Digital Library

Vol. 17, No. 4, Aug. 2021  Cover

1. High Rate Denial-of-Service Attack Detection System for Cloud Environment Using Flume and Spark
   Janitza Punto Gutierrez, Kilhung Lee
   Vol. 17, No. 4, pp. 675-689, Aug. 2021  
   https://doi.org/10.3745/JIPS.03.0164
   Details Full Text PubReader
   Keywords: Denial-of-Service, FP-Growth Pre-filtering, HDFS Spark Streaming, Web Log
   Show / Hide Abstract

   Nowadays, cloud computing is being adopted for more organizations. However, since cloud computing has a virtualized, volatile, scalable and multi-tenancy distributed nature, it is challenging task to perform attack detection in the cloud following conventional processes. This work proposes a solution which aims to collect web server logs by using Flume and filter them through Spark Streaming in order to only consider suspicious data or data related to denial-of-service attacks and reduce the data that will be stored in Hadoop Distributed File System for posterior analysis with the frequent pattern (FP)-Growth algorithm. With the proposed system, we can address some of the difficulties in security for cloud environment, facilitating the data collection, reducing detection time and consequently enabling an almost real-time attack detection.


2. Alsat-2B/Sentinel-2 Imagery Classification Using the Hybrid Pigeon Inspired Optimization Algorithm
   Dounia Arezki, Hadria Fizazi
   Vol. 17, No. 4, pp. 690-706, Aug. 2021  
   https://doi.org/10.3745/JIPS.02.0158
   Details Full Text PubReader
   Keywords: Alsat-2B, Davies-Bouldin Index, Flower Pollination Algorithm, genetic algorithm, Pigeon-Inspired Optimization, Satellite Image Classification, Sentinel-2
   Show / Hide Abstract

   Classification is a substantial operation in data mining, and each element is distributed taking into account its feature values in the corresponding class. Metaheuristics have been widely used in attempts to solve satellite image classification problems. This article proposes a hybrid approach, the flower pigeons-inspired optimization algorithm (FPIO), and the local search method of the flower pollination algorithm is integrated into the pigeon-inspired algorithm. The efficiency and power of the proposed FPIO approach are displayed with a series of images, supported by computational results that demonstrate the cogency of the proposed classification method on satellite imagery. For this work, the Davies-Bouldin Index is used as an objective function. FPIO is applied to different types of images (synthetic, Alsat-2B, and Sentinel-2). Moreover, a comparative experiment between FPIO and the genetic algorithm genetic algorithm is conducted. Experimental results showed that GA outperformed FPIO in matters of time computing. However, FPIO provided better quality results with less confusion. The overall experimental results demonstrate that the proposed approach is an efficient method for satellite imagery classification.


3. The Method for Generating Recommended Candidates through Prediction of Multi-Criteria Ratings Using CNN-BiLSTM
   Jinah Kim, Junhee Park, Minchan Shin, Jihoon Lee, Nammee Moon
   Vol. 17, No. 4, pp. 707-720, Aug. 2021  
   https://doi.org/10.3745/JIPS.02.0159
   Details Full Text PubReader
   Keywords: Bidirectional Long Short-Term Memory (BiLSTM), Convolutional Neural Network (CNN), Multi-Criteria Recommendation System, Recommendation System
   Show / Hide Abstract

   To improve the accuracy of the recommendation system, multi-criteria recommendation systems have been widely researched. However, it is highly complicated to extract the preferred features of users and items from the data. To this end, subjective indicators, which indicate a user’s priorities for personalized recommendations, should be derived. In this study, we propose a method for generating recommendation candidates by predicting multi-criteria ratings from reviews and using them to derive user priorities. Using a deep learning model based on convolutional neural network (CNN) and bidirectional long short-term memory (BiLSTM), multi-criteria prediction ratings were derived from reviews. These ratings were then aggregated to form a linear regression model to predict the overall rating. This model not only predicts the overall rating but also uses the training weights from the layers of the model as the user’s priority. Based on this, a new score matrix for recommendation is derived by calculating the similarity between the user and the item according to the criteria, and an item suitable for the user is proposed. The experiment was conducted by collecting the actual “TripAdvisor” dataset. For performance evaluation, the proposed method was compared with a general recommendation system based on singular value decomposition. The results of the experiments demonstrate the high performance of the proposed method.


4. A Joint Allocation Algorithm of Computing and Communication Resources Based on Reinforcement Learning in MEC System
   Qinghua Liu, Qingping Li
   Vol. 17, No. 4, pp. 721-736, Aug. 2021  
   https://doi.org/10.3745/JIPS.01.0079
   Details Full Text PubReader
   Keywords: Cellular MEC System, Markov Decision Process, Resource Allocation, Reinforcement Learning, Task Unloading
   Show / Hide Abstract

   For the mobile edge computing (MEC) system supporting dense network, a joint allocation algorithm of computing and communication resources based on reinforcement learning is proposed. The energy consumption of task execution is defined as the maximum energy consumption of each user's task execution in the system. Considering the constraints of task unloading, power allocation, transmission rate and calculation resource allocation, the problem of joint task unloading and resource allocation is modeled as a problem of maximum task execution energy consumption minimization. As a mixed integer nonlinear programming problem, it is difficult to be directly solve by traditional optimization methods. This paper uses reinforcement learning algorithm to solve this problem. Then, the Markov decision-making process and the theoretical basis of reinforcement learning are introduced to provide a theoretical basis for the algorithm simulation experiment. Based on the algorithm of reinforcement learning and joint allocation of communication resources, the joint optimization of data task unloading and power control strategy is carried out for each terminal device, and the local computing model and task unloading model are built. The simulation results show that the total task computation cost of the proposed algorithm is 5%–10% less than that of the two comparison algorithms under the same task input. At the same time, the total task computation cost of the proposed algorithm is more than 5% less than that of the two new comparison algorithms.


5. Evaluation of Artificial Intelligence-Based Denoising Methods for Global Illumination
   Soroor Malekmohammadi Faradounbeh, SeongKi Kim
   Vol. 17, No. 4, pp. 737-753, Aug. 2021  
   https://doi.org/10.3745/JIPS.02.0162
   Details Full Text PubReader
   Keywords: Denoising, Filtering, Global Illumination, Monte Carlo Noise, Noise Removal
   Show / Hide Abstract

   As the demand for high-quality rendering for mixed reality, videogame, and simulation has increased, global illumination has been actively researched. Monte Carlo path tracing can realize global illumination and produce photorealistic scenes that include critical effects such as color bleeding, caustics, multiple light, and shadows. If the sampling rate is insufficient, however, the rendered results have a large amount of noise. The most successful approach to eliminating or reducing Monte Carlo noise uses a feature-based filter. It exploits the scene characteristics such as a position within a world coordinate and a shading normal. In general, the techniques are based on the denoised pixel or sample and are computationally expensive. However, the main challenge for all of them is to find the appropriate weights for every feature while preserving the details of the scene. In this paper, we compare the recent algorithms for removing Monte Carlo noise in terms of their performance and quality. We also describe their advantages and disadvantages. As far as we know, this study is the first in the world to compare the artificial intelligence-based denoising methods for Monte Carlo rendering.


6. Audio and Video Bimodal Emotion Recognition in Social Networks Based on Improved AlexNet Network and Attention Mechanism
   Min Liu, Jun Tang
   Vol. 17, No. 4, pp. 754-771, Aug. 2021  
   https://doi.org/10.3745/JIPS.02.0161
   Details Full Text PubReader
   Keywords: AlexNet Networks, Attention Mechanism, Concordance Correlation Coefficient, Deep Learning, Feature Layer Fusion, Multimodal Emotion Recognition, Social Networks
   Show / Hide Abstract

   In the task of continuous dimension emotion recognition, the parts that highlight the emotional expression are not the same in each mode, and the influences of different modes on the emotional state is also different. Therefore, this paper studies the fusion of the two most important modes in emotional recognition (voice and visual expression), and proposes a two-mode dual-modal emotion recognition method combined with the attention mechanism of the improved AlexNet network. After a simple preprocessing of the audio signal and the video signal, respectively, the first step is to use the prior knowledge to realize the extraction of audio characteristics. Then, facial expression features are extracted by the improved AlexNet network. Finally, the multimodal attention mechanism is used to fuse facial expression features and audio features, and the improved loss function is used to optimize the modal missing problem, so as to improve the robustness of the model and the performance of emotion recognition. The experimental results show that the concordance coefficient of the proposed model in the two dimensions of arousal and valence (concordance correlation coefficient) were 0.729 and 0.718, respectively, which are superior to several comparative algorithms.


7. A Model for Illegal File Access Tracking Using Windows Logs and Elastic Stack
   Jisun Kim, Eulhan Jo, Sungwon Lee, Taenam Cho
   Vol. 17, No. 4, pp. 772-786, Aug. 2021  
   https://doi.org/10.3745/JIPS.03.0162
   Details Full Text PubReader
   Keywords: Active Directory, Digital Forensics, Elastic Stack, Microsoft Windows Log, Security, Shared Folder
   Show / Hide Abstract

   The process of tracking suspicious behavior manually on a system and gathering evidence are labor-intensive, variable, and experience-dependent. The system logs are the most important sources for evidences in this process. However, in the Microsoft Windows operating system, the action events are irregular and the log structure is difficult to audit. In this paper, we propose a model that overcomes these problems and efficiently analyzes Microsoft Windows logs. The proposed model extracts lists of both common and key events from the Microsoft Windows logs to determine detailed actions. In addition, we show an approach based on the proposed model applied to track illegal file access. The proposed approach employs three-step tracking templates using Elastic Stack as well as key-event, common-event lists and identify event lists, which enables visualization of the data for analysis. Using the three-step model, analysts can adjust the depth of their analysis.


8. Pointwise CNN for 3D Object Classification on Point Cloud
   Wei Song, Zishu Liu, Yifei Tian, Simon Fong
   Vol. 17, No. 4, pp. 787-800, Aug. 2021  
   https://doi.org/10.3745/JIPS.02.0160
   Details Full Text PubReader
   Keywords: Point Clouds, Pointwise CNN, 3D Object Classification
   Show / Hide Abstract

   Three-dimensional (3D) object classification tasks using point clouds are widely used in 3D modeling, face recognition, and robotic missions. However, processing raw point clouds directly is problematic for a traditional convolutional network due to the irregular data format of point clouds. This paper proposes a pointwise convolution neural network (CNN) structure that can process point cloud data directly without preprocessing. First, a 2D convolutional layer is introduced to percept coordinate information of each point. Then, multiple 2D convolutional layers and a global max pooling layer are applied to extract global features. Finally, based on the extracted features, fully connected layers predict the class labels of objects. We evaluated the proposed pointwise CNN structure on the ModelNet10 dataset. The proposed structure obtained higher accuracy compared to the existing methods. Experiments using the ModelNet10 dataset also prove that the difference in the point number of point clouds does not significantly influence on the proposed pointwise CNN structure.


9. Security in Network Virtualization: A Survey
   Seung Hun Jee, Ji Su Park, Jin Gon Shon
   Vol. 17, No. 4, pp. 801-817, Aug. 2021  
   https://doi.org/10.3745/JIPS.04.0220
   Details Full Text PubReader
   Keywords: Cloud, Network virtualization, NFV, NVO, SDN, Security
   Show / Hide Abstract

   Network virtualization technologies have played efficient roles in deploying cloud, Internet of Things (IoT), big data, and 5G network. We have conducted a survey on network virtualization technologies, such as software-defined networking (SDN), network functions virtualization (NFV), and network virtualization overlay (NVO). For each of technologies, we have explained the comprehensive architectures, applied technologies, and the advantages and disadvantages. Furthermore, this paper has provided a summarized view of the latest research works on challenges and solutions of security issues mainly focused on DDoS attack and encryption.


10. Cross-Domain Text Sentiment Classification Method Based on the CNN-BiLSTM-TE Model
    Yuyang Zeng, Ruirui Zhang, Liang Yang, Sujuan Song
    Vol. 17, No. 4, pp. 818-833, Aug. 2021  
    https://doi.org/10.3745/JIPS.04.0221
    Details Full Text PubReader
    Keywords: "Bidirectional Long Short-Term Memory, Convolutional Neural Network, Deep Learning, sentiment analysis, Topic Extraction"
    Show / Hide Abstract

    To address the problems of low precision rate, insufficient feature extraction, and poor contextual ability in existing text sentiment analysis methods, a mixed model account of a CNN-BiLSTM-TE (convolutional neural network, bidirectional long short-term memory, and topic extraction) model was proposed. First, Chinese text data was converted into vectors through the method of transfer learning by Word2Vec. Second, local features were extracted by the CNN model. Then, contextual information was extracted by the BiLSTM neural network and the emotional tendency was obtained using softmax. Finally, topics were extracted by the term frequencyinverse document frequency and K-means. Compared with the CNN, BiLSTM, and gate recurrent unit (GRU) models, the CNN-BiLSTM-TE model’s F1-score was higher than other models by 0.0147, 0.006, and 0.0052, respectively. Then compared with CNN-LSTM, LSTM-CNN, and BiLSTM-CNN models, the F1-score was higher by 0.0071, 0.0038, and 0.0049, respectively. Experimental results showed that the CNN-BiLSTM-TE model can effectively improve various indicators in application. Lastly, performed scalability verification through a takeaway dataset, which has great value in practical applications.


11. Security Improvement of File System Filter Driver in Windows Embedded OS
    Yeon Sang Seong, Chaeho Cho, Young Pyo Jun, Yoojae Won
    Vol. 17, No. 4, pp. 834-850, Aug. 2021  
    https://doi.org/10.3745/JIPS.03.0165
    Details Full Text PubReader
    Keywords: access control, File System Filter Driver, mandatory access control, Whitelist, Windows Embedded OS
    Show / Hide Abstract

    IT security companies have been releasing file system filter driver security solutions based on the whitelist, which are being used by several enterprises in the relevant industries. However, in February 2019, a whitelist vulnerability was discovered in Microsoft Edge browser, which allows malicious code to be executed unknown to users. If a hacker had inserted a program that executed malicious code into the whitelist, it would have resulted in considerable damage. File system filter driver security solutions based on the whitelist are discretionary access control (DAC) models. Hence, the whitelist is vulnerable because it only considers the target subject to be accessed, without taking into account the access rights of the file target object. In this study, we propose an industrial device security system for Windows to address this vulnerability, which improves the security of the security policy by determining not only the access rights of the subject but also those of the object through the application of the mandatory access control (MAC) policy in the Windows industrial operating system. The access control method does not base the security policy on the whitelist; instead, by investigating the setting of the security policy not only for the subject but also the object, we propose a method that provides improved stability, compared to the conventional whitelist method.


12. Host-Based Malware Variants Detection Method Using Logs
    Woo-Jin Joe, Hyong-Shik Kim
    Vol. 17, No. 4, pp. 851-865, Aug. 2021  
    https://doi.org/10.3745/JIPS.03.0163
    Details Full Text PubReader
    Keywords: Big data, Host-Based Detection, log, Malware Variants, Sysmon
    Show / Hide Abstract

    Enterprise networks in the PyeongChang Winter Olympics were hacked in February 2018. According to a domestic security company’s analysis report, attackers destroyed approximately 300 hosts with the aim of interfering with the Olympics. Enterprise have no choice but to rely on digital vaccines since it is overwhelming to analyze all programs executed in the host used by ordinary users. However, traditional vaccines cannot protect the host against variant or new malware because they cannot detect intrusions without signatures for malwares. To overcome this limitation of signature-based detection, there has been much research conducted on the behavior analysis of malwares. However, since most of them rely on a sandbox where only analysis target program is running, we cannot detect malwares intruding the host where many normal programs are running. Therefore, this study proposes a method to detect malware variants in the host through logs rather than the sandbox. The proposed method extracts common behaviors from variants group and finds characteristic behaviors optimized for querying. Through experimentation on 1,584,363 logs, generated by executing 6,430 malware samples, we prove that there exist the common behaviors that variants share and we demonstrate that these behaviors can be used to detect variants.