history, however, the aim of attacks has greatly shifted from just causing a commotion to pecuniary motives or political propaganda. Nowadays DoS attacks are recognized as serious social problems and have become large-scale and complicated threat. One of the trends of current DoS attacks is an attack using a botnet [2]. A botnet is a well-organized underground network constructed by computers controlled by malicious users. In fact, financial damage of victim companies is not negligible. For example, GovCert.nl (Dutch Computer Emergency Response Team) [3] suggests DoS attacks are used for the means of intimidation. Moore etal. also showed that such DoS threat was widespread from major commercial sites to individual users [4]. This situation means any computers have a possibility to be a victim at any time. Although many novel DoS protection techniques are proposed and implemented (e.g. [5], [6]), we must say a complete countermeasure does not exist as yet. Thus, it is important for network administrators to develop means to comprehend the latest trend of DoS attacks. Moreover, nowadays users whose computers have been used for attacks without their knowledge come under scrutiny even though they are not real attackers. For example, Botnet Traffic Filter developed by Cisco uses a blacklist to filter the connection from doubtful IP addresses or domains if they can be a member of a botnet [7]. Appearing a member of a botnet within administrative network has the possibility that even innocent traffic is filtered by such blacklists. Because of this, to detect the latest trend of attacks promptly is desirable for network administrators in order to stop any unintentional attackers appearing within their administrative network. In existing or previously proposed a distributed detecting method for the SYN Flood attack, which is one of the DoS attacks. In the previous experiment, however, assumed single SYN Flood attacks and all the attacks were generated under our scenario in the virtual network. To advance proposal, the next challenge is to show the effectiveness of method by detecting multiple and unpredictable SYN Flood attacks actually appeared on the Internet. In this paper,

shown the applicability of the method to the real Internet. It evaluates and detects method for SYN Flood attacks based on a real Internet trace which reflects the trends in SYN Flood attacks on roughly 1/256 of the Internet. The evaluation results indicate that this method is worth in operating on the Internet. This method enables network administrators to devise new strategies for attacks and to get chances to protect their networks. The rest of this paper is organized as follows. Section 2describes SYN Flood attacks which aims to detect.Section 3 describes related works regarding the detection of SYN Flood attacks. In Sect. 4, we outline our distributed detecting method for SYN Flood attacks and describe the implementation of our method. Section 5 evaluates the effectiveness of our method using the real Internet trace. Finally, we conclude our work in Sect. 6.s

II MECHANISM OF SYN FLOOD ATTACKSThe SYN Flood attack which we aim to detect is a kind of DoS (Denial-of-Service) attacks. DoS attacks are malicious actions which place burden on the network servers intentionally to bring down or hinder the services. SYNFlood attacks exploit the procedure of TCP connection

establishment. In this section, we explain the TCP connection establishment procedure before we refer to SYN Flood attacks. Then, we describe the mechanism of SYN Flood attacks and their characteristics. TCP is a connection-oriented end-to-end reliable protocol. The procedure of TCP connection establishment is called 3-way handshake. To explain the TCP connection establishment, we assume two hosts, host A and host B (Fig. 1). First, host A sends a SYN packet to host B to request establishing a connection. Then, host B replies with a SYN/ACK packet to host A to acknowledge connection request and to request establishing a connection in reverse. Finally, host A sends an ACK packet to host B to acknowledge connection request. In this way TCP connection is established.SYN Flood attacks exploit TCP establishment procedure. An overview of a SYN Flood attack is shown in Fig. 2. An attacker sends a large amount of SYN packets whose source addresses are spoofed, to a victim host. The victim host does not have means to identify whether the source addresses of received packets are spoofed or not. Thus, the victim host responds to those spoofed addresses. TCP protocol maintains certain status information for each data stream. The victim host could expend all of its listening queues just waiting for ACK from source hosts. In other words, the victim host has to maintain half-open connection to many irrelevant hosts. The victim host is now in danger of slowing down or crashing in the worst scenario. The slowdown of the host leads to degradation of service quality provided by the host and if it is crashed, it cannot keep providing any services anymore. Source addresses are spoofed in SYN Flood attacks and a victim replies to them automatically as we mentioned above. This means it is possible that SYN/ACK packets arrive at irrelevant hosts abruptly. These packets are called backscatter. Capturing these packets enables us to detect SYN Flood attacks. Most attacking tools, spoof source addresses uniformly in a default setting. In this case, the backscatter will sparsely spread on the Internet.

III. RELATED WORKSA. Router Based SYN Flood Detection

There are some works regarding SYN Flood attacks detection (e.g. [10], [11]). Especially, Moore et al. monitored the class A network addresses for their research [4]. They defined the backscatter analysis and quantified the DoS attacks. As the very recent related paper, Zhang et al. proposed a cooperative method to detect DoS attacks by decentralized information sharing among autonomous systems [12].The router based SYN Flood detection methods monitor backscatter at a router. These methods, however, have following drawbacks:• It is impossible to detect the attacks whose backscatter does not pass through the router.• Administrative access to the router is required. This means general users will have difficulties to acquire the information of SYN Flood attacks though the information is important even for general users in order to avoid becoming attackers unknowingly.• It is difficult to detect attacks if the inside network of the router is small because the number of backscatter packets which passes the router is almost proportional to the size of its network if the sources addresses of SYN packets are uniformly spoofed.

B. Distributed SYN Flood Detection There are some existing distributed systems for detecting DoS attacks. DShield [13] collects the firewall log from volunteers all over the world. Monitored results are opened to the public on the web. It shows increasing accessed port number and as one of the notable features, attacker’s source IP addresses are also revealed. @Police (National Police Agency, Japan) [14] places 57 network sensors in Japanese police facilities. They collect the intrusion detection system log and the firewall log. The result of analysis is up dated per specific time interval as a graph and opened to the public on the web. @Police also has the system specialized for monitoring backscatter to detect SYN Flood attacks. When network administrators or individual users want to comprehend the latest trend of attacks, it is natural that they access to the web server which network monitoring organization provides. The information they get in this way is, however, a summarized result by such organizations. Summarized results may be an overview or fragmented information and it is difficult to acquire detailed information. Moreover, such a result may not be the latest information. From monitoring organization’s point of view, revealing the raw addresses of network sensors has a risk of being attacked. This implies they cannot reveal detailed information without careful consideration. In recent years, a method of detecting static network sensors was devised [15]. Attackers can attack evading static network sensors intentionally after detecting those sensors using this method. Thus, monitoring organizations are compelled to provide the information with decreased accuracy.

IV. DISTRIBUTED DETECTING METHOD FOR SYN FLOOD ATTACKSGenerally speaking, all the hosts directly connected to the Internet have the possibility to receive backscatter. When some hosts receive backscatter, however, it is impossible to confirm whether similar backscatter is monitored in other networks or not. Furthermore, one host cannot always receive sufficient amount of backscatter to detect the trend of attacks because the backscatter spreads sparsely as mentioned above. Thus, if we can collect backscatter information among a number of distributed hosts, it will be possible to detect the trend of attacks. In our previous work, we have proposed a distributed detecting method for SYN Flood attacks by collecting backscatter information among a number of distributed hosts. In this section, we outline our method.

A. Procedure

The backscatter information which we can use for detecting attacks is shown in Table I. If the source IP address and the source port number are identified from these information, we can comprehend the attacked host and the attacked service. Our method consists of the following 3 steps:1) Extract backscatter information (usually from log files created by network traffic monitoring software like tcpdump1) on each sensing point (a host or a router). The backscatter information consists of 1) the received time, 2) IP address and port number of source host(i.e., victim host).2) Collect these information from several sensing points. Each sensing point replies with the summarized information if it is requested for the information. The summarization is done by counting the number of backscatter packets for each source host which corresponds to the victim host of the SYN Flood attack at some time interval. Table II is an example of collected backscatter information using our method. In this example, time interval is 5 minutes. Our method does not collect raw destination addresses. Instead of that, we count the number of unique sensing points (destination hosts) which discover the backscatter generated by the identical attack to examine how far the backscatter is spread on the Internet. We call this information The Number of Unique Sensing Points.3) Analyze the collected information.One reason to collect the number of unique sensing points instead of the destination addresses themselves is that revealing raw IP addresses of sensing points (the destination addresses of backscatter) has a risk of being attacked. Another reason is to reduce a false positive. In our method, non backscatter packets might become background noises which cause undesirable effect on the accuracy of a detection result. Though our preliminary experiment showed background noises were negligible [16], we can also use the number of unique sensing points to eliminate such noises. For example, we consider the case of collecting backscatter information from 20 hosts and 20 doubtful SYN/ACK packets were monitored as the result. If these 20 packets were monitored in nearly 20 unique sensing points, those packets information can be the correct result to detect the SYN Flood attack. On the contrary, if these 20 packets were monitored in only one sensing point, those packets information can be a false positive generated by background noises.

B. Advantage over Related WorksAs we mentioned in the previous section, router based detection has a difficulty to acquire the information of backscatter from wider range of network. It also has a difficulty for general users to acquire the information of backscatter. Existing distributed systems for SYN Flood attack detection use the static network sensors, which monitor traffic at the same sensing points each time. In addition, such network sensors have to be hidden from attackers in order not to bypass them. Therefore, the monitoring address space cannot help considerably be limited. Our method enables us to monitor traffic anywhere on the Internet in principle because any hosts on the Internet can become a network sensor. Thus, even individual users can collect the latest trend of attacks in wider range.

VI. CONCLUSIONThis is developing a distributed detecting method for SYN Flood attacks by collecting backscatter information among a number of distributed hosts. In this paper, we evaluated our method in terms of the applicability to the real Internet. We carried out the experiments using the CAIDA’s real network trace which reflects roughly 1/256 of the real situation of SYN Flood

attacks on the Internet. This method successfully detected SYN Flood attacks and most of our detected attacks were large-scale and outstanding SYN Flood attacks as we expected. Thus, we conclude our method is applicable to the real Internet. We determine that our method enables network administrators to develop a countermeasure according to the latest trend of attacks without depending on Internet monitoring organizations. Our future work is an operational test on the Internet.

VII.REFERENCES[1] Symantec. (2010, Feb.) State of Enterprise Security 2010. SES report Feb2010.pdf. [Online]. Available: http://www.symantec.com/content/en/us/about/presskits/[2] C. Li, W. Jiang, and X. Zou, “Botnet: Survey and case study,”in ICICIC ’09: Proceedings of the 2009 Fourth International Conference on Innovative Computing, Information and Control.Washington, DC,USA: IEEE Computer Society, 2009,pp. 1184–1187.[3] GovCert.nl (Dutch Computer Emergency Response Team).[Online]. Available: http://www.govcert.nl[4] D. Moore, C. Shannon, D. J. Brown, G. M. Voelker, and S. Savage, “Inferring internet denial-of-service activity,” ACM Transactions on Computer Systems (TOCS), vol. 24, no. 2, pp.115–139, 2006.[5] X. Yang, D. Wetherall, and T. E. Anderson, “TVA: a DoS-limiting network architecture,” IEEE/ACM Trans. Netw.,vol. 16, no. 6, pp. 1267–1280, 2008.[6] B. Parno, D. Wendlandt, E. Shi, A. Perrig, B. M. Maggs, and Y.-C. Hu, “Portcullis: protecting connection setup from denial-of-capability attacks,” in SIGCOMM, 2007, pp. 289–300.[7] “Combating Botnets Using the Cisco ASA Botnet Traffic Filter,” White Paper, Cisco, Jun. 2009.[8] Stacheldraht, DDoS attack tool. [Online]. Available: http://staff.washington.edu/dittrich/misc/stacheldraht.analysis [9] Synk4, SYN Flooder (source code). [Online]. Available:http://www.hoobie.net/security/exploits/hacking/synk4.c[10] R. R. Kompella, S. Singh, and G. Varghese, “On scalable attack detection in the network,” IEEE/ACM Transactions on Networking, vol. 15, no. 1, pp. 14–25, Feb. 2007.[11] H. Wang, D. Zhang, and K. G. Shin, “Change-point monitoring for the detection of DoS attacks,” IEEE Transactions on Dependable and Secure Computing, vol. 1, no. 4, pp. 193–208, October-December 2004.[12] G. Zhang and M. Parashar, “Cooperative detection and protection against network attacks using decentralized informationsharing,” The Journal of Networks, Software Tools, and Applications, Kluwer Academic Publishers, vol. 13, no. 1, pp. 67–86, 2010.[13] DShield. [Online]. Available: http://www.dshield.org[14] @Police.[Online].Available:http://www.cyberpolice.go.jp[15] Y. Shinoda, K. Ikai, and M. Itoh, “Vulnerabilities of passive internet threat monitors,” in 14th USENIX Security Symposium (SEC ’05), 2005, pp. 209–224.[16] M. Narita, T. Katoh, B. B. Bista, and T. Takata, “A distributed detecting method for SYN Flood attacks and its implementation using mobile agents,” in MATES, 2009, pp. 91–102.[17] T. Katoh, H. Kuzuno, T. Kawahara, A. Watanabe, Y. Nakai, B. B. Bista, and T. Takata, “A wide area log analyzing system based on mobile agents,” in Computational Intelligence for

Modelling, Control and Automation, 2006 and International Conference on Intelligent Agents, Web Technologies and Internet Commerce, Nov. 2006, (7 pages).[18] Agent Based Log Analyzing System (ABLA) Project.[Online]. Available: http://sourceforge.jp/projects/abla/[19] M. Lacage, “Yet another network simulator,” in WNS2 ’06: Proc. of the 2006 workshop on NS-2, 2006.[20] C. Shannon, D. Moore, E. Aben, and K. Claffy.The CAIDA Backscatter-2008 Dataset - 2008-11-19. backscatter 2008 dataset.xml. [Online]. Available:http://www.caida.org/data/passive/

PARALLEL COMPUTING & PARALLEL PROGRAMMING MODELS

Lecturer Ila Shridhar SavantMarathwada Mitra Mandal’s College of Engineering, Pune.

Computer Engineering Department

Lecturer Pradyna Santosh RandiveMarathwada Mitra Mandal’s College of Engineering, Pune.

Computer Engineering DepartmentAbstract:This covers the very basics of parallel computing, and it begins with a brief overview, including concepts and terminology associated with parallel computing. The topics of parallel memory architectures and programming models are then explored. These topics are followed by a discussion on a number of issues related to design parallel programs Parallel Computer Memory Architectures. It also concludes with several examples of how to parallelize simple serial programs. It makes aware about existing paralyzing technologies.This includes various parallel programming models, shared memory model –without threads, shared memory model -with threads, distributed memory-message passing model, data parallel model, Hybrid model, SPMD & MPMD model and the implementing parallel programs.It also covers Automatic Vs. Manual parallelization for designing parallel programs &factors to consider on the cost of parallelization.

Introduction What is Parallel Computing?

The simultaneous use of multiple computer resources to solve a computational problem is called Parallel computing :

It has multiple CPUs with distributed-memory clusters made up of smaller shared-memory systems or single-CPU systems.

A problem is broken into discrete parts that can be solved concurrently

Each part is further broken down to a series of instructions

Instructions from each part execute simultaneously on different CPUs.

Coordinating the concurrent work of the multiple processors and synchronizing the results are handled by program calls to parallel libraries.

Parallel Computer Memory Architecture:

1. Shared Memory Architecture

Uniform Memory Access (UMA):

Most commonly represented today by Symmetric Multiprocessor (SMP) machines. Identical processors Equal access and access times to memory Sometimes called CC-UMA - Cache Coherent UMA. Cache coherent means if one processor updates a location in shared memory, all the other processors know

about the update. Cache coherency is accomplished at the hardware level.Global address space provides a user-friendly programming perspective to memory. Data sharing between tasks is both fast and uniform due to the proximity of memory to CPUs Non-Uniform

Memory Access (NUMA)

Often made by physically linking two or more SMPs. One SMP can directly access memory of another SMP. Not all processors have equal access time to all memories Memory access across link is slower.Global address space provides a user-friendly programming perspective to memory. Data

sharing between tasks is both fast and uniform due to the proximity of memory to CPUs Primary disadvantage is the lack of scalability between memory and CPUs

2) Distributed Memory Architecture

Processors have their own local memory. Memory addresses in one processor do not map to another processor, so there is no concept of global address space across all processors. Because each processor has its own local memory, it operates independently. Changes it makes to its local memory have no effect on the memory of other processors. Hence, the concept of cache coherency does not apply. When a processor

needs access to data in another processor, it is usually the task of the programmer to explicitly define how and when data is communicated. Synchronization between tasks is likewise the programmer's responsibility. It require a communication network to connect inter-processor memory.

3) Hybrid Distributed-Shared Memory

Mean among four subjects(std)Num Selections 20(7) 5(2)Task Time(s) 220(67) 112(25)Nav Time(s) 124(37) 73(19)Mean of three trials from best subjects(std)Num Selections 15(5) 4(1)Task Time(s) 141(42) 85(4)Nav Time(s) 99(30) 74(9)MnimumNum Selections 8 4Task Time(s) 91 75Nav Time(s) 59 59

3.2 Study I: ResultsAll four subjects were able to use the hierarchical BCI to complete the assigned tasks. The average SSVEP-based 3-class accuracy for the four subjects from the preliminary set of trials was 77.5% (standard deviation 13.8). Although somewhat lower than other SSVEP rates reported in the literature,we found that subjects exhibited higher SSVEP accuracy when using the entire system with closed-loop feedback. Results obtained for the three different performance metrics are shown in Table 1. In the table, we also include for comparison purposes the minimum values for these metrics, assuming a user with 100% SSVEP accuracy.The results indicate that for all three metrics, subjects demonstrate improved performance using the hierarchical BCI: both the mean and variance for all three performance metrics are lower when using the hierarchical BCI compared to the low-level BCI. Results from the best performing subject provide interesting insights regarding the use of high-level commands in a hierarchical BCI. Due to the high SSVEP accuracy of this subject, the difference in the mean values between low-level and hierarchical modes of control was less, but the variance for low-level control was significantly greater than for higher-level control (Table 1). This is corroborated by the navigational traces in Figure 3, where we see that trajectories from the hierarchical BCI tend to follow the minimal path to the goal location based on the learned

Figure 3: Example Robot Trajectories from User- Demonstrated Low-Level Control and Hierarchical ControlThe dashed trajectories represent low-level navigational control by the user. These trajectories were used to train an RBF neural network. The solid trajectories represent autonomous navigation by the robot using the learned RBF network after selection of the corresponding high-level command by the user. The small arrows indicate the vector field learned by the RBF network (‘Learned Policy’) based on the user’s demonstrated trajectories.representation in the neural network. This result confirms the expectation that the network learns an interpolated trajectory that minimizes the variances inherent in the training trajectories,with more training data leading to better performance. 3.3 Study II: Uncertainty-Guided Actions and Multi-TaskingAn important observation from Study I was that the learned high-level commands were not reliable in parts of the task space where there is insufficient training data. Ideally, we would like the system to identify if it is able to safely execute the desired high-level command, preventing potentially catastrophic accidents. We investigated such an approach in Study II by utilizing Gaussian processes (GP) for learning instead of RBF networks.The experiments were conducted with the subject that performed best in Study I. The navigation task was similar but used a room that was 2.25 times larger and had various obstacles.The enlarged size and presence of non-wall shaped obstacles increased the difficulty of robot navigation by requiring longer and more focused control. The environment had two overhead lights on the right and left side of room that could be controlled in the multi-tasking task. Additionally,Study II also varied the starting position of the robot, making the learning problem more challenging.

Figure 4: Navigation traces comparing RBF and GP models for learning. The white region in the GP plot represents the high confidence region where autonomous navigation is allowed; user input is solicited whenever the robot enters a high uncertainty (dark) region where there was insufficient training data. There were four days of experiments; two days of RBF runs on the new environment, and two days of GP runs on the new environment. On the first day for each type, the user was instructed to alternate runs of training and testing. In Figure 4, starting points S2, S4, S6 represent test starting locations,and S1, S3, S5 represent starting points of the robot in training mode. The second day only involved test trials from each of the six starting locations based on the first day’s learned model. Additionally, for GP runs, to test the ability to multitask,the user was instructed to turn on the lights on the side of the environment where the goal of the high-level command was located once the robot started autonomously navigating.We measured two performance metrics (Figure 5): time spent controlling the robot using low-level control versus high-level commands (‘Navigation time’), and number of selections the user had to make to achieve a given task (‘Number of selections’). To compare the performance of GP to RBF learning, we measured the success rate of the high-level commands, defined by number of times a high-level command was successfully executed (i.e., the robot reached the destination) divided by number of times a high-level command was selected. Note that lack of success implies that the robot experienced a fall or another mode of failure. 3.4 Study II: ResultsThe user successfully performed the entire experiment as instructed,managing a total of 24 runs over four days. As shown in Figure 5, the GP-based hierarchical BCI resorted to frequent user guidance on Day 1 (large amount of time and selections for low-level). On Day 2, however, the user was able to invoke a learned high-level command, resulting in a larger number of selections and large amount of time forhigh-level commands. This allowed the user to multi-task and select the appropriate light to turn on, while the robot was autonomously navigating (“Multitasking”). Figure 6 compares the success rate of high-level commands for GP versus RBF-based hierarchical BCIs. As expected, the GP-based BCI exhibits a higher success rate for performing high-level commands due to its ability to switch to user-control in low confidence areas.

ConclusionBCIs for robotic control have in the past faced a trade-off between cognitive load and flexibility. More robotic autonomy [Bell et al., 2008] implied coarse-grained control and less flexibility, while fine-grained control provided greater flexibility but higher cognitive load. This paper proposes a new hierarchical architecture for BCIs that overcomes this tradeoff by combining the advantages of these two approaches.Our results from two studies using EEG-based hierarchical BCIs demonstrate that (1) users can use the hierarchical BCI to train a robot in a simulated environment, allowing learned skills to be translated to high-level commands, (2) the problem of day-to-day variability in BCI performance can be alleviated by storing user-taught skills in a

learned model for long-term use, allowing the learned skill to be selected as a high-level command and executed consistently from day to day, (3) a probabilistic model for learning (e.g., GPs) can be used to mediate the switch between high-level autonomous control and low-level user control, safeguarding against potentially catastrophic accidents, and (4) the hierarchical architecture allows the user to simultaneously control multiple devices, opening the door to multi-tasking BCIs. Our ongoing efforts are focused on testing the approach with a larger number of subjects and investigating its applicability to other challenging problems such as controlling a robotic arm with grasping capabilities.References

1. [Bell et al., 2008] C.J. Bell, P. Shenoy, R. Chalodhorn, and R.P.N. Rao. Control of a humanoid robot by a noninvasive brain–computer interface in humans. Journal of Neural Engineering, 5:214, 2008.

2. [Cyberbotics Ltd., 2010] Webots. http://www.cyberbotics.com/, 2010. [Online; accessed 12-13-2010].

3. [Faller et al., 2010] J. Faller, G. M¨uller-Putz, D. Schmalstieg,and G. Pfurtscheller. An application framework for controlling an avatar in a desktop-based virtual environment via a software ssvep brain-computer interface. Presence:Teleoperators and Virtual Environments, 19(1):25–34, 2010.

4. [Gal´an et al., 2008] F. Gal´an, M. Nuttin, E. Lew, P. Ferrez,G. Vanacker, J. Philips, and J. del R. Mill´an. A brainactuated wheelchair: Asynchronous and non-invasive brain-computer interfaces for continuous control of robots. Clinical Neurophysiology, 119(9):2159–2169, 2008.

5. [M¨uller-Putz and Pfurtscheller, 2007] G. R. M¨uller-Putz and G. Pfurtscheller. Control of an electrical prosthesis with an SSVEP-based BCI. Biomedical Engineering, IEEE Transactions

6. on, 55(1):361–364, 2007.7. [Rao and Scherer, 2010] R.P.N. Rao and R. Scherer. Braincomputer interfacing. IEEE

Signal Processing Magazine,27(4):152–150, July 2010.8. [Rasmussen, 2004] C.E. Rasmussen. Gaussian processes in machine learning. Advanced

Lectures on Machine Learning,pages 63–71, 2004.9. [Scherer et al., 2008] R. Scherer, F. Lee, A. Schlogl,R. Leeb, H. Bischof, and G.

Pfurtscheller. Toward10. self-paced brain–computer communication: Navigation through virtual worlds.

Biomedical Engineering, IEEE Transactions on, 55(2):675–682, 2008.[The Gaussian Processes Web Site, 2011] Gpml matlab code version 3.1. http://www.gaussianprocess.

RECOVERY FROM DUAL-LINK FAILURESUSING TUNNELING

POOJA SATISH GANDODHARM.E.[C.S.E.] (Pursuing)

MMCOE, PUNE

SWARA SANKET NALAWADEM.TECH.[C.S.E.] (Pursuing)

MMCOE, PUNE

Abstract:This paper develops novel mechanisms for recovering from failures in IP networks with proactive backup path calculations and Internet Protocol (IP) tunnelling. The primary scheme provides

resilience for up to two link failures along a path. The highlight of the developed routing approach is that a node reroutes a packet around the failed link without the knowledge of the second link failure. The proposed technique requires three protection addresses for every node, in addition to the normal address. Associated with every protection address of a node is a protection graph. Each link connected to the node is removed in at least one of the protection graphs, and every protection graph is guaranteed to be two-edge-connected. The network recovers from the first failure by tunnelling the packet to the next-hop node using one of the protection addresses of the next-hop node; the packet is routed over the protection graph corresponding to that protection address. It is proved that it is sufficient to provide up to three protection addresses per node to tolerate any arbitrary two link failures in a three-edge connected graph. An extension to the basic scheme provides recovery from single-node failures in the network. It involves identification of the failed node in the packet path and then routing the packet to the destination along an alternate path not containing the failed node. The effectiveness of the proposed techniques was evaluated by simulating the developed algorithms over several network topologies.

INTRODUCTIONThe Internet has evolved into a platform with applications having strict demands on robustness and availability, like trading systems, online games, telephony, and video conferencing. For these applications, even short service disruptions caused by routing convergence can lead to intolerable performance degradations. As a response, several mechanisms have been proposed to give fast recovery from failures at the Internet Protocol (IP) layer. In these schemes, backup next-hops are prepared before a failure occurs, and the discovering router handles a component failure locally without signaling to the rest of the network. Using one of these fast-rerouting methods, the recovery time is mainly decided by the time it takes to discover the failure. Often, proactive recovery schemes are thought of as a first line of defense against component failures. They are used to maintain valid routing paths between the nodes in the network, until the routing protocol converges on a new global view of the topology. Such a strategy is particularly germane when facing transient failures, which are common in IP networks today. While single-link failures are the most common failure type, it is also interesting to explore methods that protect against two simultaneous link failures. It is sometimes possible to identify Shared Risk Link Groups (SRLG) of links that are likely to fail simultaneously by a careful mapping of components that share the same underlying fiber infrastructure. This might, however, be a complex and difficult task since the dependencies in the underlying transport network might not be fully known and can change over time.A recovery method that can recover from two independent and simultaneous link failures will greatly reduce the need for such a mapping. The goal of this paper is to enhance the robustness of the network to: 1) dual-link failures; and 2) single-node failures. To this end, some techniques are developed that combine the positive aspects of the various single-link and node failure recovery techniques. In the developed approach, every node is assigned up to four addresses normal address and up to three protection addresses. The network recovers from the first failure using IP-in-IP tunneling with one of the “protection addresses” of the next node in the path. Packets destined to the protection address of a node are routed over a protection graph where the failed link is not present. Every protection graph is guaranteed to be two-edge-connected by construction, hence is guaranteed to tolerate another link failure. In this proposed technique it is proved to compute the protection graphs at a node such that each link connected to the node is removed in at least one of the protection graphs, and every protection graph is two-edge-connected. The highlight of our approach is that we prove that

every node requires at most three protection graphs, hence three protection addresses. When a tunneled packet encounters multiple link failures connected to the same next-hop node that the next-hop node has failed. The packet is then forwarded to the original destination from the last good node in the protection graph along a path that does not contain the failed node.

NETWORK MODELConsider a network Graph G (N, L), where N is set of nodes and L is set of bidirectional links in the network. We assume that the network employs a link-state protocol by which every node is aware of the network topology. We make no assumptions about symmetric links. A network must be three-edge-connected in order to be resilient to two arbitrary link failures, irrespective of the recovery strategy employed. Fig. 2 provides notations that are used in this paper.

Default IP address associated with node u.Notations

Meaning

u iu 0 Alice address associated with node u for group i, where i=1, 2, 3.Nu Set of neighbors of node uSu

i Subset of neighbors of node u i= 1, 2, 3.Gui Auxiliary graph associated with node u i= 1, 2, 3.Nui Set of node associated with graph Gui.

Lui Set of links associated with graph Gui.

Sui Set of nodes whose links to u are removed in Gui.

RECOVERY FROM DUAL-LINK FAILURESUSING TUNNELINGTo recover from arbitrary dual-link failures, we assign four addresses per node—one normal address u0 and up to three protection addresses u1, u2 and u3, which are employed whenever a link failure is encountered.. These addresses are used to identify the endpoints of tunnels carrying recovery traffic around the protected link. The links connected to node are divided into three protection groups, Lu1, Lu2 and Lu3. Node is associated with three protection graphs—Gu i (N, L\Lui), where i=1, 2, 3. The protection graph Gui is obtained by removing the links in Lui from the original graph G. The highlight of our approach is that each of the three protection graphs is two-edge-connected by construction. We prove that such a construction is guaranteed in three-edge-connected graph. Let Sug = {v | u-v ∑ Lug} denote those nodes that are connected to a link that belongs to Lug. Nodes in are the only nodes that will initiate tunneling of packets (to protection address ug) upon failure of the link connecting node.A. Computing Protection Graphs The decomposition of the graph into three protection graphs is achieved by temporarily removing for every node u ∑ G is achieved by temporarily removing node u and obtaining the connected components in the resultant network. If the network is two-vertex-connected, then removal of any one node will keep the remaining network connected. However, if the network is only one-vertex-connected, removal of node may split the network into multiple

connected components. In such a scenario, we consider every connected component individually. We assign the links from a connected component to node u into different groups based on further decomposition and compute the protection groups. We then combine the corresponding protection groups obtained from multiple connected components. The procedure for constructing the protection graphs for node is shown in Fig. 3.

Theorem: A three-edge-connected graph G (N, L), the procedure in Fig. 3 constructs at most three protection graphs for every node u such that each protection graph is two-edge- connected and every link connected to is not present in at least one of the protection graphs.

PERFORMANCE EVALUATIONUnder dual-link failure scenarios, the distribution of the average path lengths under the RTF and STF approaches appear to be quite similar. However, the computation of the recovery path length of a link under two-link failure scenarios is averaged over only those scenarios where the second failure affects the first recovery path. As the first recovery path is shorter in the STF approach, the probability that the second failure affects the first recovery path is smaller compared to the RTF approach.As in the case of single-link failure recovery analysis, we obtain a plot of the average modified path lengths and expected path lengths against the shortest path lengths for node failures. This is expected as the failed node causes the failure of all links connected to it and the recovery path involves the determination of the node failure by first traversing the single- and dual-link failure path and then the final path to the destination.

Consider a link l that connects nodes u and v. when there are no failures, the path length from u to v is one hop. When link l fails, both edges u→v and v→u fail. Consider the edge u→v. Let Gvg Denotes the protection graph at node v in link was removed. Let Pvg, uv denotes the path from u to v on the default path in the protection graph Gvg. Note this path denotes the path on red tree in RTF while It will denote minimum path length among the two trees in STF approach. We compute the average backup path length between a node pair when the link connected between them has failed asA1=1/2|L| * ∑ (| Pvg, uv |+| Pug, vu |)

The maximum backup path length under single link failure scenario is obtained asM1= max [max(|Pvg, uv |, |Pug, vu |)]

Table shows average backup path lengths for a link under single and two link failure scenarios for two networks using RTF and STF strategy.

l ∑ L

l ∑ L

4.062.81M1 maximum backup path length under single link failure.248115Metric

Node 28 Mesh 4*4 A1 average backup path length under single link failure.

A2 average backup path length under dual link failure.8.272.27

12.02 12.38 5.30 6.51

M2 maximum backup path length under dual link failure.

37 24 15 17

Node-28(28 Nodes and 42 Links) Mesh 4*4 (16 Nodes 32 Links)

CONCLUSIONThis discussion develops two novel schemes to provide failure recovery in IP networks. The first scheme handles up to two link failures. The first failure is handled by routing the packet in protection graph, where each protection graph is designed to handle another link failure. The links connected to node may be grouped such that at most three protection graphs are needed per node. All backup routes are designed priori using three protection addresses per node, in addition to normal address. We also discussed two approaches namely RTF and STF, to forward the tunneled packet in the protection graph.The second scheme extends the first that it provides recovery from dual link failure or single node failure. A node failure is assumed when three links connected to the same node are unavailable. The packet is then forwarded along a path to the destination avoiding the failed node. The performance of above schemes is evaluated by applying the algorithm to two networks and comparing the path lengths obtained with the two approaches. We can say that the recovery path lengths are significantly reduced with STF approach as compared to RTF approach.

REFERENCES[1] S. Kini, S Ramasubramanian, A Kvalbein and J Hansen “Fast Recovery from Dual link failures or single node failures in IP networks” in proc. IEEE ACM transactions on networking, vol. 18, no 6, Dec. 2010.[2] M Shant and S. Bryant and S. Privedi “IP fast reroute using not via address” Internet draft 05 Mar 2010.[3] S Ramasubramanian, M Harkara and M Krunz “Linear time distributed construction of Colored trees for disjoint multipath routing” Comput. Netw. J. vol 51, no.10 Jul 2007.

[4] http://en.wikipedia.org/wiki/IP_tunnel

Low-Level Feature Extraction for Content-Based Image RetrievalArchana B. Waghmare

( Lecturer SVPM’s COE Malegaon(Bk.) ME-IT , Ph-9975102479 )

Abstract:The purpose of feature extraction technique in image processing is to represent the image in its compact and unique form of single values for the purpose of content-based image retrieval (CBIR) is presented in this report. The CBIR problem is motivated by the need to search the exponentially increasing space of image and video databases efficiently and effectively. The visual content of an image is analyzed in terms of low-level features extracted from the image. These primarily constitute color, Shape and texture features. For color feature extraction, Color Moments, Color Histogram, Color Coherence Vector, color Correlogram method were implemented. For Shape feature extraction Fourier Descriptor & Circularity, Eccentricity, and Major Axis Orientation were implemented. For texture feature extraction Tamura Features, Daubechies’ wavelet transform were implemented. The color histogram and the Daubechies’ wavelet transform were shown to yield the highest color and texture retrieval results respectively, at the expense of more computation relative to the other proposed methods.

1. IntroductionA rapid increase in the size of digital audio-visual information that is used handled and

stored via several applications. Besides several benefits and usages, such massive collection of information has brought storage and especially management problems. There are two main approaches in indexing and retrieval of images and videos in multimedia databases: (a) keyword-based indexing and (b) content-based indexing.

The keyword-based indexing uses keywords or descriptive text, which is stored together with images and videos in the databases. Retrieval is performed by matching the query, given in the form of keywords, with the stored keywords. This approach is not satisfactory, because the text-based description tends to be incomplete, imprecise, and inconsistent in specifying visual information.

Content based indexing Low-level visual features like color, shape, texture etc are being used for indexing and retrieving images. Content Based Image Retrieval (CBIR) refers to a technique which uses visual contents to search an image from large scale image database according to users’ interests & based on automatically-derived image features2 Color Feature Extraction Model :

Color feature extraction involves analyzing the absolute color value of each pixel. Color is generally represented by the color distribution of the image. Color distribution is a statistical feature and techniques such as moments and color histogram are commonly used.

2.1 Color Moments The first order (mean), the second (variance) and the third order (skewness) color moments have been proved to be efficient and effective in representing color distribution of images.

The first three moments are defined as:

Where fij is the value of the i-th color component of the image pixel j, and N is the number of pixels in the image.

2.2 Color HistogramIn image retrieval systems color histogram is the most commonly used feature. The main

reason is that it is independent of image size and orientation. Also it is one of the most straight-forward features utilized by humans for visual recognition and discrimination. Statistically, it denotes the joint probability of the intensities of the three color channels. Once the image is segmented, from each region the color histogram is extracted. The major statistical data that are extracted are histogram mean, standard deviation, and median for each color channel i.e. Red, Green, and Blue. So totally 3 × 3 = 9 features per segment are obtained. All the segments need not be considered, but only segments that are dominant may be considered, because this would speed up the calculation and may not significantly affect the end result.2.3 Color Coherence Vector

A different way of incorporating spatial information into the color histogram, color coherence vectors (CCV), was proposed. Each histogram bin is partitioned into two types, i.e., coherent, if it belongs to a large uniformly-colored region, or incoherent, if it does not. Let αi denote the number of coherent pixels in the ith color bin and βi denote the number of incoherent pixels in an image. Then, the CCV of the image is defined as the vector <(α1, β1), (α2, β2), …, (αN, βN)>. Note that <α1+β1, α2+β2, …, αN+βN> is the color histogram of the image.2.4 Color Correlogram

A color Correlogram is a table indexed by color pairs, where the k-th entry for (i, j) specifies the probability of finding a pixel of color j at a distance k from a pixel of color i in the image. Let I represent the entire set of image pixels and Ic(i) represent the set of pixels whose colors are c(i). Then, the color Correlogram is defined as:

where i, j {1, 2, …, N}, k {1, 2, …, d}, and | p1 – p2 | is the

distance between pixels p1 and p2.

3 Texture Feature Extraction

Texture has qualities such as periodicity and scale; it can be described in terms of direction, coarseness, contrast and so on. So, by considering these features we are going to implement following methods of texture.

3.1 Tamura Features

A Tamura feature defines six textural features, coarseness, contrast, directionality, line-likeness, regularity and roughness and these are compared with psychological measurements for human subjects.

a) Coarseness

The coarseness is then computed by averaging over the entire image.

b) Contrast

The formula for the contrast is as follows:

where the kurtosis α4 = μ4/σ4, μ4 is the fourth moment about the mean, and σ2 is the variance. This formula can be used for both the entire image and a region of the image.

c) Directionality

To compute the directionality, image is convoluted with two 3x3 arrays and a gradient vector at each pixel is computed. The magnitude and angle of this vector are defined as:

Where ΔH and ΔV are the horizontal and vertical differences of the convolution. Then, by quantizing θ and counting the pixels with the corresponding magnitude |ΔG| larger than a threshold, a histogram of θ, denoted as HD, can be constructed. This histogram will exhibit strong peaks for highly directional images and will be relatively flat for images without strong orientation. The entire histogram is then summarized to obtain an overall directionality measure based on the sharpness of the peaks:

In this sum p ranges over np peaks; and for each peak p, wp is the set of bins distributed over it; while φp is the bin that makes the peak value.

3.2 Daubechies’ wavelet transforms Daubechies’ wavelets generate texture features for each 4X4 area and have clustered such areas for image segmentation. In our application, we use Daubechies’ wavelet transform on the pixel intensity values of the complete image for texture feature generation. We apply two-dimensional Daubechies’ wavelet transform to each image in the database. The Daubechies’ wavelet transform has been implemented by Quadrature Mirror Filters.

The QMF filters consist of a low-pass filter, H, and high-pass filter, G. The relationship between filters H and G is

g(n) = (-1)^n * h(1-n) ………………………..(1) Forward wavelet transform is implemented using H_bar and G_bar filters, where inverse

wavelet transform is implemented using H and G filters. The relationship between H and H_bar, G and G_bar filters are as follows:

g(n) = g_bar(-n) ..............................................(2) h(n) = h_bar(-n) ……………………………..(3)

In order to reduce the nonzero wavelet coefficients corresponding to an edge, smaller number of wavelet taps is more desired. Daubechie's 6 tap wavelet is well known and has some nice properties. Thus, 6 tap Daubechie's wavelet is chosen to implement our system. The filter coefficient for Daubechie’s 6 tap wavelet is listed as follow.

h(0)=0.332670552950 h(1)=0.806891509311 h(2)=0.459877502118 h(3)=-0.135011020010 h(4)=-0.085441273882 h(5)= 0.035226291882

A two-dimensional forward wavelet transform can be implemented using 2 one-dimensional forward wavelet transforms; one in the horizontal direction, the other in the vertical direction.

A one-dimensional data, d is filtered using Daubechie's filter by convolving the filter coefficients h(k) and the input data as follows:

new_d(i) = h(0)*d(i-0) + h(1)*d(i-1) + ... + h(5)*d(i-5) (4) Using the 3-level 6 tap Daubechies’ wavelet transform, we recursively decompose an

image into different frequency bands .fig 1

After the first level wavelet transform, we retain the three high frequency bands, namely, the HL, LH and the HH bands. Standard deviations of the coefficients of these three bands form three features. We then decompose the LL band into four second level frequency bands and get three more features by calculating standard deviations of the three high frequency bands at this level. The last three features are generated by decomposing the second level LL band to one more level and calculating the standard deviations of the higher frequency bands at the third level of decomposition. Since the LL band at the lowest level contains mostly low frequency information (corresponding to image layout), use of the LL band further, adversely affects the retrieval performance. We, therefore, do not extract any feature from the level 3 LL band. Thus, by calculating the standard deviations of each of the three high frequency bands at each level, we generate a 9-component texture feature vector for an entire image.

4 Shape Feature Extraction

Shape features of objects or regions have been used in many content-based image retrieval systems. Compared with color and texture features, shape features are usually described after images have been segmented into regions or objects.

4.1 Fourier DescriptorsFourier descriptors describe the shape of an object with the Fourier transform of its

boundary. Again, consider the contour of a 2D object as a closed sequence of successive boundary pixels (xs, ys), where 0 ≤ s ≤ N-1 and N is the total number of pixels on the boundary. Then three types of contour representations, i.e., curvature, centroid distance, and complex coordinate function, can be defined.

The curvature K(s) at a point s along the contour is defined as the rate of change in tangent direction of the contour, i.e.,

Where θ(s) is the turning function of the contour.

The centroid distance is defined as the distance function between boundary pixels and the centroid (xc, yc) of the object:

The complex coordinate is obtained by simply representing the coordinates of the boundary pixels as complex numbers:

The Fourier descriptor of the curvature is:

……………..(1)

The Fourier descriptor of the centroid distance is:

……….(2)

Where Fi in (1) and (2) denotes the ith component of Fourier transform coefficients. Here only the positive frequency axes are considered because the curvature and centroid distance functions are real and, therefore, their Fourier transforms exhibit symmetry, i.e., |F-i| = |Fi|.The Fourier descriptor of the complex coordinate is:

4.2 Circularity, Eccentricity, and Major Axis Orientation

Circularity is computed as:

Where S is the size and P is the perimeter of an object. This value ranges between 0 (corresponding to a perfect line segment) and 1 (corresponding to a perfect circle). The major axis orientation can be defined as the direction of the largest eigenvector of the second order covariance matrix of a region or an object. The eccentricity can be defined as the ratio of the smallest eigen value to the largest eigen value.Distance Measure One image from each class was chosen as a query image. The color (or texture) features were then extracted from the query image and from all the images in the database. The features extracted from each image were represented as a vector in RD, and Euclidean distance was used to measure the distance from the feature vector of the query to the feature vector of every image in the database. 5 Experiments and Results

The simulations were performed in Java. For color feature extraction, the RGB space was quantized to 128 color bins. The representative feature is tested on 50 medium resolution (384 * 256 pixels) images from diverse contents such as wild life, city, buses, horses, mountains, beach, food, African natives, etc. each of which contain 5 to 10 images.

Result Analysis of Image Database:

Images

Insertion QueryTime for Search

(sec)Number of relevant matches

(Ck)Total number of relevant matches in database

(M)Number of retrieval (k)PrecisionRecall10Corel_98.jpg614110.2515Corel_320.jpg723210.6720Corel_859.jpg82230.

830.525Corel_301.jpg103440.750.7530Corel_730.jpg121220.50.535Corel_620.jpg143560.50.640Corel_25.jpg152240.47145Corel_15.jpg172470.280.75Table 5.2: Retrieval Result

Figure 1: Time v/s No. of Relevant Retrieval Figure 2: Precision v/s Recall

6 Conclusion and Future scopeVisual features most widely used in content-based image retrieval are color, texture,

shape, and spatial information. Color is usually represented by the color histogram, color correlogram, color coherence vector, and color moment under a certain color space. Texture can be represented by Tamura feature, Wavelet transformation. Shape can be represented by moment invariants, turning angles, Fourier descriptors, circularity, and eccentricity. Each of these low level features tends to capture only one aspect of an image property. The color histogram and the Daubechies’ wavelet transform were found to yield the highest color and texture retrieval results, respectively, at the cost of higher computational complexity. In future work, we will explore methods for combining color and texture features, in addition to incorporating user-feedback into the system.References

[1] P. Liu, K. Jia, Z. Wang and Z. Lv, “A New and Effective Image Retrieval Method Based on Combined Features”, Proc. IEEE Int. Conf. on Image and Graphics, vol. I, pp. 786‐790, August 2007.[2]N. R. Howe and D. P. Huttenlocher, “Integrating Color, Texture and Geometry for Image Retrieval”, Proc. IEEE Conf. on Computer Vision and Pattern Recognition, vol. II, pp. 239‐246, June 2000[3] Dr. Fuhui Long, Dr. Hongjiang Zhang and Prof. David Dagan Feng “Fundamentals Of Content-Based ImageRetrieval”.[4] W. Y. Ma and B. S. Manjunath, “A comparison of wavelet transform features for texture image annotation,” in Proc. IEEE International Conf. On Image Processing, 1995.[5] J.Z. Wang, G. Wiederhold, O. Firschein and Wei, S X, “Content-based Image Indexing and Searching using Daubechies’ Wavelets”, Int Journal of Digital Libraries, 1, 1997, pp. 311-328.

NETWORK AND INTERNET SECURITY

Mr . Chavan Sandeep P.

Bharati Vidyapeeth

Deemed University,Pune.

ABSTRACTWriting a basic article on network security is something like writing a brief introduction to flying a commercial airliner. Much must be omitted, and an optimistic goal is to enable the reader to appreciate the skills required. The first question to address is what we mean by "network security." Several possible fields of endeavor come to mind within this broad topic, and each is worthy of a lengthy

article. To begin, virtually all the security policy issues apply to network as well as general computer security considerations. In fact, viewed from this perspective, network security is a subset of computer security. The art and science of cryptography and its role in providing confidentiality, integrity, and authentication represents another distinct focus even though it's an integral feature of network security policy. The topic also includes design and configuration issues for both network-perimeter and computer system security. The practical networking aspects of security include computer intrusion detection, traffic analysis, and network monitoring. This article focuses on these aspects because they principally entail a networking perspective.

IntroductionIn the field of networking, the area of network security[1] consists of the provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: It secures the network, as well as protecting and overseeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password.

Network security starts with authenticating the user, commonly with a username and a password. Since this requires just one detail authenticating the user name —i.e. the password, which is something the user 'knows'— this is sometimes termed one-factor authentication. With two-factor authentication, something the user 'has' is also used (e.g. a security token or 'dongle', an ATM card, or amobile phone); and with three-factor authentication, something the user 'is' is also used (e.g. a fingerprint or retinal scan).

Once authenticated, a firewall enforces access policies such as what services are allowed to be accessed by the network users.[2]Though effective to prevent unauthorized access, this component may fail to check potentially harmful content such as computer wormsor Trojans being transmitted over the network. Anti-virus software or an intrusion prevention system (IPS)[3] help detect and inhibit the action of such malware. An anomaly-based intrusion detection system may also monitor the network and traffic for unexpected (i.e. suspicious) content or behavior and other anomalies to protect resources, e.g. from denial of service attacks or an employee accessing files at strange times. Individual events occurring on the network may be logged for audit purposes and for later high-level analysis.Communication between two hosts using a network may be encrypted to maintain privacy. Honeypots, essentially decoy network-accessible resources, may be deployed in a network as surveillance and early-warning tools, as the honeypots are not normally accessed for legitimate purposes. Techniques used by the attackers that attempt to compromise these decoy resources are studied

during and after an attack to keep an eye on new exploitation techniques. Such analysis may be used to further tighten security of the actual network being protected by the honeypot.

CONCLUSION

Examining the threats and managing them appropriately is very important for the smooth running of any organisation. Although theserve their purpose to a great extent , they are not completely fool proof. Every technique does have its flaw. Man is very skilled at developing new security mechanisms , but an equally destructive code can be written to foil the already existing mechanisms. Network security does not guarantee the safety of any organisation, information or computer systems. Physical security must not be neglected at any cost. Inspite of its minor drawbacks, network security techniques do offer a great deal of safety and we cannot disregard the revolution brought about by techniques like cryptography and authentication in the field of network security

References

1. ̂  Simmonds, A; Sandilands, P; van Ekert, L (2004). "An Ontology for Network

Security Attacks". Lecture Notes in Computer Science 3285: 317–323. doi:10.1007/978-

3-540-30176-9_41.

2. ̂  A Role-Based Trusted Network Provides Pervasive Security and Compliance -

interview with Jayshree Ullal, senior VP of Cisco

3. ̂  Dave Dittrich, Network monitoring/Intrusion Detection Systems (IDS),

University of Washington.

4. ̂  "''Honeypots, Honeynets''". Honeypots.net. 2007-05-26. Retrieved 2011-12-09.

5. ̂  "The six dumbest ways to secure a wireless LAN | ZDNet". Blogs.zdnet.com.

Retrieved 2011-12-09.

6. ̂  Julian Fredin, Social software development program Wi-Tech

7. ̂  "Introduction to Network Security". Interhack.net. Retrieved 2011-12-09.

8. ̂  "Welcome to CERT". Cert.org. 2011-10-17. Retrieved 2011-12-09.

9. ̂  Wright, Joe; Jim Harmening (2009) "15" Computer and Information Security

Handbook Morgan Kaufmann Pubblications Elsevier Inc p. 257

10. ̂  http://www.cnss.gov/Assets/pdf/cnssi_4009.pdf