• 제목/요약/키워드: user request patterns

Search Result 17, Processing Time 0.025 seconds

Patterns in User Requests for Facility Management Services in Higher Education Facilities (대학 시설물 유지관리 서비스 사용자 요청 패턴 분석)

  • Uhm, Miyoung;Lee, Ghang
    • Proceedings of the Korean Institute of Building Construction Conference
    • /
    • 2015.11a
    • /
    • pp.95-96
    • /
    • 2015
  • This paper aims to identify patterns in users' requests for facility management (FM) services in higher education facilities. We analyzed data collected from 309 service request forms, made available via a department office and an enterprise resource planning system, at a private university in Seoul between May 2009 and February 2015. We found that the number of user requests were the highest in September and October. Requests for electronic and communication (E/C) services outnumbered those for architectural services and mechanical and plumbing (M/P) services. Repair requests for doors and windows were the most common under architectural services; repairs for air-conditioners and radiators were the most commonly under M/P services; and installation of electrical outlets, telephone wires, and internet services were the most sought-after E/C services. Maintenance requests were received every three months, while repair requests were received every six or seven months.

  • PDF

HTTP Request - SQL Query Mapping Scheme for Malicious SQL Query Detection in Multitier Web Applications (Multitier 웹 어플리케이션 환경에서 악의적인 SQL Query 탐지를 위한 HTTP Request - SQL Query 매핑 기법)

  • Seo, Yeongung;Park, Seungyoung
    • Journal of KIISE
    • /
    • v.44 no.1
    • /
    • pp.1-12
    • /
    • 2017
  • The continuously growing internet service requirements has resulted in a multitier system structure consisting of web server and database (DB) server. In this multitier structure, the existing intrusion detection system (IDS) detects known attacks by matching misused traffic patterns or signatures. However, malicious change to the contents at DB server through hypertext transfer protocol (HTTP) requests at the DB server cannot be detected by the IDS at the DB server's end, since the DB server processes structured query language (SQL) without knowing the associated HTTP, while the web server cannot identify the response associated with the attacker's SQL query. To detect these types of attacks, the malicious user is tracked using knowledge on interaction between HTTP request and SQL query. However, this is a practical challenge because system's source code analysis and its application logic needs to be understood completely. In this study, we proposed a scheme to find the HTTP request associated with a given SQL query using only system log files. We first generated an HTTP request-SQL query map from system log files alone. Subsequently, the HTTP request associated with a given SQL query was identified among a set of HTTP requests using this map. Computer simulations indicated that the proposed scheme finds the HTTP request associated with a given SQL query with 94% accuracy.

Detecting CSRF through Analysis of Web Site Structure and Web Usage Patterns (웹사이트 구조와 사용패턴 분석을 통한 CSRF 공격 탐지)

  • Choi, Jae-Yeong;Lee, Hyuk-Jun;Min, Byung-Jun
    • Convergence Security Journal
    • /
    • v.11 no.6
    • /
    • pp.9-15
    • /
    • 2011
  • It is difficult to identify attack requests from normal ones when those attacks are based on CSRF which enables an attacker transmit fabricated requests of a trusted user to the website. For the protection against the CSRF, there have been a lot of research efforts including secret token, custom header, proxy, policy model, CAPTCHA, and user reauthentication. There remains, however, incapacitating means and CAPTCHA and user reauthentication incur user inconvenience. In this paper, we propose a method to detect CSRF attacks by analyzing the structure of websites and the usage patterns. Potential victim candidates are selected and website usage patterns according to the structure and usage logs are analyzed. CSRF attacks can be detected by identifying normal usage patterns. Also, the proposed method does not damage users' convenience not like CAPTCHA by requiring user intervention only in case of detecting abnormal requests.

Examination of a Voice Interaction Model for Smart TV through Conversation Patterns (대화 패턴 연구를 통한 스마트TV 음성 상호작용 모델의 탐구)

  • Choi, Jinhae
    • The Journal of the Korea Contents Association
    • /
    • v.17 no.2
    • /
    • pp.96-104
    • /
    • 2017
  • As new smart devices are evolved into the intelligent agent who can reflect user intention and use context, user experience design for easy and convenient usability becomes a core competitive edge. Under the assumption that human centered natural interaction is necessary for the optimal smart TV experience, this study explores the types of voice interaction which are peculiar to TV watching context. In order to build a model for the users to naturally interact with Smart TV, conversation patterns were collected by requesting key features of Smart TV to intelligent agent. Collected sentences were applied to CfA model and classified by responses to activate features. The classified conversation patterns were divided into feature activation and information search. This study has identified that CfC1 occurred when voice interaction between Smart TV and users was vague and CfC2 occurred when the requests were complex or conditional. In conclusion, Simple Request Type is the most efficient model and voice interaction is more appropriate to use to clarify users' vague requests.

User Behavior Based Web Attack Detection in the Face of Camouflage (정상 사용자로 위장한 웹 공격 탐지 목적의 사용자 행위 분석 기법)

  • Shin, MinSik;Kwon, Taekyoung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.31 no.3
    • /
    • pp.365-371
    • /
    • 2021
  • With the rapid growth in Internet users, web applications are becoming the main target of hackers. Most previous WAFs (Web Application Firewalls) target every single HTTP request packet rather than the overall behavior of the attacker, and are known to be difficult to detect new types of attacks. In this paper, we propose a web attack detection system based on user behavior using machine learning to detect attacks of unknown patterns. In order to define user behavior, we focus on features excluding areas where an attacker can camouflage as a normal user. The experimental results shows that by using the path and query information to define users' behaviors, best results for an accuracy of 99% with Decision forest.

Uncertainty for Privacy and 2-Dimensional Range Query Distortion

  • Sioutas, Spyros;Magkos, Emmanouil;Karydis, Ioannis;Verykios, Vassilios S.
    • Journal of Computing Science and Engineering
    • /
    • v.5 no.3
    • /
    • pp.210-222
    • /
    • 2011
  • In this work, we study the problem of privacy-preservation data publishing in moving objects databases. In particular, the trajectory of a mobile user in a plane is no longer a polyline in a two-dimensional space, instead it is a two-dimensional surface of fixed width $2A_{min}$, where $A_{min}$ defines the semi-diameter of the minimum spatial circular extent that must replace the real location of the mobile user on the XY-plane, in the anonymized (kNN) request. The desired anonymity is not achieved and the entire system becomes vulnerable to attackers, since a malicious attacker can observe that during the time, many of the neighbors' ids change, except for a small number of users. Thus, we reinforce the privacy model by clustering the mobile users according to their motion patterns in (u, ${\theta}$) plane, where u and ${\theta}$ define the velocity measure and the motion direction (angle) respectively. In this case, the anonymized (kNN) request looks up neighbors, who belong to the same cluster with the mobile requester in (u, ${\theta}$) space: Thus, we know that the trajectory of the k-anonymous mobile user is within this surface, but we do not know exactly where. We transform the surface's boundary poly-lines to dual points and we focus on the information distortion introduced by this space translation. We develop a set of efficient spatiotemporal access methods and we experimentally measure the impact of information distortion by comparing the performance results of the same spatiotemporal range queries executed on the original database and on the anonymized one.

Analysis of Usefulness of Domain-Based Network Caching in Mobile Environment (이동 환경에서 영역기반의 네트워크 캐슁 효용성 분석)

  • 이화세;이승원;박성호;정기동
    • Journal of Korea Multimedia Society
    • /
    • v.7 no.5
    • /
    • pp.668-679
    • /
    • 2004
  • When users of mobile environments move fast or slow into a number of base stations(BS) and request the services of continuous media data such as video or audio, this study examines what the caching has the usefulness in mobile environments. Namely, to reduce packet disconnections and network overheads in mobile environments and minimize transmission delay time, we propose domain-based hierarchical caching structure and study whether application of caching has the usefulness. So we have a model based on user environments and hierarchical network structure to process continuous media services, and analyze the usefulness of caching which depends on the mobile patterns of user and the locations of caching nodes. And then, we research whether caching offers the usefulness in mobile environments. As the result, we are able to see that an adaptable application of caching is needed because the hit ratio and the number of replacement vary in large according to mobile patterns of user and locations of caching.

  • PDF

A Pattern-Based Prediction Model for Dynamic Resource Provisioning in Cloud Environment

  • Kim, Hyuk-Ho;Kim, Woong-Sup;Kim, Yang-Woo
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.5 no.10
    • /
    • pp.1712-1732
    • /
    • 2011
  • Cloud provides dynamically scalable virtualized computing resources as a service over the Internet. To achieve higher resource utilization over virtualization technology, an optimized strategy that deploys virtual machines on physical machines is needed. That is, the total number of active physical host nodes should be dynamically changed to correspond to their resource usage rate, thereby maintaining optimum utilization of physical machines. In this paper, we propose a pattern-based prediction model for resource provisioning which facilitates best possible resource preparation by analyzing the resource utilization and deriving resource usage patterns. The focus of our work is on predicting future resource requests by optimized dynamic resource management strategy that is applied to a virtualized data center in a Cloud computing environment. To this end, we build a prediction model that is based on user request patterns and make a prediction of system behavior for the near future. As a result, this model can save time for predicting the needed resource amount and reduce the possibility of resource overuse. In addition, we studied the performance of our proposed model comparing with conventional resource provisioning models under various Cloud execution conditions. The experimental results showed that our pattern-based prediction model gives significant benefits over conventional models.

A Database Retrieval Model for Efficient Gene Sequence Alignment (효율적인 유전자 서열 비고를 위한 데이타베이스 검색 모델)

  • 김민준;임성화;김재훈;이원태;정진원
    • Journal of KIISE:Databases
    • /
    • v.31 no.3
    • /
    • pp.243-251
    • /
    • 2004
  • Most programs of bioinformatics provide biochemists and biologists retrieve and analysis services of gene and protein database. As these services retrieve database for each arrival of user's request, it takes a long time and increases server's load and response time. In this paper. by utilizing database retrieval patterns of sequence alignment programs in bioinformatics, grouping method is proposed to share database retrieval between many requests. Carpool method is also proposed to reduce response time as well as to increase system expandability by combining new arriving requests with the previous on going requests. The performance of our two proposed schemes is verified by mathematic analysis and simulation.

Non-memorizing authentication system using the preference words (좋아하는 단어를 이용한 암기하지 않는 패스워드 시스템)

  • Rim, Kwang-Cheol;Lim, Dong-Ho
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.20 no.3
    • /
    • pp.565-570
    • /
    • 2016
  • User requirements for access and authentication increase daily because of the diversification of the Internet of Things (IoT) and social structures. The increase in authentication needs requires the generation of new passwords. Users want to utilize the same passwords for memorization convenience. However, system administrators request each user to use different passwords, as well as passwords that include special symbols. Differnet passwords and including special symbols passwords seem to exceed the tolerance range within your memorization skills. It fetches a very negative consequences in terms of password management. This paper proposes a preference symbol password system that does not require memorization by users. First, a survey is conducted to prove statistical safety, and based on this, an evolution-type password system that uses preference symbols is designed. Preference symbol passwords show superiority with respect to installation cost and convenience, compared with conventional non-memorizing password systems such as biometrics, keystrokes, and mouse patterns.