Database interfaces on NASA's heterogeneous distributed database system

The syntax and semantics of all commands used in the template are described. Template builders should consult this document for proper commands in the template. Previous documents (Semiannual reports) described other aspects of this project. Appendix 1 contains all substituting commands used in the system. Appendix 2 includes all repeating commands. Appendix 3 is a collection of DEFINE templates from eight different DBMS's

Database interfaces on NASA's heterogeneous distributed database system

The purpose of Distributed Access View Integrated Database (DAVID) interface module (Module 9: Resident Primitive Processing Package) is to provide data transfer between local DAVID systems and resident Data Base Management Systems (DBMSs). The result of current research is summarized. A detailed description of the interface module is provided. Several Pascal templates were constructed. The Resident Processor program was also developed. Even though it is designed for the Pascal templates, it can be modified for templates in other languages, such as C, without much difficulty. The Resident Processor itself can be written in any programming language. Since Module 5 routines are not ready yet, there is no way to test the interface module. However, simulation shows that the data base access programs produced by the Resident Processor do work according to the specifications

Automatic B cell lymphoma detection using flow cytometry data

Background: Flow cytometry has been widely used for the diagnosis of various hematopoietic diseases. Although there have been advances in the number of biomarkers that can be analyzed simultaneously and technologies that enable fast performance, the diagnostic data are still interpreted by a manual gating strategy. The process is labor-intensive, time-consuming, and subject to human error. Results: We used 80 sets of flow cytometry data from 44 healthy donors, 21 patients with chronic lymphocytic leukemia (CLL), and 15 patients with follicular lymphoma (FL). Approximately 15% of data from each group were used to build the profiles. Our approach was able to successfully identify 36/37 healthy donor cases, 18/18 CLL cases, and 12/13 FL cases. Conclusions: This proof-of-concept study demonstrated that an automated diagnosis of CLL and FL can be obtained by examining the cell capture rates of a test case using the computational method based on the multi-profile detection algorithm. The testing phase of our system is efficient and can facilitate diagnosis of B-lymphocyte neoplasms

Correlating Temporal Thumbprints for Tracing Intruders

The Design of TCP/IP protocol makes it difficult to reliably traceback to the original attackers if they obscure their identities by logging through a chain of multiple hosts. A thumbprint method based on connection content was proposed in 1995 to traceback attackers, but this method is limited to non-encrypted sessions. In this paper, we propose a thumbprint based on time intervals, T-thumbprint, to identify a connection. T-thumbprint is a sequence of time gaps between adjacent TCP 'Send' packets of an interactive terminal session. An algorithm is presented to correlate two T-thumbprints to see if they belong to the same connection chain. We also discuss how to use T-thumbprints to traceback an attacker on the Internet, and how to defeat at-tacker's manipulation. T-thumbprint has advantages of: (1) It can be applied to encrypt sessions; (2) It does not require tightly synchronized clocks; (3) It can defeat attacker's manipulation to some extent; and (4) It is efficient, can be used to trace attackers in real time

A real-time algorithm to detect long connection chains of interactive terminal sessions

Most computer intruders usually chain many computers so as to hide themselves before launching an attack on a target computer. One way to stop such attacks is to prevent the hackers from using computers as stepping-stones for their attack. In this paper, we propose an algorithm to detect the length of the connection chain. By monitoring packets of outgoing and incoming connections, we are able to compute the roundtrip time gap between a client’s “request ” and the server’s “reply. ” From the changes in the gaps, we can estimate the number of hosts from the current machine to the destination machine. Our algorithm has two advantages compare to the previous results [3]: (1) the estimation of the connection chain is more accurate, and (2) the algorithm can be used in real-time to detect long connection chains. Categories and Subject Descriptor

Stepping-Stone Detection via Request-Response Traffic Analysis

In this paper, we propose a new method to detect stepping-stone intrusion by computing the linearity between the numbers of send packets and the numbers of echo packets. The linearity of two relayed connections is better than that of two non-relayed connections. We develop a connection-chain detection procedure that may be used as a stepping-stone detection tool. Our procedure is based on analyzing correlations between the frequencies at which cumulative numbers of packets are sent in outgoing connections and at which packets are sent in that of the incoming connections. The experiment and simulation results show this method can resist intruders ’ time and chaff evasion better than other approaches