Dr. Peng Ning



My Group
Curriculum Vitae
My Academic Lineage
My Erdös Number




Past Projects before my NCSU Time

I had been involved in the following projects before I joined NC State University. Look here for my current research.

Abstraction-based Intrusion Detection

Abstraction is an important issue in intrusion detection, since it not only hides the difference between heterogeneous systems, but also allows generic intrusion detection models. However, abstraction is an error-prone process and is not well supported in current Intrusion Detection Systems (IDSs). This research provides a hierarchical framework for maintaining signatures (i.e., the patterns of known attacks), system views (i.e., the abstract representation of system information) as well as event abstraction (i.e., the process of doing abstraction). As a benefit, the model allows generic signatures that can accommodate unknown variants of known attacks. Moreover, abstraction represented by a system view can be updated without changing either its specification or the signatures defined on the basis of it. As a closely related problem, we also work on a decentralized method for autonomous but cooperative component systems to detect distributed attacks specified by signatures. Specifically, a signature is decomposed into finer units called  detection tasks, each of which represents the activity to be monitored on a component system. The component systems (involved in a signature) then perform the detection tasks cooperatively according to the ``dependency'' relationships among these tasks. An experimental system called CARDS has been implemented to test the feasibility of the proposed approach.

Related Publications

Temporal Granularities and Temporal Data Mining

There are indeed two different issues involved in this research. The first is how to enable users to describe a temporal granularity (e.g., business day) in a compact and user friendly way. To address this problem, we developed an algebra called calendar algebra, with which a user can define temporal granularities and calendars. All the granularities in a calendar are expressed as algebraic expressions based on a single ``bottom'' granularity. The operations used in the algebra directly reflect the ways with which people construct new granularities from existing ones, and hence yield more natural and compact granularities definitions. Calendar is formalized on the basis of the algebraic operations, and properties of calendars are studied. As a step towards practical applications, the paper also presents algorithms for granule conversions between granularities in a calendar.

The second problem is how to discover temporal patterns from large data sets. In this direction, we focus on the temporal patterns involving multiple granularities, which we call calendar-based patterns. Calendar-based patterns are w.r.t. calendar schemas. An example of calendar schema is (year, month, day), which yields a set of calendar-based patterns of the form <d_3, d_2, d_1>, where each d_i is either an integer or the symbol *. For example, <2000, *, 16> is such a
pattern, which corresponds to the time intervals consisting of all the 16th days of all months in year 2000. As an application of calendar-based patterns, we studied the discovery of temporal association rules. A temporal association rule is an association rule that holds during specific time intervals. An example can be that eggs and coffee are frequently sold together in morning hours. We have proposed two types of temporal association rules: precise-match association rules that require the association rule hold during every interval, and fuzzy-match ones that require the association rule hold during most of these intervals. We have developed algorithms to discover these temporal association rules. As a by-product, we have developed a synthetic data generator that generate large random data sets that have specific embedded temporal features. This generator could be a useful tool for testing data mining algorithms.

Related Publications

Secure and Reliable E-Commerce Applications

In this field, my colleagues and I have been working on the reliability of fair exchange protocols. Fair exchange between mutually distrusted parties has been recognized as an important issue in electronic commerce. However, the correctness (fairness) of the existing fair exchange protocols that use a Trusted Third Party (TTP) is based on the assumption that during an exchange there are no failures at any of the local systems involved in the exchange, which is too strong in many situations. In this work, we pointed out that (1) system failures may cause loss of fairness, and (2) most of the existing fair exchange protocols that use a TTP cannot ensure fairness in presence of system failures. We proposed two categories of techniques, transaction-based approaches and message-logging-based approaches, to help develop data exchange systems that can recover from system failures without losing fairness.

Related Publications

Computer Arithmetic

Finite field arithmetic is becoming increasingly important in today's computer systems, particularly for implementing cryptographic operations. Among various arithmetic operations, finite field multiplication is of particular interest since it is a major building block for elliptic curve cryptosystems. In this work, Dr. Yin and I developed some new pre-computation techniques for efficient software implementation of binary field multiplication in normal basis. Our techniques are more efficient in terms of both speed and memory compared with alternative approaches. Currently, we are seeking new techniques that can be combined with ours and further improve the performance. 

Related Publications

Last Updated: November 9, 2011 .