Analyzing a Bloom Filter Algorithm via a join-the-shortest-queue queuing system

This paper deals with the problem of identifying elephants in the Internet Traffic. The aim is to analyze a new adaptive algorithm based on a Bloom Filter. This algorithm uses a so-called min-rule which can be described as in the supermarket model. This model consists of joining the shortest queue among d queues selected at random in a large number of m queues. In case of equality, one of the shortest queues is chosen at random. An analysis of a simplified model gives an insight into the error generated by the algorithm for the estimation of the number of the elephants. The main conclusion is that, as m gets large, there is a deterministic limit for the empirical distribution of the filter counters. Limit theorems are proved and the limit is identified. It depends on key parameters. The condition for the algorithm to perform well is discussed. Theoretical results are validated by experiments on a trac trace from France Telecom and by simulations

Adaptive algorithms for identifying large flows in IP traffic

We propose in this paper an on-line algorithm based on Bloom filters for identifying large flows in IP traffic (a.k.a. elephants). Because of the large number of small flows, hash tables of these algorithms have to be regularly refreshed. Recognizing that the periodic erasure scheme usually used in the technical literature turns out to be quite inefficient when using real traffic traces over a long period of time, we introduce a simple adaptive scheme that closely follows the variations of traffic. When tested against real traffic traces, the proposed on-line algorithm performs well in the sense that the detection ratio of long flows by the algorithm over a long time period is quite high. Beyond the identification of elephants, this same class of algorithms is applied to the closely related problem of detection of anomalies in IP traffic, e.g., SYN flood due for instance to attacks. An algorithm for detecting SYN and volume flood anomalies in Internet traffic is designed. Experiments show that an anomaly is detected in less than one minute and the targeted destinations are identified at the same time

A Review on Missing Tags Detection Approaches in RFID System

Radio Frequency Identification (RFID) system can provides automatic detection on very large number of tagged objects within short time. With this advantage, it is been using in many areas especially in the supply chain management, manufacturing and many others. It has the ability to track individual object all away from the manufacturing factory until it reach the retailer store. However, due to its nature that depends on radio signal to do the detection, reading on tagged objects can be missing due to the signal lost. The signal lost can be caused by weak signal, interference and unknown source. Missing tag detection in RFID system is truly significant problem, because it makes system reporting becoming useless, due to the misleading information generated from the inaccurate readings. The missing detection also can invoke fake alarm on theft, or object left undetected and unattended for some period. This paper provides review regarding this issue and compares some of the proposed approaches including Window Sub-range Transition Detection (WSTD), Efficient Missing-Tag Detection Protocol (EMD) and Multi-hashing based Missing Tag Identification (MMTI) protocol. Based on the reviews it will give insight on the current challenges and open up for a new solution in solving the problem of missing tag detection

Improving the detection of On-line Vertical Port Scan in IP Traffic

International audienceWe propose in this paper an on-line algorithm based on Bloom filters to detect port scan attacks in IP traffic. Only relevant information about destination IP addresses and destination ports are stored in two steps in a two-dimensional Bloom filter. This algorithm can be indefinitely performed on a real traffic stream thanks to a new adaptive refreshing scheme that closely follows traffic variations. It is a scalable algorithm able to deal with IP traffic at a very high bit rate thanks to the use of hashing functions over a sliding window. Moreover it does not need any a priori knowledge about traffic characteristics. When tested against real IP traffic, the proposed on-line algorithm performs well in the sense that it detects all the port scan attacks within a very short response time of only 10 seconds without any false positive

An Evaluation of Popular Copy-Move Forgery Detection Approaches

A copy-move forgery is created by copying and pasting content within the same image, and potentially post-processing it. In recent years, the detection of copy-move forgeries has become one of the most actively researched topics in blind image forensics. A considerable number of different algorithms have been proposed focusing on different types of postprocessed copies. In this paper, we aim to answer which copy-move forgery detection algorithms and processing steps (e.g., matching, filtering, outlier detection, affine transformation estimation) perform best in various postprocessing scenarios. The focus of our analysis is to evaluate the performance of previously proposed feature sets. We achieve this by casting existing algorithms in a common pipeline. In this paper, we examined the 15 most prominent feature sets. We analyzed the detection performance on a per-image basis and on a per-pixel basis. We created a challenging real-world copy-move dataset, and a software framework for systematic image manipulation. Experiments show, that the keypoint-based features SIFT and SURF, as well as the block-based DCT, DWT, KPCA, PCA and Zernike features perform very well. These feature sets exhibit the best robustness against various noise sources and downsampling, while reliably identifying the copied regions.Comment: Main paper: 14 pages, supplemental material: 12 pages, main paper appeared in IEEE Transaction on Information Forensics and Securit

RFID data reliability optimizer based on two dimensions bloom filter

Radio Frequency Identification (RFID) is a flexible deployment technology that has been adopted in many applications especially in supply chain management. It provides several features such as to monitor, to identify and to track specific item hidden in a large group of objects in a short range of time. RFID system uses radio waves to perform wireless interaction to detect and read data from the tagged object. However, RFID data streams contain a lot of false positive and duplicate readings. Both types of readings need to be removed to ensure reliability of information produced from the data streams. A small occurrence of false positive can change the whole information, while duplicate readings unnecessarily occupied storage and processing resources. Many approaches have been proposed to remove false positive and duplicate readings, but they are done separately. These readings exist in the same data stream and must be removed using a single mechanism only. In this thesis, an efficient approach based on Bloom filters was proposed to remove both noisy and duplicate data from the RFID data streams. The noise and duplicate filter algorithm was constructed based on bloom filter. There are two bloom filters in one algorithm where each filter holds function either to remove noise data and to recognize data as correct reading from duplicate data reading. In order to test the algorithm, synthetic data was generated by using Poisson distribution. The simulation results show that our proposed approach outperformed other existing approaches in terms of data reliability