The Experts below are selected from a list of 16476 Experts worldwide ranked by ideXlab platform
Igor Kotenko - One of the best experts on this subject based on the ideXlab platform.
-
Generation of Access-Control Schemes in computer networks based on genetic algorithms
Nature-Inspired Cyber Security and Resiliency: Fundamentals Techniques and Applications, 2019Co-Authors: Igor Kotenko, Igor SaenkoAbstract:The nature-inspired approaches and methods are widely used now for the solution of problems in cases when classical mathematical ones fail. Fully it concerns also the problems solved in the field of computer security. One of such types of problems is the optimization of Access-Control Schemes in computer networks. A common example of such problem is the formation of Access-Control Schemes in databases, which use a role-based Access-Control (RBAC) model. This problem was singled out in a separate direction in data mining and received the name “role mining problem” (RMP).Another example is to generate a scheme of the virtual local computer network (VLAN) where network hosts must be distributed among the minimum quantity of virtual subnets. Both problems are NP-complete. A set of different approaches was offered to solve these problems. However, none of them can be considered as universal one. At the same time, genetic algorithms, which are one of the most characteristic representatives of nature-inspired approaches and methods, can be considered as a basis for such universal solutions. The chapter outlines the mathematical foundations for generation of Access-Control Schemes in computer networks, and examples of generating the RBAC and VLAN Schemes are considered. The chapter demonstrates that these optimization problems belong to the class of Boolean matrix factorization (BMF) problems. Besides, it shows how to use genetic algorithms for their solving. Some enhancements in these algorithms which allow increasing the speed of their operation and accuracy of decisions are considered.
-
improved genetic algorithms for solving the optimisation tasks for design of Access Control Schemes in computer networks
International Journal of Bio-inspired Computation, 2015Co-Authors: Igor Kotenko, Igor SaenkoAbstract:Access Control scheme design is the most important task in the field of computer network security, which has to be solved by security administrators and developers. The Access Control quality strongly affects such important security properties, as information privacy and Accessibility. One of the solutions to this problem is to reduce it to a form of the optimisation task and its subsequent solving by mathematical methods. However, due to the large complexity of this task, applying traditional mathematical methods is very difficult. At the same time, genetic algorithms represent a new and very interesting way to solve this class of problems. This paper suggests an approach for designing Access Control Schemes based on genetic algorithms. To enhance the implementation of genetic operations it proposes a number of significant improvements, which include the multi-chromosomal representation of individuals in populations, the usage of complex data types to represent genes in chromosomes and the use of special Control chromosomes. The experimental evaluation of the approach is discussed. It is demonstrated that the proposed improved genetic algorithms are quite efficient means for Access Control Schemes optimisation in computer networks.
-
MMM-ACNS - Genetic optimization of Access Control Schemes in virtual local area networks
Lecture Notes in Computer Science, 2010Co-Authors: Igor Saenko, Igor KotenkoAbstract:The paper presents the formulation of the problem of Access Control to information resources located in virtual local area networks. We define the initial data, the objective function and constraints of the problem. To solve the proposed problem we suggest the method of genetic optimization of Access Control scheme based on the poly-chromosomal representation of intermediate points. The results of computer simulation and evaluation of the proposed method are discussed.
-
genetic optimization of Access Control Schemes in virtual local area networks
Mathematical Methods Models and Architectures for Network Security Systems, 2010Co-Authors: Igor Saenko, Igor KotenkoAbstract:The paper presents the formulation of the problem of Access Control to information resources located in virtual local area networks. We define the initial data, the objective function and constraints of the problem. To solve the proposed problem we suggest the method of genetic optimization of Access Control scheme based on the poly-chromosomal representation of intermediate points. The results of computer simulation and evaluation of the proposed method are discussed.
Zygmunt J Haas - One of the best experts on this subject based on the ideXlab platform.
-
analyzing multi channel medium Access Control Schemes with aloha reservation
IEEE Transactions on Wireless Communications, 2006Co-Authors: Jing Deng, Zygmunt J HaasAbstract:In order to improve the throughput performance of medium Access Control (MAC) Schemes in wireless communication networks, some researchers proposed to divide a single shared channel into several sub-channels: one as Control sub-channel and the others as data sub-channels. In this paper, we analyze and evaluate the maximum achievable throughput of a class of generic multi-channel MAC Schemes that are based on the RTS/CTS (ready-to-send/clear-to-send) dialogue and on ALOHA contention resolution. We study these multi-channel MAC Schemes under two split-channel scenarios: the fixed-total-bandwidth scenario and the fixed-channel-bandwidth scenario. In the fixed-total-bandwidth scenario, we show that the throughput of the multi-channel MAC Schemes is inferior to that of the corresponding single-channel MAC scheme, which sends the RTS/CTS packets and DATA packets on a single shared channel. For the fixed-channel-bandwidth scenario, where CDMA or similar techniques can be applied, we derive the optimal number of the data sub-channels that maximizes the throughput. The analytical framework that we derive in this paper can also be used to evaluate other contention resolution technique, when the average contention period is known
-
analyzing split channel medium Access Control Schemes
IEEE Transactions on Wireless Communications, 2006Co-Authors: Jing Deng, Zygmunt J HaasAbstract:In this work, we analyze and evaluate the maximum achievable throughput of split-channel MAC Schemes that are based on the RTS/CTS (ready-to-send/clear-to-send) dialogue and that rely on pure ALOHA or on p-persistent carrier sensing multiple Access (CSMA) contention resolution techniques. Our results show that, when radio propagation delays are negligible and when the pure ALOHA mechanism is used, then for a network with relatively large number of nodes, the maximum achievable throughput of the split-channel MAC Schemes is lower than that of the corresponding single-channel MAC Schemes. When the split-channel MAC Schemes employ the p-persistent CSMA mechanism, then they out-perform the corresponding single-channel Schemes when the maximum end-to-end propagation delays are at least 25% of the transmission time of the Control packets on the single shared channel.
-
analyzing split channel medium Access Control Schemes with aloha reservation
Ad Hoc Networks, 2003Co-Authors: Jing Deng, Zygmunt J HaasAbstract:In order to improve the throughput performance of Medium Access Control (MAC) Schemes in wireless communication networks, some researchers proposed to split the single shared channel into two subchannels: a Control subchannel and a data subchannel. The Control subchannel is used for Access reservation to the data subchannel over which the data packets are transmitted, and such reservation can be done through the use of the dialogues such as RTS/CTS (Ready-To-Send/Clear-To-Send) dialogue. In this paper, we evaluate the maximum achievable throughput of split-channel MAC Schemes that are based on RTS/CTS dialogues with pure ALOHA contention resolution mechanism. We derive and calculate numerically the probability density function (pdf) of the contention resolution periods on the Control subchannel. We then apply these results to calculate the throughput of the split-channel MAC Schemes, which we then compare with the performance of the corresponding single-channel MAC Schemes. Our results show that, when radio propagation delays are negligible, the maximum achievable throughput of the split-channel MAC Schemes is lower than that of the corresponding single-channel MAC Schemes in the scenarios that we have studied. Consequently, our results suggest that splitting the single shared channel of the MAC scheme in a wireless network should be avoided. Simulation results are presented to support our analytical results.
Igor Saenko - One of the best experts on this subject based on the ideXlab platform.
-
Generation of Access-Control Schemes in computer networks based on genetic algorithms
Nature-Inspired Cyber Security and Resiliency: Fundamentals Techniques and Applications, 2019Co-Authors: Igor Kotenko, Igor SaenkoAbstract:The nature-inspired approaches and methods are widely used now for the solution of problems in cases when classical mathematical ones fail. Fully it concerns also the problems solved in the field of computer security. One of such types of problems is the optimization of Access-Control Schemes in computer networks. A common example of such problem is the formation of Access-Control Schemes in databases, which use a role-based Access-Control (RBAC) model. This problem was singled out in a separate direction in data mining and received the name “role mining problem” (RMP).Another example is to generate a scheme of the virtual local computer network (VLAN) where network hosts must be distributed among the minimum quantity of virtual subnets. Both problems are NP-complete. A set of different approaches was offered to solve these problems. However, none of them can be considered as universal one. At the same time, genetic algorithms, which are one of the most characteristic representatives of nature-inspired approaches and methods, can be considered as a basis for such universal solutions. The chapter outlines the mathematical foundations for generation of Access-Control Schemes in computer networks, and examples of generating the RBAC and VLAN Schemes are considered. The chapter demonstrates that these optimization problems belong to the class of Boolean matrix factorization (BMF) problems. Besides, it shows how to use genetic algorithms for their solving. Some enhancements in these algorithms which allow increasing the speed of their operation and accuracy of decisions are considered.
-
improved genetic algorithms for solving the optimisation tasks for design of Access Control Schemes in computer networks
International Journal of Bio-inspired Computation, 2015Co-Authors: Igor Kotenko, Igor SaenkoAbstract:Access Control scheme design is the most important task in the field of computer network security, which has to be solved by security administrators and developers. The Access Control quality strongly affects such important security properties, as information privacy and Accessibility. One of the solutions to this problem is to reduce it to a form of the optimisation task and its subsequent solving by mathematical methods. However, due to the large complexity of this task, applying traditional mathematical methods is very difficult. At the same time, genetic algorithms represent a new and very interesting way to solve this class of problems. This paper suggests an approach for designing Access Control Schemes based on genetic algorithms. To enhance the implementation of genetic operations it proposes a number of significant improvements, which include the multi-chromosomal representation of individuals in populations, the usage of complex data types to represent genes in chromosomes and the use of special Control chromosomes. The experimental evaluation of the approach is discussed. It is demonstrated that the proposed improved genetic algorithms are quite efficient means for Access Control Schemes optimisation in computer networks.
-
MMM-ACNS - Genetic optimization of Access Control Schemes in virtual local area networks
Lecture Notes in Computer Science, 2010Co-Authors: Igor Saenko, Igor KotenkoAbstract:The paper presents the formulation of the problem of Access Control to information resources located in virtual local area networks. We define the initial data, the objective function and constraints of the problem. To solve the proposed problem we suggest the method of genetic optimization of Access Control scheme based on the poly-chromosomal representation of intermediate points. The results of computer simulation and evaluation of the proposed method are discussed.
-
genetic optimization of Access Control Schemes in virtual local area networks
Mathematical Methods Models and Architectures for Network Security Systems, 2010Co-Authors: Igor Saenko, Igor KotenkoAbstract:The paper presents the formulation of the problem of Access Control to information resources located in virtual local area networks. We define the initial data, the objective function and constraints of the problem. To solve the proposed problem we suggest the method of genetic optimization of Access Control scheme based on the poly-chromosomal representation of intermediate points. The results of computer simulation and evaluation of the proposed method are discussed.
Jing Deng - One of the best experts on this subject based on the ideXlab platform.
-
analyzing multi channel medium Access Control Schemes with aloha reservation
IEEE Transactions on Wireless Communications, 2006Co-Authors: Jing Deng, Zygmunt J HaasAbstract:In order to improve the throughput performance of medium Access Control (MAC) Schemes in wireless communication networks, some researchers proposed to divide a single shared channel into several sub-channels: one as Control sub-channel and the others as data sub-channels. In this paper, we analyze and evaluate the maximum achievable throughput of a class of generic multi-channel MAC Schemes that are based on the RTS/CTS (ready-to-send/clear-to-send) dialogue and on ALOHA contention resolution. We study these multi-channel MAC Schemes under two split-channel scenarios: the fixed-total-bandwidth scenario and the fixed-channel-bandwidth scenario. In the fixed-total-bandwidth scenario, we show that the throughput of the multi-channel MAC Schemes is inferior to that of the corresponding single-channel MAC scheme, which sends the RTS/CTS packets and DATA packets on a single shared channel. For the fixed-channel-bandwidth scenario, where CDMA or similar techniques can be applied, we derive the optimal number of the data sub-channels that maximizes the throughput. The analytical framework that we derive in this paper can also be used to evaluate other contention resolution technique, when the average contention period is known
-
analyzing split channel medium Access Control Schemes
IEEE Transactions on Wireless Communications, 2006Co-Authors: Jing Deng, Zygmunt J HaasAbstract:In this work, we analyze and evaluate the maximum achievable throughput of split-channel MAC Schemes that are based on the RTS/CTS (ready-to-send/clear-to-send) dialogue and that rely on pure ALOHA or on p-persistent carrier sensing multiple Access (CSMA) contention resolution techniques. Our results show that, when radio propagation delays are negligible and when the pure ALOHA mechanism is used, then for a network with relatively large number of nodes, the maximum achievable throughput of the split-channel MAC Schemes is lower than that of the corresponding single-channel MAC Schemes. When the split-channel MAC Schemes employ the p-persistent CSMA mechanism, then they out-perform the corresponding single-channel Schemes when the maximum end-to-end propagation delays are at least 25% of the transmission time of the Control packets on the single shared channel.
-
analyzing split channel medium Access Control Schemes with aloha reservation
Ad Hoc Networks, 2003Co-Authors: Jing Deng, Zygmunt J HaasAbstract:In order to improve the throughput performance of Medium Access Control (MAC) Schemes in wireless communication networks, some researchers proposed to split the single shared channel into two subchannels: a Control subchannel and a data subchannel. The Control subchannel is used for Access reservation to the data subchannel over which the data packets are transmitted, and such reservation can be done through the use of the dialogues such as RTS/CTS (Ready-To-Send/Clear-To-Send) dialogue. In this paper, we evaluate the maximum achievable throughput of split-channel MAC Schemes that are based on RTS/CTS dialogues with pure ALOHA contention resolution mechanism. We derive and calculate numerically the probability density function (pdf) of the contention resolution periods on the Control subchannel. We then apply these results to calculate the throughput of the split-channel MAC Schemes, which we then compare with the performance of the corresponding single-channel MAC Schemes. Our results show that, when radio propagation delays are negligible, the maximum achievable throughput of the split-channel MAC Schemes is lower than that of the corresponding single-channel MAC Schemes in the scenarios that we have studied. Consequently, our results suggest that splitting the single shared channel of the MAC scheme in a wireless network should be avoided. Simulation results are presented to support our analytical results.
M Sidi - One of the best experts on this subject based on the ideXlab platform.
-
on the performance of bursty and modulated sources subject to leaky bucket rate based Access Control Schemes
IEEE Transactions on Communications, 1994Co-Authors: K Sohraby, M SidiAbstract:Provides an analysis of a rate-based Access Control scheme in high speed environments based on a buffered leaky bucket algorithm. The analysis is carried out in discrete time which is representative of an ATM environment. For the cell arrivals to the leaky bucket the authors consider a general discrete Markovian arrival process which models bursty and modulated sources. The key of the analysis is the introduction of the deficit junction that allows the reduction of the original problem to a more standard discrete time queueing system with the same arrival process. As an important special case, the detailed analysis of the binary Markov source throttled by such rate-based Access Control Schemes is presented. Along with explicit recursions for computation of state probabilities and simple characterisation of the asymptotic behavior of the queue build up, some guidelines for the parameter selection of these Schemes are provided. The results indicate that for sources with relatively large active periods, for an acceptable grade-of-service at the input queue, the token generation rate should be chosen to be close to the peak rate of the source, and increasing the bucket size of the leaky bucket does not improve substantially the performance at the input queue. >
-
on the performance of bursty and correlated sources subject to leaky bucket rate based Access Control Schemes
International Conference on Computer Communications, 1991Co-Authors: K Sohraby, M SidiAbstract:The analysis of a rate-based Access Control scheme in high speed environments that is based on a buffered leaky bucket algorithm is presented. The analysis is carried out in discrete time, which is representative of asynchronous transfer mode environments. For the cell arrivals to the leaky bucket, a general discrete Markovian arrival process is considered which models bursty and correlated sources. The introduction of the deficit function allows the reduction of the original problem to a more standard discrete time queuing system with the same arrival process. As an important special case, the detailed analysis of the binary Markov source throttled by such rate-based Access Control Schemes is presented. Along with explicit recursions for computation of state probabilities and simple characterization of the asymptotic behavior of the queue buildup, some guidelines for the parameter selection of these Schemes is provided. >
-
INFOCOM - On the performance of bursty and correlated sources subject to leaky bucket rate-based Access Control Schemes
IEEE INFCOM '91. The conference on Computer Communications. Tenth Annual Joint Comference of the IEEE Computer and Communications Societies Proceeding, 1991Co-Authors: K Sohraby, M SidiAbstract:The analysis of a rate-based Access Control scheme in high speed environments that is based on a buffered leaky bucket algorithm is presented. The analysis is carried out in discrete time, which is representative of asynchronous transfer mode environments. For the cell arrivals to the leaky bucket, a general discrete Markovian arrival process is considered which models bursty and correlated sources. The introduction of the deficit function allows the reduction of the original problem to a more standard discrete time queuing system with the same arrival process. As an important special case, the detailed analysis of the binary Markov source throttled by such rate-based Access Control Schemes is presented. Along with explicit recursions for computation of state probabilities and simple characterization of the asymptotic behavior of the queue buildup, some guidelines for the parameter selection of these Schemes is provided. >
