With the emergence of the Internet of Things (IoT), a large number of physical objects in daily life have been aggressively connected to the Internet. As the number of objects connected to networks increases, the security systems face a critical challenge due to the global connectivity and accessibility of the IoT. However, it is difficult to adapt traditional security systems to the objects in the IoT, because of their limited computing power and memory size. In light of this, we present a lightweight security system that uses a novel malicious pattern-matching engine. We limit the memory usage of the proposed system in order to make it work on resource-constrained devices. To mitigate performance degradation due to limitations of computation power and memory, we propose two novel techniques, auxiliary shifting and early decision. Through both techniques, we can efficiently reduce the number of matching operations on resource-constrained systems. Experiments and performance analyses show that our proposed system achieves a maximum speedup of 2.14 with an IoT object and provides scalable performance for a large number of patterns.
Sensor nodes in wireless sensor networks are easily exposed to open and unprotected regions. A security solution is strongly recommended to prevent networks against malicious attacks. Although many intrusion detection systems have been developed, most systems are difficult to implement for the sensor nodes owing to limited computation resources. To address this problem, we develop a novel distributed network intrusion detection system based on the Wu–Manber algorithm. In the proposed system, the algorithm is divided into two steps; the first step is dedicated to a sensor node, and the second step is assigned to a base station. In addition, the first step is modified to achieve efficient performance under limited computation resources. We conduct evaluations with random string sets and actual intrusion signatures to show the performance improvement of the proposed method. The proposed method achieves a speedup factor of 25.96 and reduces 43.94% of packet transmissions to the base station compared with the previously proposed method. The system achieves efficient utilization of the sensor nodes and provides a structural basis of cooperative systems among the sensors.
Mobile devices have been widespread and become very popular with connectivity to the Internet, and a lot of desktop PC applications are now aggressively ported to them. Unfortunately, mobile devices are often vulnerable to malicious attacks due to their common usage and connectivity to the Internet. Therefore, the demands on the development of mobile security systems increase in accordance with advances in mobile computing. However, it is very hard to run a security program on a mobile device all of the time due the device's limited computational power and battery life. To overcome these problems, we propose a novel mobile security scheme that migrates heavy computations on mobile devices to cloud servers. An efficient data transmission scheme for reducing data traffic between devices and servers over networks is introduced. We have evaluated the proposed scheme with a mobile device in a cloud environment, whereby it achieved a maximum speedup of 13.4 compared to a traditional algorithm.
A Bloom filter is a space-efficient hash filter which is widely used in various areas. In fact, high throughput and low power consumption have been required in the Bloom filter architecture. To satisfy these requirements, proposed is a new parallelised Bloom filter design. The proposed design provides performance improvement with lower power consumption and higher computation throughput compared to the regular Bloom filter.Introduction: Bloom filters were first introduced by B. Bloom in 1970 [1] and have been widely adopted in various areas owing to the hardware efficiency. Those areas include database systems, peer-to-peer applications, resource routing, and traffic management [2]. Especially, the performance issues in designing the Bloom filter have been raised in the applications which require high speed string matching such as network intrusion detection systems (NIDS) and deep packet inspection [3].A general Bloom filter is composed of multiple hash functions and a lookup array. The lookup array which is m-bit wide represents a set of n different signatures. To evaluate a query string, specific k bits in the lookup array are examined; the bit positions are pointed by the hash results. If those k bits are set to 1, the query is decided to be a member of the set. In fact, there is a possibility that a non-member query string might be evaluated as a member of the signatures, which is false positive rate (FPR). The FPR of a Bloom filter can be estimated as f in the following equation, where n is the number of signatures, m is the size of a lookup array, and k is the number of hash functions [3]:
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.