Michal Hodoň Gerald Eichler Christian Erfurth Günter Fahrnberger (Eds.) Communications in Computer and Information Science Innovations for Community Services 18th International Conference, I4CS 2018 Žilina, Slovakia, June 18–20, 2018 Proceedings 123 863 Communications in Computer and Information Science Commenced Publication in 2007 Founding and Former Series Editors: Alfredo Cuzzocrea, Xiaoyong Du, Orhun Kara, Ting Liu, Dominik Ślęzak, and Xiaokang Yang Editorial Board Simone Diniz Junqueira Barbosa Pontifical Catholic University of Rio de Janeiro (PUC-Rio), Rio de Janeiro, Brazil Phoebe Chen La Trobe University, Melbourne, Australia Joaquim Filipe Polytechnic Institute of Setúbal, Setúbal, Portugal Igor Kotenko St Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences, St Petersburg, Russia Krishna M Sivalingam Indian Institute of Technology Madras, Chennai, India Takashi Washio Osaka University, Osaka, Japan Junsong Yuan University at Buffalo, The State University of New York, Buffalo, USA Lizhu Zhou Tsinghua University, Beijing, China 863 More information about this series at http://www.springer.com/series/7899 Michal Hodoň Gerald Eichler Christian Erfurth Günter Fahrnberger (Eds.) • • Innovations for Community Services 18th International Conference, I4CS 2018 Žilina, Slovakia, June 18–20, 2018 Proceedings 123 Editors Michal Hodoň University of Žilina Žilina Slovakia Gerald Eichler Telekom Innovation Laboratories Deutsche Telekom AG Darmstadt, Hessen Germany Christian Erfurth EAH Jena Jena Germany Günter Fahrnberger University of Hagen Hagen Germany ISSN 1865-0929 ISSN 1865-0937 (electronic) Communications in Computer and Information Science ISBN 978-3-319-93407-5 ISBN 978-3-319-93408-2 (eBook) https://doi.org/10.1007/978-3-319-93408-2 Library of Congress Control Number: Applied for © Springer International Publishing AG, part of Springer Nature 2018 This work is subject to copyright All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed The use of general descriptive names, registered names, trademarks, service marks, etc in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use The publisher, the authors and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication Neither the publisher nor the authors or the editors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissions that may have been made The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations Printed on acid-free paper This Springer imprint is published by the registered company Springer International Publishing AG part of Springer Nature The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland Foreword The International Conference on Innovations for Community Services (I4CS) had its 18th edition 2018 It had emerged as the Workshop on Innovative Internet Community Systems (I2CS) in 2001, founded by Herwig Unger and Thomas Böhme, and continued its success story under its revised name I4CS in 2014 We are proud to have reached again the original number of scientific presentations, combined with a great social conference program The selection of conference locations reflects the conference concept: Our members of the Technical Program Committee (TPC) can offer suitable locations In 2018, the Steering Committee had the honor of handing the organization responsibility over to Michal Hodoň and, therefore, of determining a Slovakian venue for the first time in the history of the conference The University of Žilina was a remarkable place for offering a perfect climate to make the motto “Relaxation Teams Communities” happen I2CS published its first proceedings in Springer series Lecture Notes in Computer Science series (LNCS) until 2005, followed by the Gesellschaft für Informatik (GI), and Verein Deutscher Ingenieure (VDI) I4CS commenced with the Institute of Electrical and Electronics Engineers (IEEE) before switching back to Springer’s Communications in Computer and Information Science (CCIS) in 2016 With 1,473 chapter downloads from SpingerLink for CCIS Vol 717, publishing the I4CS proceedings of 2017, we envisaged an increasing result I4CS has maintained its reputation as a high-class C-conference at the CORE conference portal http://portal.core.edu.au/confranks/?search=I4CS&by=all The proceedings of I4CS 2018 comprise five parts that cover the selection of 14 full and three short papers out of 38 submissions Interdisciplinary thinking is a key success factor for any community Hence, the proceedings of I4CS 2018 span a range of topics, bundled into three areas: “Technology,” “Applications,” and “Socialization.” Technology: Distributed Architectures and Frameworks • • • • • Data architectures and models for community services Innovation management and management of community systems Community self-organization in ad-hoc environments Search, information retrieval, and distributed ontologies Common data models and big data analytics Applications: Communities on the Move • • • • • Social networks and open collaboration User-generated content for business and social life Recommender solutions and context awareness Augmented reality and location-based activities Intelligent transportation systems and logistic services VI Foreword Socialization: Ambient Work and Living • • • • • eHealth challenges and ambient-assisted living Intelligent transport systems and connected vehicles Smart energy and home control Digitalization and cyber-physical systems Security, identity, and privacy protection Many thanks to the 19 members of the TPC representing 12 countries for their valuable reviews, especially the chair, Christian Erfurth and, secondly, to the publication chair, Günter Fahrnberger, who fostered a fruitful cooperation with Springer The 19th I4CS will be organized by the Ostfalia University of Applied Sciences and will take place in Wolfsburg/Germany in June 2019 Please check the permanent conference URL http://www.i4cs-conference.org/ for more details Applications of prospective TPC members and potential conference hosts are welcome at request@i4cs-conference.org April 2018 Gerald Eichler Preface Žilina is the natural center of northwestern Slovakia, which ranks among the largest and most important cities in Slovakia It is located in the valley of the Váh River, surrounded by the beautiful mountain ranges of Malá Fatra, Strážovské vrchy, Súovské vrchy, Javorníky, and Kysucká vrchovina The National Park of Malá Fatra comprises famous gorges, rock peaks, and an attractive ridge tour The main subject of protection is the territory with varied geological history and dissected relief forms, rare and precious biocenoses, flora and fauna, and the exceptional value of the forest and mountain compounds with precious dwarf pinewoods, and rapacious animals, such as the wolf, lynx, or bear Žilina is a center of significant political, cultural, sport, and public health-care institutions Its economic potential can be proven by the fact that Žilina has the second highest number of traders per thousand inhabitants As for the number of joint stock companies and limited companies, Žilina holds third position in Slovakia Nowadays, the city of Žilina represents a dynamic development accelerated by KIA Motors Slovakia investments However, the city is not only a center of car production, but together with the Upper Váh River Region (Horné Považie) it is an interesting tourist destination The city of Žilina is a center of theaters, museums, galleries, parks, and sports facilities Its historical center is crossed by one of the longest and the most beautiful pedestrian zones in Slovakia The University of Žilina was founded in 1953 by separating from the Czech Technical University in Prague, followed by its renaming to the University of Transport and Communications Later in 1996, after broadening its fields of interest and other organizational changes, it was renamed as the University of Žilina In its over 60 years of successful existence, it has become the alma mater for more than 70,000 graduates, highly skilled professionals mostly specializing in transport and technical fields as well as in management, marketing, or humanities The quality and readiness of the graduates for the needs of practice is proved by long-term high interest in hiring them by employers that cooperate with the university in the recruitment process A stopover in the Malá Fatra Mountains offers unforgettable experiences enhanced through the selected venue of the Village Resort Hanuliak as a unique wellness resort located in the beautiful environment of the Malá Fatra National Park The picturesque village of Belá is located only 20 km away from the city of Žilina We hope that all attendees enjoy the fruitful, friendly, and relaxed atmosphere during the conference We trust they will gather professional experiences and be happy to come back in the future April 2018 Michal Hodoň Organization Program Committee Marwane Ayaida Gilbert Babin Gerald Eichler Christian Erfurth Günter Fahrnberger Hacène Fouchal Sapna Gopinathan Michal Hodoň Peter Kropf Ulrike Lechner Karl-Heinz Lüke Phayung Meesad Raja Natarajan Frank Phillipson Srinivan Ramaswamy Joerg Roth Maleerat Sodanil Leendert W M Wienhofen Ouadoudi Zytoune University of Reims Champagne-Ardenne, France HEC Montréal, Canada Deutsche Telekom AG, Germany Jena University of Applied Sciences, Germany University of Hagen, Germany University of Reims Champagne-Ardenne, France Coimbatore Institute of Technology, India University of Žilina, Slovakia University of Neuchâtel, Switzerland Bundeswehr University Munich, Germany Ostfalia University of Applied Sciences, Germany King Mongkut’s University of Technology North Bangkok, Thailand Tata Institute of Fundamental Research, India TNO, The Netherlands ABB, USA Nuremberg Institute of Technology, Germany King Mongkut’s University of Technology North Bangkok, Thailand City of Trondheim, Norway Ibn Tofail University, Morocco Contents Architectures and Management Microservice Architecture Within In-House Infrastructures for Enterprise Integration and Measurement: An Experience Report Sebastian Apel, Florian Hertrampf, and Steffen Späthe Multi-agent Architecture of a MIBES for Smart Energy Management Jérémie Bosom, Anna Scius-Bertrand, Haï Tran, and Marc Bui 18 A C-ITS Central Station as a Communication Manager Geoffrey Wilhelm, Hacène Fouchal, Kevin Thomas, and Marwane Ayaida 33 Data Analytics and Models Dynamic Social Network Analysis Using Author-Topic Model Kim Thoa Ho, Quang Vu Bui, and Marc Bui 47 Concept of Temporal Data Retrieval Undefined Value Management Michal Kvet and Karol Matiasko 63 New Method for Selecting Exemplars Application to Roadway Experimentation Emilien Bourdy, Kandaraj Piamrat, Michel Herbin, and Hacène Fouchal 75 Temporal Flower Index Eliminating Impact of High Water Mark Michal Kvet and Karol Matiasko 85 Acoustic Signal Analysis for Use in Compressed Sensing Application Veronika Olešnaníková, Ondrej Karpiš, Lukáš Čechovič, and Judith Molka-Danielsen 99 Community and Public Collaboration Applying Recommender Approaches to the Real Estate e-Commerce Market Julian Knoll, Rainer Groß, Axel Schwanke, Bernhard Rinn, and Martin Schreyer A Next Generation Chatbot-Framework for the Public Administration Andreas Lommatzsch 111 127 Trends in Application of Machine Learning 221 The second mentioned operation, the identification, is equally important and necessary to perform subsequent countermeasures, like filtering and traffic limiting When the method detects an attack, it has to find out suspicious part of the traffic and specify its parameters Dominant type of attacks that are detectable by NIDS are DoS/DDoS and various forms of reconnaissance (scanning of network and searching for information about connected devices) 2.2 Intrusion Detection Systems Classification Based on the Analysis Approach From the perspective of model representation, IDS methods can be classified into two groups: misuse-based (aka knowledge or signature-based) and anomaly-based (aka behavior-based) [8] A model created by misuse-based method stands for suspicious behavior On the other side, anomaly-based methods perceive model as a sufficient representative of normal behavior Categories in the following sections are described from the NIDS perspective Misuse-Based Methods Misuse-based methods are highly dependent on the knowledge of existing attacks saved in database The database consists of profiles of all well-known attacks described by signatures The signature is an ordered list of parameters or features with their specific values and ultimately distinguishes the corresponding attack from others For example, in the case of R2L and U2R attacks it is possible to use the particular order of system calls as the unique feature Another example are values of the IP packet header fields captured from network traffic The key idea of misuse-based detection lies in the analysis of samples gathered during traffic monitoring The method compares samples with signature rules loaded from database When the equality occurs, the sample is tagged as the attack corresponding to the positive signature Because the signatures describe attacks in detail, the accuracy of detection and classification is very high To achieve such a high precision, the database may consist of a huge number of entries (i.e attack signatures) The representation, processing and evaluation of database entries differs from method to method The method performance depends on signature database and requires its regular updates Updates are performed by security experts, who are responsible for adding signatures of new attack types Consequently, the quality of database content and achieved results depend highly on the knowledge and experience of security experts This can be considered as the serious disadvantage and reason of moving to another detection class - anomaly-based detection Anomaly-Based Methods Anomaly-based methods are a counterpart of misuse-based methods because they create a model of network without any suspicious traffic The model generation process utilizes the activities of devices in the monitored network in order to create the exact representation of the environment in its normal state Such model has to be updated 222 J Hrabovsky et al regularly to stay up-to-date because the behavior of current network infrastructure is very dynamic Methods identify the anomaly as the significant difference from the normal network activity specified by the model The malfunctioned devices and flooding network attacks are examples of network anomalies The model form and technique of its creation depend on the chosen method In order to get valuable results, the method supposes that model performs dynamic updates To that, there actually exist various sets of network traffic samples, called datasets, and algorithms applicable for processing of big data that support the process of model adjustment This process of the model adjustment is known as the learning (or training) The quality of model training depends on the learning algorithm and on the size of a dataset Datasets also play significant role in testing, where the quality of a model is measured In general, a bigger dataset means a more accurate trained model regardless of used algorithm Samples in a dataset can be labeled as a normal traffic or a particular type of anomaly To make labeling correctly is a difficult process that requires time and experience of security experts We differentiate three modes of learning based on the proportion of labeled to unlabeled samples in dataset: • The supervised learning uses a dataset consisting of only labeled samples The model has then all known classes at the disposal and thus enables the full classification • Datasets used in semi-supervised learning split samples into two groups: labeled and unlabeled As a consequence, the accurate multi-class classification is more difficult • The unsupervised learning uses only datasets with unlabeled samples and lacks additional information (no labels) Therefore, the creation of a model is more difficult compared with previous learning modes On the other side, this mode enables use of real-time network traffic to learn the model with good accuracy The ability to detect beside of known attacks also their modifications or totally new attacks (zero-day attack) is important advantage of anomaly-based methods nowadays On the other side, the accuracy of anomaly-based method is lower compared with misuse-based methods because it finds anomalies instead of direct attacks Assuming attacks only as a subset of anomalies, we often incorrectly evaluate any dynamic change of user or device behavior as an attack Consequently, anomaly-based methods suffer from frequent false positives Anomaly-based methods offer a space for many adjustable options and learning process that have great impact on the results From this point of view, two main approaches are common: statistical analysis and machine learning (ML) According to the paper focus, only machine learning is addressed in the following sections Machine Learning Present computer network systems are too complex in order to model them exactly ML methods allow us to create an approximate model from input samples only, without any knowledge of the internal system behavior They need to select hyper-parameters that specify overall structure of a model but its concrete behavior is forming automatically Trends in Application of Machine Learning 223 through learning The model learns new patterns from input samples in order to identify similar or modified inputs in the future This property, called generalization, is very important advantage of ML, especially in detection of anomalies Iterative process of continuous learning improves the quality of a model and its results Every ML method is defined through its model, parameters and an error function The training does parameter adjustment with the goal to decrease the final error of every sample evaluated by an error function Two main method categories are known in the field of ML: classification/regression and clustering Some of ML methods proved their successful implementation in the area of network anomaly detection – Bayesian Networks [14, 15], Support Vector Machines [16], Artificial Neural Networks, and Self-Organizing Maps [17] Machine Learning Methods in NIDS and Their Evaluation Challenges This section provides overview of some research papers supporting the application of above mentioned machine learning methods in NIDS domain Subsequently, various evaluation challenges are presented that misrepresent the performance and comparison of existing methods 3.1 ML Methods in NIDS Bayesian Network (BN) and its lightweight derivation – Naive Bayes (NB) – are analyzed as a part of NIDS in [18–22] The authors prioritize a hybrid method consisting of multiple simple, but specialized NB models Such ensemble models enable to connect prior knowledge with training process and thus to improve the overall method results The papers also emphasize the combination of BN with other machine learning methods like genetic algorithms The examples of NIDS models using Support Vector Machine (SVM) are demonstrated in [18, 23–27] The papers point out good generalization of SVM so important for detection of new network intrusions and real-time processing because of its lower training and testing time The SVM capability of accurate classification is mostly used in the hierarchical hybrid models where the SVM plays a role of the final classifier whereas other methods are responsible for preceding dynamic feature extraction and dimension reduction Various types of Artificial Neural Networks (ANN) and their utilization in NIDS are addressed in [18, 22, 24, 28–33] The main points resulting from analysis of the papers are: the multilevel preprocessing and feature extraction that come from the usage of emergent deep learning in the form of deep neural networks, and hierarchical ensemble methods that are built upon a set of simple ANN models specialized in detection of individual DoS attack types The application of Self-Organizing Map (SOM) to the NIDS domain is addressed in [18, 34–39] Considering intrusion detection tasks, the main SOM advantages are the unsupervised learning mode, traffic visualization, parallel processing, and real-time analysis The papers also highlight the suitability of SOM in distributed models that 224 J Hrabovsky et al spatially spread the detection complexity among many simple nodes placed in the network infrastructure Such approach brings today so important scalability 3.2 Evaluation Challenges Clear evaluation of so many intrusion detection methods faces several issues related to the dissimilarity [40], such as different implementation approaches (simulation, emulation, and real deployment) and different purposes of methods according to their categorization The second reason points out the importance of the appropriate dataset selection because the datasets used for evaluation of current methods are diverse and usually obsolete Furthermore, the ratio of normal traffic to attacks in these datasets is questionable, while detection methods require balanced datasets to learn all types of traffic under same conditions Present and publicly available datasets (KDD-99 [41], CAIDA-DDOS-2007 [42], DARPA-DDOS-2009 [43], TUIDS-2012 [44]) have these shortcomings, which improperly influence test results On top of that, they not correspond to the behavior of current real network infrastructures Correct evaluation of achieved detection results requires to consider many issues that raise the requirements on testing techniques • Reliability - the test gives relevant information regardless of the type of tested method • Reproducibility - researchers must be able to repeat the experiments under the same conditions with the same results • Flexibility - the test should provide some variability through the setting of various parameters • Scalability - the test should be applicable in the real environment, i.e., inside of a wide network environment with huge network traffic • Processing - the test should provide the results in clear form The visualization plays important role in network traffic analysis The trend of NIDS evaluation lies in the utilization of data captured from the real network traffic in order to reflect behavior of modern computer networks Discussion The conducted analysis and comparison of NIDS methods proposed in various research papers lead to potential improvements and development trends Some of them (the most interesting in our opinion) are summarized in the following list: • Multi-level data preprocessing - Continual data refining allows to extract composed domain-specific features that lead to discovery of hidden relations in data Research areas, such as image and natural language processing, apply gradually deeper model structures to enhance the abstraction level of hidden features, e.g deep neural and deep belief networks and thus improve the results Trends in Application of Machine Learning 225 • Shift from traditional to hybrid methods - The hybrid approach eliminates drawbacks of supervised and unsupervised learning through their cooperation (they complement each other) The specialization allows sub-models to deal with the tasks, where they excel • Automatic feature selection - This task is important step for any machine learning method regardless of its application domain Feature selection can be seen as individual problem that can be solved through the machine learning, too • Real network traffic for training - Training on real network traffic deals with issues that closely relate to the properties of available network datasets described in previous section • Distributed computation - Ensemble method composed of several elementary models enables real-time processing through the parallel computation At the same time, the network of detectors (cooperative models that provide collective results) simplifies adaptation to the wide complex infrastructure • Graphical format of the method processing and results - The visualization supports better understanding of algorithm principles and its behavior and provides the additional format of outputs • On-line model update - Dynamic environment of current computer networks demands the on-line learning in order to react sufficiently to irregular changes in the network behavior The on-line adjustment is not focused only to model parameters but also to the dynamic model structure By applying the preceding trends to the method design, we expect the improvement of the overall performance and solutions to problems in current NIDS Conclusion The paper deals with issues of NIDS according to the growing impact of DoS/DDoS attacks on the quality of network services Because of the increasing dependency on the permanent availability of computer networks, we pointed out the importance of new method development that should consider here achieved summaries and identified method drawbacks Both sides of the NIDS domain - network attacks and detection methods - were introduced as the background of the network intrusion detection domain The paper describes their hierarchical classification with focus on machine learning algorithms applied as the anomaly-based NIDS Related research papers of four particular methods – BN, SVM, ANN, and SOM – reflecting current research were summarized As the analyzed papers use different evaluation methods and thus provide different performance outputs, we emphasize reasons of insufficient comparison and challenges related to the unified evaluation of detection methods The paper identifies common properties of analyzed methods that are responsible for improved performance Trends, which influence method design, are finally outlined The paper was written with the goal of providing general overview of NIDS methods with focus on anomaly-based detection approach, the machine learning in particular Its purpose is the analysis of current research trends in order to identify and 226 J Hrabovsky et al specify further direction Therefore, as the main contribution of the paper, we are considering the explicit determination of trends that we derived from the analysis of relevant research articles and enumerated in discussion section References Douligeris, C., Mitrokotsa, A.: DDoS attacks and defense mechanisms: classification and state-of-the-art Comput Netw 44(5), 643–666 (2004) https://doi.org/10.1016/j.comnet 2003.10.003 Handley, M.J., Rescorla, E.: RFC 4732 - Internet Denial-of-Service Considerations, pp 1–38 (2006) Zlomisli, V., Fertalj, K., Vlado, S.: Denial of service attacks : an overview In: 2014 9th Iberian Conference on Information Systems and Technologies (CISTI) (2014) https://doi org/10.1109/cisti.2014.6876979 Neustar: Worldwide DDoS Attacks & Protection Report (2016) Neustar: The threatscape widens: DDoS aggression and the evolution of IoT risks (2016) Holmes, D.: 2016 DDoS Attack Trends (2016) Geva, M., Herzberg, A., Gev, Y.: Bandwidth distributed denial of service: attacks and defenses IEEE Secur Priv 12(1), 54–61 (2014) https://doi.org/10.1109/MSP.2013.55 Dua, S., Du, X.: Data Mining and Machine Learning in Cybersecurity, 1st edn, p 256 Auerbach Publications, Boca Raton (2011) ISBN: 9781439839423 Bhattacharyya, D.K., Kalita, J.K.: Network Anomaly Detection: A Machine Learning Perspective, p 366 Chapman and Hall/CRC, Boca Raton (2013) ISBN: 9781466582088 10 Singh, M.D.: Analysis of host-based and network-based intrusion detection system Int J Comput Netw Inf Secur 8(8), 41–47 (2014) https://doi.org/10.5815/ijcnis.2014.08.06 11 Letou, K., Devi, D., Singh, Y.J.: Host-based intrusion detection and prevention system (HIDPS) Int J Comput Appl 69(26), 28–33 (2013) https://doi.org/10.5120/12136-8419 12 Gerhards, R.: RFC 5424 - The Syslog Protocol (2009) 13 Creech, G., Hu, J.: A semantic approach to host-based intrusion detection systems using contiguousand discontiguous system call patterns IEEE Trans Comput (2014) https://doi org/10.1109/tc.2013.13 14 Pearl, J.: Fusion, propagation, and structuring in belief networks Artif Intell 29(3), 241– 288 (1986) https://doi.org/10.1016/0004-3702(86)90072-X 15 Vijaykumar, B., Vikramkumar, Trilochan: Bayes and Naive Bayes Classifier arXiv (2014) 16 Cortes, C., Vapnik, V.: Support-vector networks Mach Learn 20(3), 273–297 (1995) https://doi.org/10.1023/a:1022627411411 ISSN: 1573-0565 17 Kohonen, T.: The self-organizing map Proc IEEE 78(9), 1464–1480 (1990) https://doi.org/ 10.1109/5.58325 18 Patel, K.K., Buddhadev, B.V.: Machine learning based research for network intrusion detection: a state-of-the-art Int J Inf Netw Secur 3(3), 31–50 (2014) https://doi.org/10 11591/ijins.v3i3.6222 19 Vijayasarathy, R.: A systems approach to network modelling for DDoS detection using Naive Bayes classifier In: Communication Systems and Networks (COMSNETS) IEEE, January 2011 20 Kumar, G., Kumar, K.: Design of an evolutionary approach for intrusion detection Sci World J 2013, 14 (2013) https://doi.org/10.1155/2013/962185 21 Thottan, M.: Anomaly detection in IP networks IEEE Trans Signal Process 51(8), 2191– 2204 (2003) https://doi.org/10.1109/TSP.2003.814797 Trends in Application of Machine Learning 227 22 Alkasassbeh, M., Al-Naymat, G., Hassanat, A.B.A., Almseidin, M.: Detecting distributed denial of service attacks using data mining techniques Int J Adv Comput Sci Appl 7(1), 436–445 (2016) https://doi.org/10.14569/ijacsa.2016.070159 23 Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection ACM Comput Surv 41(3), 1–58 (2009) https://doi.org/10.1145/1541880.1541882 24 Osareh, A., Shadgar, B.: Intrusion detection in computer networks based on machine learning algorithms Ijcsns 8(11), 15 (2008) 25 Kim, G., Lee, S., Kim, S.: A novel hybrid intrusion detection method integrating anomaly detection with misuse detection Expert Syst Appl 41(4), 1690–1700 (2014) https://doi org/10.1016/j.eswa.2013.08.066 PART 26 Erfani, S.M., Rajasegarar, S., Karunasekera, S., Leckie, C.: High-dimensional and large-scale anomaly detection using a linear one-class SVM with deep learning Pattern Recognit 58, 121–134 (2016) https://doi.org/10.1016/j.patcog.2016.03.028 27 She, C., Wen, W., Lin, Z., Zheng, K.: Application-Layer DDOS Detection Based on a One-Class Support Vector Machine Int J Netw Secur Appl 9(1), 13–24 (2017) https:// doi.org/10.5121/ijnsa.2017.9102 28 Alfantookh, A.A.: DoS attacks intelligent detection using neural networks J King Saud Univ Comput Inf Sci 18, 31–51 (2006) https://doi.org/10.1016/S1319-1578(06)80002-9 29 Javidi, M.M., Nattaj, M.H.: A new and quick method to detect DoS attacks by neural networks J Math Comput Sci 6, 85–96 (2013) 30 Tang, T.A., Mhamdi, L., McLernon, D., Zaidi, S.A.R., Ghogho, M.: Deep learning approach for network intrusion detection in software defined networking In: 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM), pp 258–263 (2016) https://doi.org/10.1109/wincom.2016.7777224 31 Garcia, M.A., Trinh, T.: Detecting simulated attacks in computer networks using resilient propagation artificial neural networks Polibits 51, 5–10 (2015) https://doi.org/10.17562/ PB-51-1 32 Wei, M., Su, J., Jin, J., Wang, L.: Research on intrusion detection system based on BP neural network, vol 270 LNEE, vol 1, pp 657–663 (2014) https://doi.org/10.1007/978-3-64240618-8_85 33 Li, J., Liu, Y., Gu, L.: DDoS attack detection based on neural network In: 2010 2nd International Symposium on Aware Computing (ISAC), pp 196–199 (2010) https://doi.org/ 10.1109/isac.2010.5670479 34 Mitrokotsa, A., Douligeris, C.: Detecting denial of service attacks using emergent self-organizing maps In: Proceedings of the Fifth IEEE International Symposium on Signal Processing and Information Technology, vol 2005, pp 375–380 (2005) https://doi.org/10 1109/isspit.2005.1577126 35 Pan, W., Li, W.: A hybrid neural network approach to the classification of novel attacks for intrusion detection In: Pan, Y., Chen, D., Guo, M., Cao, J., Dongarra, J (eds.) ISPA 2005 LNCS, vol 3758, pp 564–575 Springer, Heidelberg (2005) https://doi.org/10.1007/ 11576235_58 ISBN: 978-3-540-32100-2 36 Wang, C., Yu, H., Wang, H., Liu, K.: SOM-based anomaly intrusion detection system In: Kuo, T.-W., Sha, E., Guo, M., Yang, Laurence T., Shao, Z (eds.) EUC 2007 LNCS, vol 4808, pp 356–366 Springer, Heidelberg (2007) https://doi.org/10.1007/978-3-540-770923_31 ISBN: 978-3-540-77092-3 37 Jiang, D., Yang, Y., Xia, M.: Research on intrusion detection based on an improved SOM neural network In: 2009 Fifth International Conference on Information Assurance and Security, pp 400–403 (2009) https://doi.org/10.1109/ias.2009.247 38 Choksi, K., Shah, B., Ompriya Kale, A.: Intrusion detection system using self organizing map: a survey J Eng Res Appl 4(4), 11 (2014) www.ijera.com ISSN: 2248-9622 228 J Hrabovsky et al 39 Kim, M., Jung, S., Park, M.: A distributed self-organizing map for DoS attack detection In: 2015 Seventh International Conference on Ubiquitous and Future Networks, pp 19–22 IEEE (2015) https://doi.org/10.1109/icufn.2015.7182487 40 Behal, S., Kumar, K.: Trends in validation of DDoS research Procedia Comput Sci 85, 7–15 (2016) https://doi.org/10.1016/j.procs.2016.05.170 41 Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set In: IEEE Symposium on Computational Intelligence for Security and Defense Applications CISDA 2009, no Cisda, pp 1–6 (2009) https://doi.org/10.1109/cisda.2009 5356528 42 The CAIDA UCSD ‘DDoS Attack 2007’ Dataset http://www.caida.org/data/passive/ddos20070804_dataset.xml 43 DARPA Scalable Network Monitoring (SNM) Program Traffic https://impactcybertrust.org/ dataset_view?idDataset=303 44 Gogoi, P Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Packet and flow based network intrusion dataset Contemp Comput., 322–334 (2012) https://doi.org/10.1007/978-3-64232129-0_34 ISBN 978-3-642-32129-0 Acoustic Signal Classification Algorithm for WSN Node in Transport System (B) ˇ R´obert Zalman , Michal Chovanec, Martin Rev´ ak, and J´ an Kapitul´ık Faculty of Management Science and Informatics, ˇ ˇ University of Zilina, Univerzitn´ a 8215/1, 010 26 Zilina, Slovakia {robert.zalman,michal.chovanec,martin.revak,jan.kapitulik}@fri.uniza.sk http://www.fri.uniza.sk/ Abstract In the paper, we focus on the classification of the acoustic signal and its characteristic properties, which we use for further processing of the acoustic signal Its further processing is ensured that we are able to find the carrier frequencies of the selected signal with frequency analysis We use compression methods to reduce the data needed to classify acoustic signals We use neural networks to classify these signals In addition, a method has been proposed to classify acoustic signals that are commonly found in transport The result is the design of a method that is able to classify signals characteristic for different environments or different acoustic sources In the paper, there is a description of the experiment that has been carried out for the mentioned purposes For experiment is created evaluation and classification success rate on selected acoustic signals Keywords: Acoustic · Neural network · Transport system Introduction Road transport is a very interesting area where WSN can be used in various ways [1] Obviously, monitoring and control, eventual traffic control, requires the collection of information from many sensors that are suitably divided into large zones This is why research and development has its natural focus on implementing a wireless sensor into a road network that would serve to monitor and manage the application As an example, sensing the acoustic emissions in transport, sensing the movement of people in the building or acquisition of meteorological data, or widespread use of wireless sensor networks (WSN) in intelligent buildings The set of tasks for the use of acoustic signal analysis in road transport is broad That’s why our goal is to focus mainly on the classification of different acoustic signals [2–4] Another goal is to create a new method for classifying these acoustic signals and, last but not least, to reduce the data needed for the successful classification of the acoustic signal [5–7] c Springer International Publishing AG, part of Springer Nature 2018 M Hodoˇ n et al (Eds.): I4CS 2018, CCIS 863, pp 229–238, 2018 https://doi.org/10.1007/978-3-319-93408-2_17 230 ˇ R Zalman et al Proposal of Method for Classification The proposal for a method for classifying acoustic signals in transport is shown in the Fig With this method, we have succeeded in achieving the greatest success of the acoustic signal classification Fig Block diagram of proposed method for classification The proposed method involves following steps Using Frequency Analysis, we get the carrier frequencies from an acoustic signal In experiments, we tested different frequency analyzes and procedures, of which they had the best results for frequency filters Especially because of their rapid response and lower computational demands By creating a time window, we can preserve the time changes of the signal The course of acoustic signals is not a one-off event, so it is necessary to preserve their dependence over time (e.g siren sound) We need to reduce the data we work with, while retaining their carrier information Data was reduced using the principal component analysis Data reduction is required for fast processing and evaluation of data using the neural network Due to the reduction, it is not necessary for the neural network to be robust The neural network is of a forward type and uses the Back - Propagation algorithm Other types of neural networks and algorithms can also be used For individual blocks of the proposed method, experiments were created to verify individual steps Synthesis The proposed solution includes filters, normalization, time window, PCA and NN parameters that we explain in detail 3.1 Design of Frequency Filter Second order resonant filters, IIR filters (y[n] = x[n] − a1 y[n − 1] − a2 y[n − 2]), can be designed with one peak, in its frequency characteristic, according to the coefficients as follows: a1 = −2rcos(2πfc Tvz ), (1) a2 = r2 , Acoustic Signal Classification Algorithm 231 where fc is the center of the resonant frequency, Tvz = 1/fvz , thus fvz is sampling frequency and r from interval (0, 1) When r is going to 1, the bandwidth is narrowed and r can be defined as: , + Cf r =1− (2) where Cf is count of filters Next, we can design a resonant filter so that the resonant peak always has a gain of 1.0 by specifying the numerator coefficients as: y[n] = b0 x[n] + b1 x[n − 1] + b2 x[n − 2] − a1 y[n − 1] − a2 y[n − 2] where: (3) ) b0 = (1−r , b1 = 0, b2 = −b0 (4) This way, it is possible to create one filter at the selected frequency It is also possible to connect many resonant filters in parallel, so each filter resonates at a different frequency and gives its own output at the selected frequency The resonant filters align with the frequency at which they are set They are able to pass or suppress selected frequencies These filters are typically described by their resonance frequency and quality factor K, which describes their sharpness We determined the bandwidth for a single filter using the sampling frequency and the required number of filters: Bw = fcj = Fvz j, 2Cf Fvz , Cf (5) j = 0, 1, , Cf , (6) where Bw is bandwidth for one filter, Fvz is sampling frequency, Cf is count of filters and fcj is the center of the resonant frequency for j-th filter Normalization It’s necessary to normalize output data from the filters to the interval (−1, 1) to approve further neural network processing This normalization is done by fitting using: (7) yF = kyF + q, where yF is normalized output, yF is F -th filter output, k= yFmax −yFmin , q = − yFmax ∗ k (8) 232 ˇ R Zalman et al 4.1 Time Window A time window is necessary because it is problematic to determine whether it is a real acoustic signal or just an acoustic anomaly that lasts only a few ms and ended We can capture this time sequence by using the created time window This window keeps data in time using certain time steps We can present these steps as several listed vectors that contain data from different time points in succession Principal Component Analysis – PCA The primary objective of the PCA is to simplify the description of a group of mutually dependent, i.e., correlated, characters The method reduces the size of the job, reducing the number of characters with allowed loss of information, which is especially useful for displaying multidimensional data Individual measured values quite often show a strong correlation To simplify the analysis and easier evaluation of results, it is appropriate to examine whether it is possible the entire group of variables (i.e., studied the properties of the observed objects) replaced with a single variable or a smaller number of variables that will contain data on nearly the same information as contained original value This problem can be described as a method of linearly transforming the original characters into new, uncorrelated variables that have more convenient properties and are significantly less The principal component analysis finds the hidden (artificial, latent, nonmeasurable) quantities, called the main components The newly created variables are a linear combination of the original variables and they are required to best represent the original variables, in other words, to best explain the variability of the original variables PCA algorithm is: j−1 yj = x − w ix , (9) i=0 where x is input vector and w is a matrix of eigenvectors For past learning we used approximate learning with Oja’s rule Oja rule that we used to learn PCA algorithm can be written as: j Δwji = ηVj (xji − Vk wki ), (10) k=0 where η is speed of learning, V is j-th neuron, N -dimensional input pattern x made of the distribution P (x), wki are weights of synapsis from neuron k to neuron i In practice, the main component method is used, for example, to effectively recognize human face images In this case, the main component method reduces the original image space and provides a very sensible extraction of features The practical task is to identify people according to the chosen biometric feature, such as eye iris or facial features [8,9] Acoustic Signal Classification Algorithm 233 Neural Network Neural networks show interest not only in the professional but also in the public The simulations of these networks surprisingly yield very good results As has been said, artificial neural networks (hereafter neural networks) are simplified mathematical models of nervous systems of living organisms They demonstrate the ability of human thinking to learn [10] The mathematical model of the neural network is based on the artificial (formal) neuron that we obtain by reformulating the simplified function of the neurophysical neuron into mathematical speech Artificial neuron (here after neuron) has N generally real inputs x1 , , xn that model dendrites Inputs are generally rated by real synaptic weights w1 , , wn that determine their permeability In accordance with neurophysical motivation, the synaptic weights can be negative, expressing their inhibitory nature The weighted sum of input values represents inner potential of the neuron: n wi xi u= (11) i=1 The value of the internal potential of u after the so-called Threshold value Θ induces the output of the neural y, which model the electric pulse of the axon The nonlinear increase of the output value y = S(u) at the threshold value of Θ is given, With the S activation function Using a formal modification, the S function will have a zero threshold, and our own threshold of the neuron will be understood as the weight, The bias of another formal input with a constant unit value [11] 6.1 Neural Network Learning Teaching the ability of neural networks lies in the ability to change all weights in the network according to appropriate algorithms, unlike biological networks, where the ability to learn is based on the possibility of creating new connections between neurons Physically, they are therefore both learning ability based on different principles, but not in terms of logic Algoritmus Back-Propagation Algoritmus Back-Propagation is used in about 80% of all neural network applications The algorithm itself has three stages: feed-forward spreading of the training pattern input signal, error redistribution and updating of weight values on connections For recognition, we used a feed-forward neural network with tangents hyperbolic transfer function: n wi xi ), y = tanh( i=1 (12) 234 ˇ R Zalman et al for hidden layers and linear transfer function for output layer: n y= wi xi (13) i=1 Experiment As suggested by the proposed method on the block schema Fig by adding the principal component analysis to reduce the size of the input matrix to the neural network, we have retained the signal carrier information and even reduced the data needed to successfully identify it The block diagram of the experiment is shown in the Fig Fig Block diagram of the resulting experiment 7.1 Input Database The input database is created by random access to the data from which one time window is filled The next window is filled in by random access This is repeated until the input stream is created Two random input streams are created for testing and training In the experiment, it was necessary to use so-called raw data (data without a header) whose individual parameters are shown in the Table Table Input data parameters Number of channels Single channel (Mono) Sampling rate 44100 Hz Coding 32 bit float Endianness Little-endian Creating input data consists of randomly selecting the time slots from the individual data shown in the Table Acoustic Signal Classification Algorithm 235 Table Types of input data rain.raw, leaf.raw, siren.raw Types of recorded data, ca water.raw, white noise.raw, saw.raw Types of recorded data, ca wind.raw, PassingCars.raw, car.raw Types of recorded data, ca The algorithm randomly accesses individual files in set, randomly chooses a position and selects a time period (e.g., s) This algorithm passes through individual files if it does not collect a sufficient number of samples (e.g., 60 s) Two files are created in this way Training file and test file The input data stream is shown in the Fig Fig The input stream of data, length 60 s The spectrogram for the given waveform is shown in the Fig Fig Spectrogram for input stream of 60 s The number of input raw data in the experiment varied to the stage as described above At the beginning of the experiment, only three types of data were compared: siren, saw, car, later on in the experiment, we were comparing inputs shown in Table This was due to the fact that the frequency representation of the individual data is diametrically different: the car is represented by low frequencies, the saw also contains higher harmonic components (it manifests almost in the whole frequency spectrum) and the siren contains frequencies in the range of 600–1350 Hz with repetition 12 times per minute Another procedure was to add individual data sets The last added set of data was the generated white noise, its purpose is to increase the inaccuracy of the whole evaluation system ... Cham, Switzerland Foreword The International Conference on Innovations for Community Services (I4CS) had its 18th edition 2018 It had emerged as the Workshop on Innovative Internet Community Systems... architectures and models for community services Innovation management and management of community systems Community self-organization in ad-hoc environments Search, information retrieval, and... 863 More information about this series at http://www.springer.com/series/7899 Michal Hodoň Gerald Eichler Christian Erfurth Günter Fahrnberger (Eds.) • • Innovations for Community Services 18th