Metody Informatyki Stosowanej

Comments

Transcription

Metody Informatyki Stosowanej
Polska Akademia Nauk Oddział w Gdańsku
Komisja Informatyki
Metody Informatyki Stosowanej
Nr 4/2008 (Tom 17)
Szczecin 2008
Metody Informatyki Stosowanej
Kwartalnik Komisji Informatyki Polskiej Akademii Nauk Oddział w Gdańsku
Komitet Naukowy:
Przewodniczący:
prof. dr hab. inŜ. Henryk Krawczyk, czł. koresp. PAN, Politechnika Gdańska
Członkowie:
prof. dr hab. inŜ. Michał Białko, czł. rzecz. PAN, Politechnika Koszalińska
prof. dr hab. inŜ. Ludosław Drelichowski, Uniwersytet Technologiczno-Przyrodniczy w Bydgoszczy
prof. dr hab. inŜ. Janusz Kacprzyk, czł. koresp. PAN, Instytut Badań Systemowych PAN
prof. dr hab. Jan Madey, Uniwersytet Warszawski
prof. dr hab. inŜ. Leszek Rutkowski, czł. koresp. PAN, Politechnika Częstochowska
prof. dr hab. inŜ. Piotr Sienkiewicz, Akademia Obrony Narodowej
prof. dr inŜ. Jerzy Sołdek, Politechnika Szczecińska
prof. dr hab. inŜ. Andrzej Straszak, Instytut Badań Systemowych PAN
prof. dr hab. Maciej M. Sysło, Uniwersytet Wrocławski
Recenzenci:
prof. dr hab. inŜ. Ludosław Drelichowski, Uniwersytet Technologiczno-Przyrodniczy w Bydgoszczy
dr hab. inŜ. Krzysztof Giaro, prof. PG, Politechnika Gdańska
prof. dr hab. inŜ. Larysa Globa, National Technical University of Ukraine
prof. dr hab. inŜ. Janusz Górski, Politechnika Gdańska
prof. Shinya Kobayashi, Ehime University
prof. dr hab. inŜ. Leonid Kompanets, Politechnika Częstochowska
dr hab. inŜ. Georgy Kukharev, prof. PS, Politechnika Szczecińska
dr hab. inŜ. Eugeniusz Kuriata, prof. UZ, Uniwersytet Zielonogórski
dr hab. inŜ. Emma Kusztina, prof. PS, Politechnika Szczecińska
dr hab. inŜ. Karol Myszkowski, Politechnika Szczecińska
prof. dr hab. inŜ. Andrzej Piegat, Politechnika Szczecińska
dr hab. Jacek Pomykała, Uniwersytet Warszawski
prof. dr hab. inŜ. Remigiusz Rak, Politechnika Warszawska
prof. dr hab. inŜ. Valeriy Rogoza, Politechnika Szczecińska
dr hab. inŜ. Khalid Saeed, prof. PB, Politechnika Białostocka
prof. dr hab. inŜ. Boris Sovetov, St. Petersburg Electrotechnical University
dr hab. inŜ. Antoni Wiliński, prof. PS, Politechnika Szczecińska
dr hab. Zenon Zwierzewicz, prof. AM, Akademia Morska w Szczecinie
Redaktor Naczelny:
Antoni Wiliński
Sekretarz redakcji:
Piotr Czapiewski
ISSN 1898-5297
ISBN 978-83-925803-6-2
Wydawnictwo:
Polska Akademia Nauk Oddział w Gdańsku
Komisja Informatyki
Adres kontaktowy: ul. śołnierska 49 p. 104, 71-210 Szczecin
Druk: Pracownia Poligraficzna Wydziału Informatyki Politechniki Szczecińskiej
Nakład 510 egz.
Spis treści
Włodzimierz Bielecki, Krzysztof Kraska
INCREASING DATA LOCALITY OF PARALLEL PROGRAMS EXECUTED IN EMBEDDED SYSTEMS . . . . . 5
Bartosz Bielski, Przemysław Klęsk
PASSIVE OPERATING SYSTEM FINGERPRINTING USING NEURAL NETWORKS AND INDUCTION OF
DECISION RULES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Janusz Bobulski
ANALYSIS OF 2D PROBLEM IN HMM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Michał Choraś, Adam Flizikowski, Anna Stachowicz, Marta Redo, Rafał Renk,
Witold Hołubowicz
ONTOLOGY NOTATION AND DESCRIPTION OF VULNERABILITIES IN HETEROGENEOUS NETWORKS
AND CRITICAL INFRASTRUCTURES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Magdalena Ciszczyk, Emma Kusztina
THE ROLE OF STANDARDIZATION IN THE PROCESS OF FORMING QUALITY OF EDUCATIONAL
REPOSITORY IN ODL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Paweł Forczmański
UNIFIED JPEG AND JPEG-2000 COLOR DESCRIPTOR FOR CONTENT-BASED IMAGE RETRIEVAL . . 53
Dariusz Frejlichowski
AN OUTLINE OF THE SYSTEM FOR COMPUTER-ASSISTED DIAGNOSIS BASED ON BINARY
ERYTHROCYTES SHAPES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Jarosław Jankowski
PERSONALIZACJA PRZEKAZU INTERAKTYWNEGO Z UDZIAŁEM
METOD ANALIZY CZYNNIKOWEJ.
. 71
Henryk Krawczyk, Sławomir Nasiadka
METODA WYZNACZANIA KONTEKSTU DLA APLIKACJI STEROWANYCH ZDARZENIAMI . . . . . . . . 81
Mariusz Kubanek, Szymon Rydzek
A HYBRID METHOD OF PERSON VERIFICATION WITH USE INDEPENDENT SPEECH AND FACIAL
ASYMMETRY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Krzysztof Makles
IDENTYFIKACJA CHARAKTERYSTYK MODELI W TRYBIE ON-LINE WRAZ Z WIZUALNĄ
REKONSTRUKCJĄ CHARAKTERYSTYKI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Wojciech Maleika, Michał Pałczyński
VIRTUAL MULTIBEAM ECHOSOUNDER IN INVESTIGATIONS ON SEA BOTTOM
MODELING .
. . . . . 111
Radosław Mantiuk
HDRLIB: BIBLIOTEKA DO SZYBKIEGO PRZETWARZANIA OBRAZÓW HDR WYKORZYSTUJĄCA
ZAAWANSOWANE MOśLIWOŚCI PROCESORÓW CPU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Ireneusz Mrozek, Eugenia Buslowska, Bartosz Sokol
MPS(3N) TRANSPARENT MEMORY TEST FOR PATTERN SENSITIVE FAULT DETECTION . . . . . . 129
Adam Nowosielski, Krzysztof Kłosowski
ANALIZA NATĘśENIA RUCHU OSÓB NA MONITOROWANYCH OBSZARACH . . . . . . . . . . . . . . . 139
4
Walenty Oniszczuk
MODELLING AND ANALYSIS OF TWO-SERVER NETWORKS WITH FINITE CAPACITY BUFFERS AND
BLOCKING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Jerzy Pejaś
DIRECTED THRESHOLD SIGNCRYPTION SCHEME FROM BILINEAR PAIRING UNDER SOLE CONTROL
OF DESIGNATED SIGNCRYPTER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Andrzej Piegat, Marek Landowski
LACK OF INFORMATION – AVERAGE DISTRIBUTION OF PROBABILITY DENSITY . . . . . . . . . . . . 173
Jacek Pomykała, Bartosz Źrałek
DYNAMIC GROUP THRESHOLD SIGNATURE BASED ON DERANDOMIZED WEIL PAIRING
COMPUTATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
Orest Popov, Anna Barcz, Piotr Piela
DETERMINING THE EFFECTIVE TIME INTERVALS IN THE RECURRENT PROCESSES OF
IDENTIFICATION OF DYNAMIC SYSTEMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Michał Słonina, Imed El Fray
INFRASTRUKTURA ZARZĄDZANIA UPRAWNIENIAMI WYKORZYSTUJĄCA KONTROLĘ DOSTĘPU
OPARTĄ NA ROLACH ZINTEGROWANĄ Z JĄDREM SYSTEMU OPERACYJNEGO . . . . . . . . . . . . . 203
Marcin Suchorzewski
EVOLVING WEIGHTED TOPOLOGIES FOR NEURAL NETWORKS USING GENETIC PROGRAMMING ..... 211
Galina łariova, Alexandr łariov
EFEKTYWNE ALGORYTMY WYZNACZANIA WYRAśENIA
POSTACI
Y=(A B)X ............................. 221
Tatiana Tretyakova, Abdullah Zair
FORMATION OF THE CONTENTS OF KNOWLEDGE'S BASES FOR LOCAL INTELLIGENT DECISION
SUPPORT SYSTEMS .................................................................................................................... 231
Jarosław Wątróbski, Zbigniew Piotrowski
IMPACT OF THE PRESENCE OF LINGUISTIC DATA ON THE DECISION AID PROCESS .......................... 241
Increasing data locality of parallel programs
executed in embedded systems
Włodzimierz Bielecki, Krzysztof Kraska
Szczecin University of Technology,
Faculty of Computer Science and Information Technology
Abstract:
Increasing data locality in a program is a necessary factor to improve performance of
software parts of embedded systems, to decrease power consumption and reduce memory
on chip size. A possibility of applying a method of quantifying data locality to a novel
method of extracting synchronization-free threads is introduced. It can be used to
agglomerate extracted synchronization-free threads for adopting a parallel program to a
target architecture of an embedded system under various loop schedule options (spacetime mapping) and the influence of well-known techniques to improve data locality. The
choice of the best combination of loop transformation techniques regarding to data
locality makes possible improving program performance. A way of an analysis of data
locality is presented. Experimental results are depicted and discussed. Conclusion and
future research are outlined.
Keywords:
data locality, compilers, parallel processing, embedded systems
1. Introduction
Embedded systems involved in data processing consist of programmable processors,
program components processed by the processors and hardware components often realized in FPGA cooperating with software parts of the system. Software components
enable making corrections quickly, code reusing, elastic changing a program permitting
for reducing the time of delivering product to the market. But programmable processors
consume considerably more energy and they are significantly slower than their hardware counterparts. Hardware solutions assure greater performance and smaller power
consumption however designing time may be long and the design process is expensive [9].
Multiprocessor architectures for embedded systems are widespread on the contemporary electronic market. For example, the Xilinx FPGA Virtex-4FX chip includes up
to two PowerPC405 processors, National Semiconductor’s Geode chips enable to join
several processors to build a multiprocessor system based on the x86 architecture, the
HPOC project (Hundred Processors, One Chip) undertaken at Hewlett Packard attempts
to consolidate hundreds of processors on one chip using co-resident on-chip memory [4].
6
Włodzimierz Bielecki, Krzysztof Kraska
Similarly to the computer software development, the embedded system development
needs programming languages, debuggers, compilers, linkers and other programming
tools. Approved as an IEEE standard, the SystemC language is an example of the tool
that enables the implementation of both software and hardware parts of embedded systems.
The optimal implementation of software components designed for multiprocessor
embedded systems is critical for their performance and the power consumption. However, poor data locality is a common feature of many existing numerical applications [6].
Such applications are often represented with affine loops where the considerable quantities of data placed in arrays exceeded the size of a fast but small cache memory. For an
inefficient code, referenced data has to be fetched to a cache from external memory
although they could be reused many times. Because cache is expensive, memories often
operate at full speed of a processor while cheaper but more capacious external memory
modules operate at several times slower frequency, hence the time to access data located
in a cache memory is significantly less. Improvement in data locality can be obtained by
means of high-level program transformations. Increasing data locality within a program
improves the utilization of fast data cache and delimits accesses to slower memory
modules at lower level. Finally it makes general performance improvement for software
parts of embedded systems.
2. Analysis of data locality for synchronization-free slices
A new method of extracting synchronization-free slices (SFS) in arbitrarily nested
loops was introduced in [1]. The method enables us to extract more parallel threads than
other methods. The well-known technique invented by Wolfe [3] estimates data reuse
factors. It makes possible to adopt such order of the loop execution that increases data
locality in a program. In relation to the method of extracting synchronization-free slices,
the estimation of data locality is a necessary activity to obtain an improved performance
for a program executed on a target architecture. The SFS method extracts maximal
number of the parallel threads however any target embedded architecture consists of the
fixed number of CPU cores usually smaller than the number of threads extracted.
Hence, it is necessary to adjust the level of parallelism in a program to the target architecture [10]. Our previous research conducted on parallel computers indicates that the
extraction of synchronization-free slices as well as applying the tiling and the array
contraction techniques within an individual thread can considerably increase the performance of a parallel program. For example, the results of the experiments performed
for the Livermore Loops Kernel 1 (hydro fragment) [5] and the matrix multiplication
algorithm [6] indicate the considerable gains in the execution time (Figure 1a
and Figure 1b) [2].
On the contrary, the example of a simple code in Figure 2 executed on the same target architecture proves that the extraction of parallel slices under certain circumstances
can limit the performance of a program – the execution time of the parallel code (8
seconds) was about 30% greater than that of the correspondent sequential code (6
seconds). It can be noticed that the parallel code has the decreased spatial-reuse factor
value for a reference to the array a[] caused to maintain the coherence between the
caches of multiple processors to a large extent.
Increasing data locality of parallel programs executed in embedded systems
(a)
(b)
Figure 1. Execution time of (a) Livermore Loops Kernel 1 (b) matrix multiplication
…
#define SIZE 100000000
int main(void)
{
double *a = new double[SIZE];
for(long i=0; i<SIZE; i++)
a[i]=(double)i+1;
for(long i=0; i<(SIZE-2); i++)
a[i+2]=sin((a[i]*SIZE+1)/SIZE);
return 0;
}
(a) Sequential code
#include <omp.h>
…
#define SIZE 100000000
int main(void)
{
omp_set_num_threads(2);
double *a=new double[SIZE];
for(long i=0; i<SIZE; i++)
a[i]=(double)i+1;
#pragma omp parallel for
private(j,i) shared(a)
for(long j=0; j < 2 ; j++)
for(long i=j; i<(SIZE-2); i+=2)
a[i+2]=sin((a[i]*SIZE+1)/SIZE);
return 0;
}
(b) Parallel code
Figure 2. Decreased performance in the parallel version of a simple code
7
8
Włodzimierz Bielecki, Krzysztof Kraska
The assurance of the optimal performance for a program with the level of parallelism limited to the possibility of a target architecture requires the iterative estimation
of data locality for different ways of the slices agglomeration in combination with different types of scheduling (space-time mapping) and applying well-known techniques
for improving data locality. The choice of the best combination of the above-mentioned
elements under a generalized data locality factor will assure the optimal performance of
a program.
For both of the Livermore Loops Kernel 1 and the matrix multiplication algorithm,
the level of parallelism was adjusted to a target architecture by applying the function
omp_set_num_threads( omp_get_num_procs( ) ) from the OpenMP
library. The number of threads created for the target architecture (2 x Intel Pentium 4
with Hyper-Threading technology) was 4. The size of the DataCache-L1 line for the
processor was 128-bytes which corresponds to 32 array elements. Since the directive
#pragma parallel in the both programs omitted the type of the iteration scheduling, the compiler applied the scheduling of the static policy allocating ¼ consecutive
iterations to each thread [12].
The data locality factors for the matrix multiplication algorithm and the Livermore
Loops Kernel 1 calculated with the method [3] are presented in Table 1, Table 2 and
Table 3.
Table 1. Reuse factors for the matrix multiplication algorithm
Reference
Reuse factors
Temporal
Spatial
Self-reuse
Cumulative self
reuse
Data footprint
Rk*
Rj*
Ri*
Fk *
F j*
Fi *
z[i][j]
N
1
1
1
32
1
N
32
1
N
32N
32N
1
N/32
N2/128
x[i][k]
1
N
1
32
1
1
32
N
1
32
32N
32N
N/32
N/32
N2/128
y[k][j]
1
1
N/4
1
32
Σ
1
1
32
N/4
1
32
8N
N
N /32
N2/32
6N2/128
Ri
N2/32 + N/16
Rj
N+N/32 + 1
Rk
72N
i
64N + 32
j
N+33
k
N/4 + 2
i
N + 64
j
N + 33
k
2
In the case of the matrix multiplication, there are no separate references to the same
array, therefore only the self-reuse factors were calculated. For arrays of size N x N,
where N=2048, the data footprint for the outermost loop, Fi*, considerably exceeded the
size of DataCache-L1 causing an access to slower memory level:
Fi* =
6∗ N2
; N = 2048 ; Fi * = 196608 .
128
9
Increasing data locality of parallel programs executed in embedded systems
Table 2. Temporal-reuse factors for the Livermore Loops Kernel 1 (hydro fragment)
Reference
x[k]
y[k]
Z[k+10]
Z[k+11]
Temporal
k
1
1
1
1
l
Loop
Loop
Loop
Loop
Spatial
k
32
32
32
32
l
1
1
1
1
Σ
Reuse factors
Cumulative self
Self-reuse
reuse
Rk
Rl
Rk*
Rl*
32
loop
32
32loop
32
loop
32
32loop
32
loop
32
32loop
32
loop
32
32loop
Fk *
n/32
n/32
n/32
n/32
Fl *
n/128
n/128
n/128
n/128
128
n/8
n/32
4* loop
128
128* loop
Data footprint
Table 3. Spatial-reuse factors for the Livermore Loops Kernel 1 (hydro fragment)
Reference
z[k+11]
z[k+10]
Reuse factors
Group-temporal reuse
k
l
1
1
1
loop
Self-spatial reuse
k
l
32
1
32
1
Cumulative group reuse
k
l
32
32
32
32*loop
The value Fi*=196608 for the 4-bytes array element size gives 768KB. After applying the tiling technique and splitting data into blocks with the side B=32 elements, the
value of the data footprint was decreased because that data amount could be entirely
placed in DataCache-L1:
Fi* =
6 ∗ B2
; B = 32 ; Fi * = 48 .
128
The value Fi*=48 for the 4-bytes array element size gives 192B. It should be noticed
that DataCache-L1 was shared between 2 parallel threads.
In the case of the Livermore Loops Kernel 1 (hydro fragment), the self-reuse factors
are identical for the source with fine grained parallelism and the source with synchronization-free slices extracted. There is also the group-reuse between references z[k+11]
and z[k+10] sorted so that the reuse distance between adjacent references is lexicographically nonnegative. There are also self-temporal and self-spatial reuse factors for
the both references. The group-spatial reuse factor equals one since there is the
self-spatial reuse factor. To take into account reuse between references, a generalized
data reuse factor for the outermost loop Ll is computed by dividing the data footprint
by the cumulative group reuse factor that finally gives:
n / 32
= n / (322 * loop) .
32* loop
3. Experiments
Experiments were performed by means of the software simulator IBM PowerPC
Multi-Core Instruction Set Simulator v1.29 (MC-ISS) [7] intended for the PowerPC
10
Włodzimierz Bielecki, Krzysztof Kraska
405/440/460 embedded systems development and the related IBM RISCWatch v6.0i
debugger [8]. Cache utilization was reached from DCU (sim readdcu) statistics of
the simulator.
The following configuration of the simulator was used to conduct experiments:
 2 x PowerPC405 processors with
 16KB two-way set-associative DataCache-L1 (8 words/32 bytes cache line)
 no DataCache-L2.
The sources exposed to the experiments were developed in a manner representative
for the embedded software development using the cross-platform development environment composed of the Intel PC workstation and the target executable architecture
[8]. The examined C sources were compiled on the Fedora 4 Linux x86 to the PowerPC
Embedded ABI file format by means of the gcc-3.3.1 compiler and executed in the
target system environment using the MC-ISS software simulator. Due to the target architecture limitations, two threads of the data processing were extracted in the sources.
Iterations of a parallel loop were assigned to threads according to the scheduling of
static policy, i.e., one thread has assigned a half of the consecutive loop iterations [12].
Table 4 shows the results achieved for the matrix multiplication code being simulated in the MC-ISS embedded software simulator.
Table 4. The experimental results of DCU utilization for the matrix multiplication code
(N=256, B=8)
RISCWatch
STATUS
DCU total
accesses
DCU misses
Misses/total
[%]
Sequential
Parallel SFS
CPU0
CPU1
Parallel SFS
with Blocking
CPU0
CPU1
Parallel SFS with
Blocking &
Array Contraction
CPU0
CPU1
CPU0
CPU1
31852424
N/A
2160751
N/A
8634538
8634538
317789
317789
317789
317789
6,8%
N/A
6,8%
6,8%
0,22%
0,22%
0,27%
0,27%
127044104 127044104 145012296 145012296 119846472 119846472
Table 5 shows the results obtained for the Livermore loop Kernel 1 (hydro fragment) code executed in the MC-ISS embedded software simulator.
Table 5. The experimental results of DCU utilization for the Kernel 1
(loop=100; array_size=8192*sizeof(int))
RISCWatch
STATUS
DCU total
accesses
DCU misses
misses/total
[%]
Sequential
Parallel
Parallel SFS
CPU0
CPU1
Parallel SFS with
Array Contraction
CPU0
CPU1
CPU0
CPU1
CPU0
CPU1
11527637
N/A
5800687
5800687
8399916
8399916
309546
N/A
155799
155799
5130
5130
5131
5131
2,69%
N/A
2,69%
2,69%
0,04%
0,04%
0,06%
0,06%
11576472 11576472
The examined sources have achieved the same (in the first case) and much better (in
the second case) DCU misses/total ratio after synchronization-free slices extraction.
Increasing data locality of parallel programs executed in embedded systems
11
Obviously, increase in performance of the programs by the parallel execution with no
synchronizations is not considered in the tables. Applying the blocking technique has
further improved data locality. For the Parallel SFS sources with the array contraction
technique applied the misses/total ratio do not properly render data locality improvement since reused data were placed in CPU registers and therefore DCU total accesses
factors were decreased. In fact, data locality is better then previously due to usage of the
fastest memory registers.
The results achieved in the foregoing experiments confirmed the results previously
achieved for real multiprocessor computers. They indicated on the significant improveimprov
ment of the DCU utilization for a PowerPC405 processor used in embedded systems
where well-known
known optimization techniques to improved data locality were applied withwit
in synchronization-free slices.
4. A source-to-source compiler
We intend to implement the results of our research in an academic source-to-source
source
compiler. Figure 3 illustrates the structural overview of the software to be build.
Figure 3. A structural overview of the software to build
based on the results of research
The MainController is responsible for managing the execution of all compiler modmo
ules. The SlicesExtractionModule implements the method of extracting parallel synsy
chronization-free slices [1].. It makes the extraction of slices from an input C source
taking advantage of the Omega Calculator Library [11] to fulfill a dependence analysis.
The LoopTransformationModule analyses possible combinations of the slices agglomeagglom
ration and applies into output code various space-time scheduling options as well as
techniques for improving data locality (i.e. tiling and array
a
contraction). The DataLocalityEstimationModule implements the method of calculating data locality factors.
VOPC domain model of the module worked out during research is presented in FigFi
ure 4. Both latter modules use the linear algebra engine from the Wolfram Research’s
12
Włodzimierz Bielecki, Krzysztof Kraska
Mathematica package. The CodeGenerationModule is responsible for the generation of
source code destined for the target architecture; there is the explicit assumption that the
tool will be able to generate output code according to the OpenMP2.0
Ope
standard.
Figure 4. VOPC Domain Model of the
he DataLocalityEstimationModule
5. Conclusion
The estimation of data locality for parallel threads of a loop extracted by means of
the method introduced in [1] is a necessary activity to assure optimal performance for a
program adjusted to and executed in a targeted architecture. The experiments presented
in this paper targeted to an embedded system environment indicate on the identical
gains achieved through the increased utilization level of DCU for sources where wellwell
known optimization techniques to improved data locality were applied.
An important observation obtained from the research is that other
ot
software components of the system simultaneously worked during the program execution have an unfounf
reseen impact on the cache utilization. For this reason, it is correctly to assume that the
available cache size is different for various configurations of the system. To optimize
cache utilization, it is worth to estimate the actual size of available cache memory.
Let be noticed that the limitations of using the results of our work go from the limilim
tations of the method introduced in [3]. It applies group-reuses
group
only to separate array
references that indexes expressions produce the same coefficient matrix A. Our effort is
targeted toward the expansion of the presented method to operate the cases where:
A1 i1 + c1 = A2 i2 + c2 .
Increasing data locality of parallel programs executed in embedded systems
13
References
[1] Bielecki W., Siedlecki K. Extracting synchronization-free slices in perfectly nested
uniform and non-uniform loops. Electonic Modeling, 2007.
[2] Bielecki W., Kraska K., Siedlecki K. Increasing Program Locality by Extracting
Synchronization-Free Slices in Arbitrarily Nested Loops. Proceedings of the Fourteenth International Multi-Conference on Advanced Computer Systems ACS2007,
2007.
[3] Wolfe M. High Performance Compilers for Parallel Computing. Addison-Wesley,
1996.
[4] Richardson S. MPOC. A Chip Multiprocessor for Embedded Systems. [online]
http://www.hpl.hp.com/techreports/2002/HPL-2002-186.pdf, HP Laboratories,
2002.
[5] Netlib Repository at UTK and ORNL [online].
http://www.netlib.org/benchmark/livermorec.
[6] Aho A. V., Lam M. S., Sethi R., Ullman J. D. Compilers: Principles, Techniques
and Tools, 2nd Edition. Addison-Wesley, 2006.
[7] IBM PowerPC Multi-Core Instruction Set Simulator. User’s Guide, IBM Corporation, 2008.
[8] IBM RISCWatch Debugger. User’s Manual, IBM Corporation, 2008.
[9] Stasiak A. Klasyfikacja Systemów Wspomagających Proces Przetwarzania
i Sterowania. II Konferencja Naukowa KNWS'05, 2005.
[10] Griebl M. Habilitation. Automatic Parallelization of Loop Programs for Distributed Memory Architectures. Iniversitat Passau, 2004.
[11] Kelly W., Maslov V., Pugh W., Rosser E., Shpeisman T., Wonnacott D. The omega
library interface guide. Technical Report CS-TR-3445, University of Maryland,
1995.
[12] Chandra R., Dagum L., Kohr D., Maydan D., McDonald J., Menon R. Parallel
Programing In OpenMP. Morgan Kaufmann, 2001.
Passive operating system fingerprinting using neural
networks and induction of decision rules
Bartosz Bielski, Przemysław Klęsk
Szczecin University of Technology,
Faculty of Computer Science and Information Technology
Abstract:
One of the most difficult task for people managing big- or even medium-size computer
network is determining the accurate number of hosts that are protected. This information
is really helpful for accurately configuring network-based devices such as intrusion
detection systems. Exact knowledge of the operating systems (residing in hosts) can be
useful for excluding many alerts that cannot apply to a remote operating system that is
being examined. In this context, we consider a classification problem (we try to recognize
the class of operating system) when some of the characteristics of the system are modified
by its user or any other program (e.g. for internet connection tuning). We use neural
networks (MLP, RBF) and rule induction techniques. It should be stressed that existing
fingerprinting tools get high accuracy results when tested on the “clean” versions of
operating systems, but they fail to detect systems with modified TCP/IP parameters.
Keywords:
passive OS fingerprinting, TCP/IP fingerprinting, operating systems recognition, neural
networks, induction of decision rules
1. Introduction
Accurate operating system fingerprinting by passive analysis of the network traffic
can be used for maintaining a security access policy. This type of policy may list the
types of hosts that are allowed and disallowed (for example administrator can disallow
really old versions of operating systems which may have serious bugs).
Remote operating systems fingerprinting is the way of determining the operating
system of a remote host. It is based on the fact that the the TCP/IP protocol specification
does not clearly describe how to use all fields in the TCP and IP header. Due to this fact
developers of operating systems implement differently the TCP/IP stack – which can be
used for identification. Even versions and patches can be identified, because programmers are using e.g. other security features in the systems.
Remote operating systems can be identified by three approaches – “just looking”,
active and passive fingerprinting. “Just looking” method is really not accurate and may
give inadequate results, because of the easy way to modify given presented information;
active scanning provides detailed information by actively sending packets and passive
analysis provides real-time (but usually less detailed) information. Nevertheless, scanning consumes hosts resources and network bandwidth and it requires more time on
16
Bartosz Bielski, Przemysław Klęsk
broad networks. Moreover, it can cause some network devices to stop servicing. Passive
fingerprinting hase none
one of the flaws mentioned above.
Figure 1.. OSI and TCP/IP stack
(source: http://tutorials.beginners.co.uk/introducing-tcp-ip.htm?p=2)
http://tutorials.beginners.co.uk/introducing
Passive fingerprinting is a method of recognizing operating systems based only on
the packet traffic which is already transmitted. There is no need to send extra packets to
remote host, because all the packets may be used to identify attacker or any person that
is doing a security audit.
A main goal of this research is to determine how accurately remote operating systems can be detected using passive fingerprinting by means of neural networks and
induction of decision rules. Other goal is to evaluate the fingerprinting on some useruser
modified TCP/IP stacks on which current recognition tools fail to work
w
and determine
how well neural networks can identify operating systems that were not in the training
set.
2. Passive OS fingerprinting – existing solutions
Based on our observations, which were confirmed by some of earlier researches [3],
we can say that currently
urrently existing fingerprinting tools are mostly: rule based (very simsi
ple rules) or nearest neighbour implementation (usually 1-NN).
1
Using such approach
there is no way to accurately fingerprint operating systems having any modifications
that were not included
luded in the fingerprinting database of the systems. On the other hand,
there is no way to include all such information in the database because of the variety
var
of
possible modifications.
Passive operating system fingerprinting using neural networks…
17
3. Passive OS fingerprinting using neural networks
We try the application of neural networks – MLP, RBF – to our problem, knowing
their successful application in such pattern-recognition areas as: handwriting recognition, identifying vehicles, medicine, etc.
The database of the operating systems was taken from the open-source tool named
ettercap [13], which at present includes the largest set of the OS examples – 1765.
The structure of values included in the ettercap set of operating systems is presented
in Figure 2.
WWWW : 4 digit hex field indicating the TCP Window Size
MSS : 4 digit hex field indicating the TCP Option Maximum Segment Size
if omitted in the packet or unknown it is "_MSS"
TTL : 2 digit hex field indicating the IP Time To Live
WS
: 2 digit hex field indicating the TCP Option Window Scale
if omitted in the packet or unknown it is "WS"
S
: 1 digit field indicating if the TCP Option SACK permitted is true
N
: 1 digit field indicating if the TCP Options contain a NOP
D
: 1 digit field indicating if the IP Don't Fragment flag is set
T
: 1 digit field indicating if the TCP Timestamp is present
F
: 1 digit ascii field indicating the flag of the packet
S = SYN
A = SYN + ACK
LEN : 2 digit hex field indicating the length of the packet
if irrelevant or unknown it is "LT"
OS
: an ascii string representing the OS
Figure 2. TCP/IP parameters used to identify operating system
(source: ettercap database)
First of all, different detailed versions of operating systems were grouped into larger
classes – in order to have a sensible proportion: number of examples / number of
classes, see Table 1. Experiments in which we tried to identify the exact OS version
were conducted later.
As seen on Figure 3 in state of full knowledge about operating systems and full trust
researched neural network can identify systems with about 100% probability, just like
current rule-based tools. There is already very rare situation when we can give trust
computers and systems we do not own.
18
Bartosz Bielski, Przemysław Klęsk
Table 1. Operating systems
ems classes
Pos.
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
OS class
windows
linux
bsd
other
solaris
unix
mac_os
network modem/router
cisco device
network printer
Number of examples
exa
599
349
169
164
132
94
89
83
44
39
Figure 3. Results of recognition by many kinds of neural networks
When the knowledge and trust drops and especially when we cannot trust remote
systems are clean and unmodified, neural network get really good prediction results.
The good scores are especially valuable when there is no strict signature in the database
of operating systems so that system cannot be recognised at all.
As seen on Figure 4 we compared best neural network from earlier researches (3(3
layer multi layer perceptron network – MLP with 10 neurons
ne
in every hidden layer)
with multi-stage
stage neural network architecture that can detect operating system version
Passive operating system fingerprinting using neural networks…
networks
19
too. The multi-stage
stage architecture was build only for systems that meet the minimum 1%
occurrence of quantity (Windows, Linux, BSD, etc).
Figure 4. Results by recognition depth
Figure 5. Best neural network topology (3 layers, 10 neurons in every hidden layer)
One should note that: for modified TCP/IP stacks and when the original signatures
were not placed in the training set – the network gives 97,7% correct classification rate.
When trying to additionally determine the exact version of the OS – the rate dropped,
but still was very high – 85%.
4. Induction of decision rules, Pareto-optimal
optimal rules
To have a better understanding of the data set we also decided to do the induction of
decision rules. Discovering interesting and statistically relevant rules may allow to perpe
form simple OS fingerprinting without a neural network classifier, since ‘if-then’ rules
are of high interpretive value for humans.
20
Bartosz Bielski, Przemysław Klęsk
4.1. Greedy induction of decision rules
Say we want to find all possible rules with the length of premise equal to p , i.e. in
the premise there are exactly p terms connected with ‘and’. For example, when p = 3
a possible rule is:
if (
x3 = 2) and ( x5 = 3) and ( x6 = 1) then ( y = 2).
p =3
The algorithm to find all such rules can be named as greedy – meaning that we will
iterate over all
( ) combinations of input variables x
n
p
j
and for each single combination
we will also iterate over all possible settings of values for these variables.
The exact total number of iterations in such an algorithm (and in the same time the
total number of rules) can be calculated as follows. Let Cn , p be the set of all
( ) comn
p
binations of indices of variables. E.g.: C4,2 = {(1, 2), (1,3), (1, 4), (2,3), (2, 4), (3, 4)} . The
exact number of iterations is then equal to
∑
, ,…, j p )∈Cn , p
mj mj ⋯mj .
1
2
(1)
p
( j1 j2
And if we wanted to find all rules with premises of length equal to p or less than p
then the number of iterations (and rules) is
p
∑
∑
, ,…, jk )∈Cn, k
k =1 ( j j
1 2
mj mj ⋯mj .
1
2
(2)
k
For a single fixed premise what should be the value chosen as the decision? Let X
be a general notation for the premise and Y for the decision, e.g.:
if (
x3 = 2) and ( x5 = 3) and ( x6 = 1)
then (
y
= 2).
X =x
Y=y
Then, for a fixed premise X = x we deal with a certain conditional probability distribution of decisions P (Y | X = x) . In other words, from the whole data set we take the
subset containing only the cases where X = x and within this subset we look at the
distribution of different decisions y ∈ {1, 2,… , my } . As the decision value we choose
such y for which P (Y = y | X = x) is maximal.
4.2. Rule assessment measures
Each rule should be assigned a certain number assessing how interesting this rule is
and how statistically relevant it is for the decision. The most basic and common meas-
21
Passive operating system fingerprinting using neural networks…
ure is confidence1 of the rule, which is exactly equal to P (Y = y | X = x) . Nevertheless,
we focus on two other rule assesment measures which are more sensitive measures2:
 Conditional entropy given the fixed X = x :
H (Y | X = x) = −∑P(Y = y | X = x)log 2P(Y = y | X = x).
y∈Y
(3)
 Kullback-Leibler's number (divergence):
KL( P(Y | X = x) || P (Y )) = ∑P (Y = y | X = x)log 2
y∈Y
P(Y = y | X = x)
.
P (Y = y )
(4)
See also [12].
In the case of conditional entropy, the smaller the entropy the better the rule. In the
case of Kullback-Leibler's number, the greater the number the better the rule.
The conditional entropy attains the largest (so the worst) values for the rules having
distributions of decisions P (Y | X = x) close to uniform. This is natural, since such
rules poorly predict the decision variable. On the other hand, the more the distribution
P (Y | X = x) is concentrated around a single decision value the closer the entropy is to
zero – the better the rule.
As regards the Kullback-Leibler's number, it specifically rewards those rules for
which the distribution P (Y | X = x) differs largely from the distribution P (Y ) – the
distribution of decision within the whole data set. This can be also well explained having in mind a naive zero rule classifier. The naive classifier responds all the time with
the same decision y which the most frequent one in the whole data set (having the
greatest P (Y = y ) probability). One could say informally that by applying the Kullback-Leibler's number we look for ‘suprising’ rules i.e. such ones that allow to predict
well rare decisions (which is more difficult) not the frequent decisions (which is easy).
That is why the Kullback-Leibler's number is also called divergence or the pseudo distance of distributions [12]. It must not be treated as the actual distance function (the
metric) for example because of the fact it is not a symmetric function with respect to its
arguments.
Basing on the above measures, one can also assess not only the rules but also the
premises alone. I.e. one can detect statistically relevant premises and statistically relevant variables (premises of length one). For this purpose weighted versions of the former formulas are applied. One should take under consideration all the settings of values
for a fixed set of variables in the premise:
1
The confidence measure in conjunction with the support (the number of cases in the dataset
agreeing with the premise of the rule) is the basis of the known A priori algorithm, which is applied to find associative rules in large datasets [11].
2
Especially in the case of unequal decision classes and also in the case of more than two decisions.
22
Bartosz Bielski, Przemysław Klęsk
H (Y | X ) =
∑P ( X = x) H (Y | X = x).
(5)
∑ P( X = x) KL( P(Y | X = x) || P(Y )).
(6)
x∈ X
KL ( P (Y | X ) || P (Y )) =
x∈ X
4.3. Pareto-optimal rules
All found rules can be graphed as points in a two-dimensional plot, where on one
axis we put the support of the rule (the number of cases in the data set agreeing with the
premise of the rule) and on the other axis we put the assessment measure (the KL's
number or the conditional entropy). See the Fig. 6.. As one can see these two magnitudes
are in a conflict,, since we are interested in rules which are supported by as many examexa
ples as possible but on the other hand we are interested in rules with high assessment
measure (which typically happens for rare rules – with small support). Therefore the
rules lying on the border of the graph can be treated as the most interesting. They are
called Pareto-optimal rules, in the sense that for each rule from this border (the Pareto
border) there exists no other rule dominating the former i.e. with greater (or equal) both
the support and the assessment measure (only one of these two magnitudes
magnitu
can be
greater or equal).
Figure 6. Pareto-optimal
optimal rules marked as asterisks within a graph of all rules.
The concept of Pareto-optimal
optimal set of rules can also be met e.g. in [13].
Passive operating system fingerprinting using neural networks…
23
Interesting rules for passive OS fingerprinting
Probability (frequency) distribution of decision variable in the whole data set was:
P(Y = BSD) = 0.19807, P(Y = Windows) = 0.34222, P(Y = Cisco router) = 0.050511,
P(Y = Linux) = 0.095914, P(Y = MacOS) = 0.067537, P(Y = network modem/router) =
0.022134, P(Y = network printer) = 0.014188, P(Y = other) = 0.081158, P(Y = Solaris)
= 0.074915, P(Y = Unix) = 0.053348.
All rules for which the decision distribution differs relevantly from the distribution
above can be considered as interesting ones. Below we show interesting rules with premises of length 1, 2, 3. In parenthesis we show support and probability of decision (confidence).
Rules with premises of length = 1:
1: if (LEN = 48) then (OS = Windows). (395/1762) (0.68101) KL=0.37212.
2: if (LEN = 52) then (OS = Windows). (76/1762) (0.75) KL=0.68209.
3: if (LEN = 64) then (OS = Windows). (130/1762) (0.63846) KL=0.47577.
4: if (WWWW = 60000-65536) then (OS = Windows). (316/1762) (0.59494) KL=0.45079.
5: if (S = 1) then (OS = Windows). (753/1762) (0.58964) KL=0.36388.
6: if (TTL = 128) then (OS = Windows). (786/1762) (0.53308) KL=0.19704.
7: if (LEN = 60) then (OS = BSD). (282/1762) (0.46454) KL=0.49247.
8: if (WWWW = 20001-30000) then (OS = Solaris). (65/1762) (0.35385) KL=1.1769.
9: if (TTL = 64) then (OS = BSD). (759/1762) (0.33465) KL=0.20533.
10: if (TTL = 255) then (OS = Solaris). (165/1762) (0.27273) KL=0.73742.
Rules with premises of length = 2:
1: if (S = 1) and (LEN = 60) then (OS = BSD). (119/1762) (0.88235) KL=1.6055.
2: if (WWWW = 60000-65536) and (S = 1) then (OS = Windows). (181/1762) (0.87845)
KL=0.97709.
3: if (TTL = 128) and (LEN = 48) then (OS = Windows). (239/1762) (0.86611) KL=0.90106.
4: if (TTL = 128) and (S = 1) then (OS = Windows). (366/1762) (0.85792) KL=0.86164.
5: if (WWWW = 0-10000) and (LEN = 60) then (OS = BSD). (125/1762) (0.728) KL=1.0152.
6: if (TTL = 255) and (D = 0) then (OS = MacOS). (80/1762) (0.4625) KL=1.0222.
7: if (TTL = 255) and (D = 1) then (OS = Solaris). (85/1762) (0.43529) KL=1.1085.
8: if (MSS = 40001-50000) and (TTL = 64) then (OS = Cisco router). (74/1762) (0.43243)
KL=1.2226.
9: if (TTL = 255) and (N = 0) then (OS = MacOS). (94/1762) (0.40426) KL=1.095.
10: if (WWWW = 60000-65536) and (LEN = -1) then (OS = Unix). (64/1762) (0.34375)
KL=1.2274.
11: if (TTL = 255) and (S = 0) then (OS = MacOS). (125/1762) (0.304) KL=1.0686.
12: if (TTL = 64) and (S = 0) then (OS = Linux). (432/1762) (0.24769) KL=0.46046.
13: if (S = 0) and (D = 0) then (OS = other). (464/1762) (0.21552) KL=0.56091.
24
Bartosz Bielski, Przemysław Klęsk
Rules with premises of length = 3:
1: if (TTL = 128) and (S = 1) and (F = 0) then (OS = Windows). (185/1762) (0.93514)
KL=1.1885.
2: if (WWWW = 0-10000) and (S = 1) and (LEN = 60) then (OS = BSD). (79/1762) (0.92405)
KL=1.8509.
3: if (S = 1) and (T = 1) and (LEN = 60) then (OS = BSD). (104/1762) (0.91346) KL=1.7969.
4: if (S = 1) and (F = 1) and (LEN = 60) then (OS = BSD). (83/1762) (0.89157) KL=1.6533.
5: if (S = 1) and (N = 1) and (LEN = 60) then (OS = BSD). (119/1762) (0.88235) KL=1.6055.
6: if (MSS = 0-10000) and (TTL = 128) and (S = 1) then (OS = Windows). (337/1762)
(0.85757) KL=0.86806.
7: if (WS = -1) and (D = 0) and (LEN = -1) then (OS = other). (116/1762) (0.34483)
KL=1.1299.
8: if (N = 0) and (D = 0) and (F = 1) then (OS = MacOS). (250/1762) (0.28) KL=0.87672.
5. Summary
In this paper we mine interesting rules for the problem of passive OS fingerprinting.
We also present results of classification with a neural network, which in comparison to
the currently existing tools seems to be much more efficient. Very low error rates were
obtained by both the OS name and OS version classifier. In comparison to existing
solutions this is the best known classification rate in passive OS fingerprinting tested on
unseen or modified data.
References
[1] Berrueta D. B. A practical approach for defeating Nmap OS-Fingerprinting.
[online] http://www.zog.net/Docs/nmap.html. [06/12/2007]
[2] Hortop P. Active OS Fingerprinting Tools. [online]
http://www.networkintrusion.co.uk/ osfa.htm, 2006a. [20/02/2008]
[3] Lippmann R., Fried D., Piwowarski K., Streilein W. Passive Operating System
Identication From TCP/IP Packet Headers, 2003. [20/02/2008]
[4] Internetworking Basics, [online]
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_ doc/introint.htm
[07/10/2007]
[5] Introducing TCP/IP, http://tutorials.beginners.co.uk/introducing-tcp-ip.htm?p=2.
[08/11/2007]
[6] Dawson K. T. Linux – podręcznik administratora sieci. OReilly, Wydawnictwo
RM, Warszawa 2000.
[7] Kosiński R. Sztuczne sieci neuronowe. Dynamika nieliniowa i chaos. Wydawnictwa Naukowo-Techniczne, Warszawa 2007
[8] Kwiatkowska A. Systemy wspomagania decyzji. Wydawnictwa Naukowe
PWN/MIKOM, Warszawa 2007
[9] Osowski S. Sieci neuronowe w ujęciu algorytmicznym. Wydawnictwa NaukowoTechniczne, Warszawa 1996.
Passive operating system fingerprinting using neural networks…
25
[10] Agrawal R., Imielinski T., Swami A. Mining associations between sets of items in
massive databases, in Proceedings of the 1993 ACM-SIGMOID Int’l Conf. on
Management of Data, 1993, pp. 207–216.
[11] Gray R. M. Entropy and Information Theory, Springer Verlag, New York, USA.
Information Systems Laboratory, Electrical Engineering Department, Stanford
University, 1990.
[12] Słowiński R., Brzezińska I., Greco S. Application of bayesian confirmation measures for mining rules from support-confidence pareto-optimal set, in Rutkowski,
Tadeusiewicz, śurada, 8th International Conference, Zakopane, Poland, June 2006
pp. 1018–1026.
[13] Ettercap – remote fingerprinting tool, http://ettercap.sourceforge.net [20/05/2008]
Analysis of 2D problem in HMM
Janusz Bobulski
Czestochowa University of Technology,
Institute of Computer and Information Science
Abstract:
Hidden Markov models are widely applying in data classification. They are using in many
areas where 1D data are processing. In the case of 2D data, appear some problems with
applying 2D HMM. This paper describe the important limitations of HMM when we have
to processing two dimensional data.
Keywords:
image processing, hidden Markov models HMM, pseudo 2DHMM, 2DHMM
1. Introduction
Hidden Markov models are widely applying in data classification. They are using in
speech recognition, character recognition, 2-D shape classification, biological sequence
analysis, financial data processing, texture analysis, face recognition, etc. This widely
applying HMM is result of its effectiveness. When we work with one dimensional data,
we have good tools and solution for this. But when we process two dimensional data,
we should apply two dimensional HMM. There is problems, because there aren’t good
and efficient solution of three basic problems of 2D HMM [1, 2]:
1. Given observation O={O1,…,OT} and model λ=(A, B, π ); efficiently compute
P(O|λ):
 hidden states complicate the evaluation;
 given two models λ1 and λ2, this can be used to choose the better one.
2. Given observation O={O1,…,OT} and model λ=(A, B, π) find the optimal state
sequence q = (q1, q2,…, qT ):
 optimality criterion has to be decided (e.g. maximum likelihood);
 “explanation” for the data.
3. Given O={O1,…,OT}; estimate model parameters λ=(A, B, π) that maximize P(O|λ).
2. Classic HMM
HMM is used to the identification process. A HMM is a double stochastic process
with underlying stochastic process that is not observable (hidden), but can be observed
through another set of stochastic processes that produce a sequence of observation. Let
O={O1,…,OT} be the sequence of observation of feature vectors, where T is the total
number of feature vectors in the sequence. The statistical parameters of the model may
be defined as follows [3].
28
Janusz Bobulski
 The number of states of the model, N (Fig.1).
 The transition probabilities of the underlying Markov chain, A={aij} 1≤ i,j ≤N where
aij is the probability of transition from state i to state j subject to the constraint
∑
N
j =1
aij = 1 .
 The observation probabilities, B={bj(OT)}, 1≤ j ≤ N, 1≤ t≤ T which represents the
probability of the tth observation conditioned on the jth state.
 The initial probability vector, Π = {πi} 1≤ i≤ N.
Figure 1. One-dimensional HMM [7]
Hence, the HMM requires three probability measures to be defined, A, B, π and the
notation: λ = ( A, B, π ) is often used to indicate the set of parameters of the model.
The parameters of the model are generated at random at the beginning. Then they
are estimated with Baum-Welch algorithm, which is based on the Forward-Backward
algorithm. Second way to estimate of parameters is Viterbi algorithm, which is very
similar to Forward-Backward algorithm. The forward algorithm calculates the coefficient αt(i) (probability of observing the partial sequence (o1,…,ot) such that state qt is i ).
The backward algorithm calculates the coefficient βt(i) (probability of observing the
partial sequence (ot+1,…,oT) such that state qt is i ). The Baum-Welch algorithm, which
computes the λ, can be described as follows [1].
1. Let initial model be λ0
2. Compute new λ based on λ0 and observation O
3. If log ( P( O|λ ) – log P( O|λ0 ) < DELTA stop
4. Else set λ0 ← λ and goto step 2.
The parameters of new model λ (1), based on λ0 and observation O, are estimated
from equation of Baum-Welch algorithm (Fig.2) [1], and then are recorded to the database.
Baum-Welch algorithm (forward-backward)
Forward probability αj(t) for
following recurrent formula:
2 ≤ j ≤ N − 1 oraz 1 ≤ t ≤ Tr
 N −1

 j=2

α j ( t ) =  ∑ α i ( t − 1) aij  b j ( otr )
is calculated with
29
Analysis of 2D problem in HMM
initial condition:
α1 (1) = 1 , α j (1) = a1 j b j ( Otr ) for 2 ≤ j ≤ N – 1
finishing condition:
α N (Tr ) = ∑ α i (Tr ) aiN
N −1
j=2
Backward probability βi(t) for 2 ≤ i ≤ N – 1 and 1 ≤ t ≤ Tr is calculated with
following recurrent formula:
N −1
β i ( t ) = ∑ aij b j ( otr+1 ) β j ( t + 1)
j =2
initial condition:
β i (Tr ) = aiN
1≤i≤N
N −1
finishing condition:
β1 (1) = ∑ a1 j b j ( o1r ) β j (1) .
j =2
Figure 2. Baum-Welch algorithm [1].
Problem:
For giving observation vector O = (o1, o2,..., oT) estimation model parameters λ=(π,
A, B) in order to take maximum P(O | λ).
Problem solution:
 Estimate the parameters of the model λ=(π, A, B)) for maximum P(O | λ),
 Define ξ(i, j) as a probability of being in state i at time t and in the state j at time t+1,
30
Janusz Bobulski
ξ ( i, j ) =
α ( i ) aij b j ( ot +1 ) β t +1 ( j )
=
P (O | λ )
α ( i ) aij b j ( ot +1 ) β t +1 ( j )
N
N
∑∑ α ( i ) a b ( o ) β ( j )
i =1 j =1
t
ij
j
t +1
t +1
Relation in algorithm:
 define γt(i) as a probability being in state i at time t, given the observation sequence
N
γ t ( i ) = ∑ ξt ( i, j )
j =1

T
∑γ (i)
t =1

t
is the expected number of times state i is visited,
T −1
∑ ξ ( i, j ) is the expected number of transition from state i to state j,
t =1
t
 πi = expected frequency in state i at time (t = 1) = γ1(i),
 aij = (expected number of transition from state i to state j ) / (expected number of
transition from state i):
aij =
∑ ξ ( i, j )
∑ γ (i )
t
t
 bj(k) = (expected number of times in state j and observing symbol k) / (expected
number of times in state j):
bj ( k ) =
∑ γ (i )
∑ γ (i )
t , ot = k
t
t
t
Viterbi algorithm [4, 5] (Fig. 3)
 Define δ(i) – the highest probability path ending in state i,
Algorithm:
 Initialisation:
1≤ i ≤ N
δ1 ( i ) = π i bi ( o1 )
ψ1 = 0
 recursion:
δ t ( j ) = max δ t −1 ( i ) aij  b j ( ot )
1≤ j ≤ N
ψ t ( j ) = arg max δ t −1 ( i ) aij 
1≤ i ≤ N
 termination:
2 ≤ t ≤ T, 1 ≤ j ≤ N
P* = max δT ( i ) 
1≤i ≤ N
qT* = arg max δT ( i ) 
1≤ i ≤ N
31
Analysis of 2D problem in HMM
 path (state sequence) backtracking:
qt* = ψ t +1 ( qt*+1 ) , t = T – 1, T – 2,..., 1
Figure 3. Viterbi algorithm [1]
The testing process consists of computing the probability of observation generating
by the models saved in database and choosing this model for which the likelihood is
maximum. In the proposed method, probabilities are calculated separately for each of
the three models representing parts of the face, then they are added. The face, for which
the sum of probability is maximum, is chosen as the correct face. The probability of
generating sequences of observations is computed from the equations (2)-(4) [1].
P (O | λ ) = ∑ P (O | q, λ ) P ( q | λ )
q
T
P(O | q, λ ) = ∏ P(ot | qt , λ ) = bq1 (o1 )bq2 (o2 )...bqT (oT )
i =1
P ( q | λ ) = π q1 aq1q2 aq2 q3 ...aqT −1qT
3. Pseudo 2DHMM
A pseudo 2D Hidden Markov models are extension of the 1D HMM. A P2DHMM
consist of a number of superstates. The topology of superstate model is a linear model,
where only self transition and transition to the following superstate are possible. Inside
32
Janusz Bobulski
the superstates there are linear 1D HMM. The state sequences in the rows are independent of the state sequences of neighboring rows [6, 7].
Figure 4 shows a pseudo two dimensional hidden Markov model which consist of
four superstates. Each superstate contains three states one dimensional HMM.
4. 2DHMM
An extension of the HMM to work on two-dimensional data is 2D HMM (Fig.5).
The principle of two dimensional hidden Markov models was described in the paper
[2]. A 2D HMM can be regarded as a combination of one state matrix and one observation matrix, where transition between states take place according to a 2D Markovian
probability and each observation is generated independently by the corresponding state
at the same matrix position. It was noted that the complexity of estimating the parameters of a 2D HMMs or using them to perform maximum a posteriori classification is
exponential in the size of data. Similar to 1D HMM, the most important thing for 2D
HMMs is also to solve the three basic problems, namely, probability evolution, optimal
state matrix and parameters estimation. Li Yujian in [2] proposed some analytic solution
of this problems. But this solution has some disadvantages. First, the computation of
parameters and probability are very complexity [8]. Second, This solution can be applying only for left-right type of HMM. And third, we can use only small size of HMM. 2D
HMM is still limited by the computational power of the machine.
Figure 4. Pseudo 2D-HMM [6]
Analysis of 2D problem in HMM
33
Figure 5. 2D Markovian transitions among states [2]
5. Conclusion
We can applying three approach to the 2D data analysis:
 reduce dimensionality data to 1D vector and use 1D HMM,
 divide data to segments and use pseudo 2D HMM
 use complexity analytic calculation in 2D HMM.
MM.
Presented solution 2D HMM is assumption of real full 2D HMM. Therefore, is
needed future work on two dimensional hidden Markov models. Future solution have to
resolve the three basic problems of HMM for ergodic and larger set of states and data.
References
[1] Kanungo T. Hidden Markov Model Tutorial. www.cfar.umd.edu/~kanungo,
www.cfar.umd.edu/~kanungo 1999
[2] Yujian Li. An analytic solution for estimating two-dimensional
two
hidden Markov
models,, Applied Mathematics and Computation 185(2007), pp.810-822
pp.810
[3] Rabiner L. R. A tutorial on hidden Markov models and selected application in
speech recognition.. Proc. IEEE 77, 1989, pp. 257-285.
257
[4] Hu J., Brown M. K., Turin W. HMM Based On-Line
On
Handwriting Recognition,
IEEE Transaction on Pattern Analysis and Machine Intelligence, Vol. 18 No.10
(1996) 1039-1045
[5] Forney G. D. The Viterbi Algorithm,, Proc. IEEE, Vol. 61 No. 3 (1973) 268-278
268
[6] Eickeler S., Müller S., Rigoll G. High Performance Face Recognition Using
Pseudo 2-D Hidden Markov Models, European Control Conference, 1999
[7] Eickeler S., Müller S., Rigoll G. Recognition of JPEG compresed faceimages based
on statistical methods,, Image and Vision Computing 18(2000), pp. 279-289
279
[8] Li J., Najmi A., Gray R. M. Image classification by a two dimensional Hidden
Markov model,, IEEE Trans. Signal Process. 48(2000), pp.
p 517-533
Ontology notation and description of vulnerabilities
in heterogeneous networks and critical infrastructures
Michał Choraś1,2, Adam Flizikowski1,2, Anna Stachowicz1,2, Marta Redo1,2,
Rafał Renk1,3, Witold Hołubowicz1,3
1
ITTI Ltd. Poznań, 2Institute of Telecommunications, UT&LS, Bydgoszcz,
3
Adam Mickiewicz University, Poznań
Abstract:
In this paper a novel approach to describe heterogeneous networks vulnerabilities is
presented. We propose an ontology-based approach which can be utilized to describe
vulnerabilities in critical architectures, single and multiple domain as well as in
heterogeneous networks. In the paper our ontology based on asset-vulnerabilities is
presented. The created ontology will be used in security-resiliency framework developed
in INTERSECTION Project as well as in the Critical Infrastructures and SCADA
ontology in the INSPIRE Project.
Keywords:
network security, network vulnerabilities, ontology, heterogeneous networks
1. Introduction and motivation to apply ontologies
In both computer science and information science, an ontology is a form of data
model that represents a domain and can be used to for e.g.: reason about the objects in
that domain and the relations between them.
Ontologies are used in many different areas for e.g.: artificial intelligence, the semantic web, software engineering and information architecture of IT systems as a form
of knowledge representation about the world or some part of it.
Generally ontologies describe:
 individuals: the basic objects;
 classes: sets, collections or types of objects;
 attributes: properties, features, characteristics, or parameters that objects can have
and share;
 relations: ways that objects can be related to one another.
In general there are two kinds of ontologies:
1. A domain ontology (or domain-specific ontology) models a specific domain, or part
of the world. It represents the particular meanings of terms as they apply to that domain. Example domain ontologies: Gene Ontology for genies, Foundational Model
of Anatomy for human anatomy, SBO (Systems Biology Ontology) for computational models in biology, Plant Ontology for plant structures and growth/development stages, etc., CIDOC CRM (Conceptual Reference Model) – an ontology for
“cultural heritage information”.
36
Michał Choraś, Adam Flizikowski, Anna Stachowicz, Marta Redo
2. An upper ontology (or foundation ontology) is a model of the common objects that
are generally applicable across a wide range of domain ontologies. It contains a core
glossary in whose terms objects in a set of domains can be described. There are several standardized upper ontologies available for use, including Dublin Core, GFO,
OpenCyc/ResearchCyc, SUMO, and DOLCE.
Ontologies are usually exchanged in XML and RDF/XML language constructs built
from higher level ontology languages, such as OWL (Web Ontology Language) [1] and
SWRL (A Semantic Rule Language) [2].
Comparison of ontology languages is given in [3]. The OWL language, standardised
by the World Wide Web Consortium (W3C), has strong industry support and is widely
used for policy-oriented services. There are different OWL versions, such as OWL full
(complete language), OWL DL (full language used with reasoning systems) and OWL
Lite (used for simple constraints and a class hierarchy) [4].
Such ontology languages can be used for security related problems (policy, vulnerabilities description) specification in order to allow formal semantic specification and
machine reasoning.
Using ontology languages, the policy is defined by concepts (taxonomies), relations,
functions, axioms, and instances.
In our understanding, to successfully apply the created ontology, the following elements have to be taken into account:
 Classes and their attributes with restrictions (created in OWL)
 Rules for these classes and attributes (created in SWRL)
 Instances stored in a related relational database.
To apply the ontology, restrictions and rules are crucial – without them ontology
would not be functional.
Hereby, we propose to apply ontology into the security-resiliency framework and to
Critical Infrastructures Vulnerabilities notation.
The paper is organized as follows: in section 2 the INTERSECTION Vulnerability
Ontology (IVO) is shown in detail. Our original asset-based approach to the problem of
vulnerability description and related standards is presented in section 2.2. In Sections
2.3 and 2.4 we showed how to apply ontologies to real-life architectures and tools. In
Section 3 motivation and our approach for ontology-based notation in Critical Infrastructures and SCADA is proposed. Conclusions are given thereafter.
2. INTERSECTION Vulnerability Ontology (IVO)
2.1. On applying ontologies to heterogeneous networks
In the past years critical infrastructures were physically and logically separate systems with little interdependence. As digital information gained more and more importance for the operation of such infrastructures, what we might call a “cyber component”
of each critical system grew. These cyber components are currently connected through
heterogeneous networks and do represent the information infrastructure on which critical infrastructures rely and depend [5].
Ontology notation and description of vulnerabilities in heterogeneous networks…
37
Unfortunately, the increasing complexity and heterogeneity of the communication
networks and systems used to connect such cyber components also increase their level
of vulnerability. Furthermore, the progressive disuse of dedicated communication infrastructures and proprietary networked components, together with the growing adoption
of IP-based solutions, exposes critical information infrastructures to cyber attacks coming from the Internet.
These infrastructures are characterised by a vulnerability level similar to other systems connected to the Internet, but the socio-economic impact of their failure can be
huge.
Some of networks in which vulnerabilities should be identified, methodically classified and well described are Wireless LAN, GSM/UMTS, Sensor Networks, Satellite
Networks and Wi-Max.
In this paper we propose an ontology-based approach to describe networks’ vulnerabilities. While ontologies are becoming an important tool for description of securityrelated (not only computer networks) issues (attack, threats)[6], there are not many
complete ontologies that include also vulnerabilities description. Furthermore, there is a
lack of ontologies related to heterogeneous networks.
We will show our approach to vulnerabilities identification based on ISO/IEC
13335-1:2004 standard [7] and Shared Information/Data Model [8]. Our ontology will
be created in OWL-DL language using Protégé application [9].
2.2. Definition of a vulnerability – assets-based approach
Networks vulnerabilities tend to be often mistaken with threats and attacks. Therefore we decided to clearly define vulnerability as asset-related network weakness. Obviously, then such weaknesses are exploited by threats and attacks.
Such vulnerability definition is based on ISO/IEC 13335 standard and is shown in
Figure 1.
Networks assets should also be defined and described. We decided to use Shared Information/Data (SID) Model in which networks assets and relations between them are
defined. SID Model provides Physical Resource Business Entity Definitions. SID assets
description is specified in UML and visualized using UML diagrams.
We decided to use the following structure for information regarding networks vulnerabilities to be included in our ontology:
1. Vulnerability identification (ID) – (if possible according to CVE (Common Vulnerabilities and Exposures) or CCE (Common Configuration Enumeration))
2. Vulnerability name (short)
3. Vulnerability description (long)
4. Likelihood of vulnerability
5. Example of related threats and attacks
6. What network assets is vulnerability related to
7. How serious damage vulnerability can cause (impact, severity) – (according to
CVSS (Common Vulnerability Scoring System))
8. Level of tolerance – can vulnerability be tolerated, under what conditions, what is
the risk of tolerating vulnerability?
9. How (if) the vulnerability may affect heterogeneous networks
38
Michał Choraś, Adam Flizikowski, Anna Stachowicz, Marta Redo
10. Parameters of vulnerabilities (if possible)
11. Possible solutions to avoid it or minimise impact, security mechanisms against described vulnerability and related attacks
12. Keywords
Figure 1. Vulnerabilities identification and definition on the basis of networks assets [7]
2.3. Vulnerability Ontology in the INTERSECTION framework
One of the goals of the INTERSECTION project is to identify and classify heterogeneous network vulnerabilities.
The knowledge about vulnerabilities is needed to more effectively cope with threats
and attacks, and to enhance networks security.
Therefore network vulnerabilities should be identified, described, classified, stored
and analyzed.
To achieve these goals, a vulnerability ontology is required and developed.
The major aim of our ontology is to describe vulnerabilities beyond single domain
networks and to extend relations/restrictions onto heterogeneous networks.
The aim of our asset-based approach is to show Vulnerabilities as a part of security
ontology connected with Network Assets – Resources, Risk, Threats, Attacks, Safeguards and interconnection between them.
Every subclass inherited properties and restrictions from its superclass that is why
we decided to classified our ontology in this way. For example classes Wired and Wireless inherited Resources, Topology, Vulnerabilities, Network_Structure, Risk and Safeguards from superclass Network.
In our ontology approach, we found Resources and Vulnerabilities classes as a the
most important components.
Ontology
ntology notation and description of vulnerabilities in heterogeneous
hetero
networks…
39
Figure 2. Our ontology visualized in Protege
Class Resources is based on division proposed in SID (Shared Information/Data
Infor
Model).
It includes following subclasses:
 Physical_Resources,
 Logical_Resources,
 Software and Service.
Class Vulnerabilities is connected with Resources (expose by them). That is why
subclasses of Vulnerability class are:
 Physical_Resources_Vulnerabilities,
 Logical_Resources_Vulnerabilities,
 Software_Vulnerabilities.
Finally, our INTERSECTION Vulnerability Ontology (IVO) visualized in Protégé is
presented in Figure 2.
40
Michał Choraś,, Adam Flizikowski, Anna Stachowicz, Marta Redo
2.3. Application of INTERSECTION Vulnerability Ontology
Ontolog
The created ontologies will support heterogeneous networks security architecture in
the following aspects:
sec
1) ontology provides information about influence of heterogeneity onto networks security and resiliency issues;
th Intrusion Detection and Anomaly Detection
2) ontology will support and interact with
Systems – ontology will provide information about security risks and threats in spesp
cific interconnected scenarios. IDS system will receive information on how to act in
such scenarios (e.g. how often the packets should be sniffed, what features should be
extracted etc.);
3) ontology will support decisions of Intrusion Tolerance Systems – ontology will
provide information about tolerance, expected False Positives etc.;
etc.
4) ontology will provide useful information for security architecture visualization
module – additional information for end-users;
5) threat ontology supports Complex Event Processor Module (a part of IDS system) threat ontology will drive the decision engine while performing the correlation activacti
ity;
6) ontology
tology is a core for design of a relational vulnerabilities database (similar to
NVD) created in FP7 INTERSECTION Project. The database is called IVD (IN(I
TERSECTION Vulnerability Ontology) and is now available at:
http://reebonium.itti.com.pl/intersection/index.php?module=home
http://reebonium.itti.com.pl/intersection/index.php?module=home.
Moreover, IVO ontology is used in the real-life
life ontology-logic
ontology
based tool called
PIVOT.
Figure 3. PIVOT in operation (screenshot)
Ontology notation and description of vulnerabilities in heterogeneous networks…
41
PIVOT (Project INTERSECTION Vulnerability Ontology Tool) is the ontologylogic based manager tool and repository developed within the INTERSECTION project
research.
Our goal was to apply ontology in a real-life application.
It is end-user oriented application, which allows to modify and browse the vulnerability ontology. One of the biggest advantages is tool has client-server architecture,
what allows to share one ontology by multiple users (e.g. by network operators). The
ontology interface built in PIVOT is user-friendly and intuitive.
PIVOT interface in operation is shown in Figure 3. PIVOT is now available at:
http://reebonium.itti.com.pl:8081/lps-4.1.1/pivot/index.html.
3. Critical infrastructures vulnerability notation and description
Another apparent aspect of heterogeneous networks vulnerabilities is related to
Critical Infrastructures and SCADA systems (Supervisory Control and Data Acquisition).
The increasing success of information and communication technologies, together
with the progressive disuse of dedicated communication networks are bringing to a new
way of controlling and managing critical infrastructures, which are currently organized
as strictly connected, albeit different, elements of a single system rather than as
autonomous entities to be appropriately integrated.
More precisely, systems controlling critical infrastructures are rapidly moving from
dedicated and proprietary solutions towards IP-based integrated frameworks made of
off-the-shelf products.
SCADA is an acronym for Supervisory Control and Data Acquisition. SCADA systems are used to monitor and control a plant or equipment in industries or critical infrastructures such as water and waste control, energy, oil and gas refining and
transportation. These systems encompass the transfer of data between a SCADA central
host computer and a number of Remote Terminal Units (RTUs) and/or Programmable
Logic Controllers (PLCs), and the central host and the supervising operator terminals.
A SCADA system gathers information (such as where a leak on a pipeline has occurred), transfers the information back to a central site, then alerts the home station that
a leak has occurred, carrying out necessary analysis and control, such as determining if
the leak is critical, and displaying the information in a logical and organized fashion,
usually through mimic diagrams.
These systems can be relatively simple, such as one that monitors environmental
conditions of a small office building, or very complex, such as a system that monitors
all the activity in a nuclear power plant, a power distribution network or the activity of a
municipal water system. Traditionally, SCADA systems have made use of the Public
Switched Network (PSN), or leased line for monitoring purposes.
Today many systems are monitored using the infrastructure of the corporate Local
Area Network (LAN) / Wide Area Network (WAN), secure tunnels on public networks
and, mainly in power electricity industry, particular communication technologies like
power line communication (PLC); wireless technologies (including satellite) are now
being widely deployed for purposes of monitoring. We also observe an increasing integration of Wireless Sensor Networks (WSN) for fine-grained monitoring and mobile
42
Michał Choraś, Adam Flizikowski, Anna Stachowicz, Marta Redo
devices as information/diagnosis supplies for technical stuff. New communication standards such as ZigBee, WLAN and Bluetooth are also emerging in SCADA and PCS
systems.
Moreover, more and more often, to the aim to guarantee the resilience of SCADA
communication system a heterogeneous network is implemented, through the integration of two, or more, of the above mentioned technologies.
These changes have exposed them to vulnerabilities that have been threatened standard and general purpose ICT system; for example, the switch from using leased telecommunications lines to shared communication infrastructure and, in same case, public
network as well the interconnection of SCADA system with the company network and
systems (due to administrative purposes, for example to facilitate billing or production
forecast activity) have introduced many new vulnerabilities in SCADA systems, dramatically increasing the risk of attacks both from the internal side and from the Internet.
The shared communications infrastructure thus becomes an obvious target for disrupting a SCADA network.
As companies have added new applications, remote access points and links to other
control systems, they have introduced serious online risks and vulnerabilities that cannot be addressed by their physical control policies.
For example an attack could be exploit against the field network based on wireless
technologies, attack that constricts or prevents the real-time delivery of SCADA messages, resulting in a loss of monitoring information or control of portions of the SCADA
system, as well an attacker may engineer a denial of service (DoS) to inhibit some vital
features of a complex SCADA system, such as control data aggregation in a distributed
or a layered control system or a lack of real time status and historical data synchronization in a central SCADA back-up system.
While physical security of critical infrastructure components (included the control
system) has been already investigated, scarce attention has been paid so far to the analysis of vulnerabilities resulting from the use of commercial communication networks to
transport management information between ICT systems devoted to the control of critical infrastructures.
Therefore, in the context of the INSPIRE Project, Critical Infrastructures and
SCADA vulnerabilities ontology is required.
Such ontology will be applied in a Stream Condenser which aggregates events and
translates low level events (i.e., events related to specific aspects of individual components of a SCADA system), to high level events (i.e. events which are relevant in a
resiliency-oriented view of the overall SCADA system).
The transition from low level events to high level events is made possible by the use
of ontologies.
Ontologies represent an effective tool to describe complex and interdependent symptoms related to faults and attacks, since they are meant to provide formal specification
of concepts and their interrelationships.
The ontology based hierarchical organization of event patterns can be used to partially automate the process of deriving queries for resiliency analysis.
In a typical scenario, the system administrator would search for high level events related to the resiliency of the SCADA system, with no need to bother with details related
the specific characteristics of a particular RTU.
Ontology notation and description of vulnerabilities in heterogeneous networks…
43
Therefore, our further work is now connected to extending and reusing IVO ontology described in Section 2, in order to efficiently describe relations in critical infrastructures, telecommunications networks and SCADA systems.
4. Conclusions
In this paper our ontology describing heterogeneous networks vulnerabilities had
been presented. We motivated our approach and proposed our own approach to define,
identify and describe networks vulnerabilities.
The created ontology is now applied in real-life heterogeneous networks securityresiliency framework architecture.
Moreover, on the basis of the created ontology, vulnerabilities database (similar to
NVD database) focusing on heterogeneous networks has been created. PIVOT – an
ontology-logic based tool has been also developed.
Finally, our new approach, to apply ontology in order to describe relations and vulnerabilities in Critical Infrastructures, telecommunications networks and SCADA systems has been also presented, motivated and discussed.
Acknowledgement
The research leading to these results has received funding from the European
Community's Seventh Framework Programme (FP7/2007-2013) under grant agreement
no. 216585 (INTERSECTION Project) and grant agreement no. 225553 (INSPIRE
Project).
References
[1] OWL Web Ontology Language Semantics and Abstract Syntax, June 2006,
http://www.w3.org/TR/owl-features/ .
[2] SWRL: A Semantic Web Rule Language Combning OWL and RuleML, W3C
Member Submission, http://www.w3.org/Submission/SWRL/.
[3] A. Gomez, O.Corcho, Ontology languages for the Semantic Web, IEEE Intelligent
Systems, Jan./Febr., 2002.
[4] FP6 NetQos Project – Deliverable 2.7.: Graphical User Interface and database
repository.
[5] FP7 INTERSECTION (INfrastructure for heTErogeneous, Reislient, Secure,
Complex, Tightly Inter-Operating Networks) Project – Description of Work.
[6] Ekelhart A., Fenz S., Klemen M., Weippl E., Security Ontologies: Improving
Quantative Risk Analysis, Proc. of the 40th Hawaii International Conference on
System Sciences, 2007.
[7] ISO/IEC 13335-1:2004, Information Technology – Security Techniques – Management of information and communications technology security – Part 1: Concepts and models for information and communications technology security
management.
[8] Shared Information/Data Model – TeleManagement Forum, October 2002.
[9] http://protege.stanford.edu/
44
Michał Choraś, Adam Flizikowski, Anna Stachowicz, Marta Redo
[10] Choraś Michał, Renk R., Flizikowski A., Hołubowicz W., Ontology-based description of networks vulnerabilities, Polish Journal of Environmental Science,
2008.
[11] FP7 INSPIRE (INcreasing Security and Protection through Infrastructure REsilience) Project – Description of Work.
[12] D’Antonio S., Romano L., Khelil A., Suri N., INcreasing Security and Protection
through Infrastructure Resilience: the INSPIRE Project, Proc. of The 3rd International Workshop on Critical Information Infrastructures Security (CRITIS'08), October 2008.
[13] G.A. Campbell, Ontology for Call Control, Technical Report CSM-170, ISSN
1460-9673, June 2006.
The role of standardization in the process of forming
quality of educational repository in ODL
Magdalena Ciszczyk, Emma Kusztina
Szczecin University of Technology,
Faculty of Computer Science and Information Technology
Abstract:
Creation of an educational repository results in the development of new conditions
regarding the learning process, especially in case of ODL (Open and Distance Learning).
Working in network environment demands developing mechanisms that allow for
preparation and distribution of didactic materials on a chosen computer platform. It then
requires harmonizing and standardizing the form and way of presenting the content and
analyzing quality indicators in order to evaluate the repository as a final-product. In the
article authors discuss the meaning of standardization in the process of creating the
educational repository.
Keywords:
repository, standardization, quality, competence
1. Introduction
Knowledge development in all forms, its dissemination and practical utilization play
the fundamental role in creating economical welfare. It results in a great significance
being connected to recruiting employers, who will be able to fill tasks placed before
them and contribute to the success of the organization. In order to recognize such employees, define features that decide about the effectiveness of human performance at
certain positions at work, and to get to know the methods of planning the process of
employee development, the concept of competences was introduced.
With the appearance of the new requirements, Higher Education Institutions started
adapting their educational offers to this new situation on the job market. However, the
crucial element of adapting educational offers to job market needs is understanding the
scope and structure of competences, which are the basis for evaluating potential staff.
This creates the need for standardization activities directed at developing an unambiguous way of presenting the scope and content of required competences.
The competence approach to recruiting staff began spreading already in the 60-ties
and 70-ties of the 20th century when McBer & Co. developed the first competence
model aimed at improving methods of selecting diplomats to represent the USA abroad
[25]. Around the same time the Competency Based Teacher Education (CBTE) was also
proposed [26].
Nowadays, in the whole Europe works are being carried out on competence standardization for the needs of learning programmes (e.g. [8]), as well as to better describe
46
Magdalena Ciszczyk, Emma Kusztina
jobs (e.g. [10]). One of the goals of the Bologna Process initiative aimed at creating
European Higher Education Area is to introduce a common Qualification Framework
based on competences [9].
Classification of competence, for unambiguous understanding of its meaning by
both human and machine, is the goal of creating competence description standards, like
IEEE Reusable Competency Definition [24], or HR-XML [22]. These standards were
also analyzed and utilized in the works of the TENCompetence project (2005-2009)
[14]. Perhaps all of this will soon lead to creating a common catalogue of competences,
that will support the mobility of students during their studies and provide basis
for better understanding of academic achievements and acquired competences by
employers.
From the point of view of Higher Education Institutions standardization of competences is going to result in educational offers being compatible with the job market
requirements. This compatibility will be guaranteed through elaborating appropriate
learning programs, and also indispensible didactic materials. The problem of didactic
materials elaboration, their extension and further development in regard to guaranteeing
obtaining appropriate competences on their basis, gains special significance in the learning process carried out in ODL conditions. The development of LMS systems provides
means of distributing the didactic materials but does not solve the problems of creating
and using the content.
As a result, new ideas emerge, aimed at supporting the distance learning process.
One such ideas is creating an educational repository which will possess mechanisms
suitable for adapting the didactic material placed in it to the needs of a particular educational situation consisting of: learning goal, basic knowledge, required competences.
2. Role of the repository in realizing the learning process
From the etymological point of view, repository is known as an ordered supply
storehouse or storage of documents with the means for using them. Today it is well
known as a place of keeping and extending digital resources. The goal and range of
using repositories is the reason why different types can be distinguished: domain knowledge repository (subject-specific), institutional repository, personal or national repository. Many of them are used for distributing scientific publications, but repositories with
didactic materials used for supporting the teaching/learning process are becoming more
and more popular.
Educational repository is designed for modeling philosophical, scientific, scientifictechnical, scientific-technological state of a chosen knowledge domain by preparing
didactic materials in the form of Learning Objects (LO) and subsequently arranging the
LOs in sequences and distributing them in the network environment [1]. Educational
repository is the basis of competence obtaining by the student according to the educational goals. The educational repository consist of two main parts. The first one is the
specific software (Oracle iLearning, LMS – WBTServer, Caroline, Moodle) which
allows for storing and extending didactic materials [18]. The second one is the content
of the stored didactic materials. The guarantee of quality of the first part depends on
keeping the existing standards (e.g. ISO 9126) which might, however, require additional
interpretation. On the other hand, the guarantee of quality of content and the possibility
The role of standardization in the process of forming quality…
47
of exchanging didactic materials between different participants of the learning process
is based on the standards of describing the structure and content of the materials with
the use of metadata (e.g. SCORM, AICC [19]). It lacks standards of defining the way
of representing the type and depth of knowledge within the specified goal and object of
teaching/learning.
Authors suggest, that the scope of theoretical and procedural knowledge delivered
through the repository mechanisms should be presented as a triple: “domain description
excerpt – typical task – typical solution” [1],[12]. The division of knowledge into three
types has its justification in the main goal of creating the repository – assuring that the
competences will be obtained by participants of the learning process. In conditions of
individual learning, such division of knowledge strongly influences the process of solidifying competences. This approach is confirmed by the definition of competence presented in [13], which is based on:
1) knowledge in the common sense (declarative knowledge – I know, “what”),
2) abilities (procedural knowledge – I know, “how”, I can),
3) attitudes (I want and I’m ready to use my knowledge).
The proposed “triple” gives the ability to structure theoretical and procedural knowledge and to link it with the results of personal experience. It forces students to increase
their involvement in the learning process during preparing individual tasks. Student’s
creativity also increases. After assimilating the “triple” elaborated by a teacher, a student using the theoretical ground is able to e.g. formulate a new task and give new mechanisms for its solution or to build a new solution to the same task. The solved tasks
and their solutions can become a basis for filling the repository with new didactic material and can become a new LO.
In accordance to the previously presented foundations, creating the educational repository in ODL conditions requires two main elements: information environment application, software for the needs of distributing didactic materials and realizing the
teaching/learning process; content - with the procedures of its creation and utilization.
Only together these two parts constitute for the final-product, that can be submitted for
quality assessment from the point of view of technical aspects of the product and even
more importantly from the point of view of the user and his/her expectations.
3. Quality concept in repository development
Evaluation of the repository as a quality final-product requires an analysis of the definition of quality [23]. The concept of a product’s quality is an inherent element of its
production and usage. Platon considered quality as the degree of achieved excellence,
something inconceivable, absolute and universally recognizable, though impossible to
be precisely defined [2]. Arystoteles said that quality is a set of features distinguishing a
thing from other things of the same type [3].
Currently, by quality one often understands the degree of a certain object’s concordance with expectations of the experiencing subject [2]. Juran defines quality as a feature or a set of features that can be distinguished and that are essential for a certain
product e.g. size, appearance, reliability, manufacturing method [4]. In the context of
the user the same author defines quality as usability, the degree to which the specified
product satisfies the needs of a specified purchaser [5]. On the other hand, Crosby talks
48
Magdalena Ciszczyk, Emma Kusztina
about quality in the aspect of production and treats it as the conformity with requirements (specification) [6]. According to Deming, quality is the degree of homogeneity
and reliability of the product at the lowest possible costs and maximal adaptation to
market requirements [7]. Interpretation of the term is also made in the ISO standard.
ISO 9000:2000 defines quality as the degree to which a set of inherent properties fulfills
the requirements. The requirement is a need or an expectation, which was defined, is
commonly accepted or is current [2].
The quoted definitions do not exhaust the available in the literature fan of interpretations of the term, but they can become a base for discussion of the quality issue of educational repository, which requires a complex and multi-aspect analysis to decide
whether the provided product properly realizes its functions and ensures uniform quality
of educational transfer for each participant of the learning process, strengthened by
mutual cooperation. Moreover, they are also the basis to consider the quality of the
repository from one side as quality of the product, and from the other side as quality of
repository development and utilization (preparation and utilization process).
4. Quality standards as a part of quality repository assessment
Analysis of the repository as a computer environment (software) and as a content
one should take into account, that there exist some standards which can be the base of
integral repository quality.
ISO 9126 norm is fundamental when providing assessment of software quality and
is based on three sets of characteristics: internal quality, external quality, in-use quality
[23]. Internal quality is the totality of an application’s features referring to its development and maintenance, thus it may include static and dynamic models, as well as documentation and source codes. External quality grasps the assessment of such software
features which concern its utilization in practice and realization of users’ needs. Basic
criteria of internal and external quality include the following: functionality, reliability,
usability, efficiency, maintainability, portability [15][16][17]. According to the ISO
norm, the in-use quality is the degree of meeting requirements of the user working in a
certain application environment. The in-use quality defines the ability of an application
to realize assumed functions when considering four indicators: effectiveness, productivity, user satisfaction and safety [11].
Although the repository is a software product, the technical aspects are not considered in this article. It results from the fact, that many tested commercial (Oracle ILearning, WebCT Vista, LMS – WBTSerwer, Claroline, etc.) and noncommercial
(Moodle) solutions that can play the role of the educational repository exist on the market. For the needs of education, the Moodle platform is especially widely used. This
application, being an LMS (Learning Management System) type solution, enables placing didactic materials in its bounds, administering users, reporting users activity and
their mutual communication.
However, authors, using the quality indicators of the third characteristic (in-use
quality), made an attempt at interpreting, in the context of the repository, preparation
and usage of the content (table 1, table 2).
The role of standardization in the process of forming quality…
49
Table 1. In-use quality: effectiveness and productivity characteristics [23]
Characteristics
(ISO 9126)
Effectiveness
Subcharacteristics
Task effectiveness
Capability of the
software to provide the
user with the possibility to achieve implied
goals in the specified
Task completion
use context.
Error frequency
Productivity
Task time
Capability of the
software to provide the Task efficiency
user with the proper
amount of resources in
Economic productivity
relation to achieved
effectiveness in the
specified context of
Productive proportion
use.
Relative user efficiency
Interpretation for the needs
of knowledge repository
Competences guaranteeing level – the degree of correctly realized goals of the specified task (Which part
of goals of the specified task was correctly realized?
Amount of finished tasks/ total amount of tasks
“attempted” by users). Cooperation level between the
teaching/learning process participants.
Degree of thematic fulfillment of the repository. LO in
the form of triples: “domain description excerpt typical task – typical solution” with a corresponding
test-task.
Correctness of tasks solutions.
The frequency of errors performed while solving tasks.
Time spent on performing a task.
Users efficiency. Effort put into solving a task (amount
of solution attempts).
How cost-effective is the user?
Proportion of time spent by the user on performing
productive actions.
Students efficiency regarding task solution compared
to the teacher’s efficiency.
Table 2. In-use quality: safety and satisfaction characteristics [23]
Characteristics
(ISO 9126)
Safety
Capability of the
software to achieve the
accepted risk level
reached by the user in
the specified context of
use.
It includes the health
and safety software
usage consequences as
well as unintended
economic consequences.
Satisfaction
Capability of the
software to meet users
needs in specified use
conditions.
Subcharacteristics
User health and safety
Economic damage
Software damage
Safety of people affected
by use of the system
Satisfaction scale
Interpretation for the needs
of knowledge repository
Influence of the teaching/learning process based on the
repository on the health and safety of users.
Incidence of economic damage caused by realization of
the teaching/learning process using the software (repository).
Frequency of software malfunction.
Incidence of threats to user safety when exploiting the
repository.
User satisfaction level as a result of the teaching/learning process based on the repository.
Satisfaction questionnaire User satisfaction regarding specific software features.
Discretionary satisfaction Proportion of users choosing the software for teaching/learning needs.
50
Magdalena Ciszczyk, Emma Kusztina
Although the ISO 9126 norm enables assessing the quality of a software product, on
the market there exists also a group of standards which focus more on content description and management: SCORM, AICC, IMS lub PENS [19].
Nowadays, the most popular of them is SCORM (Sharable Content Object Reference Model), developed by such organizations as: IMS, AICC, LTSC and ADL
[20][21]. The leading standardization works concern four main areas:
 Content packaging standard – defining the ways of grouping and linking files creating one didactic unit, so that each of the many files ends up in the right place at the
target learning platform. In SCORM this standard was created on the basis of IMS
GC.
 Communication standard – defining which information should be exchanged and
how communication between the management system and the didactic unit should
be realized (format of data transmission, communication protocol between management system and didactic unit). The communication standard of SCORM (SCORM
Run-time Environment (RTE)) is built by adapting the entire AICC standard.
 Metadata standard – containing information needed to the purpose of didactic materials indexing, what increases the effectiveness of searching and using didactic materials, but most of all defines the structure of particular elements (courses or other
didactic units). Metadata are saved and processed in the form of an XML document.
In SCORM for this purpose the SCORM Metadata Generator is used.
 Sequencing standard – determining the LOs sequence in an interactive environment.
It concerns the issue of a learner’s path through a course. The sequencing standard
in SCORM is based on the IMS Simple Sequencing Specification.
The extensive intensification of efforts regarding assuring transferability of didactic
materials between different LMS systems is the reason why using SCORM it is possible
to describe the way of course creation and pass the content of a course to the learning
process participant, but there is still lack in solutions for such problems as a place for
didactic content storage or a learning model being passed. From the point of view of an
educational repository, in which the contained didactic material should guarantee obtaining competences, it is essential to explain what kind of didactic materials and what
piece of knowledge a didactic unit includes. It is necessary to search for new mechanisms supporting standardization and appropriate content management, and thus increasing the quality of the educational repository.
5. Conclusion
1. The specificity of the educational repository as a final-product lies in the fact that
this product undergoes a constant development process.
2. Assessment of the repository as a final-product should consider the basic task of
this instrument: guaranteeing acquisition of competences during the learning process.
3. It is necessary to prepare appropriate structure and scope of theoretical and procedural knowledge – the proposed division into „excerpt of domain description – typical
task – typical solution”.
4. Evaluation of the educational repository should be performed regarding both the
producer’s side (creator of the repository) and the client’s side (participant of the learn-
The role of standardization in the process of forming quality…
51
ing process), taking into account the fact that the educational repository consist of the
information platform and the content.
5. There exist standards that can be interpreted for the needs of quality assessment
of the educational repository. However, they do not cover in its entirety the quality
assessment of the repository in the learning process.
6. The standardization processes in frames of describing competences, knowledge or
software solutions indicate the openness and relevance of the problem.
7. In ODL implementations it is a very attractive topic for multi-disciplinary researches in such domains as: cognitive science, pedagogy, informatics or knowledge
representation methods.
References
[1] Kushtina E. The concept of an open information system of distance learning. [In
Polish] Szczecin: Wydawnictwo Uczelniane Politechniki Szczecińskiej, 2006.
[2] Urbaniak M. Management of quality, environment and safety in economic practice.
[In Polish]Warszawa: Difin, 2007.
[3] Arystoteles Categories. [In Polish] Warszawa: PWN, 1990.
[4] Juran J.M., Gryna F.M. Quality, designing, analysis. [In Polish] Warszawa: WNT,
1974.
[5] Juran J.M. Quality Control Handbook. New York: McGraw-Hill, 1988.
[6] Crosby Ph. Running things: the art of making things happen. New York: McGrawHill, 1986.
[7] Deming W.E. Quality, productivity and competition position. Cambridge, Masachusett: MIT Press, 1982.
[8] Tuning Educational Structures In Europe Project. [online]
http://www.relint.deusto.es/TuningProject/index.htm, 2008.
[9] Bologna Process. [online] http://www.bologna-bergen2005.no, 2007.
[10] Gluhak A., Adoue F. Catalogue of competences – European competence profiles
for Multimedia jobs v 1.0, European ICT Jobs, CompTrain, R4.2. [online]
http://www.annuaire-formation-multimedia.com/catalogue.pdf, 2008.
[11] ISO/IEC 9126-4: Software engineering – Product quality. Part 4: Quality in use
metrics (2004). ISO, Geneva, 59 p., 2004.
[12] RóŜewski P., RóŜewski J. Method of competance testing in virtual laboratory environment. [In Polish] In: Operational and system researches 2006, pp. 349-360,
Warszawa: Akademicka Oficyna Wydawnicza EXIT, 2006.
[13] Kossowska M., Sołtysińska I. Employeers trainings and organization development.
[In Polish] p. 14, Kraków: Oficyna Ekonomiczna, 2002.
[14] TENCompetence. [online] http://www.tencompetence.org/, 2007.
[15] Hofman R. Software quality models – history and perspectives. [online]
http://www.teycom.pl/docs/Modele_jakosci_oprogramowania.pdf, 2007.
[16] Abran A., Al-Qutaish R.E., Cuadrado-Gallego J.J. Analysis of the ISO 9126 on
Software Product Quality Evaluation from the Metrology and ISO 15939 Perspectives. http://www.gelog.etsmtl.ca/publications/pdf/1005.pdf, 2007.
[17] Glosiene A., Manzuch Z. Usability of ICT-based systems, In CALIMERA Deliverable 9. [online]
52
Magdalena Ciszczyk, Emma Kusztina
http://www.calimera.org/Lists/Resources%20Library/The%20end%20user%20exp
erience,%20a%20usable%20community%20memory/State%20of%20the%20Art%
20Review%20on%20Usability%20of%20Core%20Technologies.doc, 2007.
[18] Kusztina E., Zaikin O., Ciszczyk M., Tadeusiewicz R. Quality factors for knowledge repository: based on e- Quality project. [online] EUNIS 2008,
http://eunis.dk/, 2008.
[19] Waćkowski K., Chmielewski J.M. Rola standaryzacji platform w e-learningu,
[online] http://www.e-mentor.edu.pl/artykul_v2.php?numer=19&id=406, 2008.
[20] Kotrys R. Standardy w nauczaniu na odległość, Poznańskie Warsztaty Poligraficzne. [online] http://www.pwt.et.put.poznan.pl/2004/PWT1613.pdf, 2008.
[21] SCORM. [online] http://www.adlnet.gov/scorm/, 2008.
[22] HR-XML measurable competencies. [online] http://www.hr-xml.org, 2008.
[23] Kusztina E., Ciszczyk M. ISO 9126 norm interpretation from the point of view of
knowledge repository quality in a network environment. ACS 2008, 2008.
[24] IEEE P1484.20.1 reusable competency definitions draft 8. [online]
http://www.ieeeltsc.org/workinggroups/wg20Comp/wg20rcdfolder/IEEE_1484.20.
1.D8.pdf, 2008.
[25] Kline S.D. Management competency models and the life-long learning project:
what role for absel?. [online] http://sbaweb.wayne.edu/~absel/bkl/vol13/13be.pdf,
2008.
[26] College of Education Field-Based/Competency-Based Teacher Education
(FB/CBTE); [online]
http://www.temple.edu/cte/programs/fieldbased/FBCBTE.html, 2008.
Unified JPEG and JPEG-2000 color descriptor
for content-based image retrieval
Paweł Forczmański
Szczecin University of Technology,
Faculty of Computer Science and Information Technology
Abstract:
The problem investigated in this paper refers to image retrieval based on its compressed
form, hence giving much advantages in comparison to traditional methods involving
image decompression. The main goal of this paper is to discuss a unified visual descriptor
for images stored in the two most popular image formats – JPEG/JFIF and JPEG-2000 in
the aspect of content-based image retrieval (CBIR). Since the problem of CBIR takes a
special interest nowadays, it is clear that new approaches should be discussed. To
achieve such goal a unified descriptor is proposed based on low-level visual features. The
algorithm operates in both DCT and DWT compressed domains to build a uniform,
format-independent index. It is represented by a three-dimensional color histogram
computed in CIE L*a*b* color space. Sample software implementation employs a
compact descriptor calculated for each image and stored in a database-like structure. For
a particular query image, a comparison in the feature-space is performed, giving
information about images' similarity. Finally, images with the highest scores are retrieved
and presented to the user. The paper provides an analysis of this approach as well as the
initial results of application in the field of CBIR.
Keywords:
JPEG, JPEG-2000, visual descriptor, content-based image retrieval
1. Introduction
Content-Based Image Retrieval (CBIR) has been a very attractive topic for many
years in the scientific society. Although there are many academic solutions known (e.g.
IBM's QBIC [1], MIT's Photobook [2], VisualSEEK[3]), there are almost no commercial or industrial applications available. It is mostly caused by not trivial problems,
developers of such systems should solve. The most important are the way the images
are represented in the database and the way they are being compared.
The automatic recognition of objects, which are within image, can employ various
features. The most popular and widely used are: shape, texture, color, luminance, context of the information (background, geographical, meteorological, etc.) and behavior
(mostly movement). It is possible to use more than one feature at the same time, but
such an approach is rather rare [4]. Usually, each recognition method is limited to only
one feature. On the other hand, the literature survey shows that combining object instances coming from different sources (instead of different features of the same image)
is gaining the popularity among researchers [5].
54
Paweł Forczmański
The literature survey shows that color and texture are among the most dominant features used in content-based image retrieval. This paper focuses on color since it is the
most popular characteristic discussed in the literature and guarantee good efficiency
when it comes to single-feature-only type of recognition [6],[7]. The approach presented
here involves direct compressed domain representation of color features which requires
less computing power. The following sections explain the principles of respective visual
descriptor, a method of comparison and preliminary results of experiments performed
with help of prototype software and benchmark databases.
2. Algorithm Overview
Image retrieval described in this paper is based on a unified low-level descriptor
which captures information about image colors. It treats an image in a holistic manner,
hence no segmentation has to be performed. This approach is motivated by a fact that in
general-purpose applications, people look mostly for images belonging to different
classes, containing many objects hard to segment and describe. Developed method is
less complicated than other recent proposals like [8] and [9], yet gives relatively good
results. Preliminary discussion and the results of this approach were included in [10].
In this paper, as an uncompressed image we understand joint set of matrices having
the same dimensions containing elements which describe individual pixel intensities
(often represented by 8-bit integer values). In the case of gray-scale image there is only
one matrix, while a true-color image contains at least 3 matrices. On the other hand,
compressed image is a dedicated structure containing data reduced in size needed to
reconstruct visual information corresponding with the original (uncompressed) image.
Compressed file is usually a bitstream hard to inspect in a visual way.
1.1. Color Histogram Descriptor
As it was noted, color is one of the most important features taken into consideration,
when it comes to content-based image retrieval. The use of color is motivated by the
way the Human Visual System (HVS) works. It is proved that in good lighting conditions human-being pays attention: first to intensity and color of objects, second to shape
and movement, then to texture and other properties.
There have been many color descriptors proposed in the past, most of them based on
different color-subspace histograms and dominant/mean values. Nowadays, when the
MPEG-7 standard is being introduced, the most promising are compact descriptors,
which join color information and its distribution: Scalable Color (SCD), Dominant
Color (DCD), Color Layout (CLD). However, not all of the above descriptors can be
easily implemented for images represented in compressed domain.
Color information captured by the descriptor discussed here is represented by a
three-dimensional histogram of pixel values in CIE L*a*b* color space. This space was
intentionally chosen, since it resembles human perception and is linear [11]. It means
that the difference between two colors observed by a human is proportional to the numerical distance in the color space. The CIE L*a*b* space is defined by 3 components: L
– pixel intensity (L=0 means black, L=100 – white), a – pixel position between red and
green (a<0 green, a>0 red), b – pixel position between blue (b<0) and yellow (b>0).
Unified JPEG and JPEG-2000 color descriptor for content-based image retrieval
55
The algorithm needs an image to be represented in the CIE L*a*b* space which is derived from XYZ color space, which is calculated from RGB space according to the
following formula [12]:
 X = 0.431R + 0.342G + 0.178 B

Y = 0.222 R + 0.707G + 0.071B .
 Z = 0.020 R + 0.130G + 0.939 B

(1)
It is an intermediate step, which leads to final XYZ to CIE L*a*b* conversion:
 L* = 116 f (Y / Yn ) − 16
 *
 a = 500 [ f ( X / X n ) − f (Y / Yn )] ,
b* = 200 [ f (Y / Y ) − f ( Z / Z )]
n
n

(2)
3
1
 6 
t > 
t 3

 29 
f (t ) = 
.
2
4
 1  29 
 3  6  t + 29 otherwise
  
(3)
where:
For research purposes the parameters Xn, Yn, and Zn have been chosen arbitrarily,
which corresponds roughly to a mid-day sun in Europe, hence it is also called a daylight
illuminant D65 (Xn=0.950469, Yn=1, Zn=1.088970) [11].
Each dimension of the color-space is uniformly discretized into 8 bins, which for the
whole space gives 512 bins in total. The bin width for L is equal to 100/8=12.5, for a
and b is equal to 15 (6 bins per dimension). The first and the last interval of a and b are
virtually unlimited. The first one is related to values less than -45, while the second one
to values greater than 45, which restricts RGB space to colors possible to obtain in practice. These intervals are relatively wide which is implied by the observation that most of
images of real scenes (i.e. photographs) do not require more precise quantization.
Hence, the total number of bins can be reduced without noticeable loss in the center of
the space.
Histogram of pixel intensities is a standard feature capturing invariant image characteristics. The histogram employed in the color descriptor here has two variants: unweighted (direct) and weighted one. The first type is a typical histogram which counts
pixel occurrences in the image having respective values only. In the second variant the
method of incrementing respective bin is modified in such a way that not only actual bin
is incremented, but all direct neighbors are influenced, too. Each neighboring bin is
incremented according to its weight, which is calculated as a distance between bin center and a color been analyzed. Since CIE L*a*b* space is uniformly discretized, this
distance reflects perceptive similarity of colors. This approach is similar to the one
presented in [13], however there are two main differences: instead of CIE L*u*v*, CIE
L*a*b* is being used, and instead of calculating distances to all bins, only distances to
56
Paweł Forczmański
neighboring bins are considered. The first method of histogram calculation is relatively
fast, while the second one reflects human (more fuzzy) cognition more precisely, howho
ever it requires almost two times longer calculations. Values of unweighted histogram
can be stored in an unsigned integer form, while for weighted histogram they should be
saved as floating-point representation.
The algorithm of histogram calculation works
ks in an iterative manner: for each pixel
in the analyzed image a proper histogram bin (in a unweighted variant) and all neighneig
boring
ing bins (for weighted histogram) are incremented. The number of a bin to be increincr
mented is calculated according to the standard
d Euclidean distance between pixel color
and each bin's center. Weight wi of neighboring bin i depends on its distance to the anaan
lyzed color di and the sum of all distances to all N neighboring bins centers:
wi =
di
N
∑dj
.
(4)
j =1
The centers of the first and the last interval of a and b components are arbitrary set
to -52.5 and 52.5, respectively [10].
Calculated histogram is normalized in such a way that all bin values are divided by a
total number of pixels in the thumbnail and then multiplied by 255 giving unsigned
8-bit
bit representation (for both unweighted and weighted variant). Both histograms for a
sample image are presented in Fig. 1.
Figure 1. Color histograms for a sample image
It is possible to increase histogram computation
tion speed by taking into consideration
thumbnail only, instead of the whole image. In a case of JPEG files it is accessible
57
Unified JPEG and JPEG-2000 color descriptor for content-based image retrieval
through DC components of each block [14]. Since JPEG algorithm divides image info
8x8 pixel blocks, the thumbnail is 8 times smaller than original image. In a case of
JPEG-2000 files, in order to analyze a thumbnail of the same size, the histogram is
calculated on LL band in a third decomposition level. All previous iterations of wavelet
transform have to be performed, however since they work on reduced data volume it is
relatively fast. Respective data used to create image thumbnail are presented in Fig. 2.
Figure 2. Single DCT block and DC component used to generate image thumbnail (left) and
DWT decomposition and third level low-low component (right)
Color histogram calculated over a thumbnail does not introduce any significant errors and the color information is preserved. Moreover, this operation is relatively fast,
since it employs 64 times smaller number of pixels and does not require inverse DCT to
be performed in case of JPEG. In case of JPEG-2000 the most time-consuming iterations (related to inverse DWT) are also eliminated.
1.2. Similarity Measure
Color-based similarity between query Q and database image B is calculated using L1
metric of respective histograms HQ and HB:
8
8
8
DQ( C, B) = ∑∑∑ H Q (l , a, b) − H B (l , a, b) ,
(5)
l =1 a =1 b =1
where l, a, and b are respective dimensions of histograms.
For identical histograms (not necessary identical images), D(C) is equal to zero, while
maximal possible distance is equal to 255 (histograms are different).
Developed algorithm was implemented as a working model in Java2 SE and tested
on several publicly available benchmark datasets [15],[16] containing over 6000 images
of different motives. The main window of the application 'ImSearch' is presented in
Fig. 3. This software was used to perform all the experiments described further in the
paper.
58
Paweł Forczmański
Figure 3. 'ImSearch' window
3. Experiments
The experiments performed using developed software were devoted to the following
problems:
 investigation of the identity of the descriptor for both JPEG and JPEG-2000 files;
 testing the robustness to compression artifacts;
 evaluating the classification ability of the descriptor.
The first group of test involved images compressed by means of both algorithms.
The assumption here is that the same image stored in JPEG and JPEG-2000 files should
look identically for a human observer no matter which compression type we choose (the
compression ratios should not be extremely high). Of course, this same should be true
for a computer program.
The set of images used in this experiment consists of 100 pictures randomly selected
from the database. All images were compressed by means of JPEG and JPEG-2000
creating two subsets. In order to eliminate compression artifacts influence, the compression quality was set to the highest level (lossless compression). The JPEG set was taken
as the reference one, while JPEG-2000 images were taken as query samples. The experiment is conducted according to the following scenario. There are 100 single queries.
During a single step a computer program returns 5 images which are similar to the
query one. They are ordered in the decreasing similarity order. The maximal position of
the correct image (from the range of 1 to 5) is being memorized. A perfect response is
when it occupies exactly the first position. The worst scenario in this case is when it is
on the fifth place. The results of the experiment are presented in Fig. 4 as an average of
100 queries. It confirms the identity of the color descriptors calculated both for JPEG
and for JPEG-2000 files. The differences between weighted and unweighted variant of
color histograms are very slight and do not favor one of them.
The goal of the following experiment was to investigate the robustness of the descriptor to variable compression quality. The assumption here is that images with different compression ratios (quality) are recognized as similar by human observer.
The input data in this case was 50 randomly chosen JPEG images taken from the
main database. It was limited to JPEG files only since the first experiment proved the
Unified JPEG and JPEG-2000 color descriptor for content-based image retrieval
59
descriptor for both JPEG and JPEG-2000 is equal to the same degree (at least for high
compression quality). Each picture was stored in 5 compression variants – a quality
factor was set to 90%, 75%, 60%, 45%, and 30% – making 250 base images. Testing
the lower compression quality was not necessary since it introduces high distortions and
is useless in practice. The query image was assumed to have maximal possible quality.
The result of a single query are five images arranged in the decreasing similarity order.
The expected perfect response is when for a certain query image five its copies (with
different compression) are retrieved. The results presented in Fig. 5 prove that the descriptor in the weighted histogram variant is independent on the compression quality.
The results for unweighted variant are slightly worse.
JPEG to JPEG-2000 relevance
100
A ccuracy [%]
99
98
97
96
weighted
unweighted
95
94
1
2
3
4
5
Maximal pos ition of the c orrec t ans w er
Figure 4. Results for query image stored in JPEG-2000 and base images stored in JPEG files
Compression robustness
100
Accuracy [%]
99
98
97
96
weighted
unweighted
95
94
5/5
4/5
3/5
2/5
1/5
Number of correct answ ers
Figure 5. Results of the retrieval for base images with variable (lower) compression quality
60
Paweł Forczmański
The last experiment
ent is devoted to evaluation of the classification ability of the disdi
cussed method. It gives an information about the practical usability of the proposed
algorithm. This test was performed on a limited number of images to satisfy the classificlassif
cation conditions (not all objects in the database are represented in a sufficient way, i.e.
there is often single image per class).. There are 66 pictures stored in JPEG format did
vided into 11 thematic classes (6 images per class). Each class contains different reprerepr
sentations
tations of the same scene (pictures taken from various perspectives, depicting
various its parts or different instances off the same object) – see Fig. 6
Figure 6. Instances of eleven classes used in the third experiment: 'arch', 'asphalt', 'clouds',
‘pavement', 'gravel', 'meadow', 'facade', 'flowers', 'street', 'tree', 'monument'
The experiment involved checking how many images returned by the computer propr
gram belong to the actual class. It was performed for both weighted and unweighted
variant of color histograms. The results presented in Fig. 7 show high accuracy, especially in case of four images out of five resulting ones.
Classification ability
100
90
80
Accuracy [%]
70
60
50
40
weighted
unweighted
30
20
10
0
5/5
4/5
3/5
2/5
1/5
Number of correct answ ers
Figure 7. Average results of the retrieval for 11 image classes
Unified JPEG and JPEG-2000 color descriptor for content-based image retrieval
61
Summary
In the article some important aspects of CBIR were showed, employing color only
information, extracted directly from compressed files. The algorithm operates in both
DCT and DWT domains and produces a three-dimensional color histogram computed
in CIE L*a*b* color space. Prototypic software calculates a compact descriptor for every
image and stores it in a database-like structure. It makes it possible to search for similar
images in the large database, employing example picture presented by user. The main
advantage over the existing methods is lower computational costs of retrieval, since the
image analysis is performed directly on a compressed form of image. The retrieval
accuracy is comparable to other well known approaches, yet the time of computations
can be radically decreased.
Acknowledgements
Software implementation and the results of experiments are a part of the MSc Thesis
of Mr Adam Bania, presented in 2007 at Szczecin University of Technology, Szczecin,
Poland.
References
[1] Flickner M., Sawhney H., Niblack W., Ashley J., Qian Huang, Dom B., Gorkani
M., Hafner J., Lee D., Petkovic D., Steele D., Yanker P. Query by image and video
content: the QBIC system. Computer. Vol. 28(9), Sep 1995
[2] Pentland A., Picard R. W., Sclaroff S. Photobook: Content-based manipulation of
image databases. SPIE Storage and Retrieval for Image and Video Databases II,
1994
[3] Smith J. R., Chang Shih-Fu. VisualSEEk: a Fully Automated Content-Based Image
Query System. ACM Multimedia, Boston, MA, November 1996.
[4] Forczmański P., Frejlichowski D. Strategies of shape and color fusions for content
based image retrival, Computer Recognition System 2, Springer, Berlin, 2007
[5] Kukharev G., Mikłasz M.: Face Retrieval from Large Database, Polish Journal of
Environmental Studies, vol. 15, no. 4C, 2006
[6] Deng Y., Manjunath B. S., Kenney C., Moore M. S., Shin H.: An Efficient Color
Representation for Image Retrieval. IEEE Transactions on Image Processing, vol.
10, no.1, 2001
[7] Manjunath B. S., Ohm J.-R., Vasudevan V. V., Yamada A.: Color and Texture
Descriptors. IEEE Transactions on Circuits and Systems for Video Technology,vol.
11, no. 6, 2001
[8] Guocan Feng, Jianmin Jiang. Jpeg compressed image retrieval via statistical features. Pattern Recognition, 36(4):977–985, April 2003
[9] Au K.M. , Law N.F. , Siu W.C.. Unified feature analysis in jpeg and jpeg 2000compressed domains. Pattern Recognition, 40(7):2049–2062, 2007
[10] Forczmański P., Bania A. Content-based Image Retrieval in Compressed Domain.
Polish Journal of Environmental Studies, 2008
[11] Fairchild M. D. Color Appearance Models. John Wiley and Sons Ltd., 2005
62
Paweł Forczmański
[12] Lab color space, http://en.wikipedia.org/wiki/Lab_color_space [online]
[13] Lu G., Phillips J. Using perceptually weighted histograms for colour-based image
retrieval. Fourth International Conference on Signal Processing, Beijing, 1998
[14] Schaefer G. Jpeg image retrieval by simple operators. Proceedings of the International Workshop on Content-Based Multimedia Indexing, Brescia, Italy, 2001
[15] Free Public Domain Photo Database: pdphoto.org [downloaded 08.05.2008]
[16] Free Images – Free Stock Photos: www.freeimages.co.uk [downloaded 09.05.2008]
An outline of the system for computer-assisted diagnosis
based on binary erythrocytes shapes
Dariusz Frejlichowski
Szczecin University of Technology,
Faculty of Computer Science and Information Technology
Abstract:
The paper presents some initial results of the work on the system for Computer-Assisted
Diagnosis (CAD) of diseases involving erythrocytes (e.g. anaemia). The approach is
based on binary shapes of red blood cells (RBCs), extracted from digital microscopic
images. This comes from the fact that some diseases have their origin in deformation of
RBCs shapes, what makes the proper delivering of oxygen to body tissues impossible. In
result the blood circulation is non-regulated. The approach under development was
examined and implemented in form of the prototype in Matlab environment.
Keywords:
pattern recognition, binary image, shape description, erythrocytes’ shape analysis
1. Introduction
The role of red blood cells is to deliver oxygen from lungs to body tissues and carbon dioxide back. Sometimes, their abnormal work can lead to a serious disease, e.g.
anaemia or malaria. Those diseases are caused by deformation of erythrocytes' shapes.
It is obvious as deformed RBCs cannot deliver oxygen properly, what in result makes
the blood circulation non-regulated. Therefore, computer assisted automatic diagnosis
of some selected diseases can be based on erythrocytes shapes. It can use digital microscopic images of human blood stained using MGG (May-Grunwald-Giemsa) method
(few examples are provided in fig.1) as an input.
In order to realize the automatic diagnosis the template matching was chosen. This
approach finds a database template which is the most similar to the one under processing. Usage of the object itself and comparing it with the base element is not possible
because of its differences in comparison with the template (cased by rotation, shifting,
resize, noise, and so on). Therefore some features have to be used. The most popular
ones are: shape, colour, luminance, texture, context of the information. Amongst them
the very special attention is put on shape, because in some applications it is the most
relevant and the less changeable feature that can be used. To avoid the mentioned problems, a shape has to be represented properly, using so-called shape descriptors. Some of
them are invariant to the deformations. In this paper three various methods of that kind
were applied for examination - UNL-F, PDH, Log-Pol-F. In all of them transformation
of boundary points from Cartesian to polar co-ordinates is performed. This transformation has several important advantages. Firstly, it gives shape description invariant to
64
Dariusz Frejlichowski
translation and scaling (after normalisation). The rotation becomes circular shifting after
derivation, but all above methods solve this problem easily. Moreover, the representation of a boundary in polar co-ordinates is more convenient, if we are analysing the
overall character of a shape.
Figure 1. Some examples of the input data – microscopic images of human blood
In the discussed system for CAD the feature representation (using a shape descriptor) stage is crucial for the efficient work. However, it is not the only one. Therefore,
three additional steps, typical for recognition based on digital images have to be performed: pre-processing, extraction of particular shapes (both are preceding the feature
description) and matching with the database elements. Using results of the last step with
some rules based on medical knowledge it is possible to make a diagnosis.
The first mentioned stage (pre-processing) uses i.a. thresholding and median filtering. The next one - feature localisation – is based on tracing regions for every separate
object in image. The extracted object is represented using a shape descriptor and
matched with elements in the database. This is a short description of the method as a
whole. The more detailed information about its main parts is provided in the subsequent
sections.
2. Pre-processing
The input microscopic images are represented in greyscale. If not, they have to be
firstly converted to such representation.
The first step of the pre-processing stage is the thresholding, which gives binary image in result. Three different approaches to this problem were experimentally analysed:
An outline of the system for computer-assisted
assisted diagnosis based on binary…
binary
65
rigid thresholding ([1]), thresholding based
d on histogram ([2]) and usage of fuzzy measmea
ures ([3]). The last approach gave significantly better results than the others and was
applied in the final scheme. In order to reduce the influence of noise, median filtering
for the binary image was utilised. An example of the achieved binary representation of
the microscopic image is provided in fig.2. As it can be easily seen, the binary image
contains black pixels for background and white ones for cells.
Figure 2. Exemplary result of the thresholding process
proce of input image
Figure 3. An example of the co-ordinates
ordinates extraction for a cell using tracing the contour. Small
arrows in the middle part of the image denote the directions of tracing.
The second stage of the pre-processing
processing phase is the localisation of cells. It is realised
through tracing regions of every separate object in image. Each time, the maximal coco
ordinates in each direction are stored. Only objects entirely placed in image are considconsi
ered, others (placed on boundaries) are not. In fig.3. the strategy
s
for tracing every cell's
contour is depicted.
In the developed CAD system the diagnosis is based only on erythrocytes (in fact, in
future it is very tempting to enhance it on other blood particles, what can increase the
66
Dariusz Frejlichowski
number of diseases diagnosed). Therefore, the next step of the pre-processing is the rejection of thrombocytes and leukocytes. It is realised through the rejection of regions
significantly bigger (for leukocytes) or smaller (thrombocytes) than the others (erythrocytes). That process gives us additional benefit - it rejects some occluded shapes, which
are very difficult to recognise. Unfortunately, it is still possible that some particles of
those kinds have similar area to RBC. In that case the rejection is based on histogram,
because thrombocytes and leukocytes have very dark (almost black) parts. Therefore,
histogram derived for them is different from the one achieved for erythrocytes. Obviously, in this case we have to go back for a moment to the greyscale representation.
Additionally, the image before the thresholding is enhanced through histogram equalisation. As it turned out, this process reduces the number of occluded shapes.
3. A single cell representation using shape description
As it was explained in the first section, three polar shape representations were chosen for experiments. In this section, brief description of their features is provided. Details can be found in the referred literature.
The first approach, UNL-F ([4]), is composed of two transformations. Firstly, the
transformation of boundary points to polar co-ordinates is performed, but with some
differences in comparison to the traditional way of doing this transformation. The derived co-ordinates are put into matrix, in which row corresponds to the distance from
centroid, and column - to the angle. The obtained matrix is 128 x 128 pixels size. In
fact, that gives another binary image, therefore the Fourier transform can be applied to
it. From the spectrum only the most important part is cut and represents a shape. The
resultant shape description is invariant to scaling (thanks to normalisation), translation
(calculation of co-ordinates according to a particular point within an object) and rotation
(Fourier transform). The representation is also robust to noise.
The Log-Pol-F ([5], [6]) was the second approach examined. It uses the centroid as
an origin of the transform, as in the UNL-F. The polar-logarithmic transform is used
here, and, afterwards, the Fourier transform. Thanks to the similarity to the earlier
method the Log-Pol-F has similar properties. There are only two differences. The invariance to scaling is achieved using logarithmic transform, not normalisation. And, the
usage of polar co-ordinates is simpler - only distances from centroid are taken.
The Point Distance Histogram ([7]) was the last algorithm explored. The method can
use various ways of deriving the origin of the polar transform. Here, to keep the similarity to the earlier approaches, the centroid was utilised. After calculating this point, all
distances between points on the contour and the centroid are derived. Only the points
with maximal distance for particular angle are taken, one for every angle from 0 to 359
degrees. That gives three hundreds and sixty values. The next stage is the normalisation
according to the maximal distance. The last step is the derivation of the histogram for
those values. In the experiments the number of bins in histogram was set to 50, which
is the optimal value for small shapes. The PDH is invariant to translation (thanks to the
derivation according to the centroid), rotation (thanks to the usage of histogram) and
scaling (normalisation).
An outline of the system for computer-assisted diagnosis based on binary…
67
The comparison of shape descriptors was crucial in developing the method. Basing
on the template matching approach, in each case, firstly descriptions were calculated for
base elements (12 various classes of erythrocytes, 5 instances in each) and stored. After
localisation and extraction of the object being identified, it was described using particular method as well. The matching between it and all base elements was performed using
C1 metric ([8]). Maximal value indicated the closest base element. Also, for each type
of RBC, the threshold for rejecting resultant similarity measure was experimentally established. The above process was performed automatically, using digital microscopic
images (1000 magnification), with several dozens to hundreds of shapes within. As it
turned out, the best overall results were achieved using UNL-F (93% RR). Log-Pol-F
was slightly worse (91% RR), and PDH achieved the Recognition Rate equal to 84%. It
means that robustness to noise is more important (UNL-F, Log-Pol-F), than detailed
analysis of a boundary (PDH). In the developed system for diagnosis the UNL-F was
applied as a method for shape description.
4. A prototype of the system for automatic diagnosis
The complete scheme of the proposed approach, composed using stages described in
the former sections, was implemented in Matlab. This environment was chosen for two
reasons. Above all, the implementation had to help in examining the methods used at
particular stages of the approach. Secondly, the initial automatic diagnosis could be
performed. At present, the prototype had only to inform, if the image contained some
affected, deformed cells. However, some initial decision rules were also utilised.
Thanks to this the first experiments on the automatic diagnosis were also carried out. In
future, the system will perform the diagnosis completely automatically.
In fig. 4 the window of the prototype in Matlab is provided. Five separate parts of
the window can be mentioned. The first one (see fig.4.a) is devoted to the selection of
the image for analysis. The second one (fig.4.b) contains the result of calculating the
particular types of red blood cells. It is important for diagnosis. The next one (fig.4.c)
presents the image under analysis. The suggested result of the analysis is provided in the
next subwindow (fig.4.d). The last element of the window is the button for exiting the
application (fig.4.e).
Some results (labelled erythrocytes) of the applied prototype of the system were presented in fig. 5. For better visibility, only the subwindow with analysed images are provided. The first image (the left one) presents blood of a healthy man, with
normoerythrocytes and only one doubtful case. For the second image (in the middle) the
potential diagnosis was thalassemia and sideropenic anaemia and in the last case (on the
right) hemolytic anaemia was suggested.
68
Dariusz Frejlichowski
Figure 4. A window of the prototype in Matlab (particular parts of the window are described
in the text)
Figure 5. Few pictorial results of the suggested diagnosis, performed using explored approach
(rectangles enclose the affected RBCs)
5. Concluding remarks and future work
The developed prototype of the system was tested on over 50 microscopic images.
The suggested diagnosis was in each case the same as the one made by human. It means
that future work with presented approach is worth doing. First of all, it has to be tested
on much bigger collection of images. Secondly, some steps at the pre-processing
pre
stage
can be still improved. And finally, the number of considered shapes can be larger. Not
only erythrocytes, but also leukocytes and thrombocytes can be recognised,
rec
in order to
increase the number of diseases under consideration.
An outline of the system for computer-assisted diagnosis based on binary…
69
Even tough the initial results are very promising, the completely automatic computer
diagnosis was not the goal of the work presented here. The purpose of the system under
development is rather close to the retrieval of the microscopic images and pointing out
the doubtful cases in large databases. After this stage the diagnosis should be made on
those cases by professionals. It means that the system is primarily developed for supporting the analysis of microscopic images. However, in future it can be enhanced to the
completely automatic system.
References
[1] Kukharev G., Kuźmiński A. Biometric Techniques. Part 1. Face Recognition Methods, (in Polish), WI PS Press, Szczecin, 2003.
[2] Sanei S., Lee T.K.M. Cell Recognition based on PCA and Bayesian Classification.
In: 4th International Symposium on Independent Component Analysis and Blind
Signal Separation,. Nara, 2003, pp. 239-243.
[3] Kim K.S., Kim P.K., Song J.J., Park Y.C. Analyzing Blood Cell Image to Distinguish its Abnormalities, In: 8th ACM International Conference on Multimedia, Los
Angeles 2000, pp. 395-397.
[4] Frejlichowski D. Contour Objects Recognition Based On UNL-Fourier Descriptors,
In: Enhanced Methods in Computer Security, Biometrics and Artificial Itnelligence
Systems, 2005, pp. 203-208.
[5] Kuchariew G. Digital Images Processing and Analysis (in Polish), WI PS Press,
Szczecin, 1998.
[6] Luengo-Oroz M. A., Angulo J., Flandrin G., Klossa J. Mathematical Morphology in
Polar-Logarithmic Coordinates. Application to Erythrocyte Shape Analysis. In:
Marques, J. S., Pérez de la Blanca, N., Pina, P. (eds.) IbPRIA 2005. LNCS, vol.
3523, 2005, pp. 199-205.
[7] Frejlichowski D. Shape Representation Using Point Distance Histogram. Polish J.
of Environ. Stud. vol. 16, no. 4A, 2007, pp. 90-93.
[8] Lam K.M., Yan H. An Analytic-to-Holistic Approach for Face Recognition Based
on a Single Frontal View. IEEE Trans. on PAMI. vol. 20, no. 7, 1998, pp. 673-686.
Personalizacja przekazu interaktywnego z udziałem
metod analizy czynnikowej
Jarosław Jankowski
Politechnika Szczecińska, Wydział Informatyki
Abstract:
Growth in the complexity of internet applications, variability of data structures, use of
multimedia objects make it difficult to model information structures and design access
interfaces. The application potential is not always used and the obtained results
maximized. In the article a procedure is presented of adapting objects used in the
interactive communication process. It assumes object decomposition and identification of
the system reaction functions for different selected collections of input variables with
simultaneous minimization of the number of variants. The approach used gives a
possibility to verify various systems and minimize the space of the searches of the design
variant in web applications, where combinatorial nature of a job makes it difficult to use
other methods.
Keywords:
Internet, online marketing, adaptive systems
1. Wstęp
Rozwój systemów informacyjnych i aplikacji internetowych następuje w wymiarze
technologicznym i społecznym, który coraz częściej stanowi podstawę funkcjonowania
wielu przedsięwzięć. Obecnie zarysował się nowy trend w realizacji systemów internetowych, którego konsekwencją jest między innymi przedefiniowanie potrzeb w zakresie
kategoryzacji i dostępu do danych [17]. Rozwój Internetu szerokopasmowego umoŜliwił wprowadzenie nowych obszarów zastosowań, zwiększyła się ilość treści multimedialnych oraz nastąpiła decentralizacja funkcji wydawniczych. W wielu aplikacjach
zorientowanych na środowiska interaktywne występują problemy z tworzeniem interfejsów dostępowych do danych oraz modelowaniem struktur dla zapewnienia uŜyteczności
i generowania określonych efektów. W artykule przedstawiono koncepcję dekompozycji obiektów interaktywnych na elementy składowe w ramach procedury poszukiwania
wartości ekstremalnych funkcji odpowiedzi, która identyfikuje charakterystyki systemu
i daje moŜliwość maksymalizacji oczekiwanych efektów w procesie adaptacyjnym.
2. Ewolucja struktur danych w aplikacjach internetowych
Sektor prywatny związany z technologiami internetowymi po okresie stagnacji na
początku dekady notuje od pewnego czasu ponowny wzrost, potwierdzony dynamiką
inwestycji. Raport Komisji Europejskiej na temat rozwoju nowych przedsiębiorstw
72
Jarosław Jankowski
i innowacji w sektorze elektronicznym wskazuje na zwiększenie liczby firm z tej grupy
[9]. Nowo utworzone organizacje gospodarcze charakteryzuje wyŜszy poziom innowacyjności oraz fakt iŜ operują one w obszarach związanych z protokołami VoIP, identyfikacją radiową, Internetem i technologiami mobilnymi. Wraz z rozwojem serwisów
zorientowanych na społeczności internetowe wykorzystuje się nowe struktury aplikacji
internetowych oraz odmienne podejścia przy ich tworzeniu i eksploatacji, między innymi w postaci ontologii i sieci semantycznych, których kierunki rozwoju wskazują
J. Davies i R. Studer [6]. Ta faza ewolucji Internetu integruje sześć zasadniczych elementów: tworzenie treści przez uŜytkowników, zbiorowa inteligencja, repozytoria danych na niespotykaną dotąd skalę, sieci społeczne, efekt skali, otwartość [1]. Jak wskazują M. Madden i S. Fox aktualne stadium rozwoju jest wynikiem naturalnej ewolucji
dokonującej się w drodze weryfikacji róŜnych znanych wcześniej koncepcji [14]. Obszar ten stanowi przedmiot badań firm analitycznych, m.in. Gartner Group, koncentrujący się na akceptacji określonych technologii przez biznes w ramach cykli (ang. hype
cycle) [10]. Wyodrębnione etapy obejmują wprowadzanie koncepcji i technologii, oraz
oddziaływanie ich na zaangaŜowanie firm technologicznych i inwestorów. Następny
etap cyklu odnosi się do weryfikacji faktycznej wartości innowacji i zazwyczaj skutkuje
redukcją zainteresowania mediów (Rys 1.).
Zainteresowanie biznesu i mediów
Mashupy
Rozpoznawanie mowy w
technologiach mobilnych
Web 2.0
IPv6
Web 2.0 i elementy składowe
Folksonomie
Korporacyjne sieci sematyczne
Papier cyfrowy
Analizy sieci społecznych
RSS korporacyjne
Architektura sterowana modelem
Znaczniki RFID
Inteligencja zbiorowa
Architektura sterowana zdarzeniami
Teleobecność
VoIP
Systemy GRID
Wewnętrzne webserwisy
Tłumaczenia w czasie rzeczywistym
Offline Ajax
Ajax
RFID w obrocie hurtowym
Rzeczywistość rozszerzona
Biometryka w płatnosciach
Przewidywanie zachowań rynków
Smartfony
Wiki
Tablet PC
Obliczenia kwantowe
Blogi korporacyjne
Alikacje lokalizacyjne
Komunikatory w biznesie
Technologie lokalizacyjne
Płatności mobilne
Architektury Tera
Logiki DNA
Okres adaptacji technologii
- mniej niŜ dwa lata
- od 2 do 5 lat
- od 5 do 10 lat
- ponad 10 lat
Sieci sensoryczne
t
Powstanie technologii
Masowe zainteresowanie
Weryfikacja
WdroŜenia i standaryzacja
q
Rysunek 1. Cykl adaptacja nowych technologii (źródło: opracowanie własne na postawie
Gartner's Emerging Technologies Hype Cycle, 2006)
Analizy te identyfikują umiejscowienie Web 2.0 i obszarów powiązanych (np.: folksonomie [18], analizy sieci społecznych, agregatory internetowe typu mashup) w okresie największego zainteresowania. Wynikiem ewolucji są zaawansowane przeobraŜenia,
oddziałujące na kształt środowiska internetowego oraz przyczyniające się do upowszechnienia narzędzi syndykacji, wykorzystania standardów RSS, sieci semantycznych, tworzenia aplikacji z wykorzystaniem protokołów asynchronicznych AJAX [15].
WdraŜanie warstwy technologicznej Web 2.0 umoŜliwia integrację narzędzi stosowanych w innych aplikacjach internetowych. Realizowana w ten sposób funkcja informa-
Personalizacja przekazu interaktywnego z udziałem metod analizy czynnikowej
73
cyjna podnosi jakość usług i wpływa jednocześnie na kreowanie nowych struktur danych zorientowanych na dostęp do treści generowanych przez uŜytkowników (ang. user
generated content). W tym obszarze L. Rosenfeld i P. Morville identyfikują architekturę
informacji jako nową dziedzinę badań [19]. Zwiększaniu uŜyteczności systemów towarzyszy powstawanie podstaw do tworzenia systemów rekomendujących, które bazują na
wzorcach behawioralnych, wskazywanych między innymi w pracach B. Jian Hu i Z.
Hua-Jun z Microsoft Research [13]. Integrowane są metody budowy struktur interfejsów zorientowanych na eksplorację zawartości systemów handlu elektronicznego w
postaci systemów filtracji kolaboracyjnej, których metody zunifikowanej integracji
przedstawili J. Wang i P. Arjen [22]. Widoczne jest ich powiązanie z algorytmami eksploracji danych czy przypisywania do zbiorów danych, obiektów multimedialnych lub
zbiorów tekstowych kategorii lingwistycznych. Inne kierunki zbliŜają zbiory danych do
koncepcji sieci semantycznych i wymagają takiego opisu struktur danych, by umoŜliwić
ich elastyczne przetwarzanie. Determinuje to równieŜ powstawanie nowych obszarów
badawczych w obszarze identyfikacji struktur danych i dopasowania treści serwisów do
preferencji odbiorców i szerzej pojętej personalizacji.
3. ZałoŜenia personalizacji i parametryzacji obiektów interaktywnych
Dla poszczególnych zastosowań moŜna zidentyfikować charakterystyczne struktury
danych wykorzystywanych w komunikacji z uŜytkownikiem. Miary ich uŜyteczności,
szerzej omawiane przez A. Granica i V. Glavinica [12], umoŜliwiają identyfikację
obiektów, które stanowią warstwę pośredniczącą między uŜytkownikiem a częścią
aplikacyjną i podlegają modyfikacji oraz dopasowaniu w czasie. S. DeLoach
i E. Matson precyzują dla środowiska internetowego podejścia adaptacyjne i agentowe
stosowane w projektowaniu systemów informatycznych i interfejsów, gdzie za rozwiązanie idealne przyjmuje się implementację systemu, który dostosowuje się do zmieniających się warunków i potrzeb uŜytkowników [7]. W niniejszym artykule przedstawiono koncepcję dekompozycji obiektu interaktywnego i wyodrębnienie parametrów podzielonych na zbiory danych wejściowych, m.in. grupę parametrów ilościowych i jakościowych. Parametry ilościowe C1,C2,...,Cm reprezentują mierzalne cechy obiektu i jego
części składowych, do których moŜna zaliczyć parametry elementów graficznych. Cechy ilościowe reprezentowane są przez zmienne o charakterze ciągłym lub dyskretnym.
Zmienne dyskretne ujęte są w postaci zbiorów alternatywnych wartości
ZD={e1,e2,....,en}. Przy generowaniu wariantu przekazu interaktywnego następuje selekcja elementów z podanego zbioru, w oparciu o zadaną funkcję selekcji fs(x,z,n),
odpowiedzialną za wybór elementu x ze zbioru z dla wywołania przekazu n, która ma na
celu maksymalizowanie efektów (na przykład kampanii reklamowej) lub uŜyteczności
obiektu. W przypadku parametrów ciągłych dla zmniejszenia przestrzeni decyzyjnej
moŜna zastosować wybrane algorytmy dyskretyzacji, np. proponowane przez L. ChangHwana [5]. Procedura realizowana jest wieloetapowo, w oparciu o strukturę i zbiory
wejściowe w sposób zautomatyzowany generowany jest zbiór n obiektów o róŜnych
cechach. Stanowi on wyjściowy zbiór testujący, który podlega weryfikacji w środowisku interaktywnym dla wyodrębnionych grup odbiorców. Przy generowaniu wariantu
następuje selekcja elementów z podanego zbioru, w oparciu o zadaną funkcję selekcji
sel(e1,E,o), odpowiedzialną za wybór elementu x ze zbioru z dla obiektu interaktywne-
74
Jarosław Jankowski
go o. W takim ujęciu obiekt interaktywny przyjmuje strukturę zbioru: Oi=e1, e2, … e3
gdzie ei naleŜy do zbioru Ei elementów składowych komponentu. Dla obiektu interaktywnego definiuje się zbiór czynników, które wpływają na uzyskane efekty, parametry
wejściowe xk, k=1,2,…,i oraz parametry wyjściowe ym,, m=1,2,…,j które stanowią wyniki obserwacji uzyskane przy określonym doborze czynników wejściowych. Prowadzone badania mają na celu maksymalizację funkcji oceny efektów e=f(x1,x2,…,xk).
Procedura obliczeniowa realizowana jest w komunikacji ze środowiskiem operacyjnym,
z wykorzystaniem zasileń informacyjnych i układów pomiarowych. W przypadku środowiska interaktywnego podstawą do generowania kolejnych wariantów obiektów jest
uŜyteczność i analiza skuteczności poszczególnych wersji. Dla efektywnej realizacji
zadań obliczeniowych i generowania struktur istotny jest dobór metod wspomagania
decyzji i algorytmizacja procesu analizy danych.
4. Podstawy metodyczne systemu i etapy procedury optymalizacyjnej
Realizacja układu adaptacyjnego generowania obiektów spersonalizowanych interaktywnych wymaga doboru metod analitycznego przetwarzania danych i pozyskiwania
rozwiązań decyzyjnych. Podstawowym problemem przedstawionej koncepcji jest duŜa
przestrzeń decyzyjna i kombinatoryczna struktura problemów obliczeniowych. Za
główne zadania na tym etapie badań przyjęto poszukiwanie wariantów optymalnych
przy ograniczeniu ilości kroków wymaganych dla uzyskania ekstremum (lub wartości
zbliŜonych do ekstremum) funkcji odpowiedzi. W kompletnym eksperymencie dla
weryfikacji wszystkich elementów konieczne jest opracowanie planu badań, który
obejmuje 2k wariantów obiektu. Dla redukcji wymiarowości problemu proponuje się
wykorzystanie metody generowania struktury obiektów dla poszczególnych etapów w
oparciu o modele poliselekcyjne, stosowane w analizie czynnikowej. ZałoŜeniem tych
metod jest generowanie planów doświadczeń i ograniczenie przestrzeni poszukiwań.
Literatura podaje wiele modeli generowania tzw. planów frakcyjnych (z wykorzystaniem stopniowego przyrostu wartości poszczególnych parametrów) uznanych za podstawę tego nurtu badawczego publikowanych między innymi w pracach C. Bayena
i I. Rubina [2], D. Montgomeryego [21] oraz S. Deminga i S. Morgana [8]. Rozwój
metod w tym obszarze zapoczątkowała metodologia analizy odpowiedzi RSM (ang.
response surface methodology) zaproponowana przez Boxa i Wilsona [4], która wspomagania planowanie eksperymentu w celu wyznaczenia ekstremum funkcji wielu
zmiennych:
x = f(u1,u2,…,un)
(1)
W metodzie tej zakłada się, Ŝe funkcja f(u) jest nieznana, ciągła i ma jedno ekstremum. Zmienne uk (k=1,2,…s) mogą przyjmować wartości na dwóch głównych poziomach us0+∆us, us0-∆us. W metodzie załoŜono, Ŝe nieznaną charakterystykę moŜna
aproksymować w otoczeniu danego punktu u1,0,u2,0,….,us,0 z uŜyciem hiperpłaszczyzny
przedstawionej za pomocą równania [2].
∧
x = b0 + b1u1 + ⋯ + bs u s + b11u12 + … + bss u s2 + +b12 u1 u2 + … + bs −1, s us −1u s
(2)
75
Personalizacja przekazu interaktywnego z udziałem metod analizy czynnikowej
gdzie b0,b1,…,bk,b11,…,bss,b12,…,bs-1,s są współczynnikami wymagającymi określenia.
W przypadku istnienia duŜej liczby zmiennych poszukuje się planów realizacji doświadczeń, które umoŜliwiają zbadanie głównych czynników determinujących zachowanie funkcji. W takich sytuacjach stosuje się plany Placketta i Burmana, definiowane
jako nasycone z uwagi na wykorzystanie wszystkich elementów do identyfikacji efektów głównych bez pozostawionych stopni swobody [11].
Przykładowe postępowanie w oparciu o plany frakcyjne zilustrowano dla obiektu
z 6 parametrami o wartościach ciągłych, reprezentujących składowe zmiennych odpowiedzialnych za wizualizację i dobór skali barw elementu interaktywnego. Dla poszczególnych parametrów określono dopuszczalne zakresy wartości z zakresu RGB
<0,255>. W pierwszej fazie wykorzystano metodę selekcji planu początkowego eksperymentu Placketa Burmana i wygenerowano układ eksperymentu. Określono początkowy punkt centralny dla wartości c1,1= 127.5, c1,2= 63.5, c1,3= 31.5, c2,1= 63.5, c2,2= 63.5,
c2,3= 31.5.
Tabela 1. Rozkład przyrostowy parametrów
(Źródło: obliczenia własne)
Id
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
C
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
c11
1
1
0
-1
0
1
1
0
-1
0
-1
-1
-1
-1
1
-1
1
1
0
-1
1
c12
1
-1
0
1
0
1
-1
0
1
0
-1
1
-1
-1
-1
1
-1
1
0
-1
1
c13
1
1
0
1
0
-1
-1
0
-1
0
1
1
-1
-1
1
-1
-1
1
0
1
-1
c21
1
-1
0
1
0
-1
1
0
-1
0
-1
-1
1
-1
1
1
-1
-1
0
1
1
c22
1
-1
0
-1
0
-1
1
0
1
0
1
-1
-1
-1
-1
1
1
1
0
1
-1
c23
1
1
0
1
0
1
1
0
1
0
1
-1
1
-1
-1
-1
-1
-1
0
-1
-1
Tabela 2. Plan początkowy w otoczeniu
punktu c0 (Źródło: obliczenia własne)
Id
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
c1,1
255
255
128
0
128
255
255
128
0
128
0
0
0
0
255
0
255
255
128
0
255
c1,2
255
0
128
255
128
255
0
128
255
128
0
255
0
0
0
255
0
255
128
0
255
c1,3
255
255
128
255
128
0
0
128
0
128
255
255
0
0
255
0
0
255
128
255
0
c2,1
255
100
178
255
178
100
255
178
100
178
100
100
255
100
255
255
100
100
178
255
255
c2,2
255
0
128
0
128
0
255
128
255
128
255
0
0
0
0
255
255
255
128
255
0
c2,3
255
255
128
255
128
255
255
128
255
128
255
0
255
0
0
0
0
0
128
0
0
R
0
4
2
6
3
4
6
2
3
2
4
4
6
4
1
6
4
6
2
6
6
W Tabeli 1 przedstawiono poszczególne etapy z uwzględnieniem przyrostu +∆u,
stabilizacji lub jednostkowej dekrementacji wartości zmiennych -∆u. Macierz przyrostowa dla kaŜdej zmiennej wyznacza kierunek zmian w poszczególnych krokach eksperymentu. Na tej podstawie w otoczeniu punktu centralnego generowany jest plan początkowy eksperymentu (Tabela 2). Plan eksperymentu przedstawia hiperpłaszczyna na
Rys 2. Dla poszczególnych wartości parametrów wejściowych dokonano oceny struktury obiektu a dla poszczególnych wariantów planu uzyskano rangi. Na Rys 3. przedsta-
76
Jarosław Jankowski
wiono wpływ zmian wartości parametru c1,1 na odpowiedź
odpowied układu przy wartościach
c1,3=0, c2,1=178.
Rysunek 2. Plan początkowy dla etapów eksperymentu (źródło: obliczenia własne)
Rysunek 3. Rozkład odpowiedzi dla zmian c1,1, c1,3=0, c21=178 (źródło: obliczenia własne)
Analiza obiektu odbywa się w procesie iteracyjnym,
iteracyjnym w którym wykorzystuje się dane z układów pomiarowych oraz początkowe wartości
ści parametrów z układów wejścia.
Ekstremum funkcji wyznacza się interakcyjnie na kilku etapach. W pierwszym realizuje
się niewielką liczbę doświadczeń, które umoŜliwiająą znalezienie zorientowanego lokalloka
nie opisu matematycznego, który wyznacza powierzchnię daną równaniem:
∧
x = b0 + b1u1 + b2 u2 + ⋯ + bs us
(3)
Współczynniki b1,…,bs określają kierunek gradientu, który umoŜliwia
umo
realizację poszukiwań punktu ekstremalnego. Metoda poszukiwania kierunku najszybszego wzrostu
funkcji (ang. metod of steepest ascent)
t) zakłada przemieszczanie kierunku eksperymentu
Personalizacja przekazu interaktywnego z udziałem metod analizy czynnikowej
77
zgodnie ze ścieŜką wzrostu wartości
ci funkcji odpowiedzi obiektu. Po pierwszym etapie
przetwarzania współczynniki regresji modelu sąą wykorzystywane do identyfikacji
ścieŜki poszukiwań. Na Rys. 4 przedstawiono etapy ewaluacji wariantów planu.
Rysunek 4. Etapy ewaluacji planu (źródło:
ródło: obliczenia własne)
Rysunek 5. Rozkład odpowiedzi układu (źródło:
ródło: obliczenia własne)
Dalsze poszukiwania kolejnych rozwiązań koncentrują
koncentruj się wokół punktów z wartościami największymi. Zmiany wartości xj podczas przemieszczania
przemieszczani w kierunku wzrostu
∧
funkcji są proporcjonalne do istotności współczynnika regresji β j . W pracy [3] przedstawiono postać modelu w postaci:
∧
∧
∧
∧
∧
y = β 0 + β1 x1 + β 2 x2 + … + β k xk
(4)
78
Jarosław Jankowski
ŚcieŜka najszybszego wzrostu funkcji przebiega od punktu środkowego projektu
w kierunku największego wzrostu wartości funkcji z ograniczeniem sferycznym
∑
k
j =1
x 2j = r 2 . Procedura maksymalizacji funkcji wykorzystuje mnoŜnik Lagrange’a:
∧
∧
Q ( x1 , x1 ,… , xk ) = β 0 + ∑ j =1 β j x j − λ
k
(∑
k
j =1
x 2j − r 2
)
(5)
gdzie dla mnoŜnika λ określa się wartości skokowe zmiany parametrów ∆ i wyznacza
się wartości pozostałych zmiennych. Szczegółowe metody wyznaczania rozwiązań
omówiono w pracach R.H. Myers i D.C Montgomeryego [21] oraz A.I. Khuriego i J.A.
Cornella [20]. W kolejnej iteracji otrzymano odpowiedź układu przedstawioną na Rys.
5, gdzie dla poszczególny kombinacji parametrów uzyskano wzrost wartości funkcji
oceny. Na tej podstawie moŜna wyznaczyć parametry obiektu dla kolejnego etapu pomiarów. Liczba iteracji uzaleŜniona jest od kosztów realizacji badań testujących i szybkości przyrostu funkcji oceny w stosunku do oczekiwań decydenta. Uzyskane efekty
wskazują na moŜliwość szerszego zastosowania metod planowania struktur obiektów
interaktywnych i dokonaniu ich wersyfikacji z udziałem planów frakcyjnych. W zaleŜności od wyznaczonego celu moŜliwa jest identyfikacja funkcji odpowiedzi systemu
oraz poszukiwanie kombinacji parametrów wejściowych w celu jej maksymalizacji.
5. Podsumowanie
Wzrost złoŜoności aplikacji internetowych, zmienność struktur danych, wykorzystanie obiektów multimedialnych utrudnia modelowanie struktur informacyjnych
i personalizacji przekazu. Nie zawsze wykorzystuje się potencjał aplikacji i maksymalizuje uzyskane rezultaty. Przedstawiona procedura identyfikacji obiektu interaktywnego
i doboru parametrów moŜe stanowić rozszerzenie istniejących systemów adaptacyjnych
w Internecie. Wykorzystane podejście daje moŜliwość weryfikowania róŜnych układów
i minimalizację przestrzeni poszukiwań wariantu projektowego w aplikacjach internetowych, gdzie kombinatoryczna natura zadania utrudnia stosowanie innych metod.
W wielu przypadkach przydatne jest odwzorowanie systemu, a matematyczny model
analityczny wyznaczany jest na podstawie jego zachowań. Istotne jest ograniczenie
udziału decydenta w poszukiwaniu rozwiązań i automatyzacja procedur obliczeniowych. Kolejne etapy badań zakładają konstrukcję środowiska symulacyjnego i integrację z systemami internetowymi dla potrzeb dalszych eksperymentów.
Bibliografia
[1] Anderson P. What is Web 2.0? Ideas, technologies and implications for education,
JISC, Department of Information Science, Loughborough University 2006
[2] Bayne C. K., Rubin I. B. Practical experimental designs and optimization methods
for chemists, VCH Publisher, 1986
[3] Borror C., Kowalski S., Montgomery D. C. A Modified Path of Steepest Ascent for
Split-Plot Experiments, Journal of Quality Technology, Vol. 37, No. 1, 2005
[4] Box G. E. P., Wilson K. B. On the experimental attainment of optimum conditions,
Journal of the Rogal Statistical Society, 1951
Personalizacja przekazu interaktywnego z udziałem metod analizy czynnikowej
79
[5] Chang-Hwan L. Hellinger-based discretization method for numeric attributes in
classification learning, Knowledge-Based Systems archive, Volume 20, Issue 4,
Elsevier Science Publishers, 2007
[6] Davies J., Studer R., Warren P. Semantic Web Technologies: Trends and Research
in Ontology-based Systems, Wiley Publishing, 2006
[7] DeLoach S. A., Matson E. An Organizational Model for Designing Adaptive Multiagent Systems, The AAAI-04 Workshop on Agent Organizations: Theory and
Practice, 2004
[8] Deming S. N., Morgan, S. L. Experimental design: A chemometric approach,
Amsterdam, The Netherlands: Elsevier Science Publishers B.V., 1993
[9] European Commission. The role of new companies in e-business innovation and
diffusion, e-Business [email protected], European Commission. DG Enterprise & Industry,
Special Impact Study No. 2, 2006
[10] Gartner Group. Gartner's 2006 Emerging Technologies Hype Cycle Highlights Key
Technology Themes, 2006
[11] Giesbrecht F., Gumpertz P. Planning, Construction, and Statistical Analysis of
Comparative Experiments, Wiley Series in Probability and Statistics, 2005
[12] Granic A., Glavinic V. Functionality specification for adaptive user interfaces
Electrotechnical Conference, Melecon, 2000
[13] Jian Hu B., Hua-Jun Z., Hua L., Cheng N., Zheng C. Demographic prediction
based on user's browsing behavior, Proceedings of the 16th international conference on World Wide Web table of contents, Microsoft Research, Canada, 2007
[14] Madden M., Fox S. Riding the Waves of Web 2.0, Pew Internet Project, 2006
[15] Mahemoff M. Ajax. Wzorce projektowe, Helion, 2007
[16] Montgomery D. C. Design and analysis of experiments (3rd ed.). New York: Wiley, 1991
[17] O'Reilly T. What Is Web 2.0 Design Patterns and Business Models for the Next
Generation of Software, 2005
[18] Sturtz D. Communal Categorization, The Folksonomy.INFO622, Content Representation, 2004
[19] Rosenfeld L., Morville P. Information Architecture for the World Wide Web: Designing Large-Scale Web Sites, O'Reilly Media, 2002
[20] Kauri A. I., Cornell J. A. Response surfaces: Design and analysis, DEkker, 1996,
New York
[21] Montgomery D. C., Myers R. H. Response surfaces methodology, Willey, New
York, 1995
[22] Wang J., Arjen P., Marcel J. T. Unifying User-based and Item-based Collaborative
Filtering Approaches by Similarity Fusion, SIGIR, 2006
Metoda wyznaczania kontekstu dla aplikacji
sterowanych zdarzeniami*
Henryk Krawczyk, Sławomir Nasiadka
Politechnika Gdańska, Wydział Elektroniki Telekomunikacji i Informatyki
Abstract:
A method of extending software applications by introducing elements of environmental
context information is presented in the paper. The definition of context is based on the
general context ontology. The information coming from the environment is transformed
into certain execution conditions. As an algorithm of the transformation, a Petri net was
used. It enables the application to properly react to certain events occurring in the
environment. This is how “pervasive computing” applications are constructed.
Keywords:
pervasive computing, context, events, ontology, Petri net, context analysis algorithms
1. Wprowadzenie
Popularność urządzeń przenośnych, takich jak telefony komórkowe, PDA, karty
RFID oraz inne obiekty zawierające róŜnego rodzaju czujniki, spowodowała znaczący
wzrost popularności aplikacji typu „pervasive”. Termin ten po raz pierwszy zastosował
Mark Weiser w 1991 [1] roku a oznacza on niezauwaŜalne dla uŜytkownika końcowego
wkomponowanie urządzeń fizycznych w jego codzienne Ŝycie. Ich zasadniczą własnością powinno być ukrywanie swojego istnienia i funkcjonowania, tak aby osoba z nich
korzystająca nie musiała skupiać się nad ich technicznymi aspektami pracy, ale mogła
skoncentrować swoją uwagę na rozwiązaniu właściwego problemu.
Jedną z realizacji koncepcji aplikacji typu „pervasive” są aplikacje kontekstowe.
Istota ich działania polega na dynamicznym dopasowywaniu się do warunków pracy
bez konieczności podejmowania przez uŜytkownika dodatkowych działań. Jedną
z pierwszych, realizujących to podejście inicjatyw, był system „Active Badge Location
System” [2] zbudowany przez Wanta i Hoopera w 1992 roku. Wykorzystywał on promieniowanie podczerwone do lokalizowania uŜytkownika i kierował przychodzące na
jego numer rozmowy telefoniczne do aparatu, który w danej chwili był najbliŜej danej
osoby. Badając pewien kontekst – w tym wypadku połoŜenie – system potrafił na bieŜąco dostosowywać swoje działanie do zmieniających się warunków pracy, nie angaŜując przy tym uŜytkownika.
Kluczowym pojęciem staje się zatem kontekst jako definicja otoczenia środowiska
aplikacji, gdyŜ stanowi on pryzmat poprzez który postrzegają one otaczający świat
i przetwarzają pochodzące z niego sygnały. Pierwsze opracowania definiowały kontekst
*
Wykonano w ramach grantu ministerialnego nr MNiSW N519 022 32/2949
82
Henryk Krawczyk, Sławomir Nasiadka
w sposób statyczny – jako listę moŜliwych elementów, na które system powinien zwracać uwagę. W zaleŜności od zmian zachodzących w ramach tych elementów, powinny
następować zmiany w zachowaniu programu, dzięki czemu moŜna uzyskać adaptowalność funkcjonowania aplikacji. Źródłem informacji o zmianach otaczających aplikację
obiektów mogą być nie tylko informacje bezpośrednio wprowadzane przez uŜytkownika, lecz przede wszystkim róŜnego rodzaju czujniki badające fizyczne właściwości
zewnętrznego świata. Kontekst moŜna takŜe definiować przy uŜyciu synonimów, jednakŜe takie definicje są często zbyt ogólne i przez to trudno realizowane w postaci algorytmów. Przyjęcie optymalnego modelu kontekstu jest zatem niezwykle trudne
i w sposób bezpośredni rzutuje na przyszłe moŜliwości aplikacji. Musi być on z jednej
strony wystarczająco szczegółowo określony, aby mógł zostać zrealizowany w świecie
komputerów a z drugiej na tyle ogólny, aby nie ograniczać się do pewnej z góry określonej liczby stanów jakie moŜe napotkać system podczas funkcjonowania.
Mając właściwie zdefiniowany kontekst naleŜy zaimplementować metodę jego wyznaczania – czyli wyodrębnienia z dostarczanych do systemu sygnałów (zdarzeń) tych,
które są dla niego uŜyteczne i stanowią jego rzeczywisty kontekst działania. Metoda ta
moŜe być statyczna – na stałe zaszyta w programie i korzystająca z zamkniętej grupy
pojęć określających otoczenie aplikacji, bądź teŜ dynamiczna, która jest trudniejsza
w implementacji jednakŜe duŜo bardziej elastyczna, pod kątem dostosowania systemu
do nowego środowiska pracy. Wybór pomiędzy tymi dwiema opcjami jest najczęściej
podyktowany przyjętym modelem definicji kontekstu. Artykuł ten omawia jedną z koncepcji dynamicznego wyznaczania kontekstu opartą na wykorzystaniu mechanizmu
sieci Petriego.
2. Charakterystyka aplikacji kontekstowych
Ostatnie 20 lat stanowi ciągły rozwój aplikacji kontekstowych dzięki coraz większej
dostępności róŜnego rodzaju czujników, funkcjonujących w rzeczywistych środowiskach, z których mogą czerpać dane dotyczące otaczającego je świata rzeczywistego.
Sensory te nie muszą być juŜ dedykowane, lecz znajdują się w coraz tańszych przedmiotach codziennego uŜytku, które jeszcze dodatkowo ciągle podlegają minimalizacji.
Istnieje wiele podejść architektonicznych dla modelowania aplikacji kontekstowych.
ZaleŜą one głównie od dostępności sensorów, liczby uŜytkowników systemu czy teŜ
innych zasobów. Biorąc po uwagę te elementy moŜna wyodrębnić trzy główne kierunki
rozwoju [3]:
 bezpośredni dostęp do czujników – model najczęściej spotykany w sytuacjach gdy
czujniki wbudowane są w oprogramowane urządzenia. System moŜe wtedy bezpośrednio dokonywać odczytów i od razu interpretować uzyskane dane bez konieczności istnienia specjalnej warstwy pośredniczącej. PoniewaŜ jest to ścisłe powiązanie
oprogramowania i warstwy fizycznej podejście takie znacznie utrudnia skalowalność i przyszłą rozbudowę aplikacji oraz wykorzystanie w środowisku rozproszonym;
 dostęp do czujników przy wykorzystaniu warstwy pośredniczącej – podejście to
opiera się na koncepcji rozdzielenia fizycznego dostępu do sensorów od danych
przez nie dostarczanych. Specjalna warstwa pośrednicząca ukrywa szczegóły techniczne wymagane do bezpośredniej komunikacji z urządzeniem końcowym i prze-
Metoda wyznaczania kontekstu dla aplikacji sterowanych zdarzeniami
83
kazuje jedynie wartości przez nie zwracane. Dzięki takiemu modelowi znacznie łatwiej rozwijać aplikacje;
 architektura oparta na serwerze kontekstu – aby umoŜliwić korzystanie z danych
dostarczanych przez czujniki przez wielu klientów w środowisku rozproszonym naleŜy wprowadzić dodatkowy komponent, który będzie zarządzał wieloma jednoczesnymi połączeniami i udostępniał zgromadzone przez czujniki dane. Dodatkową
zaletą tego rozwiązania jest odciąŜenie urządzeń końcowych (które często mają
niewielką moc obliczeniową) od skomplikowanego przetwarzania danych na których muszą pracować i przeniesienia tych operacji na serwer kontekstu.
Najbardziej ogólny model warstwowy aplikacji kontekstowej został przedstawiony
za [4,5] na rysunku 1.
Rysunek 1. Warstwowy model aplikacji kontekstowej
Warstwa sensorów bezpośrednio odpowiada za zbieranie danych ze świata rzeczywistego (np. z czujników badających właściwości fizyczne, z innych aplikacji poprzez
RMI czy teŜ usługi sieciowe, itp.) i przekazywanie ich do warstwy przetwarzania danych surowych. Odpowiada ona za przetwarzanie surowych danych przy pomocy sterowników (w przypadku źródeł danych mierzących fizyczne własności – czujników)
bądź odpowiedniego API (w przypadku komunikacji z innych systemami). Odpowiednio zinterpretowane i zorganizowane (w zaleŜności od konstrukcji aplikacji – mogą być
na przykład w postaci XML) dane są następnie przedstawiane przy pomocy ujednoliconego interfejsu do warstwy wstępnego przetwarzania, której zadaniem jest agregowanie, formatowanie i takie przekształcenie informacji, aby były one uŜyteczne dla wyŜej
połoŜonych w hierarchii abstrakcji elementów systemu (np. konwersja temperatury na
binarną wartość mówiącą czy pojawił się ogień). Warstwa prezentacji odpowiada za
bezpośrednie dostarczanie przetworzonych danych dla klientów, którzy mogą prowadzić komunikację w sposób synchroniczny bądź asynchroniczny. Właściwa interpretacja informacji i odpowiednia do nich zmiana zachowania realizowana jest w ramach
ostatniej warstwy. Model ten jest abstrakcyjny i nie wszystkie istniejące systemy realizują wszystkie warstwy, jednakŜe w większości moŜna wyodrębnić opisane powyŜej
funkcje.
84
Henryk Krawczyk, Sławomir Nasiadka
Łącząc architekturę aplikacji kontekstowej opartąą na serwerze kontekstu oraz przedprze
stawiony powyŜej warstwowy model uzyskuje sięę postać
posta systemu zaprezentowaną na
rysunku 2.
Rysunek 2. Model programowania Publish/Subscribe dla aplikacji kontekstowych
Klienci wysyłają do serwera Ŝądania
dania powiadomienia w przypadku zaistnienia intereinter
sującego je kontekstu. W tym celu muszą przekazaćć informację
informacj o tym jakie dane ich
interesują i jakie muszą zaistnieć między
dzy tymi danymi zaleŜności,
zale
aby mogły je uznać
za uŜyteczne. Klienci zatem reprezentują najwyŜsząą warstwę
warstw modelu przedstawionego
na rysunku 1. Serwer odpowiada za realizacje 4 dolnych warstw modelu. Zbiera on
dane z sensorów, wstępnie
pnie je interpretuje i przetwarza oraz mając
maj wyspecyfikowane
przez klientów konteksty jakie ich interesują,, przeprowadza pod kątem
k
tych kontekstów
analizę przychodzących
cych do niego danych. W momencie stwierdzenia zgodności
zgodno zestawu
informacji jakie przyszły w postaci zdarzeń z oczekiwaniami klienta, serwer powiadapowiad
mia go o tym fakcie.
Kluczowe dla działania powyŜszego mechanizmu jest przyjęcie
przyj
wspólnej zarówno
dla serwera jak i dla klienta reprezentacji kontekstu, tak aby przesyłane dane mogły być
by
tak samo interpretowane.
3. Reprezentacja kontekstu
Istnieje kilka sposobów reprezentacji kontekstu w aplikacjach kontekstowych. W zaleŜności
ci od warunków pracy systemu i rodzaju przetwarzanych przez nie danych moŜna
mo
wyróŜnić dwa zasadnicze: jednoznaczne oraz synonimiczne. Pierwszy zakłada sztywne
określenie, iŜ kontekst zawiera pewien niezmienny
y zbiór elementów, które jednoznaczjednoznac
nie opisują interesujące
ce z punktu widzenia oprogramowania aspekty. Przykładami mogą
mog
być [6], gdzie autorzy opisują kontekst jako miejsce, otaczające
otaczaj
obiekty (w tym ludzie)
Metoda wyznaczania kontekstu dla aplikacji sterowanych zdarzeniami
85
oraz zmiany zachodzące w stanie tych obiektów oraz [7], w którym Dey wymienia stan
emocjonalny uŜytkownika, cel uwagi, miejsce oraz czas, obiekty i ludzie. Podejście
oparte na synonimach zaprezentowane zostało np. w [8] gdzie kontekst oznacza aspekty
trwającej sytuacji. Tego rodzaju definicje są jednakŜe przewaŜnie zbyt ogólne i przez to
nie mogą być zaimplementowane w postaci zrozumiałej dla komputerów. Pewnym
rozwiązaniem tego problemu moŜe być wykorzystanie ontologii, która zawierałaby
wiedzę na temat środowiska działania aplikacji (w postaci pojęć i relacji) i jednocześnie
umoŜliwiała przetwarzanie tej wiedzy przez maszyny.
Rysunek 3. Przykładowe pojęcia z ontologii kontekstu SOUPA
Zasadnicze cele jakie naleŜy osiągnąć podczas tworzenia ontologii kontekstu zawierają [9]:
 prostotę opisu;
 elastyczność i rozszerzalność o nowe elementy opisu;
 moŜliwość wspierania róŜnych typów kontekstów;
 umiejętność wyraŜania moŜliwie największej liczby wartości kontekstu.
Przykładem środowiska działającego w oparciu o ontologię kontekstu jest CoBrA,
której opis działania moŜna znaleźć w [10] i [11].
86
Henryk Krawczyk, Sławomir Nasiadka
Ontologie umoŜliwiają przedstawienie kontekstu w najbardziej ogólny sposób. Dodatkowo dzięki swoim własnościom pozwalają na wnioskowanie i łatwą rozbudowę
o nowe informacje oraz fakty. Jedną z ontologii kontekstu zaprezentowano na rysunku
3. Jest to ontologia SOUPA [12], która została wykorzystana w środowisku CoBrA.
Zawiera ona większość podstawowych pojęć jakie są wykorzystywane do definiowania
danych kontekstowych w istniejących systemach.
Na rysunku 3 przedstawiono podstawowe klasyfikacje informacji stanowiące punkt
wyjścia dla reprezentacji kontekstu w róŜnego typu aplikacjach. Do operacji na ontologii niezbędny jest edytor, który przygotowuje opis wykorzystywany przez serwer oraz
klienta z rysunku 2.
4. Wykorzystanie sieci Petriego
Aplikacje kontekstowe sterowane zdarzeniami potrzebują do pracy danych kontekstowych. Proces wyznaczenia potrzebnego im kontekstu musi uwzględniać, to iŜ informacje od sensorów przychodzą w sposób asynchroniczny i często mają róŜną postać.
Dodatkowo wszystkie dane posiadają pewne określone cechy, które decydują o ich
przydatności dla oprogramowania, natomiast sama definicja kontekstu z jakiej korzysta
system moŜe być statyczna bądź dynamiczna. Wszystkie te czynniki powodują, iŜ istotne staje się skonstruowanie mechanizmu umoŜliwiającego wyznaczenie kontekstu,
który byłby z jednej strony na tyle elastyczny aby odpowiadał wymogom dynamicznej
definicji kontekstu, a z drugiej strony potrafił przetwarzać konkretne dane docierające
do aplikacji.
Propozycją takiego mechanizmu moŜe być mechanizm oparty na sieci Petriego [13]
rozszerzonej o adnotacje, w której Ŝetony reprezentują przychodzącą do systemu informację, natomiast struktura sieci odzwierciedla warunki jakie muszą zaistnieć, aby aplikacja odebrała przychodzący z zewnętrznego świata ciąg zdarzeń jako uŜyteczny.
Adnotacje dołączane do Ŝetonów (informacji ze zdarzeń) umoŜliwiają logiczne ich
łączenie, badanie waŜności oraz wiarygodności. Podczas uruchamiania tranzycji następuje pobranie odpowiednich Ŝetonów (na podstawie adnotacji) z powiązanych stanów
i po ich analizie umieszczenie kolejnego Ŝetonu w stanie docelowym tranzycji. Funkcjonowanie całego mechanizmu moŜna przedstawić przy pomocy listy warunków jakie
odnoszą się do danych wejściowych.
Rodzaje informacji jakie zawarte są w adnotacjach dołączonych do Ŝetonów mogą
mieć swoje definicje zanurzone w ontologii kontekstu, dzięki czemu moŜna jeszcze
bardziej zwiększyć elastyczność całego systemu. Podstawowe rodzaje przenoszonych
przez adnotacje danych to:
 czas dodania – określa kiedy dokładnie została dodana informacja;
 czas waŜności – określa jak długo informacja reprezentowana przez Ŝeton jest waŜna;
 źródło – z jakiego sensora pochodzi informacja. Będzie ona opisana przy pomocy
zrozumiałej dla klienta i zgodnej z przyjętą metodą reprezentacji kontekstu konwencją (na przykład OWL). Podczas przechodzenia Ŝetonów przez sieć element ten zawiera dodatkowo informacje o historii powstania Ŝetonu. Na jego podstawie moŜna
ustalić z jakich poprzednich stanów i ich wartości nastąpiło przejście do stanu,
w którym aktualnie znajduje się Ŝeton;
87
Metoda wyznaczania kontekstu dla aplikacji sterowanych zdarzeniami
 powiązania – pole umoŜliwia logiczne grupowanie danych. Podczas przekazywania
do sieci informacji elementarnych muszą zostać zachowane powiązania między nimi. W przykładzie z rysunku 4 informacja na przykład o temperaturze jest istotna
tylko w kontekście miejsca odczytu tej temperatury – które to miejsce reprezentowane jest przez osobny Ŝeton. Dla późniejszego przetwarzania naleŜy zatem powiązać Ŝeton reprezentujący miejsce odczytu temperatury z Ŝetonem reprezentującym
samą temperaturę;
 inne dane zaleŜne od specyfiki aplikacji i środowiska.
Podczas przechodzenia przez transformację do nowych Ŝetonów dołączane są nowe
adnotacje, zawierające odpowiednio przetworzone dane.
Zasygnalizowane powyŜej rozszerzenie sieci Petriego moŜna przedstawić w sposób
następujący:
Pa = <Sa, T, A, M0>,
gdzie:
Pa – sieć Petriego z adnotacjami,
Sa – jest skończonym zbiorem stanów, z których kaŜdy posiada adnotacje,
T – jest skończonym zbiorem tranzycji: T: Sa -> Sa,
A – jest skończonym zbiorem łuków między stanami a tranzycjami:
A = (Sa x T) U (T x Sa) -> N+,
M0 – początkowe rozłoŜenie Ŝetonów w stanach S.
Na rysunku 4 przedstawiono sieć Petriego dla przykładu uruchomienia alarmu poŜarowego w momencie gdy temperatura i zadymienie w pewnym miejscu wzrosną powyŜej pewnych progów. Tabela 1 reprezentuje warunki takiego mechanizmu.
Tabela 1. Tabela mechanizmu przetwarzania kontekstu
Zdarzenia elementarne
(dostarczane przez
sensory)
Rodzaje informacji
elementarnych
• odczyt temperatury (T)
• T – temperatura
w miejscu X1
• D – poziom
• odczyt poziomu zadyzadymienia
mienia (D) w miejscu X2 • X – miejsce
Warunki
W X1: T > 40°,
w X2: D > 10 %
i X = X1 = X2
Zdarzenia uŜyteczne
(przekazywane do
klientów)
Spełniony został warunek przy wartościach:
T = 42°, D = 15%,
X = sala 101
Klient, rejestrując się w serwerze, określa typy informacji oraz warunki jakie muszą
one spełniać, aby zdarzenie było dla niego uŜyteczne (są to kolumny: „Rodzaje informacji elementarnych” oraz „Warunki”). Dodatkowo klient przekazuje konkretne wartości jakie występują podczas porównywania warunków (w przykładzie 40° dla
temperatury i 10% dla zadymienia). Serwer, po stwierdzeniu zajścia zdarzeń uŜytecznych dla klienta, informuje go o nim oraz dodatkowo przesyła konkretne wartości danych zawarte w Ŝetonach.
Serwer, po otrzymaniu od klienta listy zdarzeń elementarnych oraz warunków na
nich operujących, tworzy dynamicznie sieć Petriego (rysunek 4).
88
Henryk Krawczyk, Sławomir Nasiadka
Rysunek 4. Przykładowa sieć Petriego dla tabeli 1
Sieć Petriego potrafi przyjmować dane typu „temperatura”, „zadymienie” oraz
„miejsce”. W momencie odebrania przez system zdarzenia z czujnika jest ono przekazywane do sieci Petriego, w której następuje stwierdzenie iŜ typ danej zgadza się
z typem stanu wejściowego „temperatura” oraz „miejsce” (czujnik wysyłając daną wysyła odczyt temperatury w określonym miejscu) – informacje „temperatura” oraz „miejsce” dostarczane osobno nie mają dla systemu znaczenia podczas analizowania
problemu czy zaistniał poŜar czy nie. To logiczne grupowanie danych określone jest na
poziomie reprezentacji kontekstu. Następuje utworzenie nowego Ŝetonu, dla którego
adnotacje zawierają wartość odczytanej temperatury, źródło z którego pochodzi odczyt,
czas waŜności informacji oraz ślad. Analogiczna sytuacja ma miejsce w momencie
przychodzenia do systemu odczytów dotyczących poziomu zadymienia.
Tranzycje analizują przychodzące do nich Ŝetony. Gdy tranzycja stwierdzi, Ŝe
w kaŜdym z jej stanów wejściowych jest przynajmniej po jednym Ŝetonie moŜe odczytać wartości tych Ŝetonów i przyrównać je do warunku (a tym samym do konkretnych
wartości) przekazanego przez klienta. JeŜeli porównanie wypadnie pozytywnie (warunek jest spełniony) tranzycja moŜe umieścić nowy Ŝeton w swoim stanie wyjściowym,
umieszczając dodatkowo w tym Ŝetonie ślad (na podstawie jakich wcześniejszych Ŝetonów został on utworzony) – w przypadku ostatniej tranzycji będzie to równoznaczne
z poinformowaniem klienta, o tym iŜ zaistniała interesująca go sytuacja i przekazaniem
wartości ostatniego Ŝetonu.
PowyŜszy przykład moŜe być opisany przy pomocy następującego algorytmu wykorzystującego mechanizm publish/subscribe:
Klient:
1. Wyślij do serwera definicję interesującego kontekstu wraz z wartościami
szczegółowymi (w przykładzie: interesujący kontekst to temperatura > 40°
i zadymienie > 10% w tym samym miejscu).
2. Zarejestruj metodę obsługi zdarzenia dla powiadomienia od serwera
o wystąpieniu kontekstu (subscribe).
Serwer:
1. Oczekuj na rejestracje przez klienta definicji kontekstu i przekazanie wartości
szczegółowych.
Metoda wyznaczania kontekstu dla aplikacji sterowanych zdarzeniami
89
2. Po otrzymaniu od klienta definicji kontekstu dekompozycja i utworzenie na
jej podstawie sieci Petriego.
3. Oczekuj na zdarzenia.
4. W przypadku zajścia zdarzenia dostarczającego informacje pasującą typem
do stanów wejściowych utworzonej sieci Petriego przekaŜ ją do tej sieci
(utworzenie Ŝetonu).
5. Za kaŜdym razem gdy tworzony jest nowy Ŝeton w sieci uruchom procedurę
sprawdzania tranzycji.
a. Sprawdź czy tranzycja ma aktywne (takie którym nie minął termin waŜności) Ŝetony w swoich stanach wejściowych.
b. JeŜeli są Ŝetony określonego typu sprawdź czy są wśród nich takie, które
odpowiadają logicznemu pogrupowaniu (w przykładzie: czy odczyt temperatury i odczyt zadymienia dotyczą tego samego miejsca).
c. JeŜeli są Ŝetony odpowiadające logicznemu pogrupowaniu sprawdź czy
spełniają one warunek zawarty w tranzycji (w przykładzie: czy temperatura w danym miejscu > 40° i czy zadymienie w tym miejscu przekracza
10%). JeŜeli tak zaznacz iŜ Ŝetony te zostały wykorzystane przez tranzycie i utwórz nowy Ŝeton w stanie docelowym tranzycji.
d. JeŜeli stan docelowy tranzycji jest stanem końcowym – przekaŜ do klienta informację o zaistnieniu interesującego go kontekstu i przekaŜ mu wartości Ŝetonu w stanie docelowym (publish).
Przedstawione powyŜej rozszerzenie sieci Petriego daje duŜe moŜliwości w zakresie
budowania mechanizmów reakcji systemu na dochodzące do niego zdarzenia. Rozwiązanie to wspiera w sposób naturalny kontekst, ze względu na określenie moŜliwych
rodzajów danych wejściowych. Informacje mogą przychodzić w sposób asynchroniczny, a dołączenie do nich dodatkowych adnotacji pozwala na późniejszą analizę niezaleŜnie od aktualnego stanu całej sieci. Ścisłe zdefiniowanie poszczególnych elementów
struktury umoŜliwia dynamiczne jej budowanie na podstawie danych przekazanych
przez uŜytkownika lub uzyskanych z innych źródeł takich jak np. ontologia. Samo przetwarzanie przekazywanych przez klienta warunków do formalnej postaci, uŜytecznej dla
serwera kontekstu, takŜe moŜna oprzeć o ontologie, co będzie skutkować jeszcze większym poziomem dynamizmu całego systemu.
5. Podsumowanie
Aplikacje kontekstowe wymagają zaimplementowania mechanizmu, który umoŜliwiałby efektywne i elastyczne przetwarzanie zdarzeń przychodzących do systemu.
Wymogi te spełnia zaprezentowane rozszerzenie sieci Petriego. Pozwala on na automatyczne przetwarzanie asynchronicznie przychodzących do programu informacji i określanie czy spełniają one warunki wpływające na przebieg wykonania programu. Dalsza
praca będzie polegała na zaimplementowaniu przedstawionej koncepcji i wdroŜeniu jej
w rzeczywistych systemach. Struktura sieci Petriego moŜe być budowana w sposób
dynamiczny – na podstawie dostarczanych przez uŜytkownika danych, bądź uzyskiwana
jako efekt przetwarzania ontologii. Warunki odzwierciedlone w tranzycjach sieci są
przekazywane przez uŜytkownika, dlatego teŜ naleŜy opracować mechanizm ich trans-
90
Henryk Krawczyk, Sławomir Nasiadka
formacji na formalną postać. Daje to jeszcze większe odciąŜenie uŜytkownika końcowego od znajomości technicznych aspektów działania aplikacji.
Bibliografia
[1] Weiser M. The Computer for the Twenty-First Century, Scientific American, September 1991, s. 94-104
[2] Want R., Hopper A., Falcăo V., Gibbons J. The Active Badge Location System,
ACM Transactions on Information Systems, 10(1), 1992, s. 91-102
[3] Chen H. An Intelligent Broker Architecture for Context-Aware Systems, PhD Dissertation proposal, 2003
[4] Anind K. Dey, Gregory D. Abowd. A Conceptual Framework and a Toolkit for
Supporting the Rapid Prototyping of Context-Aware Applications, HumanComputer Interaction (HCI) Journal, Volume 16 (2-4), s. 97-166
[5] Ailisto H., Alahuhta P., Haataja V., Kyllönen V., Lindholm M. Structuring Context
Aware Applications: Five-Layer Model and Example Case, Proceedings of the
Workshop on Concepts and Models for Ubiquitous Computing, Goteborg, Sweden,
2002
[6] Bill N. Schilit and Marvin M. Theimer Disseminating Active Map Information to
Mobile Hosts. IEEE Network, 8(5). 1994, s. 22-32
[7] Anind K. Dey. Context-aware computing: The CyberDesk project, Proceedings of
the AAAI 1998 Spring Symposium on Intelligent Environments. Menlo Park, CA:
AAAI Press.
[8] Hull R., Neaves P., Bedford-Roberts J. Towards situated computing, In Proceedings of International Symposium on Wearable Computers, 1997
[9] Korpipää P., Mäntyjärvi J. An Ontology for Mobile Device Sensor-Based Context
Awareness, Proc. Context ’03, LNAI no. 2680, 2003
[10] Baldauf M., Dustdar S. A survey on context aware systems, International Journal of
Ad Hoc and Ubiquitous Computing, 2004
[11] Chen H., Finin T., Anumap J. An Ontology for Context-Aware Pervasive Computing Environments, The Knowledge Engineering Review Vol. 18, 2003, s. 197-207
[12] Chen H., Finin T., Joshi A. The SOUPA Ontology for Pervasive Computing, Ontologies for Agents: Theory and Experiences, 2005, s. 233-258
[13] Carl Adam Petri, Kommunikation mit Automaten PhD., 1962
A hybrid method of person verification with use
independent speech and facial asymmetry
Mariusz Kubanek, Szymon Rydzek
Czestochowa University of Technology,
Institute of Computer and Information Science
Abstract:
In a person identification or verification, the prime interest is not in recognizing the
words but determining who is speaking the words. In systems of person identification, a
test of signal from an unknown speaker is compared to all known speaker signals in the
set. The signal that has the maximum probability is identified as the unknown speaker. In
security systems based on person identification and verification, faultless identification
has huge meaning for safety. In systems of person verification, a test of signal from a
known speaker is compared to recorded signals in the set, connected with a known tested
persons label. There are more than one recorded signals for every user in the set.
In aim of increasing safety, in this work it was proposed own approach to person verification, based on independent speech and facial asymmetry. Extraction of the audio features
of person's speech is done using mechanism of cepstral speech analysis. The idea of improvement of effectiveness of face recognition technique was based on processing information regarding face asymmetry in the most informative parts of the face the eyes
region.
Keywords:
speaker verification, speech signal, independent speech, speech coding, facial asymmetry
1. Introduction
The most important problem in process of person verification is suitable coding of
signal audio [3]. In general, speech coding is a procedure to represent a digitized speech
signal using a few bits as possible, maintaining at the same time a reasonable level of
speech quality. Speech coding has matured to the point where it now constitutes an important application area of signal processing. Due to the increasing demand for speech
communication, speech coding technology has received augmenting levels of interest
from the research, standardization, and business communities. Advances in microelectronics and the vast availability of low-cost programmable processors and dedicated
chips have enabled rapid technology transfer from research to product development; this
encourages the research community to investigate alternative schemes for speech coding, with the objectives of overcoming deficiencies and limitations. To standardization
community pursues the establishment of standard speech coding methods for various
applications that will be widely accepted and implemented by the industry. The business
communities capitalize on the ever-increasing demand and opportunities in the consumer, corporate and network environments for speech processing products [1,2,3].
92
Mariusz Kubanek, Szymon Rydzek
In [9-11] there was proposed approach based on holistic representation of face
asymmetry characteristics to improvement of face recognition techniques as well as
expression qualification. Authors used affine transformations in aim to image normalization on the basis of three landmark points inner eyes corners and base of the nose. In
the experiment it was used two asymmetry measures D-face (Density Difference) and
S-face (Edge Orientation Similarity). Authors reported mean error value of 3.60/1.80%
(FRR/FAR) when using both asymmetry measures in fusion with Fisher Faces in task of
expression qualification.
The idea of improvement of effectiveness of face recognition technique used in the
hybrid method was based on processing information regarding face asymmetry in the
most informative parts of the face the eyes region. Such approach to person identification has been reported as efficient and possible to apply in real-time systems [12].
In the work, it was proposed the method to person verification based on independent
speech and facial asymmetry. To extraction of the audio features of person's speech, in
this work it was applied the mechanism of cepstral speech analysis. For acoustic speech
recognition was used twenty dimensional MFCC (Mel Frequency Cepstral Coefficients)
as the standard audio features. The idea of improvement of effectiveness of face recognition technique was based on processing information regarding face asymmetry in the
most informative parts of the face the eyes region.
2. Preliminary process of signal
Analysis of audio channel one should to begin from filtration of signal, removing
elements of signal being him disturbances. Next, the non-stationary nature of the speech
signal caused by dynamic proprieties of human speech result in dependence of the next
stage on use of division of entrance signal onto stationary frame boxes [4]. Signal is
stationary in short temporary partitions (10 ± 30 ms) [5]. Every such stationary frame
box was replaced by symbol of observation in process of create of vectors of observation. In created system it was assumed that length of every frame box equals 30 ms,
what at given sampling of signal (8kHz) remove 240 samples. Obtained frame boxes do
not overlap.
3. The mechanism of cepstral speech analysis
Speech processing applications require specific representations of speech information. A wide range of possibilities exists for parametrically representing the speech signal. Among these the most important parametric representation of speech is short time
spectral envelope [4,6]. Linear Predictive Coding (LPC) and Mel Frequency Cepstral
Coefficients (MFCC) spectral analysis models have been used widely for speech recognition applications. Usually together with MFCC coefficients, first and second order
derivatives are also used to take into account the dynamic evolution of the speech signal, which carries relevant information for speech recognition.
The term cepstrum was introduced by Bogert et al. in [7]. They observed that the logarithm of the power spectrum of a signal containing an echo had an additive periodic
A hybrid method of person verification with use independent speech and…
93
component due to echo. In general, voiced speech could be regarded as the response of
the vocal track articulation equivalent filter driven by a pseudo periodic source [7].
The characteristics of filters followed the characteristics old human auditory system
[5]. The filters had triangular bandpass frequency responses. The bands of filters were
spaced linearly for bandwidth below 1000 Hz and increased logarithmically after the
1000 Hz. In the mel-frequency scaling, all the filter bands had the same width, which
were equal to the intended characteristic of the filters, when they were in normal frequency scaling.
Spectrum of signal of every frame boxes obtained by Fast Fourier Transform (FFT)
comes under process of filtration by bank of filters. The next step was to calculate the
members of each filter by multiplying the filter's amplitude with the average power
spectrum of the corresponding frequency of the voice input.
Finally, the mel-frequency cepstrum coefficients (MFCC) was derived by taking the
log of the mel-power-spectrum coefficients then convert them back to time (frequency)
domain using Discrete Cosine Transform (DCT). The number of mel-coefficients used,
for speaker recognition purposes, was usually from 12 to 20 [8].
In this work, for speech coding, it was used twenty dimensional MFCC as the standard audio features. Next, obtained for all frame boxes cepstrum coefficients add upped
properly. In this expedient all independent statement one coded by twenty cepstral coefficients.
4. Face asymmetry
The input information for procedure of face recognition was frontal face image taken at resolution of 768x576 pixels with 24-bit color depth. Basing on procedures of image processing developed for purpose of automatic face feature extraction face image
was processed in order to find 8 landmark points (see Table 1).
Table 1. Description of landmark points detected using automatic procedure of feature extraction
At the beginning of the processing we have to determine the area of picture that contains face. It is done by thresholding the image in Irb space (see Fig.1.).
94
Mariusz Kubanek, Szymon Rydzek
Figure 1. Method of determination of face's area
In the next step we have to determine areas for each of the eye. It is done in three
stages: 1 – horizontal projection for whole image, 2 – vertical projection in closest area
of maximum value acquired in first stage, in this stage we are capturing two maximum
values which are horizontal coordinates of eyes, 3 – in the last stage we are performing
again horizontal projection but only in closess area of values from stage 2. Next, we have
to find centre and diameter of circle describing the iris. Processing is done on threthr
sholded eye image. After thresholding, the image is filtered with median filtering and
after canny edge detection we are determining
mining points on the edge of iris (see Fig.2.).
Figure 2. Determination of region of eyes, with use difference of pixel's light and vertical and
horizontal projection and determination of characteristic points of eye, based on skin colour, with
use Canny
y Edge Detection.
A hybrid method of person verification with use independent speech and…
and
95
To find eye's corners we are searching in special determined area. The minimum
value of luminance determines eye's corners. To find edges of eyelids we used threthr
sholding in R/G,B/G space. And next, to described eyelids edges we used polynomial
poly
approximation (see Fig.3.).
Figure 3. Result of determination of eye's iris and
nd corners and edges of eyelids
We used face geometrical dependencies to determine mouth area. In mouth area we
also used R/G, B/G thresholding. Result of determination of
o mouth's corners and external edges was showed on Fig.4.
Figure 4. Result of determination of edges of mouth
96
Mariusz Kubanek, Szymon Rydzek
The face description vector was constructed on the basis of measure of geometrical
dependencies between detected landmark points and asymmetry measures. All distance
measures was done using the Muld unit which is based on the diameter of the iris. Such
approach allows us to avoid necessity of image scaling in aim of size normalization.
Asymmetry measurement was done in two ways.
In the case of measuring shape of the eyelids asymmetry, the input information was
set of points detected on the eyelid. In the first step the coordinates of centroid was
found using:
xc
1
N
N
1
x t , yc
t 0
1
N
N 1
y t
(1)
t 0
where t = 0,1,...,N – 1, N – number of points detected on the eyelid, (x(t), y(t)) – coordinates of detected points.
Next, the values of distances between the centroid and eyelid points was found with
use of:
r t
x t
xc
2
y c 2 , t = 0,1,...,N - 1
y t
(2)
Asymmetry measure was defined as set of subtraction values of corresponding distances between the eyelid and centroid calculated for right and left eye:
d t
rR t
rL t
, t = 0,1,...,N – 1
(3)
where rR(t) i rL(t) – distances between the centroid and eyelid points for right and left
eye respectively.
In the case of measuring asymmetry of eyelid corners position, the dependence constructed on the basis of the Weber-Fechner law was used:
F Asym F , L
ln
F
L
.
(4)
Where F i L – results of the feature measurement (the distance between corresponding
landmark points).
The measure of face similarity was calculated as the weighted mean value of scaled
measures of features difference:
n
w i s i d feature 1
d face
i 1
n
,
(5)
where dface – value of face descriptions similarity, s – vector of scaling values, w –
weights vector, dfeature – vector of the measures of features difference, n – number of
features.
97
A hybrid method of person verification with use independent speech and…
The measures of features difference was defined as euclidean distances between corresponding feature values. For features which description consist of the set of measures
(eyelid shape) the difference was defined as the mean square value of the elements of
the vector.
5. Experimental results
In our experiment, the error level of person verification with use only audio independent speech and coupled audio speech and facial asymmetry was tested. Research
were made, using author base of independent statements and face pictures of different
users. Sixty users were tested, speaking out for two long independent statements, one
statement as training data and one as test data. For each user one photo was made, and
vector of asymmetry was built. Research were made for different degree of disturbance
of signal audio (Signal to Noise Ratio, SNR = 0, 5, 10, 20 dB). It was accept, that for
SNR = 20 dB signal audio is clean. It was assumed, that face pictures is clean for different SNR of audio.
In research the recordings of independent speech were used. Samples were taken at
frequency of 8 khz and 16-bit encoding. Two samples for each user were recorded,
which after encoding using 20 cepstral coefficients were put in system database with
corresponding person ID. In the verification process user has to read long enough sentence randomly selected by the system, and parallel the vector of the facial asymmetry
of the user from the registered photo by the camera is automatically created. Before the
recording, the user gave its own number of ID. The sentence was compared with all
encoded sentences in the database by calculating the euclidean distance of two vectors.
If the ID at least one from two nearest vectors audio and visual to examined is identical
with ID given by the user, the correct verification is qualified. In the case, when simultaneous agreement of ID of both signals audio and visual was required, FAR and FRR
did not appear for different SNR, therefore in this work it was not described. For audio
signal and face asymmetry were a summed weights of 50% and 50% respectively.
Table 2. shows result of person verification with use only audio independent speech.
Table 3. shows result of person verification with use audio independent speech and facial asymmetry.
Table 2. Result of person verification with use only audio independent speech
Person verification with use audio independent speech
FRR [%]
Person
Average
for sixty
speakers
FAR [%]
SNR
20 dB
SNR
15 dB
SNR
10 dB
SNR
5 dB
SNR
0 dB
1,67
6,67
13,67
20,00
41,46
SNR SNR
20 dB 15 dB
0,00
0,00
SNR
10 dB
SNR
5 dB
SNR
0 dB
0,00
1,67
5,00
98
Mariusz Kubanek, Szymon Rydzek
Table 3. Result of person verification with use audio independent speech and facial asymmetry
Person verification with use audio independent speech and facial asymmetry
FRR [%]
Person
Average
for sixty
speakers
FAR [%]
SNR
20 dB
SNR
15 dB
SNR
10 dB
SNR
5 dB
SNR
0 dB
0,00
1,67
3,67
5,00
8,34
SNR SNR
20 dB 15 dB
0,00
0,00
SNR
10 dB
SNR
5 dB
SNR
0 dB
0,00
0,00
1,67
The audio signal was transformed to lower quality with use of noise generator. In
the experiment the level of FAR/FRR errors was investigated. Sampling frequency was
set to 8 khz because of the possibility of easy transmission of such signals, what in the
future can be used to build the system of user identification with use of the phone.
6. Conclusion and future work
In this paper, the new approach to person verification based on independent speech
and facial asymmetry was presented. The basic idea is that not only speech, not only
naturally looking face, but also other facial features such as facial asymmetry contain
much useful information, necessary to verification. It was evaluated the robustness of
the new approach. The new approach will implemented in the module of our user identification and verification system. The method was proposed to improvements of effectivity of user verification.
An advantage of our approach is the simplicity and functionality by the proposed
methods, which fuse together audio and visual signals. Obtained results of research
show, that commits less of errors, if to verification we give information about tone of
voice of examined user, and information about his asymmetry of face. A decisively
lower level of mistakes was obtained in user verification based on independent speech
and facial asymmetry, in comparison to only audio speech, particularly in facilities,
where the audio signal is disrupted.
In future, we plan to built system to verification of users, in which errors will be on
level near 0 % for non-limited users. Also will be unrolled research of suitable selection
of proportion of weights decreasing of length of single independent statements.
References
[1] Kubanek M. Analysis of Signal of Audio Speech and Process of Speech Recognition. Computing, Multimedia and Intelligent Techniques, 2, pp 5564, 2006.
[2] Kubanek M. Method of Speech Recognition and Speaker Identification with use
Audio-Visual Polish Speech and Hidden Markov Models. Biometrics, Computer
Security Systems and Artificial Intelligence Applications, Saeed K., Pejas J., Mosdorof R., Springer Science + Business Media, New York,pp 45-55, 2006.
A hybrid method of person verification with use independent speech and…
99
[3] Chu Wai C. Speech coding algorithms. Foundation and Evolution of Standardized
Coders. A John Wiley & Sons, New Jersey 2000.
[4] Rabiner L., Yuang B. H. Fundamentals of Speech Recognition. Prentice Hall Signal
Processing Series, 1993.
[5] Wiśniewski A. M. Hidden Markov Models in Speech Recognition. Bulletin IAiR
WAT, 7,Wroclaw 1997 [In Polish].
[6] Kanyak M. N. N., Zhi Q., Cheok A. D., Sengupta K., Chung K. C. Audio-Visual
Modeling for Bimodal Speech Recognition. Proc. Symp. Time Series Analysis,
2001.
[7] Bogert B. P., Healy M. J. R., Tukey J. W. The Frequency Analysis of Time-Series
for Echoes. Proc. 2001 International Fuzzy Systems Conference, pp 2-9-243, 1963.
[8] Wahab A., See NG G., Dickiyanto R. Speaker Verification System Based on Human Auditory and Fuzzy Neural Network System. Neurocomputing Manuscript
Draft, Singapore.
[9] Liu Y., Schmidt K., Cohn J., Mitra S. Facial Asymmetry Quantification for Expression Invariant Human Identification. AFGR02, pp 198-204, 2002.
[10] Liu Y., Weaver R., Schmidt K., Serban N., Cohn J. Facial Asymmetry: A New
Biometric. CMU-RI-TR, 2001.
[11] Mitra S., Liu Y. Local Facial Asymmetry for Expression Classification. Proc. of
the 2004 IEEE Conference on Computer Vision and Pattern Recognition CVPR'04,
2004.
[12] Rydzek S. A Method to Automatically Authenticate a Person Based on the Asymmetry Measurements of the Eyes and/or Mouth. PhD thesis, Czestochowa University of Technology, 2007.
Identyfikacja charakterystyk modeli w trybie on-line
wraz z wizualną rekonstrukcją charakterystyki
Krzysztof Makles
Politechnika Szczecińska, Wydział Informatyki
Abstract:
Identification of models characteristic in on-line mode main purpose is to join random
processes identification under on-line conditions, i.e. without storage of measuring data
in computer memory, and with computer graphical models functionality. This approach
allows building models for random processes identification in frequency, magnitude and
phasing domains, with possibility of instantly work result observation with on demand
parameters fitting. This article provides the solution for on-line visualization of identified
characteristic in time partition mode.
Keywords:
simulation, filtering, point analysis, visual identification, on-line
1. Wstęp
Nowoczesne środowisko komputerowe pozwala na identyfikację charakterystyk
modeli w trybie on-line. Dodatkowo, obecnie stosowane środowiska do modelowania
i symulacji, takie jak Matlab-Simulink, pozwalają na łatwe prototypowanie modeli do
identyfikacji w trybie on-line. W pracach [1] oraz [4] pokazano podstawy budowania
modeli do identyfikacji systemów w trybie on-line, pozwalających na natychmiastową
identyfikację na podstawie napływających danych pomiarowych, czyli bez gromadzenia
tych danych w pamięci komputera. Zaproponowane modele składają się z dwóch części:
modeli do analizy punktowej [5], oraz modeli do rekonstrukcji charakterystyki na podstawie wyników analizy punktowej. W pracy [3] pokazano podstawy budowy modeli
rekonstrukcyjnych z przykładem realizacji w środowisku Matlab-Simulink. Porównanie
zaproponowanych modeli z modelami opartymi o analizę FFT pokazano w pracy [6].
Propozycja modeli rekonstrukcyjnych z automatycznym doborem parametrów w oparciu o kryterium stabilności modelu rekonstrukcyjnego pokazano w pracy [7].
2. Obiekty identyfikacji
Na rysunku 1 pokazano uogólniony schemat blokowy zastosowania proponowanego
podejścia. Źródłem informacji pierwotnej moŜe być obiekt rzeczywisty lub symulator
tego obiektu. Na wyjściu systemu selekcji otrzymujemy wektor sygnałów (procesów)
losowych. Skład tego wektora zaleŜy od typu zadania identyfikacji (jednowymiarowa
102
Krzysztof Makles
B(t)=X(t). lub dwuwymiarowa B(t)=[X(t),Y(t)]). Obiekty identyfikacji przedstawione są
na wyjściach bloku identyfikacyjnego (Online Visual Identification Toolbox).
H X ( p)
α 1 (t )
α (t )
H XY ( p 2 | p1 )
α 2 (t )
B (t )
System
selekcji
Źródło
danych
On-line
Visual
Identyfication
Toolbox
α m (t )
H XY ( p1 | p 2 )
H XY ( p )
H XY ( p1 , p 2 )
Rysunek 1. Schemat ogólny
ZałoŜono, Ŝe wektor B(t) posiada cechy stacjonarności, czyli Ŝe obiekty identyfikacji
nie zaleŜą od czasu bieŜącego t. Dla jednego procesu losowego X(t) obiektami identyfikacji mogą być charakterystyki HX(p) w zakresie amplitud (p=x), czasu opóźnienia
(p=τ) oraz częstotliwości (p=ω).
3. Zasady budowy modeli
Wszystkie charakterystyki identyfikowane mogą być funkcjami jednej lub dwóch
zmiennych. W tabeli przedstawiono trzy przykłady charakterystyk HX(p) w zakresie
amplitud, czasu opóźnienia oraz częstotliwości. Charakterystyki te są funkcjami jednej
zmiennej i zaleŜą od dwóch parametrów a1 oraz a2.
W trakcie identyfikacji moŜna określić wartości funkcji H X ( p ) tylko dla konkretnych wartości argumentu p (w punktach analizy). W związku z tym powstają problemy
rekonstrukcji funkcji na podstawie poszczególnych punktów [za pomocą metod interpolacji i (lub) aproksymacji]. Przede wszystkim trzeba określić liczby punktów analizy
oraz odległości między punktami. Jest to problem optymalizacji, którego skutecznym
rozwiązaniem moŜe być sposób heurystyczny zrealizowany przez uŜytkownika z
uwzględnieniem otrzymywanej aktualnej informacji w postaci graficznej (w trybie online).
Prowadzi to do konieczności budowy dwóch typów modeli:
 modeli do analizy punktowej;
 modeli do rekonstrukcji charakterystyki identyfikowanej na podstawie wyników
analizy punktowej.
103
Identyfikacja charakterystyk modeli w trybie on-line wraz z wizualną…
Tabela 1. Przykłady charakterystyk H X ( p )
Charakterystyka Hx(p)
H x ( p) = f x ( x) =
1
σ X 2π
exp(−
Parametry a1,a2
( x − µx )
),
2σ X2
2
p=x
H X ( p ) = K X (τ ) = exp( − a | τ |) cos 2π f 0τ , p = τ
H X ( p ) = GX ( f ) =
2a
+
a 2 + 4π 2 ( f + f 0 ) 2
2a
+ 2
,p= f
a + 4π 2 ( f − f 0 ) 2
a1 = µ X ,
a2 = σ X
a1 = a, a2 = f 0
a1 = a, a2 = f 0
4. Model do analizy punktowej
Jak pokazano w artykule [4, 5] podstawowymi elementami analizy punktowej
w trybie on-line są filtry, które mogą być (w zaleŜności od specyfiki konkretnego zadania identyfikacji) filtrami róŜnej przepustowości (dolno- górno- albo środkowoprzepustowe) oraz róŜnych typów (Batterworta, Czebyszewa, Bessela).
W ogólnym przypadku parametry modeli do analizy punktowej w postaci filtrów są
parametrami zmiennymi, przy czym zmianą tych parametrów kieruje uŜytkownik
(w trybie on-line).
5. Modele do rekonstrukcji identyfikowanej charakterystyki
Analiza moŜliwości rekonstrukcji w trybie on-line prowadzi do wniosku, Ŝe temu
celowi najbardziej odpowiadają modele optymalizacyjne [4, 5]. Aby określić model
identyfikacyjny naleŜy wykonać trzy kroki:
 Zbudować funkcje celu F ( a1 , a2 ,..., an ) , której punkt minimum odpowiada rozwiązaniu zadania identyfikacji. Funkcja F ( a1 , a2 ,..., an ) zaleŜy od niewiadomych parametrów a1 , a2 ,..., an charakterystyki podlegającej identyfikacji [ H X ( p ) ,
H XY ( p1 p2 ) , H XY ( p2 p1 ) albo H XY ( p1 , p2 ) ].
 Określić, w sposób analityczny albo numeryczny, cząstkowe pochodne:
∂ F (a1 , a2 ,..., an )
, i = 1, n .
∂ ai
(1)
 Zbudować układ równań róŜniczkowych, którego rozwiązaniem są niewiadome
parametry:
dai
∂ F (a1 , a2 ,..., an )
= −R
, i = 1, n .
∂ ai
dt
(2)
104
Krzysztof Makles
Układowi (2) odpowiada poszukiwanie minimum funkcji F ( a1 , a2 ,..., an ) według
trajektorii najszybszego spadku. Szybkość spadku zaleŜy od współczynnika R > 0
(akceleratora poszukiwania). Przy wyborze akceleratora istnieje problem jego wielkości, gdyŜ z jednej strony zwiększenie R powoduje wzrost szybkości poszukiwania, ale
z drugiej strony powiększenie akceleratora moŜe spowodować stratę stabilności modelu
identyfikacyjnego [5]. W tej sytuacji najlepszym rozwiązaniem problemu jest automatyczne dopasowywanie parametru R bezpośrednio w toku identyfikacji komputerowej [7].
6. Wizualna rekonstrukcja cech modeli
Dla wszystkich charakterystyk identyfikowanych korzystna jest prezentacja wizualna w postaci przebiegów czasowych w trybie podziału czasu (szybkiej periodyzacji)
[1-4]. Prezentacja wizualna daje informację uŜytkownikowi w celu podejmowania decyzji i współpracy z modelem identyfikacyjnym w trybie on-line. Pozwala to na interaktywne dopasowywania parametrów modelu identyfikacyjnego w taki sposób, Ŝeby
wyniki identyfikacji najbardziej odpowiadały wymaganiom postawionym ze strony
uŜytkownika (reprezentatywność, dokładność itd.).
Tryb szybkiej periodyzacji pomyślany został w taki sposób, aby wizualizacja charakterystyki następowała w czasie rzeczywistym. PoniewaŜ rekonstrukcja identyfikowanej charakterystyki odbywa się na podstawie analizy punktowej, czyli od punktu
początkowego do końcowego, sygnałem periodyzującym jest sygnał piłokształtny.
Parametrami tego sygnału są amplituda A oraz okres T .
Na rysunku 2 pokazano Diagram Simulink modelu testowego do wizualizacji
w trybie szybkiej periodyzacji. Wizualizowany jest sygnał opisany wzorem
x (t ) = e
− a1 ⋅ t
⋅ cos ( a2 ⋅ t ) :
x (t ) = e
− a1 ⋅ t
⋅ cos ( a2 ⋅ t ) .
Rysunek 2. Model do periodyzacji sygnału (3) w środowisku Matlab-Simulink
(3)
105
Identyfikacja charakterystyk modeli w trybie on-line wraz z wizualną…
Parametry sygnału piłokształtnego określono
lono w sposób następujący:
nast
amplituda
okre
na: a1 = 1 ,
A = 1 , okres T = 16 s . Parametry wizualizowanego sygnału określono
1
a2 = 10 . Charakterystykę amplitudową tego sygnału pokazano na rysunku 3. Takie
określenie
lenie parametrów sygnału piłokształtnego powoduje, Ŝe wizualizowana jest 1
sekunda przebiegu badanego sygnału. Na rysunkach 4 oraz 5 pokazano wizualizację
wizualizacj
w trybie szybkiej periodyzacji
acji dla badanego sygnału oraz 1 sekundę
sekund jego przebiegu
czasowego.
Rysunek 3. Charakterystyka amplitudowa sygnału testowego opisanego wzorem (3)
x (t ) = e
Rysunek 4. Wizualizacja w trybie szybkiej periodyzacji dla sygnału
przy amplitudzie
zie sygnału piłokształtnego A = 1
− a1 ⋅ t
⋅ cos ( a2 ⋅ t )
W kroku drugim zwiększona
kszona została amplituda sygnału piłokształtnego do wartości
warto
równ 2 sekundom symulacji
A = 2 . Spowodowało to wizualizację badanego przebiegu równą
przebiegu czasowego (rysunki 6, 7). Okres sygnału piłokształtnego pozostał niezmieniezmi
niony.
106
Krzysztof Makles
x (t ) = e
− a1 ⋅ t
Rysunek 5. Charakterystyka amplitudowa sygnału
symulacji równego 1 sekundę
sekund
⋅ cos ( a2 ⋅ t )
Rysunek 6. Wizualizacja w trybie szybkiej periodyzacji dla sygnału x ( t ) = e
dla czasu trwania
− a1 ⋅ t
⋅ cos ( a2 ⋅ t )
przy amplitudzie sygnału piłokształtnego A = 2
Rysunek 7. Charakterystyka amplitudowa sygnału x ( t ) = e
− a1 ⋅ t
⋅ cos ( a2 ⋅ t ) dla czasu trwania
symulacji równego 1 sekundę i amplitudy A = 2
Identyfikacja charakterystyk modeli w trybie on-line wraz z wizualną…
107
Zmiana okresu sygnału piłokształtnego wymusza zmianę parametru „Time range”
w oscyloskopie. Wartości te muszą być sobie równe, przy czym krótszy czas periodyzacji zapewnia szybszą reakcję modelu wizualizacji w trybie szybkiej periodyzacji na
zmiany wizualizowanego przebiegu.
W przypadku, gdy funkcja rekonstrukcyjna ma postać wielomianu:
a1 x + a2 x 2 + … + am −1 x m −1 + b .
(4)
Model do wizualizacji w trybie podziału czasu pokazano na rysunku 8.
Rysunek 8. Praktyczna realizacja modelu do wizualizacji w trybie podziału czasu dla sygnału
opisanego wzorem (4)
7. Przykład analizy widma sygnału
Jako przykład analizy widmowej w trybie on-line z wizualizacją w trybie podziału
czasu uŜyto sygnału prostokątnego opisanego wzorem
− A
x (t ) = 
A
−π < t < 0
,
0<t <π
dla
dla
(5)
gdzie A jest amplitudą sygnału. Rozwinięcie na składowe harmoniczne dla tego sygnału
ma postać
x (t ) =
gdzie ω =
2π
T
4A 
1
1
 4A ∞ 1
sin ( 2n + 1) ωt
∑
 sin ωt + sin 3ω t + sin 5ω t + …  =
π 
3
5
 π n = 0 2n + 1
(6)
= 1 jest częstotliwością podstawową, z jaką przebiega sygnał prostokątny.
Ze wzoru 6 wynika, Ŝe widmo sygnału prostokątnego składa się z harmonicznych
o częstotliwościach będących całkowitą, nieparzystą wielokrotnością częstotliwości
1
podstawowej, i amplitudach malejących o ( 2n+1) wraz ze wzrostem częstotliwości harmonicznych. Na rysunku 9 pokazano przykładową analizę harmoniczną sygnału prostokątnego.
108
Krzysztof Makles
Rysunek 9 Analiza widmowa sygnału prostokątnego
prostok
Tabela 2 Parametry modelu do analizy widma
wid
Parametry
Wartości
f1 = 0, f 2 = 0.5, f 3 = 1, f 4 = 1.5, f 5 = 2,
f 6 = 2.5, f 7 = 3, f8 = 3.5, f9 = 4, f10 = 4.5,
f11 = 5, f12 = 5.5, f13 = 6, f14 = 6.5, f15 = 7,
Punkty analizy (Hz)
f16 = 7.5, f17 = 8, f18 = 8.5, f19 = 9, f 20 = 9.5
Liczba odcinków aproksymacji
~
Granicy symulacji zmiennej f (Hz)
19
F1 = 0 , F2 = 9.5
Okres powtórzenia sygnału
~
cyklicznego f (s)
Stała czasowa filtrów (s)
T=0,02
T0 =5
Parametry modelu do identyfikacji widma w trybie on-line
on
(rysunek 10) pokazano w
tabeli 2. Wizualizacja w trybie podziału czasu dokonana została na podstawie 19
odcinków interpolacji. Wyniki symulacji dla tak określonych parametrów pokazano na
rysunku 11.
Identyfikacja charakterystyk modeli w trybie on-line wraz z wizualną…
109
Analizator
20 punktowy
Rysunek 10. Model w środowisku Matlab-Simulink
Simulink do identyfikacji widma wraz z rekonstrukcją
rekonstrukcj
charakterystyki
Rysunek 11. Wyniki analizy widmowej uzyskane z modelu do identyfikacji wraz z wizualizacją
wizualizacj
w trybie on-line
Na oscyloskopie zaobserwowano wyraźne
ne impulsy w punktach analizy f 3 = 1 Hz,
Hz. Otrzymany wynik jest zgodny
f 7 = 3 Hz, f11 = 5 Hz, f15 = 7 Hz i . f19 = 9 .Hz.
z wynikami analizy teoretycznej.
8. Podsumowanie
W artykule omówiono model do wizualizacji identyfikowanej charakterystyki
w trybie podziału czasu. Pokazano przykłady modeli dokonujących
dokonuj
wizualizacji
poprzez interpolację oraz za pomocą wielomianu. Modele pokazane w tym artykule
w połączeniu
czeniu z modelami do rekonstrukcji charakterystyk
charakterys
w oparciu o wyniki analizy
punktowej oraz filtrację dolnoprzepustową pozwalają
pozwalaj na identyfikację procesów
losowych w trybie on-line.
line. Zaproponowane modele mogą
mog zostać zastosowane
w analizie danych, metrologii i dziedzinach pokrewnych. Jako przykład zastosowania
zasto
pokazano identyfikację widma w trybie on-line
line wraz z wizualizacją
wizualizacj w trybie podziału
czasu dla sygnału prostokątnego.
tnego. Otrzymane wyniki wizualizacji są
s zgodne z wynikami
110
Krzysztof Makles
analitycznymi. Pokazane modele są częścią autorskiego zestawu bloków dla pakietu
Matlab-Simulink o nazwie „Identyfikacja wizualna”
Bibliografia
[1] Moiseev V., Ciarciński A., Makles K., Modele graficzne do identyfikacji sygnałów
w trybie on-line, 4 Sesja Naukowa Informatyki, Szczecin, 1999, pp. 147-153.
[2] Moiseev V., Makles K., Identification of random processes via on-line filters,
Seventh International Conference on Advanced Computer Systems, Szczecin, Poland, 2000, pp. 108-111.
[3] Moiseev V., Ciarciński A., Dynamic data reconstruction under on-line conditions,
Seventh International Conference on Advanced Computer Systems, Szczecin, Poland, 2000, pp. 218-221.
[4] Makles K., Random Processes Visual Identification – model building general
principles, 9th International Conference on Advanced Computer Systems, Szczecin, Poland. 2002, pp. 337-344.
[5] Makles K., Random Processes Visual Identification – models for multipoint analysis, 10th International Conference on Advanced Computer Systems, Szczecin, Poland. 2003.
[6] Makles K., Wizualna identyfikacja procesów losowych – analiza porównawcza
modeli on-line z modelami korzystającymi z szybkiej transformaty Fouriera, Roczniki Informatyki Stosowanej Wydziału Informatyki Politechniki Szczecińskiej Nr
6, Szczecin, 2004, pp.167-174.
[7] Makles K., Random Processes Visual Identification – proposal of parameters
fitting automation, 13th International Conference on Advanced Computer Systems,
Szczecin, Poland. 2006.
[8] Moiseev V., Interactive Optimization with Graphic Support, Publisher Informa,
Szczecin, Poland, 2000, ISBN 83-87362-26-3.
[9] Ljung L., System identification: theory for the user, Prentice Hall, Englewoods
Cliffs, 1999
[10] Söderström T., Stoica P., Identyfikacja systemów, Wydawnictwo Naukowe PWN,
Warszawa, 1997.
Virtual multibeam echosounder in investigations on sea
bottom modeling
Wojciech Maleika, Michał Pałczyński
Szczecin University of Technology,
Faculty of Computer Science and Information Technology
Abstract:
The article presents problems of verifying DTM creating methods on the basis of real
sounding data. There has been presented a concept of solving these problems by applying
virtual hydrostatic sounding. A method has been worked out of simulating a single and
multibeam echosounder taking into account vessel movement and transducer parameters.
Elements of ray tracing have been used in the algorithm. The method proposed may be a
valuable research tool in methods of creating DTM and in planning real marine
soundings.
Keywords:
digital terrain model, multibeam echo sounder, ray tracing
1. Introduction
One of the most important and at the same time most difficult tasks undertaken in
the complex process of constructing spatial information systems, is the creation of a
digital terrain model (DTM), which is the basic information layer used by systems describing phenomena in a valuable way and provides them with the basis of spatial organisation. Contemporary DTM users set high requirements, laying stress both on data
quality (accuracy, reliability, up-to-dateness), the dynamics of their processing and
visualising and the possibilities of analyses in real time.
In order to construct the DTM of a sea bottom, measurement information has to be
gathered first. Modern measurement systems with devices that make it possible to
record observation results in a continuous and fully automatic way (e.g. multibeam echo
sounders), permit the acquisition in a relatively short time of a huge amount of information about the shape of the sea bottom. [1,2]. Measurement systems register the location
and depth (spatial coordinates) of many million points during one measurement session.
The processing of such amount of data, which in addition are mostly irregularly scattered in space, requires the application of specially prepared methods and properly selected processing algorithms. The DTM is usually made on the basis of a GRID structure (a regular net of squares) (Fig. 1). There are numerous methods of determining
GRID based on measurement data, the ones most frequently applied being kriging,
minimum curvature, nearest neighbour, natural neighbour, modified Shepard’s method,
112
Wojciech Maleika, Michał Pałczyński
radial basis function, polynomial regression, inverse distance to a power, triangulation
with linear interpolation, and methods based on artificial intelligence [3,4]. These methods make use of a series of differentiated algorithms to establish the values of interpolated parameters at node points. The selection of interpolation method in the case of
unevenly distributed measurement data should be determined by a number of features
characterising this data set: the degree of homogeneity of data dispersion, number of
points per area unit, population variance (degree of data changeability and the type of
surface reflected by the data [5].
An essential problem when researching and seeking optimal interpolation methods is
the impossibility of explicit verification of errors emerging in the obtained DTMs,
which results from a different representation of input data (unevenly distributed points
in spaces of real numbers) and output data (evenly distributed points in spaces of integers). In effect it is impossible to compare diverse interpolation methods with regard to
mapping accuracy.
In research currently conducted different approaches are applied to solve the situation:
 for assessing a particular method only the subjective visual estimation of created
models is taken into account,
 for the needs of research synthetic test surfaces are generated (recorded in GRID
structure), on the basis of which points are randomly drawn which constitute the
source material in further research.
The first of the methods described makes a quantitative assessment of the researched
interpolation methods impossible, whereas the other is based on synthetically generated
data which can in a large degree distort the results obtained (there frequently occurs
here a matching between the function on the basis of which the test data were generated
and the researched interpolation method; the sampled data are usually evenly distributed). Neither do the generated synthetic test surfaces fully reflect the surfaces appearing in a natural environment.
modelling
source data
grid data
Figure 1. Source and grid data in sea bottom modelling
Virtual multibeam echosounder in investigations on sea bottom modeling
113
2. Idea of virtual marine sounding
The idea of “virtual marine sounding” described in the article is the authors’ suggestion of solving the difficulties when researching and verifying DTM creation methods.
The method presented is founded on a proper preparation of test data based on real
measurement data. The process (Fig. 2) can be divided into two basic stages:
 forming a test surface in the shape of a GRID net of high resolution, based on real
data,
 marine sounding simulation: a virtual unit equipped with a single or multibeam
sounder performing sounding in the area of the test surface created.
 These are the features of the solution proposed:
 the measurement points obtained in result of virtual sounding have a form identical
as the real data: uneven distribution of points, description in the domain of real
numbers,
 simple verification of DTM models obtained in further research: a comparison between the obtained GRID structure with the test GRID net,
 flexible possibility of controlling the virtual sounding parameters: vessel speed,
single or multibeam sounder, sounder work parameters, selection of sounding profiles.
modelling
modelling
virtual
sounding
source data
high density grid
virtual data
grid data
Figure 2. Data processing in virtual sounding
3. Method description
The presented method of virtual sounding is based on an approach known as ray
tracing [6, 7]. It consists in the assumption that a narrow acoustic beam can be
represented as a line called ray, with a course corresponding to a wave propagation
trajectory, permitting simulation of wave propagation both in the spatial and temporal
aspect, by means of relatively simple mathematical models. This approach was successfully applied for a synthesis of simulated sonar images [8,9,10]. The sonar’s broad
acoustic beam was divided into narrow subspaces in these applications and modelled by
means of a pencil of numerous rays. Applying the ray tracing method seems all the
more suitable for simulating the work of both a vertical and a multibeam echo sounder,
since the acoustic beams applied in them are very narrow, which permits assigning one
single ray to each of them. The idea of virtual sounding requires the echo sounder simulator to generate a set of points corresponding to the points of hitting submarine targets
114
Wojciech Maleika, Michał Pałczyński
by the acoustic impulses; from the point of view of this application, there is no need to
determine the echo intensity or the beam’s return time.
The space of virtual sounding is located in a Cartesian coordinates system, where the
coordinates X and Y correspond to the coordinates in the UTM system, whereas coordinate Z denotes depth, axis Z being directed upwards; this requires a change of coordinate sign from the generated points, as real echo sounders generate depths in the form of
positive numbers.
3.1. Input data
The presented method of virtual sounding requires defining the following input data:
 DTM in the form of a high-resolution GRID net: The grid’s sides are always placed
parallel to axes X and Y. Nx and Ny – number of grid nodes located along both axes,
xmin, ymin, xmax, ymax – coordinates of grid vertices, Zij, (i=1..Nx, j=1..Ny) – depth in a
particular node.
 Parameters of the multibeam echosounder transducer:
Nbeam – number of beams, ∆α – obtuse angle formed by the extreme beams, T[s] –
time between emission of successive acoustic impulses, R0=(x0, y0, z0) – echo
sounder’s location in relation to the position determined for the vessel. It was assumed in the method presented that all beams were of equal width, all generated the
impulse at the same time and that none of them affected the work of the other
beams.
 Parameters of vertical echo sounder transducer:
T[s] - time between emission of successive acoustic impulses, R0=(x0, y0, z0) - echo
sounder’s location in relation to the position determined for the vessel.
 The route of the vessel is given in the form of sequence Nposition of positions expressed as coordinates in UTM system. The course must also be determined for each
position.
Pship=(xship, yship) – location of the vessel for a given position, Rship = [kxship,
kyship] – course of the vessel for a given position, with |Rship| = 1. In the case of
artificial route synthesis the vessel’s speed and parameter T of the transducer must
be taken into account in order to determine proper distances between successive positions.
The proposed resolution of the initially generated GRID net equals 0.1m x 0.1m.
Typical parameters of the multibeam echo sounder exemplified by SIMRAD EM 3000
[11] are as follows: 128 beams, obtuse angle 150°, and the time between impulses
equals 0.04s.
3.2. Algorithm of virtual sounding with multibeam echo sounder
Virtual sounding requires tracking the propagation of an acoustic beam set of the
echo sounder for each of successive Nposition vessel’s positions. The aim of tracking the
beam is calculating the coordinates of the point of its hitting the bottom. The result of
Virtual multibeam echosounder in investigations on sea bottom modeling
115
the whole algorithm’s functioning is finding the set of all points, at which particular
beams hit the bottom for successive vessel positions.
The beams of a multibeam echo sounder are emitted from transducers located at
such short distances from one another, that their locations can be considered as one
point in space; its location for a given position of the vessel can be calculated as follows:
Ptransducer
 xtransducer 
 xship + x0 


=  ytransducer  = Pship + R0 =  yship + y0  .
 ztransducer 
 z0 
(1)
The axes of all multibeam echo sounder transducers lie in a plane perpendicular to
the course. In the method presented it is assumed that the angles between them are equal
and the axis of the central beam is directed vertically downwards. The other beams are
distributed symmetrically on both sides of the vessel and the number of beams Nbeam and
angle ∆α determined by axes of the extreme beams are the echo sounder’s technical
parameters. As the plane where the transducers are located is perpendicular to the
course, the vector located in horizontal plane, directed perpendicularly to port side is
calculated (Fig. 3a):
 kxtransducer   − kyship 
Rtransducer =  kytransducer  =  kxship  .
 kztransducer   0 
(2)
Directional vector Rα of the axis of each Nbeam is calculated according to the formulas:
 kxα   kxtransducer ⋅ cos(α ) 
π
Rα =  kyα  =  kytransducer ⋅ cos(α )  , for α ≠ ,
2
 kzα   − tan(α ) ⋅ cos(α ) 
 kxα   0
Rα =  kyα  =  0
 kzα   −1











 , for α = π .

2

(3)
(4)
α = α 0 + i ⋅ dα ,
i = 0...( N beam − 1), i ≠
α0 =
dα =
π − ∆α
2
∆α
,
N beam − 1
.
N beam − 1
,
2
(5)
116
Wojciech Maleika, Michał Pałczyński
Each beam should be assigned a ray representing the wave propagation trajectory. In
the method presented the medium is assumed to be homogeneous, therefore the trajectory of acoustic wave propagation is rectilinear. This assumption is close to reality for
shallow waters, and so the ray has its start at the location point of Ptransducer and a direction in accordance with beam axis Rα (Fig.3b).
a)
b)
Rtransducer
z0
Rtransducer
α
Rship
∆α
Pship
Rα
dα
Figure 3. Determination of ray direction (a) top view (b) rear view
The ray’s parametric equation:
Pα = Ptransducer + t ⋅ Rα ,
t > 0.
(6)
Ray tracing consists in searching for its intersection with objects making up the bottom; in the case of finding the intersections the closest of them should be selected, and
the coordinates of this point constitute the result of the algorithm’s functioning for a
given position and beam.
The bottom surface given by the GRID net consists of meshes determined by 4
peaks which are usually not coplanar. In order to obtain elementary surfaces in the form
of flat polygons, each mesh of the GRID net is divided into two triangles (Fig. 4a). The
test for the ray’s intersecting the triangle and calculating the coordinates of the hitting
point takes place by a method known from image synthesis, which consists in determining the intersection point of the ray with the plane explicitly defined by the triangle
peaks, and then checking if the projection of the intersection point onto plane OXY is
inside the triangle projection [12,13]. The complete algorithm of virtual soundong is
presented on Fig. 6.
In a general case the ray tracing algorithm bids to check the intersections with all
bottom model objects [12]. Due to the specificity of a GRID net and the regularity of
the set of researched rays, however, the number of grid meshes tested for intersecting
can be considerably reduced [14], which permits an improvement of the method’s efficiency. The most important technique of decreasing the number of intersection tests is
choosing the set of meshes located exactly “under” the ray, which means, that their
projections on XY plane are intersected by the projection of a ray (Fig. 4b).
Virtual multibeam echosounder in investigations on sea bottom modeling
a)
117
b)
P(x,y,z)
Figure 4. Intersection testing (a) triangulation (b) Choosing meshes for intersection tests using
projection on XY plane
3.3. Algorithm of virtual sounding with vertical echo sounder
A vertical echo sounder generates a single acoustic beam directed vertically downwards in relation to the vessel’s deck, which significantly simplifies the algorithm of
determining the points where the wave hit the bottom. Transducer’s position Ptransducer is
calculated in accordance with dependence (1). Assuming that the vessel does not succumb to lists, the direction of the beam’s axis always equals Rα=[0,0,-1]. Since the
GRID net is defined in a plane perpendicular to the beam axis, the intersected grid’s
mesh is always the one with the vessel position’s projection, so it suffices to check the
ray’s intersection with starting point Ptransducer and direction Rα with one or two triangles
(Fig. 5).
Ptransducer
Figure 5. Intersection testing (a) triangulation (b) Choosing meshes for intersection tests using
projection on XY plane
118
Wojciech Maleika, Michał Pałczyński
START
Take down ship’s position and course
Pship, Rship
Calculate transducer position Ptransducer (1)
Calculate vector coordinates Rtransducer (2)
i:=0
Rα(i) (3) - (5)
Calculate ray direction
Find nearest intersection of ray determined by
equation (6) with GRID net
T
Has intersection
been found?
N
Take down intersection point
P = (x, y, z)
i:=i+1
N
i ? Nbeam
T
N
Last
position?
T
STOP
Figure 6. Algorithm of virtual sounding
Virtual multibeam echosounder in investigations on sea bottom modeling
119
4. Conclusion
The method of virtual sounding method presented in the work can make a valuable
tool supporting research in the area of DTM creation methods and methods of creating
sounding work. Its application permits:
 assessing the accuracy of various interpolation methods (GRID nets in particular)
with the application of real sounding data,
 researching the effect of sounding work parameters such as profile density, vessel
speed, vessel movement trajectory etc. on bottom model accuracy,
 researching the effect of echo sounder parameters on bottom model accuracy,
 comparing the accuracy of bottom models built on the basis of soundings using
single and multibeam echo sounder.
In the course of further research on virtual sounding method consideration can be
taken of:
 heterogeneity of the medium in the form of sound velocity profile dependent on
depth, which will make it necessary to track the non-linear trajectory of wave propagation,
 disturbances like research vessel list, position and course errors and measurement
unreliability of the echo sounder.
References
[1] Grabiec D. Marine Hydrography – Quo vadis? A Brief Look at Development Directions of Hydrographic Measurement Ways and Means,
http://pl.wikisource.org/wiki/Hydrografia_morska, 2008 [In Polish].
[2] Fourgassie A. L’hydrographie moderne. Cols Bleus 6, pp 10-13, 2000.
[3] Stateczny A., Kozak M. Space Modelling of the Sea Bottom Shape Using the Geostatistic Method. Polish Journal of Environmental Studies, vol. 14, Supplement I,
2005.
[4] Łubczonek J. Hybrid Neural Model of the Sea Bottom Surface. Artificial Intelligence and Soft Computing – ICAISC 2004, Springer, Berlin/Heidelberg, 2004.
[5] Davis J. C. Statistics and Data Analysis in Geology. John Wiley & Sons, New
York, 1986.
[6] Coates R. Underwater Acoustic Systems. Macmillan New Electronics, London
1990.
[7] Etter P. Underwater Acoustic Modeling. Elsevier Applied Science, London & New
York, 1991.
[8] Bell J. M., Linnett L. M. Simulation and Analysis of Synthetic Sidescan Sonar Images. IEE Proceedings, Radar, Sonar and Navigation, 1997.
[9] Pałczyński M. A Method of Synthesis of Simulated Sonar Images for the Purpose
of Comparative Navigation. Ph. D. thesis, Szczecin University of Technology,
Szczecin 2008 [In Polish].
120
Wojciech Maleika, Michał Pałczyński
[10] Stateczny A., Pałczyński M. Synthesis of Simulated Sonar Images by Means of
Acoustic Rectilinear Rays. Polish Journal of Environmental Studies, vol. 15, No.
4C, 2006.
[11] Kongsberg Maritime, High Resolution Focused Multibeam Echo Sounders,
http://www.hydrographicsociety.nl/documents/hydrographicsociety/downloads/km
%20multibeam.pdf, 2008.
[12] Glassner A. An Introduction to Ray-Tracing. Academic Press, London, 1989.
[13] Zabrodzki J. Computer Graphics. Wydawnictwa Naukowo-Techniczne, Warszawa,
1994 [In Polish].
[14] Pałczyński M. Adaptation of the Ray-Tracing Algorithm to the Needs of Synthesis
of Simulated Sonar Images, X Sesja Naukowa Informatyki (10th IT Scientific Session) Szczecin, 2005 [In Polish].
HDRLIB: biblioteka do szybkiego przetwarzania
obrazów HDR wykorzystująca zaawansowane
moŜliwości procesorów CPU
Radosław Mantiuk
Politechnika Szczecińska, Wydział Informatyki
Abstract:
Development of high dynamic range imaging (HDRI), especially in the display and
camera technology, have a significant impact on broader usage of HDR data in image
processing, analysis and synthesis. Typical 8-bit graphics pipeline (each red, green, and
blue color channels stored in 8-bits) is replaced with the HDR pipeline, in which color is
represented by floating point values. The HDRI pipeline does not suffer from many
problems of 8-bit systems The most important advantage of HDRI is the possibility of
storing full range of luminance and chrominance visible by HVS (Human Visual System).
Unfortunately, HDR images are significantly greater than in 8-bit systems. Therefore
speed and effectiveness of their processing are especially important for practical
applications. In the paper we propose using SIMD and multi-threading CPU technologies
to speed-up HDRI processing. We present new architecture of HDRI, in which the
attention was paid on memory access optimization, effectiveness of vector data processing
and parallelization of computations. We test proposed solution based on a novel and
original implementation and discusse achieved speed-ups.
Keywords:
SIMD, multi-threading programming, CPU programming, HDR images, image
processing and analysis.
1. Wprowadzenie
Technologia HDRI (ang. High Dynamic Range Imaging) [1] jest rozszerzeniem
i uogólnieniem powszechnie stosowanych algorytmów przetwarzania i analizy obrazów.
Wykorzystywane w niej dane obrazu rejestrowane są z precyzją odpowiadającą dokładności ludzkiego aparatu widzenia HVS (ang. Human Visual System). Dzięki temu metody przetwarzania mogą być zorientowane na uzyskanie obrazów o percepcyjnej
jakości, a nie, jak w przypadku konwencjonalnych obrazów LDR (ang. Low Dynamic
Range), na spełnienie technicznych wymagań urządzeń (np. monitorów) [3]. Technologia HDRI zastępuje standardowy potok graficzny proponując dokładniejsze i bardziej
uniwersalne rozwiązania [8][7].
Miarą praktycznego zastosowania algorytmów przetwarzania obrazów w oprogramowaniu komputerowym jest nie tylko jakość uzyskiwanych obrazów, ale równieŜ czas
działania. Dane obrazów HDR reprezentowane są przez liczby zmiennoprzecinkowe, co
znacząco zwiększa ich rozmiary w porównaniu ze standardowymi obrazami. Przykła-
122
Radosław Mantiuk
dowo jeden piksel obrazu LDR to 24-bity danych (8-bitów na kaŜdą składową koloru
RGB), natomiast piksel obrazu HDR zapamietywany jest na trzech liczbach zmiennoprzecinkowych zajmując 96-bitów pamięci. Zwiększony rozmiar danych wymaga większej mocy obliczeniowej potrzebnej na ich przetworzenie.
W artykule prezentowane jest wykorzystanie natywnych cech procesorów CPU, takich jak wielordzeniowość i instrukcje wektorowe [2], do przyśpieszania algorytmów
HDRI. Proponowane rozwiązania zasadniczo róŜnią się od standardowego potoku przetwarzania obrazów, poniewaŜ oprócz obliczeń zmiennoprzecinkowych wymagają zastosowania specyficznych operacji HDRI (np. mapowania tonów [5]).
Opisywane metody obrazowania HDRI zaimplementowane zostały w autorskim
oprogramowaniu – bibliotece HDRLIB. Oprócz zrównoleglania danych na poziomie
procesu i na poziomie danych, w bibliotece zastosowano szereg rozwiązań programistycznych przyśpieszających obliczenia. Przykładem są zarządzanie pamięcią oparte na
przetwarzaniu fragmentów obrazu w szybkiej pamięci podręcznej CPU oraz kolejkowanie operacji zwiększające efektywność wykorzystania instrukcji wektorowych SIMD
(ang. Single Instruction Multiple Data). W artykule zaprezentowano rezultaty testowania biblioteki HDRLIB i porównano jej działanie ze standardowymi technikami przetwarzania i analizy obrazów.
Przykładami istniejącego oprogramowania, wykorzystującego instrukcje SIMD
i wielowątkowość do przyśpieszania obliczeń, mogą być: biblioteka VIPS (VASARI
Image Processing System) stosowania do przetwarzania duŜych obrazów [6], narzędzią
IPP (Integrated Performance Primitives) firmy Intel wspomagające kompilacje programów wielowątkowych [9], biblioteka IPT (Image Processing Library) [10] wspomagająca przetwarzanie obrazów, pakiet GENIAL (GENeric Image Array Library) [11]
przyśpieszjący algorytmy przetwarzania sygnałów czy biblioteki ITK (Insight Segmentation and Registration Toolkit) [12] i MITK (Medical Imaging ToolKit) [13] wykorzystywane w obrazowaniu medycznym. śaden z powyŜszych pakietów nie słuŜy jednak
do przetwarzania obrazów HDR i nie wspomaga natywnych algorytmów HDRI.
W artykule pominięto zagadnienia związane z wykorzystaniem procesorów graficznych GPU (ang. Graphics Procesor Unit) w obrazowaniu HDR [4]. ChociaŜ procesory
GPU mają w porównaniu z CPU znacznie większe moŜliwości w zakresie zrównoleglania obliczeń, ich praktyczne zastosowanie ograniczone jest brakiem ustandaryzowanej
funkcjonalności. Natomiast wiodącym celem powstania biblioteki HDRLIB było jej
komercyjne zastosowanie.
W drugim i trzecim rozdziele artykułu prezentowane jest wykorzystanie moŜliwości
CPU do przyśpieszania przetwarzania obrazów HDR. Biblioteka HDRLIB oraz rezultaty jej testowania opisane zostały w rozdziale czwartym. Rozdział piąty podsumowuje
artykuł i wskazuje kierunki dalszych prac.
2. Wykorzystanie instrukcji SIMD oraz przetwarzania
wielowątkowego
Technologia SIMD po raz pierwszy zastosowana została w latach 60-tych w superkomputerach (nazywanych z tego względu komputerami wektorowymi), jednak jej
powszechne wykorzystanie moŜliwe stało się dopiero w latach 90-tych wraz z pojawie-
HDRLIB: biblioteka do szybkiego przetwarzania obrazów HDR…
123
niem się procesorów Intel Pentium z rozszerzeniem MMX (ang. MultiMedia eXtensions). Ten zestaw instrukcji SIMD nie nadawał się jeszcze do przetwarzania obrazów
HDR, poniewaŜ nie posiadał instrukcji zmiennoprzecinkowych. Wprowadzono je
w kolejnych wersjach rozszerzenia nazwanych SSE (Streaming SIMD Extension) (SSE,
SSE2, SSE3, SSSE3, SSE4) i ich odpowiednikach wdraŜanych przez inne firmy produkujące procesory (np. AltiVEC firm Motorola i IBM). Obecnie kaŜdy producent procesorów CPU oferuje zestaw instrukcji SIMD, realizujących operacje matematyczne,
logiczne oraz dostępu do pamięci. WaŜną cechą rozszerzenia SIMD jest sterowanie
zapisem danych do pamięci podręcznej (ang. cache pollution). Instrukcje SSE w jednym
cyklu zegara przetwarzają cztery liczby zmiennoprzecinkowe pojedynczej precyzji (4bajtowe) umoŜliwiając uzyskanie czterokrotnego przyśpieszenia obliczeń.
Nowoczesne procesory CPU zbudowane są z kilku rdzeni (ang. multi-core CPU),
dzięki czemu funkcjonalnie zbliŜone są do komputerów wieloprocesorowych (ang.
multi-processor computers). Uruchamiane w nich aplikacje mogą wykonywać obliczenia z uwzględnieniem przetwarzania wielowątkowego, dzięki temu uzyskuje się przyśpierzenia o krotności zbliŜonej do liczby rdzeni i procesorów w systemie.
Instrukcje SIMD oraz wielowątkowość procesorów CPU moŜna efektywnie wykorzystać do przyśpieszania przetwarzania obrazów HDR. Przykładem czasochłonnych
operacji HDRI są obliczenia macierzowe takie, jak mnoŜenie i dodawanie macierzy,
mnoŜenie macierzy przez skalar, potęgowanie, logarytmowanie elementów macierzy,
transponowanie i obliczanie macierzy odwrotnej. Kłopotliwe są równieŜ operacje akumulacyjne: obliczanie sumy pikseli w obrazie, szukanie wartości maksymalnych i minimalnych, obliczanie średnich arytmetycznych i geometrycznych. W technologiach
HDRI często wykonuje się instrukcje warunkowe maskujących grupy pikseli bądź kanałów koloru, oraz wykorzystuje zmiennoprzecinkowe tablice LUT (ang. Look-Up Tables). Proste operacje słuŜą do budowania złoŜonych algorytmów takich, jak skalowanie
i obracanie obrazu, konwersje koloru, obliczanie histogramu, tworzenie piramidy Gauss'a, obliczanie splotu i współczynników statystycznych.
3. Przyśpieszanie przetwarzania obrazów HDR
Wykorzystanie instrukcji SIMD do przyśpieszania przetwarzania obrazów HDR polega na jednoczesnym wykonywaniu operacji dla wszystkich czterech kanałów koloru
(RGBA) lub, w przypadku obrazów HDR zawierających tylko kanał luminancji, na
równoczesnym przetwarzaniu czterech pikseli. Zestaw instrukcji SIMD dostępny
w procesorach nie oferuje wszystkich operacji niezbędnych w przetwarzaniu obrazów
HDR. Przykładowo w standardzie SSE (w wersji do SSSE3) brak jest potęgowania
i logarytmowania. Proponowanym rozwiązaniem problemu jest zastosowanie aproksymacji logarytmowania i potęgowania za pomocą szeregów liczbowych [7]. Dzięki instrukcjom SIMD takie aproksymacje obliczane są bardzo efektywnie.
Na rysunku 1 prezentowany jest potok przetwarzania danych HDR zastosowany
w bibliotece HDRLIB. Wymiana danych CPU z pamięcią RAM stanowi wąskie gardło
algorytmów, dlatego w proponowanym rozwiązaniu obraz dzielony jest na fragmenty.
których wielkość nie jest większa od rozmiaru pamięci podręcznej L1 procesora. W ten
sposób unika się czasochłonnych odwołań do głównej pamięci RAM. Przetwarzanie
124
Radosław Mantiuk
fragmentów odbywa się niezaleŜnie od siebie. W potoku przetwarzania uruchamianych
jest tyle wątków, ile oferuje system operacyjny. Po zakończeniu obliczeń związanych
z danym wątkiem, przekazywany jest do niego kolejny fragment obrazu.
Rysunek 1. Przyśpieszanie przetwarzania obrazów HDR w oparciu o instrukcje SIMD, wielowątkowość obliczeń oraz kolejkowanie operacji
Kolejną zastosowaną techniką minimalizującą wymianę danych z pamięcią RAM
jest mechanizm kolejkowania operacji (ang. instruction queueing). Dane piksela pobrane z pamięci poddawane są kolejno kilku operacjom, a tymczasowe rezultaty przechowywane w rejestrach procesora. Dopiero końcowy wynik zapisywany jest do pamięci
RAM. Mechanizm kolejkowania wymaga niestandardowego sposobu programowania,
w którym rzeczywiste wykonanie operacji odbywa się nie w momencie wywołania
funkcji, a dopiero po wykonaniu specjalnej funkcji realizującej kolejkę. Dzięki kolejkowaniu operacji dodatkowo moŜliwa jest analiza i optymalizacja instrukcji w kolejce
przed ich wykonaniem [7].
HDRLIB: biblioteka do szybkiego przetwarzania obrazów HDR…
125
4. Implementacja i testowanie biblioteki HDRLIB
Biblioteka HDRLIB słuŜy do szybkiego przetwarzania obrazów HDR. Wykorzystano w niej opisywane mechanizmy przyśpieszania obliczeń, w szczególności zrównoleglenie na poziomie danych (instrukcje SSE), wielowątkowość, zarządzanie dostępem do
pamięci RAM oraz kolejkowanie.
Biblioteka zaimplementowano w języku C++ jako dynamiczną bibliotekę skompilowaną w systemie MS Windows. Wywoływanie funkcji bibliotecznych odbywa się za
pośrednictwem API napisanego w języku C, o strukturze podobnej do API biblioteki
OpenGL. Implementacja automatycznie wykrywa moŜliwości procesora i wykorzystuje
oferowaną przez CPU wielowątkowość oraz instrukcje SSE. Obsługa i synchronizacja
wątków oparta została na mechanizmie Win32 Event System udostępnianym przez
system operacyjny.
Testowanie biblioteki przeprowadzono na przykładowym obrazie HDR o rozdzielczości 3088x2056 pikseli. UŜycie jednego obrazu było wystarczające, poniewaŜ szybkość działania testowanych algorytmów nie zaleŜy od kontekstu obrazu i jest liniowo
zaleŜna od liczby pikseli w obrazie. Celem testów było określenie przyśpieszenia obliczeń w stosunku do standardowej wersji oprogramowania bez mechanizmów przyśpieszających. ZałoŜono, Ŝe przyśpieszone algorytmy muszą zachować oryginalną jakość
obrazów.
Testowaniu poddano wybrane podstawowe operacje przetwarzania obrazów HDR:
logarytmowanie, podnoszenie do potęgi, instrukcje warunkowe, obliczanie minimalnej
i maksymalnej luminancji w obrazie. Przetestowano równieŜ złoŜony algorytm HDRI:
kompresję tonów (operator gamma oraz operator logarytmiczny [1]).
Wyniki testów prezentowane są w tabeli 1. Szczególnie duŜe przyspieszenie (wynikające z efektywnej implementacji funkcji aproksymacyjnych) widoczne jest dla instrukcji wykorzystujących logarytmowanie i potęgowanie (wiersze 1 i 2). Operacje
z wyraŜeniami warunkowymi wykazują mniejsze przyspieszenia, poniewaŜ w przypadku instrukcji SIMD niemoŜliwe jest pomijanie wszystkich zamaskowanych pikseli
(w cztero-elementowym wektorze przetwarzane są wszystkie piksele, nawet jeŜeli trzy
z nich są zamaskowane) (wiersz 5). Instrukcje złoŜone takie, jak operatory tonów wykorzystujące operacje akumulacyjne (obliczanie minimalnej i maksymalnej luminancji)
wykonywane są kilkakrotnie szybciej (wiersze 3 i 4).
Zaimplementowana biblioteka porównana została z wynikami uzyskiwanymi za
pomocą popularnej biblioteki VIPS [6]. Przykładowo średnia logarytmiczna obliczana
jest przez VIPS 11 razy wolniej od prezentowanej w artykule implementacji potoku
HDR. Fakt ten podkreśla korzyści opracowania biblioteki wyspecjalizowanej w przetwarzaniu obrazów HDR.
126
Radosław Mantiuk
Tabela 1. Wyniki testów przyśpieszenia przetwarzania danych HDR. Testy przeprowadzono na
komputerze PC z procesorem Intel Core 2 Quad Q6600, 2.4 GHz, 4 GB RAM. W drugiej kolumnie prezentowany jest czas działania algorytmów dla standardowej implementacji. Trzecia
i czwarta kolumna zawiera czasy dla przyśpieszonych algorytmów. W ostatniej kolumnie podano
współczynniki przyspieszenia obliczone dla biblioteki z czterema rdzeniami w porównaniu do
wersji stadardowej CPU.
Czas wykonania operacji [ms]
Operacja
CPU
(jeden
rdzeń)
Biblioteka HDRLIB
(SIMD)
Jeden
rdzeń
Cztery
rdzenie
Uzyskane
przysp.
(dla
czterech
rdzeni)
1 Potęgowanie
3734
313
141
26.48
2 Logarytmowanie
2641
156
63
41.92
3 Wykładnicze mapowanie tonów
(obliczenie minimalnej i maksymalnej
luminancji w obrazie, operator gamma o
wykładniku 1.8, normalizacja wyniku i
zapis do pamięci w formacie BGRA8888)
1703
375
210
8.12
4 Logarytmiczne mapowanie tonów
(obliczenie minimalnej i maksymalnej
luminancji w obrazie, operator
logarytmiczny, normalizacja wyniku i zapis
do pamięci w formacie BGRA8888)
1157
375
203
5.69
5 Logarytmiczne mapowanie tonów z
maskowaniem (50% pikseli nie jest
uwzględniana w obliczeniach)
953
297
297
3.20
5. Podsumowanie
W artykule zaprezentowane zostało wykorzystania zaawansowanych mechanizmów sprzętowych oferowanych przez procesory CPU do przyspieszania przetwarzania
obrazów HDR. Dzięki zastosowaniu wielowątkowości, instrukcji SIMD, efektywnemu
zarządzaniu pamięcią, mechanizmu kolejkowania operacji uzyskano wielokrotne przyspieszenie obliczeń w porównaniu ze standardowym sposobem implementacji algorytmów (np. ponad 8-krotne dla operacji logarytmicznego mapowania tonów).
Prezentowane rozwiązania zaimplementowane zostały w komercyjnej bibliotece
HDRLIB.
Autorzy planują dalszy rozwój biblioteki, w szczególności wykorzystywanie moŜliwości nowych procesorów CPU sukcesywnie pojawiających się na rynku (przykładem
jest standard SSE4, między innymi oferujący przydatne w przetwarzaniu obrazów szybkie obliczanie sumy waŜonej). Biblioteka będzie równieŜ rozszerzana o nowe algorytmy
HDRI, w tym lokalne operatory tonów.
HDRLIB: biblioteka do szybkiego przetwarzania obrazów HDR…
127
Bibliografia
[1] Reinhard E., Ward G., Pattanaik S., Debevec P. High Dynamic Range Imaging.
Data Acquisition, Manipulation, and Display. Morgan Kaufmann, 2005.
[2] Gummaraju J., Rosenblum M. Stream programming on general-purpose processors. Proceedings of the 38th annual IEEE/ACM International Symposium on
Microarchitecture, Barcelona, Spain, 2005, pp. 343-354.
[3] Mantiuk R., Krawczyk G., Mantiuk R., Seidel H.P. High Dynamic Range Imaging
Pipeline: Perception-motivated Representation of Visual Content. In: Proc of SPIE
– Volume 6492. Human Vision and Electronic Imaging XII. 649212.
[4] Mantiuk R., Tomaszewska A., Pająk D. Wykorzystanie procesorów graficznych do
szybkiego przetwarzania obrazów HDR. Pomiary Automatyka Kontrola 7’2007,
ISSN 0032-4110, str. 106-108.
[5] Reinhard E., Stark M., Shirley P., Ferwerda J. Photographic Tone Reproduction for
Digital Images. ACM Trans. on Graph. t.21, n.3, str. 267-276, 2002.
[6] Martinez K., Cupitt J. VIPS – a highly tuned image processing software architecture. In Proceedings of IEEE International Conference on Image Processing 2, pp.
574-577, Genova, 2005.
[7] Mantiuk R., Pająk D. Acceleration of High Dynamic Range Imaging Pipeline Based on Multi-threading and SIMD Technologies. Lecture Notes in Computer Science, vol. 5101, no. I, 2008, Poland, pp. 780-789.
[8] Mantiuk R., Krawczyk G., Mantiuk R. High Dynamic Range Imaging Pipeline:
Merging Computer Graphics, Physics, Photography and Visual Perception. Proc.
of Spring Conferece on Computer Graphics (poster materials), 20-22.04, 2006, Casta Papiernicka, Slovakia, pp. 37-41.
[9] Taylor S. Intel Integrated Performance Primitives Book. ISBN 0971786135,
ISBN139780971786134, 2004.
[10] Harmonic Software Inc. IPT – The Image Processing Toolbox for O-Matrix.
http://www.omatrix.com/ipt.html
[11] Laurent P. GENIAL – GENeric Image Array Library.
http://www.ient.rwth-aachen.de/team/laurent/genial/genial.html
[12] Ibanez L., Schroeder W., Ng L., Cates J. The ITK Software Guide. Second Edition.
Kitware, Inc. Publisher, November 2005.
[13] Zhao M., Tian J., Zhu X., Xue J., Cheng Z., Zhao H. The Design and Implementation of a C++ Toolkit for Integrated Medical Image Processing and Analysis. In
Proc. of SPIE Conference, V.6 5367-4, 2004.
MPS(3N) transparent memory test for Pattern Sensitive
Fault detection
Ireneusz Mrozek, Eugenia Busłowska, Bartosz Sokół
Bialystok Technical University, Faculty of Computer Science
Abstract:
Conventional memory tests based on only one run have constant and low faults coverage
especially for Pattern Sensitive Faults (PSF). To increase faults coverage the multiple run
March test algorithms have been used. As have been shown earlier the key element of
multiple run March test algorithms are memory backgrounds. Only in a case of optimal
set of backgrounds the high fault coverage can be achieved. For such optimal backgrounds the analytical calculation of NPSFk fault coverage for 3 and 4 runs of MPS(3N)
test in this paper is presented. All of the analytical calculations are confirmed and validated by adequate experiments.
Keywords:
transparent memory tests, memory testing, pattern sensitive faults, march tests
1. Introduction
It becomes highly important to test various kinds of defects rapidly and precisely to
improve the modern memory quality especially RAM (Random Access Memory) in a
SoC (System-on-a-Chip) design environment. The RAM testing is quickly becoming a
more difficult issue as the rapidly increasing capacity and density of the RAM chips.
Faults modeled from the memory defects can be summarized as follows [1], [2]. The
neighborhood pattern sensitive fault (NPSF) model is not new, but it is still widely discussed in the literature of memory testing, and becoming more and more important for
memory testing. Traditional March algorithms [1] have been widely used in RAM testing because of their linear time complexity, high fault coverage, and ease in built-in
self-test (BIST) implementation. It is known that the traditional March algorithms do
not generate all neighborhood patterns that are required for testing the NPSFs, however,
they can be modified to get detection abilities for NPSFs. Based on traditional March
algorithms different approaches have been proposed to detect NPSFs, such as the tiling
method [1], [4], two-group method [1], row-March algorithm [4] and transparent testing
[3], [5], [6].
2. Transparent memory testing
March tests are superior in terms of test time and simplicity of hardware implementation and consist of sequences of March elements. The March element includes sequences of read/write (r/w) operations, which are all applied to a given cell, before
130
Ireneusz Mrozek, Eugenia Busłowska, Bartosz Sokół
proceeding to the next cell. The way of moving to the next cell is determined by the
address sequence order.
The transparent technique is a well known memory testing approach that retrieves
the initial contents of the memory once the test phase has been finished. It is therefore
suitable for periodic field testing while allowing preserving the memory content. A
transparent BIST is based on a transparent March test that uses the memory initial data
to derive the test patterns. A transparent test algorithm ensures that the last write data is
always equal to the first read value in order to satisfy the transparency property [7], [8].
Transparent tests are particularly suitable for Built-In Self-Test.
Let us concentrate our attention on two March memory tests, namely MATS+:{⇑
(ra,wā); ⇓(rā,wa)}, and modified PS(3N) test – MPS(3N): {⇑ (ra,wā, rā,wa, ra)} [9]. It
is quite important to emphasis that implementation of MPS(3N) in some cases do not
need the value of fault free signature, and the MPS(3N) testing procedure can be interrupted by the system at any time due to preservation of the initial memory contents at
any stage of testing. In a case of MATS+ test initial contents will be at the end of test
procedure.
3. MPS(3N) memory tests efficiency analyses
To investigate the memory March tests let us suppose that NPSFk includes memory
cells with increasing order of addresses α(0), α(1), α(2), ..., α(k − 1), such a way that
α(0) < α(1) < α(2) < ... < α(k − 1) and base cell has the address α(i), where 0 ≤ i ≤ k − 1.
One of the simplest March test is MPS(3N) which checks only all possible transitions in current cell. Let us concentrate our attention on the Passive NPSFk (PNPSFk) as
the most difficult faults to be detected. First of all, it should be emphasized that due to
scrambling information as well as specific optimisation techniques there is huge amount
of such a type of faults. Any k arbitrary memory cells out of all N memory cells can be
involved into the PNPSFk. The exact number of all PNPSFk within N memory cells is
determined according to the equation (1):
 N 
 N 
k
L( PNPSFk ) = 2 × ( N − k + 1) × 2 k −1 × 
 = 2 × ( N − k + 1) 
.
 k − 1
 k − 1
(1)
The number Q(PNPSFk) of detectable faults during the one MPS(3N) memory test
run is (2):
 N 
Q( PNOSFk ) = 2 × ( N − k + 1) 
.
 k − 1
(2)
And the fault coverage FC for MPS(3N) is:
FCMPS 3 N =
Q ( PNPSFk )
L ( PNPSFk )
100% =
1
.
2k −1
(3)
The exact values of fault coverage for different k and for MPS(3N) test are presented
in Table 1.
131
MPS(3N) transparent memory test for Pattern Sensitive Fault detection
Table 1. PNPSFk fault coverage for MPS(3N) test
k
FCMPS3N
3
25
4
12.5
5
6.25
6
3.125
7
1.6
8
0.8
9
0.4
There are some solutions to increase the FCMPS3N shown in Table 1. Among those
the most promising is the multiple run memory testing. The key idea behind this approach is the different background selection for increasing the fault coverage. Let us
analyze the efficiency of this approach for different number of backgrounds. In a case of
two backgrounds the fault coverage will increase in two times when the second background is an inverse version of the first one. More complicated problems arise for three
and four runs of memory test with different backgrounds.
4. Three run MPS(3N) memory test efficiency analyses
For implementation of the three run MPS(3N) like memory tests three different
backgrounds B1, B2 and B3 have to be generated. In the case of three run memory testing
every consecutive background should be not similar to the previous one or more precisely should be dissimilar as much as possible compare with the backgrounds have
been applied during the previous test sessions [10], [11]. Memory background can be
regarded as binary vector and the set of backgrounds can be defined as a set of binary
vector Bi = bi1bi2...biN, i ∈ {1, 2, ..., 2N} where bic ∈ {0, 1}, ∀c ∈ {1, 2, ...,N} and N is
the one-bit wide memory size. As the candidates for the backgrounds the following sets
can be regarded:
B11 = bi1bi 2 bi 3 ...bi ( N / 2 −1) bi ( N / 2) bi ( N / 2 +1) bi ( N / 2 + 2) ...biN
S1: B12 = bi1 bi 2 bi 3 ...b i ( N / 2 −1) bi ( N / 2) b i ( N / 2 +1) bi ( N / 2 + 2) ...biN
B13 = bi1 b i 2 b i 3 ...b i ( N / 2 −1) b i ( N / 2 ) bi ( N / 2 +1) bi ( N / 2 + 2 ) ...biN
B21 = bi1bi 2 bi 3 ...bi ( N / 2 −1) bi ( N / 2) bi ( N / 2 +1) bi ( N / 2 + 2) ...biN
S2: B22 = bi1 bi 2 bi 3 ...bi ( N / 2 −1) bi ( N / 2) bi N / 2 +1 bi N / 2 + 2 ...biN
(
) (
)
B23 = bi1bi 2 bi 3 ...bi ( N / 2 −1) bi ( N / 2 ) bi ( N / 2 +1) bi ( N / 2 + 2) ...biN
B31 = bi1bi 2 bi 3 ...bi ( N /3) bi ( N /3+1) ...bi ( 2 N /3) bi ( 2 N /3+1) ...biN
S3: B32 = bi1 bi 2 bi 3 ...bi ( N /3) bi ( N /3+1) ...bi ( 2 N /3) bi ( 2 N /3+1) ...biN
B33 = bi1bi 2 bi 3 ...bi ( N /3) bi ( N /3+1) ...bi ( 2 N /3) bi ( 2 N /3+1) ...biN
According to definition of S3 set of backgrounds B31, B32 and B33 are as follow:
S3 for N = 18
B31 = 000000000000000000
B32 = 111111111111000000
B33 = 000000111111111111
132
Ireneusz Mrozek, Eugenia Busłowska, Bartosz Sokół
For the simplicity of the following discussions let suppose that N is divisible by 2
and 3. As the simple modification of these sets any random backgrounds B13, B22 and
B23 with the half of zero and half of ones can be used, as well as arbitrary B32 with 2N/3
ones and N/3 zero and B33 with N/3 ones and 2N/3 zero. The efficiency of these sets of
backgrounds can be calculated analytically. Let us start with the first set S1.
A. MPS(3N) efficiency analysis for S1
The first background B11 from the set of S1 allows to detect on the bases of MPS(3N)
test Q11 = Q(PNPSFk) (see (2)) PNPSFk faults. Because backgrounds B12 is inversion of
B11 than within arbitrary k−1 cells will be different patterns compare with in case of B11
background. Therefore Q12 also equals to Q(PNPSFk) and Q11_12 = 2Q(PNPSFk). In a
case of the background B13 new k bit patterns compare with the patterns have been generated on the bases of backgrounds B11 and B12 consists of different binary codes excluding all zero codes (generated by B11) and all ones code (generated by B12). Taking
into account the structure of B13 the additional number of patterns are:
k −2
 N / 2  N / 2
Q13 = 2 × ( N − k + 1) × ∑ 

.
i 
i =1  k − 1 − i  
(4)
Let kn means the number of neighborhood cells (kn = k−1). Then
kn −1
 N / 2 N / 2
Q13 = 2 × ( N − kn ) × ∑ 

.
i 
i =1  k n − i  
(5)
Full amount of the patterns generated after three runs of the MPS(3N) test based of
the set S1 equals to:
  N  kn −1  N / 2  N / 2  
Q11_12 _13 = 2 × ( N − kn ) ×  2 ×   + ∑ 

 .
  kn  i =1  kn − i   i  
(6)
Taking into account that for real applications N is a big integer number, k << N and
Nk >> Nk−1 last equation for the case of even N can be simplifies to:

2
1
Q11_12 _13 ≈ 2 ( N − kn ) N kn 
+
 kn ! 2 kn

kn −1
∑
i =1

.

( kn − i )! × i ! 
1
(7)
Under the same conditions L(PNPSFk) from (1) can simplifies to 2 × 2kn × (N − kn)
× ( N kn /kn!), then the fault coverage FCMPS3N((B11,B12,B13), k) for the three runs of
MPS(3N) test can be estimated as
MPS(3N) transparent memory test for Pattern Sensitive Fault detection
FCMPS 3 N ( ( B11 , B12 , B13 ) , k ) =
Q11_12 _13
L ( PNPSFk )
133
100% =


kn −1
k ! kn −1
1
1
100% = 3 × 2 − 1100%
=  kn −1 + nkn ∑
 2
2 i =1 k − i ! × i ! 
22 kn −1
( n )


(8)
In a case of k = 3 FCMPS3N((B11,B12,B13), k) ≈ (5/8)100% = 62.5% what is sufficiently
high then for one run of MPS(3N) test.
B. Efficiency analysis for S2
The first all zero background B21 from set of S2 allows to detect the same number of
faults as in case of B11: Q21 = Q(PNPSFk) (see (2)). Background B22 and background B23
due their structure allow generating the same amount of new patterns compare with
background B21 within any k memory cells. It should be noted that B22 is inverse version
of B23 what allows to detect different subset of PNPSFk faults. The value of Q22 = Q23
can be calculated as
  N / 2  kn −1  N / 2  N / 2  
Q22 = 2 × ( N − kn ) ×  
+ ∑

 .
  kn  i =1  kn − i   i  
(9)
Full amount of the patterns generated after three runs of the MPS(3N) test on the
bases of S2 equals to:
 N 
  N / 2  kn −1  N / 2   N / 2   
Q21_ 22 _ 23 = 2 × ( N − kn ) ×    + 2 ×  
+ ∑

   .
  kn 
  k n  i =1  kn − i   i   

(10)
According to the same assumptions for k and N as in previous case


1
2
2 kn −1
1
.
Q21_ 22 _ 23 ≈ 2 × ( N − kn ) N kn 
+ kn
+ kn × ∑
 kn ! 2 kn ! 2

i =1
( kn − i )! × i ! 

(11)
Then the fault coverage FCMPS3N((B21,B22,B23), k) for the three runs of MPS(3N) test
can be estimated as:
 1

2k ! kn −1
2
1
FCMPS 3 N ( ( B21 , B22 , B23 ) , k ) ≈  kn + 2 kn + 2 knn × ∑
100% =
2
2
i =1 ( k n − i ) !× i ! 
2
3 × 2kn −1 − 1
=
100%
22 kn −1
(12)
The results obtained for both sets of backgrounds (S1, S2) allow to show that
FCMPS3N((B11,B12,B13), k) = FCMPS3N((B21B22,B23), k) (see (8) and (12)).
134
Ireneusz Mrozek, Eugenia Busłowska, Bartosz Sokół
5. Four run MPS(3N) memory test efficiency analyses
Similar to the three run MPS(3N) like memory tests four different backgrounds B1,
B2, B3 and B4 have to be generated such a way that every consecutive background
should be not similar to the previous one or more precisely should be dissimilar as much
as possible compare with the backgrounds have been applied during the previous test
sessions [10], [11]. To construct B1, B2, B3 and B4 the previous sets the S1, S2, and S3 can
be used. As the result S4 consisting on four backgrounds can be generated as B41 = B11,
B42 = B12, B43 = B13 and B44 = B23.
B41 = bi1bi 2 bi 3 ...bi ( N / 2 −1) bi ( N / 2) bi ( N / 2 +1) bi ( N / 2 + 2) ...biN
S4:
B42 = bi1 bi 2 bi 3 ...bi ( N / 2 −1) bi ( N / 2 ) bi ( N / 2 +1) bi ( N / 2 + 2 ) ...biN
B43 = bi1 bi 2 bi 3 ...bi ( N / 2 −1) bi ( N / 2) bi ( N / 2 +1) bi ( N / 2 + 2) ...biN
B44 = bi1bi 2 bi 3 ...bi ( N / 2 −1) bi ( N / 2 ) bi ( N / 2 +1) bi ( N / 2 + 2 ) ...biN
It should be noted that the Hamming distance between any pair of backgrounds from
the set S4 is not less N/2 or more precisely takes the value N and N/2, what is very close
to the conditions shown in [11]. As the best solution for four run MATS+ like tests is
the set S5 constructing as the extension of S3.
B51 = bi1bi 2 bi 3 ...bi ( N /3) bi ( N /3+1) ...bi ( 2 N /3) bi ( 2 N /3+1) ...biN
S5:
B52 = bi1 bi 2 bi 3 ...bi ( N /3) bi ( N /3+1) ...bi ( 2 N /3) bi ( 2 N /3+1) ...biN
B53 = bi1bi 2 bi 3 ...bi ( N /3) bi ( N /3+1) ...bi ( 2 N /3) bi ( 2 N /3+1) ...biN
B54 = bi1 bi 2 bi 3 ...bi ( N /3) bi ( N /3+1) ...bi ( 2 N /3) bi ( 2 N /3+1) ...biN
As an example for the case of N = 18 the corresponding backgrounds from S5 set
are:
S5 for N = 18
B51 = 000000000000000000
B52 = 111111111111000000
B53 = 000000111111111111
B54 = 111111000000111111
Like in a case of three run memory testing let’s suppose that N is divisible by 2 and
3. The efficiency of these sets of backgrounds can be calculated analytically.
A. Efficiency analysis for S4
The three first backgrounds B41, B42 and B43 allow generating the same patterns as
the corresponding set S1, that is why Q41_42_43 = Q11_12_13. Taking into account the structure of B44 it is easy to show that the additional number of patterns is
135
MPS(3N) transparent memory test for Pattern Sensitive Fault detection
 kn −1  N / 2   N / 2  
Q44 = 2 × ( N − k n ) ×  ∑ 

 .
 i =1  kn − i   i  
(13)
Full amount of the patterns generated after four runs of the MPS(3N) test on the
bases of S4 equals to:
  N  kn −1  N / 2   N / 2  
Q41_ 42 _ 43 _ 44 = 4 × ( N − kn ) ×    + ∑ 

 .
  kn  i =1  kn − i   i  
(14)
Taking into account that for real applications N is a big integer number, k << N and
Nk >> Nk−1 the fault coverage FCMPS3N((B41,B42,B43,B44), k) for the four runs of MPS(3N)
test can be estimated as
FCMPS 3 N ( ( B41 , B42 , B43 , B44 ) , k ) ≈
2kn −1
100% .
2 2 kn − 2
(15)
In a case of k = 3 according to (15) it is easy to calculate that
FCMPS3N((B41,B42,B43,B44), 3) ≈ (3/4)100% = 75% what is sufficiently higher than for
one run of MPS(3N) test.
6. Experimental results
To validate analytical results many experiments have been done. The experiments
were done for two types of PNPSFk (PNPSF3 and PNPSF5), different sizes of memory
and selected sets of backgrounds. In each cases all PNPSF3 (PNPSF5) were generated
what allowed to obtain exact number of activated faults by 3rMPS(3N) test session. So,
each time we could calculate exact value of fault coverage. All experimental results are
presented in Tables 2, 3.
Table 2. Experimental results: PNPSF3 fault coverage for 3rMPS(3N) test session
Set/N
S1
S2
S3
8
64.29%
64.29%
68.75%
16
63.33%
63.33%
65.63%
32
62.90%
62.90%
65.07%
64
62.70%
62.70%
66.41%
128
62.60%
62.60%
66.27%
The results from Tables 2 and 3 confirm the equations (8), (12). In Table 2 experimental results of PNPSF3 fault coverage for 3 run MPS(3N) and S1, S2, S3 sets of backgrounds are presented. In Table 3 you can find the results from the same experiments
but for PNPSF5 fault. It should be noticed that in such type of memory testing the fault
coverage minimally depends on N. The especially high influence on the fault coverage
can be observed for very small N what is shown in details on the Fig. 1.
136
Ireneusz Mrozek, Eugenia Busłowska, Bartosz Sokół
Table 3. Experimental results: PNPSF5 fault coverage for 3rMPS(3N) test session
Set/N
S1
S2
S3
8
18.57%
18.57%
18.75%
16
18.27%
18.27%
18.68%
32
18.12%
18.12%
18.59%
64
18.04%
18.04%
18.56%
128
18.01%
18.01%
18.54%
Figure 1. FCMPS3N((B11,B12,B13), 3) – comparison of the experimental and estimated results
But we have to notice that with increasing N, the influence of the memory size on
the fault coverage becomes smaller. In our analytical investigation we assumed large
value of N. That is why the analytical results are a bit different from the experimental
ones. In all experimental results we can see that with increasing N the experimental
values of fault coverage are more and more closer to the theoretical values. For example, in case of S1 and PNPSF3 analytically calculated fault coverage equals to 62.5%
(see (8)). For N = 8 this value equals to 64.29% but for N = 128 experimental value
equals to 62.6% and is almost the same like theoretical one. The same fact can be observed for PNPSF5. For example for backgrounds S3 theoretical FCMPS3N((B31,B32,B33),
5) = 18.52%. Experimental value for N = 128 equals to 18.54%. So we can see again
that theoretical and experimental values are equal to each other. The same experiments
have been done for 4 runs test session. In this case sets S4 and S5 were used as a backgrounds. Obtained results for 4rMPS(3N) test are in Table 4 and 5 These results confirm
equations (19) and (23) too.
Table 4. Experimental results: PNPSF3 fault coverage for 4rMPS(3N) test session
Set/N
S4
S5
8
78,57%
87,5%
16
76,67%
85,71%
32
75,81%
84,19%
64
75,40%
82,81%
128
75,20%
82,55%
137
MPS(3N) transparent memory test for Pattern Sensitive Fault detection
Table 5. Experimental results: PNPSF5 fault coverage for 4rMPS(3N) test session
Set/N
S4
S5
8
24,64%
25,00%
16
24,04%
24,86%
32
23,73%
24,70%
64
23,59%
24,62%
128
23,51%
24,58%
7. Conclusions
In this paper three and four runs of MPS(3N) test session were investigated. For the
best backgrounds, known from previous publications, PNPSFk fault coverage for
3rMPS(3N) and 4rMPS(3N) was calculated. All analytically obtained results were confirmed and validated by many experiments. Based on those results we can say that experimental results confirmed the validity of the theoretical predictions. In all our
investigations we was focusing on MPS(3N) test. It is quite important to emphasis that
transparent implementation of MPS(3N) in some cases do not need the value of fault
free signature as it is necessary in many others transparent tests. Moreover it should be
stressed that the MPS(3N) testing procedure can be interrupt by the system at any time
due to the preserving the initial memory contents at any stage of testing. In a case of
many other transparent tests initial contents will be available at the end of the test procedure.
Acknowledgement
This work was supported by the grant number W/WI/5/06.
References
[1] Goor A. J. V. D. Testing Semiconductor Memories: Theory and Practice. Chichester, England: John Wiley & Sons, 1991.
[2] Hayes J. P. Detection of pattern-sensitive faults in random-access memories. IEEE
Trans. Computers, vol. 24, no. 2, pp. 150–157, 1975.
[3] Cockburn B. F. Deterministic tests for detecting scrambled pattern sensitive faults
in RAMs, in MTDT ’95: Proceedings of the 1995 IEEE International Workshop on
Memory Technology, Design and Testing. Washington, DC, USA: IEEE Computer
Society, pp. 117–122, 1995.
[4] Franklin M., Saluja K. K. Testing reconfigured RAM’s and scrambled address
RAM’s for pattern sensitive faults, IEEE Trans. on CAD of Integrated Circuits and
Systems, vol. 15, no. 9, pp. 1081–1087, 1996.
[5] Karpovsky M. G., Yarmolik V. N. Transparent memory testing for patternsensitive faults, in Proceedings of the IEEE International Test Conference on
TEST: The Next 25 Years. Washington, DC, USA: IEEE Computer Society, pp.
860–869, 1994.
[6] Nicolaidis M. Theory of transparent BIST for RAMs, IEEE Trans. Comput., vol. 45,
no. 10, pp. 1141–1156, 1996.
138
Ireneusz Mrozek, Eugenia Busłowska, Bartosz Sokół
[7] Yarmolik V. N., Klimets Y., Demidenko S. March PS(23N) test for DRAM patternsensitive faults, in ATS ’98: Proceedings of the 7th Asian Test Symposium.
Washington, DC, USA: IEEE Computer Society, pp. 354–357, 1998.
[8] Yarmolik V. N. Contents independent RAM built in self test and diagnoses based
on symmetric transparent algorithm, in DDECS’2000: Proceedings of the 3rd
Workshop on Design and Diagnostics of Electronic Circuits and Systems, Smolenice - Slovakia, April 5-7, pp. 220–227, 2000.
[9] Yarmolik V. N., Murashko I., Kummert A., Ivaniuk A. Transparent Testing of
Digital Memories, Minsk, Belarus: Bestprint, 2005.
[10] Yarmolik S. V. Address sequences with different average hamming distance, in:
Abstracts of 1st International Conference for Young Researches in Computer
Science, Control Electrical Engineering and Telecommunications, Zielona Gora,
Poland, September 18-20, pp. 67–68, 2006.
[11] Yarmolik S. V., Mrozek I. Multi background memory testing, in MIXDES2007:
Proceedings of the 14th International Conference Mixed design of integrated circuits and systems. Ciechocinek, Poland: IEEE Computer Society, June 21-23, pp.
511–516, 2007.
Analiza natęŜenia ruchu osób na monitorowanych
obszarach
Adam Nowosielski, Krzysztof Kłosowski
Politechnika Szczecińska, Wydział Informatyki
Abstract:
New and unfamiliar quality is being brought in with the development of intelligent
monitoring systems. Video analysis of human dynamics is an excellent example. Based on
the analysis of the problem the algorithm for human traffic analysis from a video stream
is developed.
Keywords:
video analysis of human dynamics, CCTV systems, video analysis
1. Wprowadzenie
Wykorzystywanie systemów rozpoznawania obrazów w Ŝyciu codziennym jest coraz większe i stale rośnie. Przyczyną tego zjawiska jest przenoszenie Ŝmudnych i uciąŜliwych zadań realizowanych przez człowieka na zautomatyzowane systemy
informatyczne. Taka tendencja widoczna jest równieŜ w systemach monitoringu,
w których od zawsze występował operator. Ten ostatni w porównaniu z systemem
komputerowym jest ograniczony (nie moŜe jednocześnie analizować kilku obrazów),
przeciąŜony (jego zdolność skupienia uwagi spada juŜ po 0,5h pracy), bardziej zawodny
(kwestie poświęcenia i uczciwości) [1].
Pomimo rozwoju automatycznych systemów rozpoznawania i analizy obrazów
moŜna np. na skrzyŜowaniach czy teŜ przy wejściach do centrów handlowych spotkać
pracowników, których zadanie polega na ręcznym zliczaniu osób. Problem zautomatyzowania tego procesu podjęty został w niniejszym artykule. NaleŜy tutaj podkreślić, Ŝe
technologie wideoobserwacji i analizy sekwencji wideo są nieinwazyjne, bezkontaktowe i najbardziej naturalne. Nie ograniczają w Ŝaden sposób ruchów uŜytkownika. Systemy bazujące na tych technologiach mogą zaoferować nową, nieznaną do tej pory
jakość oraz ułatwić Ŝycie poprzez tworzenie inteligentnych środowisk [2]. Jednak naleŜy przy tym podkreślić, Ŝe takie zadanie jak śledzenie człowieka naleŜy do jednego
z najbardziej złoŜonych spośród zadań realizowanych przez dynamiczne systemy wizyjne [3]. Przyczyną takiego stanu rzeczy jest fakt, iŜ sylwetka człowieka jest zarówno
dynamiczna jak i elastyczna, sam człowiek posiada zróŜnicowany kolor ubioru o zróŜnicowanej teksturze.
Rozumienie i interpretacja zachowań człowieka w złoŜonych scenach nie jest więc
zadaniem trywialnym. Sam problem śledzenia człowieka zyskał spore zainteresowanie.
Powstało szereg podejść do rozwiązania problemu, które moŜna zakwalifikować do
jednej z dwóch kategorii [3]:
140
Adam Nowosielski, Krzysztof Kłosowski
 podejścia bazujące na wyglądzie (ang. appearance based),
 podejścia bazujące na modelu (ang. model based).
Metody z pierwszej grupy wykorzystują informację o kolorze, konturze lub teksturze śledzonej osoby. Ich niewątpliwą zaletą jest duŜa szybkość działania [3, 4]. Metody
bazujące na kolorze pozwalają na zgrubne oddzielenie obiektu od tła i jego śledzenie
(śledzenie obszaru połączonych komponentów, którego barwa odpowiada zarejestrowanemu modelowi). Ta grupa podejść mocno wykorzystywana jest w problemie detekcji
i śledzenia samej twarzy [3, 5]. Problem sprowadza się wówczas do zadania detekcji
twarzy i jej dalszego trakingu. Zagadnienie to zostało dobrze opisane w literaturze tematu [5]. Jego zastosowanie jest jednak ograniczone do środowisk, w których kamery
rejestrują obrazy twarzy na wprost.
O ile barwę i śledzenie obiektów na jej podstawie moŜna uznać za metodę globalną,
to podejścia wykorzystujące kontury wykorzystują juŜ informację lokalną, taką jak
układ krawędzi i linii. Przykład algorytmu detekcji ruchomych obiektów za pomocą
konturów (skutecznie radzący sobie z zadaniem śledzenia osób) znaleźć moŜna w pracy [4].
Druga grupa metod - bazujące na modelu – charakteryzują się duŜą semantyczną
wiedzą o śledzonym obiekcie. Podejścia te są jednak złoŜone obliczeniowo. Występujące problemy związane są przede wszystkim ze zmianą skali, translacją, obrotami i deformacjami śledzonych obiektów [3].
W dalszej części artykułu zostaną przedstawione moŜliwości oraz zalety wykorzystania automatycznego systemu analizy natęŜenia ruchu pieszych. Przedstawione zostaną załoŜenia budowy takiego systemu. Zaprezentowany zostanie sam system realizujący
postawione zadanie w oparciu o opracowany algorytm analizy sekwencji obrazów
z kamery.
2. ZałoŜenia
Wspomniane we wstępnie sytuacje, kiedy to człowiek „na piechotę” zlicza osoby,
które przemieściły się na danym obszarze w konkretną stronę pokazują, Ŝe istnieje potrzeba stworzenia takiego systemu. Na tym polu zaczynają pojawiać się juŜ rozwiązania
komercyjne, jednak są one zamknięte, a algorytmy na jakich bazują nie są ujawniane.
Informacja o liczbie przechodzących osób wykorzystywana jest przy analizie natęŜenia ruchu. UmoŜliwia wprowadzanie usprawnień i ułatwień w Ŝyciu codziennym
lokalnych społeczności. W przypadku centrów handlowych informacja o natęŜeniu
ruchu klientów moŜe zostać wykorzystana przy planowaniu np. obsady kas (zanim
jeszcze ustawią się kolejki i część klientów zrezygnuje z zakupów) czy lokalizacji stoisk
z promocjami. Porównując liczbę osób odwiedzających sklep do liczby wystawionych
paragonów, moŜna określić ile osób wychodzi bez zakupów, itd.
O ile powyŜszy przykład centrum handlowego ma typowy charakter komercyjny, to
analiza ruchu pieszych na skrzyŜowaniach moŜe mieć ogromne znaczenie w procesie
planowania ruchu komunikacyjnego w całych miastach. JeŜeli bowiem zauwaŜona
zostanie wyraźna tendencja, kiedy ludzie z jednego przystanku przemieszczają się na
inny przystanek, korzystna moŜe okazać się zmiana kursu danego środka komunikacji
miejskiej.
Analiza natęŜenia ruchu osób na monitorowanych obszarach
141
NajwaŜniejsze w takim systemie jest usytuowanie kamery,
kamery a tym samym rodzaj pozyskiwanych obrazów. W tradycyjnym systemie monitoringu, który mógłby stanowić
stanowi
źródło sekwencji wideo do systemu analizującego
cego natęŜenie,
nat
obrazy uzyskiwane są pod
znacznymi kątami, tak aby zarejestrować cała sylwetkę
sylwetk przechodniów [3, 6]. Podobna
sytuacja występuje
puje w przypadku systemów rozpoznawania twarzy. Kamery
K
instalowane
są w sposób umoŜliwiający pozyskiwanie obrazów twarzy jak najbardziej zbliŜonych
zbli
do
frontalnego [7, 8]. W tłumie idących ludzi rejestrowanym „z przodu” dochodzi do ciąci
głych przesłonięć.. Twarze tych samych osób znikają,
znikają ale pojawiają się po jakimś czasie
w innym miejscu kadru. W takich warunkach moŜliwa
Ŝliwa jest realizacja zadania zliczania
ludzi, jednakŜe naleŜy rozwaŜać wówczas mechanizmy śledzenia za twarzami, dopasowywania do siebie zgubionych
bionych twarzy z jednej klatki (zasłonięcie)
(zasłoni
do nowych twarzy
w kolejnych klatkach. Główna jednak niedogodność
ść wynikająca
wynikaj
z omawianego sposobu
instalacji kamery wynika z praktycznej niemoŜliwoś
liwości analizy ruchu w dwóch kierunkach. Do takiej analizy naleŜałoby uŜyć dwóch kamer, monitorujących
monitoruj
niezaleŜnie ruch
w przeciwległych kierunkach. Z dodatkową kamerą wiąŜe się cała infrastruktura (okablowanie, sprzęt analizujący
cy dane obrazowe z kamery), która podnosi koszt systemu
i wcale nie ułatwia realizacji zadania.
W związku z powyŜszym, dogodniejszą jest sytuacja, kiedy kamera umieszczona
bezpośrednio nad monitorowanym obszarem skierowana jest pionowo w dół. Rysunek 1
a) przedstawia przykład instalacji kamery bezpośrednio
średnio nad monitorowanym obszarem.
Kamera zamontowana jest na krawędzi dwóch ścian
cian budynku i skierowana jest pionowo
w dół. Po prawej stronie (rys. 1 b) widać jak moŜe
Ŝe wyglądać
wygl
obraz z takiej kamery.
a)
b)
Rysunek 1. Przykład instalacji kamery nad monitorowanym obszarem oraz obraz uzyskany
z takiej kamery
Dodatkowo załoŜono, Ŝe ruch
uch osób na monitorowanym obszarze powinien odbywać
się w pionie bądź w poziomie (typowy w przypadku monitorowania korytarza,
korytarza wejścia
lub tunelu). Proces monitoringu moŜe odbywaćć się zarówno wewnątrz budynków jak
i na zewnątrz. Jednak naleŜy unikać sytuacji, kiedy w scenie występują
wyst
bardzo silne
źródła światła, powodujące
ce powstawanie znacznych cieni.
3. Struktura systemu
Schemat opracowanego systemu analizującego
cego natęŜenie
nat
ruchu osób na monitorowanych obszarach zaprezentowany został na rys. 2.. W systemie wyróŜnić
wyró
moŜna nastę-
142
Adam Nowosielski, Krzysztof Kłosowski
pujące komponenty: blok obróbki wstępnej, blok detekcji osób, ekstraktor cech, blok
śledzenia osób, oraz generator statystyk.
Rysunek 2. Schemat działania systemu
KaŜdy element składowy systemu
temu poddany zostanie w dalszej części
cz
odpowiedniej
analizie.
3.1. Blok obróbki wstępnej
Na etapie obróbki wstępnej następuje
puje proces przygotowania kolejnych klatek ses
kwencji wideo do dalszej analizy. Realizowane są następujące
nastę
operacje:
 skalowanie,
 tworzenie obrazu poziomów szarości,
 maskowanie.
Skalowanie wejściowego obrazu stanowi waŜny
ny aspekt funkcjonowania całego syssy
temu. Operacja ta pozwala bowiem znacząco
co zmniejszyć
zmniejszy ilość przetwarzanych danych
w dalszych etapach. Nie
ie wnosi przy tym istotnych zakłóceń
zakłóce w procesie analizy natęŜenia ruchu pieszych. Dodatkowo pozwala wyeliminować z analizowanych obrazów szumy.
Przeprowadzone badania pokazały, Ŝe dla scen takich jak zaprezentowana na rys. 3
(pierwszy obraz), dopiero zmniejszenie rozdzielczości
ści poniŜej
poni
100 pikseli w poziomie
(zachowującc proporcje oryginalnego obrazu) prowadziło do zauwaŜalnych
zauwa
błędów,
objawiających się znacznym zmniejszeniem obiektów zainteresowania. Pierwszy obraz
z rys. 3 został przeskalowany do rozdzielczości
ci kolejno: 640x480, 160x120, 80x60.
Elipsą zaznaczono obszar zainteresowania, na którym znajdują
znajduj się dwie osoby. Kolejne
obrazy z rys.3 pokazują ów powiększony
kszony wycinek dla kaŜdej
ka
z rozdzielczości (znorma-
Analiza natęŜenia ruchu osób na monitorowanych obszarach
143
lizowany do jednego rozmiaru). Widoczna
oczna jest utrata jakości,
jako
jednak sylwetki osób są
cały czas rozróŜnialne.
Rysunek 3. Przykładowa scena oraz fragmenty przedstawiające
przedstawiaj
zbliŜenie sceny w róŜnych
rozdzielczościach
Najlepszy stosunek przyśpieszenia obliczeń względem
wzglę
jakości uzyskiwanych rezultatów osiągnięto, gdy rozdzielczość pomniejszonego obrazu zawierała się
si w przedziale
od 100 do 160 pikseli. NaleŜy przy tym podkreślić,
ślić, Ŝe
Ŝ podane parametry dotyczą scen
takich jak ta, zaprezentowana na rys. 3. W zaleŜności
Ŝności od wysokości,
wysoko
na jakiej zamontowana jest kamera oraz jej ogniskowej moŜna
na uzyskać
uzyska duŜą róŜnorodność obrazów,
obejmujące róŜne pole widzenia.
Druga z operacji obróbki wstępnej - tworzenie obrazu poziomów szarości
szaro – przygotowuje obraz do postaci wymaganej przez blok detekcji osób.
osób
Operacja maskowania ma za zadanie eliminację nieistotnych obszarów w scenie.
Określenie obszarów, w których następuje
puje ruch ludzi jest na obecnym etapie działania
systemu wykonywane manualnie przez operatora, w momencie uruchamiania systemu.
Celem tej operacji
racji jest zamaskowanie obszarów, gdzie moŜe
mo pojawiać się dodatkowy
szum lub obszarów, gdzie ludzie nie mogą się poruszać
porusza (a gdzie np. pojawiają się ich
cienie). Przykład zaprezentowany został na rys. 4.
Rysunek 4. Idea maskowania obszaru zainteresowań
zainteresowa
W lewej części rys. 4 występuje
puje przykładowy obraz z kamery nad peronem. Na tym
obrazie okręgiem
giem zaznaczono obszar, gdzie pojawiają się cienie osób idących nad peronem na pomoście.
cie. Ustawienie obszaru zainteresowań w postaci prostokąta (prawy obraz
na rys. 4) pozwala ograniczyć obszar poszukiwań
ń tylko do istotnego fragmentu, gdzie
pojawiają się ludzie i nie ma dodatkowych szumów.
Na wyjściu bloku obróbki wstępnej znajdująą się:
się obraz poziomów szarości (obraz
GRAYi) oraz obraz barwny RGB (obraz RGBi)
144
Adam Nowosielski, Krzysztof Kłosowski
3.2. Blok detekcji osób
Zadaniem kolejnego bloku, zgodnie z jego nazwą, jest detekcja osób w sekwencji
przetworzonych kolejnych klatek. Sam proces detekcji opiera się o budowę i analizę
obrazu róŜnicowego.
3.2.1. Budowa obrazu róŜnicowego
Technika obrazu róŜnicowego polega na porównywaniu bieŜącego obrazu do obrazu
wzorca. W efekcie tworzony jest obraz róŜnicowy, prezentujący róŜnice pomiędzy
badanymi obrazami.
Istnieją dwie podstawowe metody budowy obrazu róŜnicowego: w oparciu o bazowy obraz referencyjny oraz w oparciu o obraz z poprzedniego ujęcia. Wadą pierwszego
rozwiązania jest pojawiający się szum, który jest wynikiem zmiany natęŜenia oświetlenia, drgań kamery, przemieszczających się cieni itp. Z kolei obraz róŜnicowy, powstający z porównywania z obrazem z poprzedniej klatki, zawiera w sobie tylko informacje
o elementach, gdzie występowała istotna róŜnica. Eliminuje się w duŜym stopniu szum,
jednakŜe powstają szczeliny, gdy porusza się obiekt o jednolitej barwie (zmiany wychwytywane są wówczas na obrazie róŜnicowym jedynie na brzegach obiektu). MoŜe to
powodować rozdzielanie elementu na dwie lub więcej części.
W opracowanym systemie postanowiono generować obraz róŜnicowy jako sumę
dwóch obrazów róŜnicowych tworzonych w oparciu o obie przedstawione powyŜej
metody. Takie podejście osłabia indywidualne wady kaŜdego z podejść. Przez zastosowanie sumowania, wzmacnia sie wartość tych punktów, dla których róŜnica między
zdjęciem referencyjnym a bieŜącym była znaczna. Natomiast szumy generowane przez
kaŜdą z metod są osłabiane (kaŜda z metod generuje inny rodzaj szumu). W otrzymanym obrazie róŜnicowym, zniwelowane są teŜ wady obu metod. Generowane przez
drugą metodę przerwy w obiektach są „łatane” przez pierwszą metodę. Opisaną sytuację
przedstawia obrazowo rys. 5. W górnym wierszu znajdują się kolejno obrazy: bazowy,
z poprzedniej klatki i bieŜący. Dolny wiersz przedstawia kolejno obrazy róŜnicowe
uzyskane na podstawie: obrazu referencyjnego, obrazu z poprzedniej klatki i ostatni,
uzyskany jako połączenie obrazów róŜnicowych.
NaleŜy w tym miejscu podkreślić, Ŝe wprowadzając wagi do operacji tworzenia
wspólnego obrazu referencyjnego moŜna osłabić lub wzmocnić wpływ kaŜdego ze
składników. MoŜe to być konieczne, jeŜeli chociaŜby odstępy czasowe pomiędzy kolejnymi obrazami sekwencji będą zbyt długie.
3.2.2. Analiza obrazu róŜnicowego
Analiza obrazu róŜnicowego w prezentowanym systemie składa się z trzech kroków:
progowania, filtracji oraz indeksowania.
Zadaniem progowania jest takie przetworzenie obrazu róŜnicowego, aby wydobyć
istotne zmiany źródłowej sceny. Wybór progu odgrywa tu bardzo waŜną rolę, poniewaŜ
zbyt niski – spowodowuje wydobycie zarówno poruszających się obiektów jak i szumu,
zbyt wysoki – doprowadzi do podziału obiektów lub ich całkowitej eliminacji. Przykład
progowania obrazu róŜnicowego z róŜnymi wartościami progu przedstawiono na rys. 6.
Wynikiem jest obraz binarny.
145
Analiza natęŜenia ruchu osób na monitorowanych obszarach
a)
b)
c)
d)
e)
f)
Rysunek 5. Tworzenie obrazu róŜnicowego przez system: a) obraz referencyjny, b) obraz z poprzedniej klatki, c) obraz bieŜący, d) obraz róŜnicowy uzyskany na podstawie obrazu referencyjnego, e) obraz róŜnicowy uzyskany na podstawie obrazu z poprzedniej klatki, f) wynikowy obraz
róŜnicowy
Przeprowadzone eksperymenty na róŜnych scenach, w róŜnych warunkach oświetleniowych pokazały, Ŝe wartość progowa powinna być ustalana indywidualnie dla kaŜdej
sceny, obserwowanej przez konkretną kamerę. MoŜna rozwaŜać tutaj próbę zautomatyzowania tego procesu, jednakŜe na obecnym etapie prac takich działań nie podejmowano.
a)
b)
c)
d)
e)
Rysunek 6. Progowanie obrazu róŜnicowego; a) obraz róŜnicowy; obrazy binarne po progowaniu
z wartością b) 135; c) 55; d) 20; e) 5
146
Adam Nowosielski, Krzysztof Kłosowski
Pomimo zastosowania w systemie odpowiedniej wartości progowej, na obrazie wynikowym moŜe wystąpić szereg problemów: szum w postaci pojedynczych pikseli lub
ich niewielkich grup, rozdzielanie pojedynczych osób, łączenie grupy osób w jeden
wspólny obiekt. Przeprowadzono szereg prób wyeliminowania tych wad za pomocą
filtracji obrazu binarnego. Najlepsze rezultaty uzyskiwano stosując operację erozji
z małym elementem strukturalnym (przetwarzane w systemie są przeskalowane obrazy).
Operacja erozji usuwa skupiska pikseli o wielkości mniejszej niŜ element strukturalny.
MoŜe doprowadzić do rozłączania elementów stykających się. Cecha ta w zaleŜności od
ukształtowania obiektów po procesie progowania moŜe być korzystna lub nie. Zaletą
gdy rozdziela stykające się obiekty, a wadą gdy dzieli obiekt na mniejsze elementy.
Ostatni z etapów analizy obrazu róŜnicowego to indeksacja obszarów połączonych
komponentów, odpowiadających (z wyjątkami) przemieszczającym się osobom. Obrazy
binarne po procesie progowania i filtracji w wielu przypadkach zawierają obiekty za
małe, zwykle powstałe z rozpadu większych obiektów. Aby uniknąć ich indeksacji
przeprowadzany jest proces eliminacji. Obiekt, w zaleŜności od wielkości i rozpiętości
oraz odległości od pozostałych obiektów, moŜe zostać zaliczony do: usunięcia, przyłączenia, dodania.
Wynikiem bloku detekcji osób jest macierz, w której poszczególne komórki odpowiadają kolejnym pikselom obrazu. W komórkach tej macierzy, obszary połączonych
komponentów są oznaczone kolejnymi liczbami całkowitymi.
3.3. Blok śledzenia osób i ekstraktor cech
W celu realizacji zadania analizy natęŜenia ruchu osób na monitorowanych obszarach niezbędne jest określenie mechanizmu śledzenia osób. W literaturze tematu mechanizmy wykorzystujące ruch, model lub ich kombinacje uŜywane są do szacowania
(przewidywania) połoŜenia obiektu w kolejnej klatce, na podstawie klatki bieŜącej
i poprzednich. W pracy zastosowano podejście, w którym dokonuje się próby przyporządkowania osób z ujęcia bieŜącego do ich odpowiedników z ujęć poprzednich.
JeŜeli śledzony obiekt w przetworzonej bieŜącej klatce róŜnicowej Di ograniczony
jest prostokątnym obszarem: x1 ≤ x ≤ x2 i y1 ≤ y ≤ y2 , wówczas momenty zerowego
i pierwszego rzędu dane są wzorami:
M 00 =
M 10 =
M 01 =
x2
y2
∑ ∑ D ( x, y ) ,
x = x1 y = y1
x2
i
y2
∑ ∑ xD ( x, y) ,
x = x1 y = y1
x2
(1)
i
(2)
y2
∑ ∑ yD ( x, y ) .
x = x1 y = y1
i
(3)
Centroid śledzonego obiektu obliczyć wtedy moŜna następująco:
xc =
M 10
M
, yc = 01 .
M 00
M 00
(4)
Analiza natęŜenia ruchu osób na monitorowanych obszarach
147
Informacja o centrum obiektu stanowi pierwszy czynnik przy przyporządkowywaniu
obiektów wykrytych w bieŜącej klatce Di, do obiektów wykrytych w klatce poprzedniej
Di-1. JeŜeli w poprzedniej klatce znajduje się kilka obiektów o centroidach bliskich
badanemu obiektowi (z bieŜącej klatki) wówczas spośród nich wybierany jest najbardziej podobny.
Podobieństwo określane jest na podstawie informacji o kolorze. Z barwnej klatki
RGBi (nieprzetworzonej) wybierany jest wycinek x1 ≤ x ≤ x2 i y1 ≤ y ≤ y2 odpowiadający śledzonemu obiektowi. Dla tego wycinka liczony jest histogram o grubej dyskretyzacji z parametrem BIN = 8 według wzoru (dla kaŜdego kanału R, G i B osobno):
H RBIN ( b ) =
 256 
b
 −1
 BIN 
∑
j = ( b −1)
H R ( j) ,
(5)
HG ( j) ,
(6)
H B ( j) ,
(7)
256
BIN
 256 
b
 −1
 BIN 
H
BIN
G
(b) = ∑
j = ( b −1)
256
BIN
 256 
b
 −1
 BIN 
H
BIN
B
(b) = ∑
256
j = ( b −1)
BIN
gdzie: HR(j), HG(j), HB(j ) – oznaczają liczbę pikseli w danym kanale (R, G i B) o danej
intensywności j = 0, 1, …, 255 dla danego wycinka; b = 1, 2, …, BIN.
Budując histogramy dla kaŜdej składowej barwnej z parametrem BIN = 8, uzyskać
moŜna 24 elementowy wektor cech dla kaŜdej ze śledzonych osób
X = ( H RBIN , H GBIN , H BBIN ) . W procesie porównywania dwóch wektorów cech wykorzystywana jest miara odległości euklidesowej.
Ekstrakcja cech za pomocą histogramu nie jest skomplikowana, pozwala na szybką
realizację zadania w praktyce. Główna wada metody rozpoznawania obrazów na podstawie histogramu polega na utracie informacji przestrzennej. Okazuje się, Ŝe przy realizowanym zadaniu, cecha ta jest niezwykle korzystna. Kształt poruszających się ludzi
widzianych z góry ulega bowiem ciągłym deformacjom. Informacja o kolorze charakteryzuje się w tym względzie duŜo wyŜszą stabilnością. Potwierdziły to badania praktyczne na rzeczywistych sekwencjach.
Aby wykonać prawidłowe zliczanie osób wraz z uwzględnieniem kierunku ich
przemieszczania się, na scenie zostało rozmieszczonych 8 wirtualnych bramek. Zadaniem tych bramek jest podział sceny na sektory.
3.4. Generator statystyk
Zadaniem generatora statystyk jest zbieranie informacji o natęŜeniu ruchu osób na
monitorowanych obszarach oraz przygotowywanie tej informacji w graficznej formie
umoŜliwiającej jej dalszą analizę przez zainteresowane podmioty (np. kierownictwo
hipermarketu).
148
Adam Nowosielski, Krzysztof Kłosowski
W systemie generowane są dwa rodzaje statystyk: bieŜąca i historyczna. Pierwszy
rodzaj statystyk generowany jest w czasie rzeczywistym i opisuje liczbę obiektów znajdujących się w danej chwili na scenie – jest to bieŜące natęŜenie ruchu osób. Realizowane jest poprzez zliczanie wszystkich zindeksowanych i przyrównanych obiektów
jakie znajdują się w obrazie.
Drugi rodzaj statystyk związany jest z ujęciem badanej sceny w zadanym oknie czasowym. Przedstawia rozkład natęŜenia poruszających się osób w określonym czasie
z podziałem na dwa kierunki ruchu: góra i dół (odpowiednio: lewy i prawy).
4. Działanie systemu
Wymierną ocenę dowolnego systemu rozpoznawania obrazów (a z takim systemem
mamy do czynienia tutaj) moŜna otrzymać przeprowadzając odpowiednie testy na
wzorcowych bazach i wyznaczając odpowiednie wskaźniki. O ile istnieje ogromna
liczba benchmarkowych baz danych dla popularnych i szeroko podejmowanych problemów (np. rozpoznawanie twarzy), to w przypadku nowatorskich rozwiązań i mało
popularnych problemów, takich baz nie ma lub istnieją nieliczne, często z ograniczonym dostępem. DuŜym problemem jest wówczas porównywanie metod pomiędzy sobą
[3].
W związku z powyŜszym, w celu weryfikacji stworzonego systemu przygotowano
autorskie sekwencje, na których rejestrowany był ruch osób. Sceny rejestrowane były w
dwóch róŜnych lokalizacjach o róŜnym natęŜeniu ruchu. Jedne ujęcia kręcone były dla
ruchu poziomego, drugie dla pionowego. Czas trwania poszczególnych sekwencji wynosi kilka minut.
W przypadku pierwszej grupy sekwencji ruch osób odbywa się w kierunku poziomym. Przykład zawarty został na rys. 7. W lewej części występują dwie przykładowe
klatki sekwencji. Po prawej stronie zawarto statystyki generowane przez system, prezentowane w formie wykresu. Przy czym, wykres górny prezentuje całkowitą liczbę
rejestrowanych osób, natomiast wykresy dolne liczbę osób poruszających się w kaŜdym
kierunku. Fragment analizy przytoczony na górnym wykresie pokazuje, Ŝe przez scenę
przewijała się co chwilę jakaś osoba. W pewnym momencie występuje pik, który oznacza, Ŝe na scenie pojawiła się kolejna osoba, gdy juŜ jakaś była obecna (zarejestrowana). Z dolnych wykresów odczytać moŜna, Ŝe w momencie wystąpienia piku osoba
poruszająca się w lewo schodziła ze sceny, natomiast osoba pojawiająca się, podąŜała
w prawą stronę. Oba schodki zazębiają się, stąd na górnym wykresie występuje pik –
przez krótki moment na scenie znajdują się dwie osoby.
W przytoczonej sekwencji natęŜenie osób było niezbyt wysokie (maksymalnie dwie
osoby, na co miało wpływ odpowiednie wykadrowanie sceny w kadrze). Skuteczność
działania opracowanego systemu w takich warunkach dla róŜnych, kilkuminutowych
sekwencji była stuprocentowa.
W przypadku drugiego rodzaju sekwencji (przykład na rys. 8) uzyskano gorsze rezultaty. W scenach tego rodzaju rejestrowano duŜo większe natęŜenie ruchu pieszych.
Jednak nie to było główną przyczyną utraty skuteczności zliczania osób. NaleŜy zauwaŜyć, Ŝe w sekwencji tej umieszczenie kamery nie spełnia postawionych załoŜeń. Scena
rejestrowana jest pod znacznym kątem, osoby nie są widoczne z góry, lecz z ukosa.
Widoczne są ich sylwetki. W takich warunkach dochodzi do przesłonięć obiektów, ich
Analiza natęŜenia ruchu osób na monitorowanych obszarach
149
scalania w obrazie róŜnicowym,
nicowym, na co opracowany algorytm nie został przygotowany.
Z tego powodu rezultat na poziomie 60% skuteczności
skutecznoś naleŜy uznać tutaj za sukces.
Rysunek 7. Pierwszy rodzaj sekwencji oraz rezultat działania systemu
Rysunek 8. Drugi rodzaj sekwencji
encji oraz rezultat działania systemu
150
Adam Nowosielski, Krzysztof Kłosowski
5. Zakończenie
W artykule przedstawiono problem analizy natęŜenia ruchu osób na monitorowanych obszarach. Pokazano przy tym, Ŝe tradycyjny system monitoringu, który mógłby
stanowić źródło sekwencji wideo do systemu analizującego natęŜenie, niekoniecznie
spełnia wymagane kryteria jakości obrazów. Podobna sytuacja występuje w przypadku
systemów rozpoznawania twarzy. Zarówno w jednym jak i w drugim przypadku wymagane są inne kąty obserwacji. W związku z powyŜszym, w artykule opracowano metodę
zliczania dwukierunkowego ruchu ludzi na podstawie kamery instalowanej bezpośrednio nad obserwowaną sceną, skierowaną w dół.
Przeprowadzone eksperymenty pokazały skuteczność działania systemu. Pokazano
przy tym praktyczne moŜliwości wykorzystania systemu.
Na zakończenie naleŜy zauwaŜyć, Ŝe w obecnym stadium rozwoju system zlicza
wszystkie poruszające się obiekty. W sytuacji kiedy przez scenę przebiegnie pies, zostanie on faktycznie uwzględniony w końcowych statystykach. Czy istnieje rozwiązanie
tego problemu? Pomocny moŜe okazać się lepszy ekstraktor cech oraz przygotowana
baza ludzkich sylwetek widzianych z góry „okiem” kamery.
Bibliografia
[1] Woodward Jr. J. D., Horn Ch., Gatune J., Thomas A. Biometrics A Look at Facial
Recognition. Prepared for the Virginia State Crime Commission. RAND Public
Safety and Justice. 32 s., 2003
[2] Pentland A., Choudbury T. Face Recognition for Smart Environments. IEEE
Computer 33(2), 50–55, 2000
[3] Wang J. J., Singh S. Video analysis of human dynamics – a survey. Real-Time
Imaging 9(5), 321-346, 2003
[4] Yokoyama M., Poggio T. A Contour-Based Moving Object Detection and Tracking. Proceedings of the 14th International Conference on Computer Communications and Networks, 271-276, 2005
[5] Yang M., Kriegman D., Ahuja N. Detecting Faces in Images: A Survey. IEEE
Transactions on Pattern Analysis and Machine Intelligence 24(1), 34-58, 2002
[6] Kruegle H. CCTV Surveillance, Second Edition: Video Practices and Technology.
Butterworth-Heinemann, 672 s., 2006
[7] Kukharev G., Kuźmiński A. Techniki Biometryczne. Część 1. Metody Rozpoznawania Twarzy. Pracownia Poligraficzna WI PS, 310 s., Szczecin, 2003
[8] Nowosielski A. Identyfikacja człowieka na podstawie zestawu obrazów twarzy
pochodzących z sekwencji video. Metody Informatyki Stosowanej, Tom 13, Nr
1/2008, 113-125, 2008
Modelling and analysis of two-server networks
with finite capacity buffers and blocking
Walenty Oniszczuk
Bialystok Technical University, Faculty of Computer Science
Abstract:
The study presented in this paper is motivated by the performance analysis of two-server
networks with blocking. This model is based on the performance of the Markovian threenode queuing network with finite capacity buffers, for which new and practical results are
provided. Here, a two-dimensional state graph is constructed and set of steady-state
equations is created. These equations allow for calculating state probabilities for each
graph state. The results of investigation allow the definition of the region where the model
is useful and where the desired QoS is satisfied.
Keywords:
Two-server computer network with blocking, Quality-of-Service (QoS), Markovian exact
algorithm
1. Introduction
Queuing network models have been widely applied as a powerful tool for modelling,
performance evaluation of discrete flow system, such as computer and communication
networks, computer systems and production lines. Finite buffer queues and blocking
have been introduced and applied as more realistic models of systems with finite capacity resources. The main aim of this paper is to formulate such a model and examine the
queuing behaviour under blocking mechanism. To facilitate this aim, we study a Markovian queue network with a single server for each node and finite capacity buffers.
Classical queuing theory provides a conventional framework for formulating and solving the queuing network models (QNMs) with blocking. The variability of interarrival
and service times of jobs can be modelled by probability distributions.
Exact and approximate analytical methods have been proposed in the literature for
solving equations described system performance [1, 9, 10]. These techniques led to
efficient computation algorithms for analysis QNMs. However, there are still many
important and interesting finite capacity queues under various blocking mechanisms and
synchronization constraints to be analyzed [2-8].
2. The network model
Let us consider an open queuing model with blocking, with a single job class and
three nodes: a source station, a main server A and an additional server B (see Fig. 1).
152
Walenty Oniszczuk
Main server A
Source
∞
λ
m1
µ
A
m2
σ
1−σ
µB
Additional server B
Figure 1. Two-server network model
External jobs arrive at the server A according to a Poisson process with rate λ from
the source station. After service completion at the server A, the job proceeds to the
server B with probability 1 – σ, and with probability σ the job departs from the network.
Jobs leaving the server B are always fed back to the server A. The service times at each
server are exponentially distributed with rate µA and µB, respectively. The successive
service times at both servers to be mutually independent and independent of the state of
the network. A finite capacity buffer (with capacity m1 and m2) is allowed at the front
of each server. A job upon service completion at server A attempts with probability 1 –
σ to join server B. If server B at such epoch is full, then the first server must hold the
completed job and becomes blocked (i.e., not available for service on incoming jobs)
until the second server completes service. The nature of the service process in this case
depends only of the service rates in station B. It allows one to treat this job as located in
additional places in the buffer B. Similarly, if the first buffer (with capacity m1) ahead
of the first station is full, then the source station or the server B is blocked. In this case,
the nature of the service process depends only of the service rates in station A and we
can treat these jobs as located in additional places in the buffer A. There can be a maximum of m1+3 jobs assigned to the first servicing station including the jobs in the source
and server B that can be blocked. Similarly, there can be a maximum of m2+2 jobs
assigned to station B with a job blocked in server A (see Figure 2).
In this special type of multistage network with blocking a deadlock may occur. For
example, let us suppose that server A is full and server B blocks it. A deadlock will
occur if the job in service at server B must be sent to server A upon completion of its
service. We assume that a deadlock is detected instantaneously and resolved without
any delay time by exchanging all the blocked jobs simultaneously. Generally, blocking
phenomena is the very important mechanism for controlling and regulation the intensity
of an arriving jobs stream, which comes from the source station to the servicing stations. The arrival rate to the first server depends on the state of the network and blocking factor reduces the rate at which source is sending traffic to this server.
Modelling and analysis of two-server networks with finite capacity buffers and blocking
153
3. Performance analysis
The queuing network model described in Section 2 is a continuous-time homogeneous Markov chain. The queuing network model reaches a steady-state condition and the
underlying Markov chain has a stationary state distribution. The underlying Markov
process of a queuing network with finite capacity queues has finite state space. In this
class of network we may denote the state of the network by the pair (i,j), where i represents the number of jobs in server A and j denotes the number in server B (including the
jobs in service or in blocking). For any nonnegative integer values of i and j, (i,j) represents a feasible state of this queuing network, and pi,j denotes the probability for that
state in equilibrium. These states and the possible transitions among them are shown in
Figure 2. The flux into a state of the model is just given by all arrows into the corresponding state, and the flux out of the state is determined from the set of all outgoing
arrows from the state. The arrows indicate the only transitions that are possible for this
model. Transitions from top to bottom represent a change of state due to an arrival from
the source station. Diagonal transitions from left to right or from right to left represent a
change of state due to a job completing service at server A or at server B. Finally, transitions indicated by bottom to top arrows represent a change of state due to departures
from the network. This occurs at rate µAσ. The state diagram of the blocking network
(see Fig. 2) contains all possible non-blocked states (marked by ellipse) as well as the
blocking states (marked by rectangle). The number of states in the blocking network is
the sum of all possible non-blocking states plus all the blocking states:
(m2+2)(m1+3)+m1+2+m2+1. Based on an analysis the state space diagram, the process of constructing the steady-state equations in the Markov model, can be divided into
several independent steps, which describe some similar, repeatable schemas. These
steady-state equations for the non-blocking states are:
λ · p0,0 = µAσ · p1,0
for j = 1, ..., m2+1
(λ + µB) · p0,j = µA(1-σ) - p1,j-1 + µAσ · p1,j
(λ + µAσ + µA(1-σ)) · pi,0 =
λ · pi-1,0 + µ B · pi-1,1 + µAσ · pi+1,0
for i = 1, ..., m1
A
(λ + µ σ + µA(1-σ) + µ B) · pi,j = λ · pi-1,j + µ B · pi-1,j+1 + µAσ · pi+1,j +
+ µA(1-σ) · pi+1,j-1
for i = 1, ..., m1, j = 1, ..., m2+1
A
A
(λ + µ σ + µ (1-σ)) · pm1+1,0 =
λ · pm1,0 + µ B · pm1,1 + µAσ · pm1+2,0 + µAσ · pm1+3,0
(λ + µAσ + µA(1-σ) + µ B) · pm1+1,j = λ · pm1,j + µ B · pm1,j+1 + µAσ · pm1+2,j +
+ µAσ · pm1+3,j + µA(1-σ) · pm1+3,j-1
for j=1,...,m2
(λ + µAσ + µA(1-σ) + µ B) · pm1+1,m2+1 = λ · pm1,m2+1 + µ B · pm1,m2+2 +
+ µAσ · pm1+2,m2+1 + µA(1-σ) · pm1+3,m2
(1)
154
Walenty Oniszczuk
Figure 2. States and transition diagram for a two-server network with blocking
Modelling and analysis of two-server networks with finite capacity buffers and blocking
155
For states with blocking the equations are:
(λ + µB) · p0,m2+2 = µA(1-σ) · p1,m2+1
(λ + µ B) · pi,m2+2 = λ · pi-1,m2+2 + µA(1-σ) · pi+1,m2+1
µ B · pm1+1,m2+2 = λ · pm1,m2+2 + µA(1-σ) · pm1+2,m2+1
(µAσ + µA(1-σ)) · pm1+2,j = λ · pm1+1,j
(µAσ + µA(1-σ)) · pm1+2,m2+1 = λ · pm1+1,m2+1 + µ B · pm1+1,m2+2
(µAσ + µA(1-σ)) · pm1+3,j = µ B · pm1+1,j+1 (server B blocking)
for i = 1, ... , m1
for j = 0, ... , m2
(2)
for j = 0, ... , m2
Here, a queuing network with blocking, under appropriate assumptions, is formulated as a Markov process and the stationary probability vector can be obtained using
numerical methods for linear systems of equations [10]. The generation of the rate matrix Q can now be accomplished by going through the list of states and generating all
the feasible transitions out of each state and the associated rate of transition. For homogeneous Markov processes in steady state, we simply have:
xQ = 0
(3)
where x is the stationary probability vector whose l-th element xl is the steady-state
probability that the system is in state l. Vector x can be obtained from (3) and the normalizing condition for all network states ∑ xl = 1 , using equation-solving techniques.
4. Performance measures
The procedures for calculating the main measures and the quality of service (QoS)
parameters use the steady-state probabilities in the following manner:
1. The average number of blocked jobs in the source node:
n blS =
2.
+ 1 ⋅ p m1+1,m 2 + 2
(4)
m1+1
∑ 1 ⋅ pi ,m 2+ 2
(5)
i =0
m2
∑ 1 ⋅ p m 1+ 3 , j
(6)
j =0
The average number of active (non-blocked) jobs in server A:
lA =
5.
j =0
The average number of blocked jobs in server B:
n blB =
4.
∑ 1 ⋅ p m 1+ 2 , j
The average number of blocked jobs in server A:
nblA =
3.
m 2 +1
m 1+ 2 m 2 + 1
∑ ∑ 1 ⋅ pi , j
i =1
j =0
+
m2
∑ 1 ⋅ p m 1+ 3 , j
(7)
j =0
The average number of active (non-blocked) jobs in server B:
lB =
m 1+ 2 m 2 + 1
∑ ∑ 1 ⋅ pi , j
i =0
j =1
+
m 1+ 1
∑ 1 ⋅ pi ,m 2 + 2
i =0
(8)
156
Walenty Oniszczuk
6. The average number of jobs in the first buffer vA :
vA =
+
7.
m1+ 1 m 2 + 1
m 2 +1
i =2
j =0
i =1
j =0
(9)
m2
∑ m1 ⋅ p m1+3 , j + m1 ⋅ p m1+1,m2 + 2
j =0
The average number of jobs in the second buffer vB :
vB =
8.
m1
∑ ∑ ( i − 1 ) ⋅ p i , j + ∑ i ⋅ p i ,m 2 + 2 + ∑ m1 ⋅ p m1+ 2 , j
m 1+ 2 m 2 + 1
∑ ∑ ( j − 1 ) ⋅ pi , j
i =0
j =2
+
m 1+ 1
∑ m 2 ⋅ p i ,m 2 + 2
i =0
+
m2
∑ ( j − 1 ) ⋅ p m 1+ 3 , j
(10)
j =2
The mean blocking time in source node:
1
t blS = nblS ⋅ A
(11)
The mean blocking times in server A:
1
t blA = n blA ⋅ B
(12)
10. The mean blocking times in server B:
1
t blB = n blB ⋅ A
(13)
11. The mean waiting time in the buffer A:
1
w A = v A ⋅ ( A + t blA )
(14)
12. The mean waiting time in the buffer B:
1
wB = v B ⋅ ( B + t blB )
(15)
13. The mean response time of jobs at the server A:
1
q A = w A + A + t blA
(16)
14. The mean response time of jobs at the server B:
1
q B = w B + B + t blA
(17)
15. The mean overall network response time of a job:
1
1
1−σ
t res = + t blS + ⋅ q A +
⋅ qB
(18)
µ
9.
µ
µ
µ
µ
µ
µ
λ
σ
σ
where 1/σ and (1- σ)/ σ are the number of visits of a job to the server A and B respectively (simply obtained from the traffic equations – see Fig.1).
16. Servers A and B utilization parameters:
ρA = lA + nblA and
ρB = lB + nblB
(19)
157
Modelling and analysis of two-server networks with finite capacity buffers and blocking
17. Source node blocking probability pblS :
p blS =
m 2 +1
∑ p m1+ 2 , j + p m1+1,m 2 + 2
(20)
j =0
18. Server A blocking probability pblA :
p blA =
m1+1
∑ pi ,m2+ 2
(21)
i =0
19. Server B blocking probability pblB :
p blB =
m2
∑ p m1+ 3, j
(22)
j =0
20. The effective input rate (intensity):
1
λ eff =
1
+ t blS
(23)
λ
5. Numerical results
In this section, we present numerical results of the network with blocking that illustrate the qualitative analysis of the previous sections. To demonstrate this, the following
configuration was chosen: the inter-arrival rate λ from the source station to server A is
changed within a range from 0.5 to 5.0. The service rates in server A and server B are
equal to: µA = 1.2, µB = 3.0. The depart probability σ is chosen as 0.3 and the buffer
capacities are equal to: m1 = 4, m2 = 5.
For this model with blocking, the following results were obtained; the majority of
them are presented in Figure 3 and Table 1.
Measures of effectiveness(1)
1,2
Results
1
blA-pr
0,8
blS-pr
blB-pr
0,6
lam-eff
0,4
util-A
0,2
util-B
0
0
0,5
1
1,5
2
2,5
3
3,5
4
4,5
5
5,5
Input stream intensities
Figure 3. Graphs of QoS parameters, where, blA-pr is the server A blocking probability, blS-pr is
the source station blocking probability, blB-pr is the server B blocking probability, lam-eff is the
effective input rate and util-A and util-B are server utilization coefficients.
158
Walenty Oniszczuk
Table 1. The measures of effectiveness
λ
wA
wB
tblA
tblS
tres
tblB
0.5
1.651 0.030
0.000
0.048
11.259
0.036
1.0
3.217 1.485
0.018
0.269
19.760
0.294
1.5
3.439 2.260
0.037
0.430
22.119
0.260
2.0
3.495 2.310
0.046
0.518
22.253
0.209
2.5
3.524 2.268
0.051
0.574
22.143
0.174
3.0
3.542 2.214
0.054
0.612
22.005
0.143
3.5
3.555 2.165
0.057
0.641
21.877
0.131
4.0
3.564 2.122
0.059
0.662
21.766
0.117
4.5
3.571 2.085
0.060
0.679
21.672
0.105
5.0
3.576 2.054
0.062
0.693
21.590
0.096
For the second group of experiments the following parameters were chosen: the
service rates in station A and station B are equal to µ1 A = 4.6, µ B = 2.7. The interarrival rate λ from the source station to station A is 2.4. The feedback probability 1-σ is
changed within a range from 0.1 to 0.9 (with step 0.1). Buffer capacities are: m1 = 3
and m2 is changed within the range from 1 to 9 (with step 1). For this model the following results were obtained and the majority of them are presented in Table 2 and Fig. 4.
Table 2. The measures of effectiveness
m2
1-σ
vA
vB
lA
lB
ρA
1
0.1
0.525
0.008
0.556
0.093
0.557
2
0.2
0.636
0.048
0.605
0.202
0.607
3
0.3
0.781
0.157
0.660
0.333
0.662
4
0.4
0.983
0.452
0.716
0.491
0.725
5
0.5
1.363
1.463
0.756
0.689
0.808
6
0.6
2.347
4.777
0.661
0.891
0.950
7
0.7
2.802
6.719
0.539
0.932
0.993
8
0.8
2.942
7.905
0.464
0.955
0.999
9
0.9
2.989
8.969
0.411
0.978
1.000
Modelling and analysis of two-server networks with finite capacity buffers and blocking
159
Measures of effectiveness(2)
Results
1,2
1
blA-pr
0,8
blS-pr
0,6
blB-pr
util-A
0,4
util-B
0,2
0
0
1
2
3
4
5
6
Buffer m2 capacity
7
8
9
10
Figure 4. Graphs of QoS parameters, where, blA-pr is the server A blocking probability, blS-pr is
the source station blocking probability, blB-pr is the server B blocking probability and util-A and
util-B are server utilization coefficients.
The results of the experiment clearly show that the effect of the blocking is the very
important mechanism for controlling and regulation the intensity of an arriving jobs
stream. As noted above, feedback probability 1-σ and blocking factor considerably
change the performance measures in such networks. Figures 3-4 and Tables 1-2 illustrate dependencies of measures of effectiveness and QoS parameters on the blocking
mechanism and on the feedback probability.
6. Conclusions
In this paper, we investigated the problem of analytical (mathematical) modelling
and calculation of the stationary state probabilities for a two-server computer network
with blocking. We have developed an analytical, queuing-base model for the blocking
characteristics in this kind of network. Fundamental performance characteristics and
stations blocking probabilities of such network were derived, followed by numerical
examples. The results confirm importance of a special treatment for the models with
blocking and feedback, which justifies this research. The results can be used for capacity planning and performance evaluation of real-time computer networks where blocking and feedback are presented. Moreover, this proposal is useful in designing buffer
sizes or channel capacities for a given blocking probability requirement constraint.
Acknowledgements:
This work is supported by the Bialystok Technical University S/WI/5/08 grant.
160
Walenty Oniszczuk
References
[1] Balsamo S., de Nito Persone V., Onvural R. Analysis of Queueing Networks with
Blocking. Kluwer Academic Publishers, 2001.
[2] Balsamo S., de Nito Persone V., Inverardi P. A review on queueing network models
with finite capacity queues for software architectures performance predication.
Performance Evaluation, No 51(2-4), 2003, pp. 269-288.
[3] Badrah A., et al. Performance evaluation of multistage interconnection networks
with blocking – discrete and continuous time Markov models. Archiwum Informatyki Teoretycznej i Stosowanej, No 14(2), 2002, pp. 145-162.
[4] Boucherie R.J., van Dijk N.M. On the arrival theorem for product form queueing
networks with blocking, Performance Evaluation , No 29(3), 1997, pp. 155-176.
[5] Economou A., Fakinos D. Product form stationary distributions for queueing networks
with blocking and rerouting. Queueing Systems, No 30(3/4), 1998, pp.
251-260.
[6] Gomez-Corral A., Martos M.E. Performance of two-stage tandem queues with
blocking: The impact of several flows of signals. Performance Evaluation, No 63,
2006, pp. 910-938.
[7] Mei van der R.D. et al. Response times in a two-node queueing network with feedback. Performance Evaluation, No 49, 2002, pp. 99-110.
[8] Oniszczuk W. Analysis of an Open Linked Series Three-Station Network with
Blocking. In: Pejaś, J., Saeed K. (eds) Advances in Information Processing and Protection, Springer Science+Business Media, LLC, 2007, pp. 419-429.
[9] Perros H.G. Queuing Networks with Blocking. Exact and Approximate Solution.
Oxford University Press, 1994.
[10] Stewart W. J. Introduction to the Numerical Solution of Markov Chains. Princeton
University Press, 1994.
Directed threshold signcryption scheme from bilinear
pairing under sole control of designated signcrypter
Jerzy Pejaś
Faculty of Computer Science and Information Technology,
Szczecin University of Technology
Abstract:
The paper presents a new ID-based directed threshold signcryption scheme derived from
a bilinear pairing and a gap Diffie-Hellman groups. This scheme (called ID-DTS-DS)
combines the functionalities of signature and encryption and allows a designated
signcrypter to prepare an encrypted and a signed message in cooperation of an
authorized subset of shareholders being in a possession of the shares related to a
signcrypter’s private key. Furthermore, our scheme guarantees that an encryption and a
signature process can be successfully finished only under a signcrypter’s sole control. We
analyze the security of the ID-DTS-DS scheme and show its correctness, verifiable
directedness, public non-repudiation verifiability, confidentiality and unforgeability.
Keywords:
Bilinear pairing, signcryption scheme, ID-based signatures, directed signature scheme.
1. Introduction
European Union Directive on electronic signature [[24]] defines the legal framework
for usage of the electronic signature. This framework describes the conditions under
which an electronic signature can be regarded as legally equivalent to handwritten signature. The most important is one of them: an electronic signature should be created using
a secure-signature-creation system that the signatory can maintain under his sole control.
This requirement means that both in private and in public environments a signatory
must protect his or her private key against its unauthorized usage. Of course, the protection of the signing process is crucial issue in public and distributed environment where
some components of a secure-signature-creation system are located in different places
(see W. Chocianowicz, et al. [[25]]).
Other problems concern different security expectations of a signatory and a message
receiver, respectively. A signatory usually is signing some document having given receiver in his/her mind. For example this is the case when two parties are going to enter
into an agreement and the signatory wants to sign this agreement with particular wellknown receiver. On other side, in many practical cases a receiver of signed document
wants the third party to know nothing on the origin and validity of the signed message
without the help of the signatory or the designated verifier (some examples are signatures on medical records, tax information or messages of routing protocols). The signa-
162
Jerzy Pejaś
tures meet such requirements are called directed signatures and have been first proposed
by C. H. Lim, P.J. Lee [[1]].
Due to the directed signatures properties only the designated verifier can be convinced that the signature actually comes from a proper signer. However, in the case
when the dispute between a signatory and a verifier rises, both the signatory and the
designated verifier in a directed signature scheme can prove to a third party that the
signature is valid (see R. Lu, at el. [[2]]).
A directed signature scheme ensures authenticity and non-repudiation of message,
but in many situations we want to enjoy also confidentiality of signed message. In
another words, we need to achieve these features simultaneously. A traditional approach
to achieve this objective is to “sign-then-encrypt” the message, or employing special
cryptographic schemes otherwise. In 1997, Yuliang Zheng proposed a novel public key
cryptographic primitive that combines encryption and signing in one step at a lower
computational cost, which is called signcryption (Y. Zheng [[3]]). Y. Zheng claimed
that the schemes provide data integrity, confidentiality and non-repudiation. But the
achieving of the non-repudiation for signcryption is not trivial task. The reason is simple: the signcrypted message is “encrypted”.
The solution of a signcryption non-repudiation problem gives, for example,
J. Malone-Lee (J. Malone-Lee [[4]]). His non-interactive scheme seems to be more
attractive for the solution of a signcryption non-repudiation problem. Simply, a
signcrypted message is always containing a non-repudiation evidence – we need extract
it only from there and deliver to the third party for verification in the case when some
dispute a rising.
Directed signature non-repudiation causes difficulties like for signcryption schemas.
However, now the signature receiver is able to prove the validity of the signature to any
third party without disclosure his/her private signing key. Some examples of such
schemes are presented in the papers of R. Lu et al. [[2]] and M. Kumar [[5]].
The current work is the extended and modified version of the article [[26]], which
contains some proposal for combining a directed signature scheme and a signcryption
scheme. We believe that due to special form of the proposed signcryption schema (IDDTS-DS), a signing process can be under sole control of a designated signcrypter. This
special form is based on a three basic building blocks: a verified Shamir’s secret sharing
scheme (R. Lu at el. [[2]], A. Shamir [[6]]), a concept of ID-based system (A. Shamir
[[7]], D. Boneh, M. Franklin [[8]]) and a bilinear pairing (A. Joux, K. Nguyen [[10]],
E.M. Ng [[11]]). The most important is a ID-based key generation process that is supervised by a signcrypter and a receiver, as well (see Section 4). This means that each of
them is in possession a secret unknown to another one.
The rest of this paper is organized as follows. In the next section, we summarize the
bilinear pairings and complexity assumptions on which we build. Then, in Section 4 we
define a secure Verifiable Secret-Sharing scheme. Our new (m, n) directed threshold
signcryption (ID-DTS) scheme is presented in Section 5, followed by the security analysis. Finally, we conclude the paper in Section 6.
Directed threshold signcryption scheme from bilinear pai ring…
163
2. Bilinear pairing maps hard cryptographic problems
Bilinear pairing (see D. Boneh [[12]], D. Boneh and M. Franklin [[8]]) is a mathematical structure that is recently applied extensively in cryptography. It gives rise to
many cryptographic schemes that are yet to be (efficiently) constructed using other
cryptographic primitives, e.g. aggregate signature (D. Boneh et al. [[13]]) and short
signature (D. Boneh et al. [[14]]). We summarize some concepts of bilinear pairings
using similar notions in [[9], [15]]. Let ( G1 , +) and ( G2 , +) be two cyclic abelian
groups of prime order q (sometimes G1 is also written multiplicatively in the literature).
Below, we consider P and Q as two generators of G1 (aP and bQ denote P and Q added
to itself a and b times, respectively). Because q is prime, it turns out that qP = O (here
O denotes the zero element of G1 ); we say that P has order equal to q and that P generates
G1* (= G1 \{ O }).
The bilinear pairing is given as e: G1 × G1 → G2 that is:
 bilinear: e(aP, bQ) = e(abP, Q) = e(P, abQ) = e(P, Q)ab for all P, Q∈ G1 and all
a, b ∈ Z*q; equivalently, this can be restated in the following way: for P, Q, R ∈ G1 ,
e(P+Q, R) = e(P, R) e(Q, R) and e(P, Q+R) = e(P, Q) e(P, R);
 non-degenerate: there exists P, Q∈ G1 such that e(P, Q) ≠ 1∈ G2 ; in other words, if
P and Q are two generators of G1 , then e(P, Q) is a generator of G2 ;
 computable: given P, Q∈ G1 , there is an efficient algorithm to compute e(P, Q).
To construct the bilinear pairing, we can use the modified Weil pairing (D. Boneh,
M. Franklin [[8]]) or Tate pairing (P. S. L. M. Berreto, et al. [[16]]) associated with
supersingular elliptic curves (see also A. Menezes [[17]] for a description of these pairing). With such group G1 we can define the following hard cryptographic problems
(e.g. H. Ker-Chang Chang et al. [[18]]):
 Discrete logarithm (DL) problem: given P, P’∈ G1 , find an integer n such that
P’ = nP whenever such integer exists.
 Computational Diffie–Hellman (CDH) problem: given a triple (P, aP, bP)∈ G1
for unknown a, b, c ∈ Z*q, find the element abP.
 Decision Diffie–Hellman (DDH) problem: given a quadruple (P, aP, bP, cP) ∈ G1
for unknown a, b, c ∈ Z*q, decide whether c ≡ ab (mod q) or not. If so, (P, aP, bP,
cP) is called a valid Diffie-Hellman tuple.
 Gap Diffie–Hellman (GDH) problem: a class of problems where the CDH problem
is hard but DDH problem is easy, i.e. it is possible to solve a given instance of a
triple (P, aP, bP)∈ G1 of a CDH problem with the help of a DDH oracle (see A.
Joux, K. Nguyen [[11]]) that is able to decide whether a tuple (P, a’P, b’P, c’P) ∈
G1 is such that c’ ≡ a’b’ (mod q).
 Modified Generalized Bilinear Inversion (mGBI) problem (J. Baek [[20]]): given
h∈ G2 and P∈ G1 , compute P’∈ G1 such that e(P, P’) = h.
164
Jerzy Pejaś
 Weak Diffie-Hellman Problem (WDH) problem (M. Choudary Gorantla, et al.
[21]): for Q∈ G1 and for some a ∈ Z*q, given (P, Q, aP) compute aQ.
The DDH problem is easy in G1 (D. Boneh [[12]], A. Joux, K. Nguyen [[10]]). Such
groups where the CDH problem is hard but the DDH problem is easy are called Gap
Diffie-Hellman (GDH) groups. Details about GDH groups can be found in D. Boneh,
et al. [[13]].
3. Definitions for secure Verifiable Secret-Sharing (VSS)
Let us assume that user S1) with identity IDS generates secret (a private key) SkS∈ G1
and wants to distribute it among n parties (e.g. n servers) indexed in a set A = {1, 2, …,
n} (|A| = n), such that any m of the shareholders (1 ≤ m ≤ n < q) can find SkS if necessary, but less than m shareholders get no information about SkS (we say that authorized
subset B∈PS(A)2), |B|=m forms an access structure Γ (Pm , n ) of some (m, n) threshold
scheme). To construct our new ID-DTS-DS scheme we need to use the following secure
Verifiable Secret-Sharing (VSS) scheme (based on Shamir’s secret-sharing scheme)
over the group G1 (compare also J. Baek, Y. Zheng [[19]]):
Distribution phase: a signcrypter S distributes his/her private key to n parties
(servers) as follows:
(a) chooses uniformly at random the coefficients ai=piP∈ G1* for 1 ≤ i ≤ m-1,
where pi∈ Z*q;
(b) defines a function f : A→ G1 such that
f ( x ) = ∑ j =0 a j x j
m −1
(1)
and sets a0 = SkS.
(c) uses the polynomials f(x) for shares’ generation, i.e. the values f(i) = Si, for
every i ∈ A;
(d) sends these shares to the corresponding i ∈ A over private channels;
(e) computes the corresponding verification key βi = e(P, Si) for every i ∈ A and
evidences α0 = e(P, SkS),αj = e(P, pjP) for 1 ≤ j ≤ m-1;
(f) to each i ∈ A sends Si and all evidences αj for 0 ≤ j ≤ m-1 over the broadcast
channel; these values can be additionally published and may be accessed by
any shareholder.
Verification phase: after receiving data from a signcrypter S, every party i ∈ A verifies its share Si (while keeps it secret) according to the following procedure:
(a) calculates value e(P, Si) and compares it with the value βi received from
a signcrypter S;
(b) checks whether its share Si is valid by computing:
1)
2)
In our scheme such user will be named as a signcrypter.
PS(X) means a power set of X and is the set of all subsets of X.
165
Directed threshold signcryption scheme from bilinear pai ring…
e ( P, Si ) = ∏ j = 0 α ij
m −1
j
(2)
(c) chooses any authorized subset B∈PS(A) and verify that:
e ( P, Sks ) = ∏ β j
λj
j∈B
where λ j =
i
, λ j ∈ Z q*
i
j
−
i∈B , i ≠ j
∏
(3)
If the conditions (a), (b) and (c) hold, a party broadcasts a “commit” message; otherwise, broadcasts an “abort” message. The last condition may be repeated for others authorized subsets B, until a shareholder assures he possesses the share really
related to the secret SkS.
Reconstruction phase: for some authorized subset B∈PS(A) the secret (the private
key) SkS can be reconstructed by computing:
f ( 0 ) = Sk S = ∑ λ j S j
j∈B
where λ j =
i
, λ j ∈ Z q*
i
j
−
i∈B ,i ≠ j
∏
(4)
It can be shown that above VSS scheme is correct, i.e. we can state and prove
a following modified lemma formulated by J. Baek in [[20]]:
Lemma 1. In VSS scheme, shares held by all the uncorrupted parties can be interpolated to a unique f(x) function degree m-1, and m or more of these shares can reconstruct
the secret SkS. Also, equations (2) and (3) provide a correct procedure for checking the
validity of each share.
Proof. Below, we prove only the correctness of equations (3), while J. Baek in [[20]]
proves the remaining part of this lemma. If each share Si is correct, then by using publicly known verification key βi = e(P, Si) we have:
∏β
j∈B
λj
j
= ∏ e ( P, S j ) = ∏ e ( P, λ j S j )
λj
j∈B
(
) (
j∈B
)
(
= e P, λ j1 S j1 e P, λ j2 S j2 … e P, λ jm S j m
)
(5)


= e  P, ∑ λ j S j  = e ( P, Sks )
 j∈B

The last equality in equation (5) results from equation (4).
4. New ID-based Directed Threshold Signcryption (ID-DTS) scheme
The ID-DTS-DS scheme involves four roles: a trusted party as a Private Key Generator (PKG), a signcrypter S in a double role – as a trusted dealer and a signature composer, a message signer group of n parties (n servers) indexed in a set A (see Section 3)
and a message recipient R. It consists of six algorithms: Setup, KeyGenerate, Share,
Signcrypt, Unsigncrypt (if private verifiability is sufficient) and PVerify (if public
verifiability is needed).
166
Jerzy Pejaś
Setup: This algorithm is run by the PKG to generate its master public key pair and
all necessary common parameters. Let G1 be a cyclic additive group of order q≥ 2k
generated by P ∈ G1 , where q is a prime number and k is a security parameter, and G2
be a cyclic multiplicative group of the same order q. There is specified the bilinear map
e: G1 × G1 → G2 , picked a master key s uniformly at random from Z*q and computed
a public key Ppub = sP. Then, three secure hash functions are selected: H1: {0, 1}* → G1*
and H2: {0, 1}* × G2 → {0, 1} t ⊆ Z*q. Let E and D be the encryption and decryption
algorithms of a symmetric key cipher. Then PKG publishes system parameters params
= { G1 , G2 , e, q, t, P, Ppub, H1, H2, E, D}, and keeps s as a master-key, which is known
only himself.
KeyGenerate: This protocol allows generating the keys for the sender (a signcrypter
S with identity IDS) and the recipient (the designated verifier R with identity IDR) of the
message. The protocol is taken from the work of M. Choudary Gorantla, et al. [[21]]
and eliminates the need of secure channel and a signcrypter’s chosen secret value to
avoid the key escrow problem, which is an inherent drawback in ID-based cryptosystems. In this protocol each user first calculates his/her parameters user-params and
sends them to the PKG along with his/her identifier. Then, the key generation is made
as follows (see M. Choudary Gorantla, et al. [[21]]):
(a) A signcrypter S chooses two secret values sS1, sS2∈Z*q, calculates his/her user
parameters as user-params = {sS1sS2PkS, sS1PkS, sS2P, sS1sS2P}, where PkS =
H1(IDS||tS) and sends them to the PKG. A signcrypter S also sends his/her identifier IDS along with the user-params. The parameter tS means the validity period of the publicly calculated component PkS.
(b) PKG verifies IDS, recalculates PkS and checks whether the equalities
e(P, sS1sS2PkS) = e(sS1sS2P, PkS) = e(XS, sS1PkS) hold good, where XS = sS2P. If
not, it aborts the process.
(c) PKG calculates SkS’ = s sS1 sS2 PkS and public validation parameters PS = (XS,
YS, tS) where YS = sXS = ssS2P.
(d) PKG sends SkS’ to S and publishes PS.
(e) A signcrypter S verifies the correctness of SkS’ by checking e(SkS’,
P) = e(sS1sS2PkS, Ppub). A signcrypter S also verifies whether the published public key component XS is equal to s2P and calculates SkS = ( sS 1 ) SkS’ after suc−1
cessful verification.
The same calculations PKG makes also for the recipient R. Finally, the SkS and PkS
are the private and public key of the signcrypter S, while SkR and PkR the private and
public key of the recipient R. The sender and recipient keep their private keys secret and
everyone is able to calculate public keys and validates these values using appropriate
public validation parameters PS = (XS, YS, tS) where YS = sXS = ssS2P or PR = (XR, YR, tR)
where YR = sXR = ssR2P, which belong to the sender S or recipient R, respectively.
Share: A designated signcrypter associated with an identity IDS performs the distribution phase of the secure Verifiable Secret-Sharing (VSS) scheme (see section 3) and
distributes all necessary information among n signature generation parties, indexed in a
set A. Each party verifies the validity of the shares making the verification phase of the
167
Directed threshold signcryption scheme from bilinear pai ring…
secure Verifiable Secret-Sharing (VSS) scheme. As a result, a signcrypter hasn’t any
share, but he or she keeps a value sS2∈Z*q as a secret.
Signcrypt: A designated signcrypter is going to make a signature on a message
m ∈ {0, 1}* for the designated recipient IDR. Suppose that an authorized group of the
parties B∈PS(A) is involved in this process. Then:
(a) A designated signcrypter with IDS checks that the equality e(XR, Ppub) = e(YR,
P) holds good. If not, aborts the signcryption.
(b) Chooses a random number v∈ Z*q and computes mˆ = H 2 ( m e ( vPk R , YR ) ) .
This last value the sender broadcasts to each party i∈B.
(c) Each party i∈B randomly chooses two numbers ri, ki ∈ Z*q and computes
σ i = mˆ Si + ki ri P ∈ G1* . Next, these individual outputs σ i (the disturbed partial
signatures on message m) as well as Ri = riP and Ki = kiP are sent back to the
sender IDS.
(d) After receiving partial signatures σ i from all parities i ∈ B, a designated
signcrypter verifies theirs correctness by checking if the following equation
holds (compare the equation (2)):
e (σ i , P ) = γ i
(∏
m −1
j =0
α ij
j
)
mˆ
, γ i = e ( K i , Ri ) , ∀ i ∈ B
(6)
(e) If individual partial signatures are valid, the sender computes the group (common) signature
i
σ = ∑ λ jσ j where λ j = ∏
, λ j ∈ Z q*
(7)
i
j
−
j∈B
i∈B , i ≠ j
and checks its correctness:
mˆ

λ 
λ
(8)
e (σ , P ) = µ  ∏ β j j  , µ = ∏ γ j j
j∈B
 j∈B

It is obvious the correctness of the equation (8) results from equations (6)
and (5).
(f) If the equation (8) holds, the common signature is accepted and the sender performs the four successive steps:
a. Computes two commitments V pub = vPpub and VSR = sS 2 vYR (a random
b.
number v∈ Z*q was generated in the step (b)).
Computes encrypted signature σ S = σ + vYR and a key k = H1 (σ S ) .
c.
Computes C = Ek m vYS vYR PK S
(
)
and W = σ S + sS 2V pub .
The final directed threshold signcryption on a message m is SDTS = (W, µ, C,
Vpub, VSR).
Unsigncrypt: To unsigncrypt a signcrypted message SDTS = (W, µ, C, Vpub, VSR) from
sender IDS, the recipient IDR follows the steps below. As a result, the designated recipient recovers the original message and then is checking its integrity and origin.
168
Jerzy Pejaś
(a) Check the correctness of the equality:
( (
)
e (W , P ) = µ e H 2 m e ( Pk R , sR 2V pub ) Pk s , YS
(
e ( sR 2V pub , P ) e ( sR 2 ) VSR , P
−1
)
)
(9)
This equation should be valid because:
e (W , P ) = e (σ + vYR + sS 2V pub , P )
(10)
= e (σ , P ) e ( vYR , P ) e ( sS 2V pub , P )
where (see equation (7)):




e (σ , P ) = e  ∑ λ jσ j , P  = e  mˆ ∑ λ j S j + ∑ λ j k j rj P, P 
j∈B
 j∈B

 j∈B



λ
= e ( mˆ Sk S , P ) e  ∑ λ j k j rj P, P  = e ( mˆ SkS , P ) ∏ γ j j
j∈B
 j∈B

(
= η e H 2 ( m e ( vPk R , YR ) ) ssS 2 Pk S , P
( (
)
= η e H 2 m e ( Pk R , sR 2V pub ) PkS , YS
(11)
)
)
e ( vYR , P ) = e ( v s sR 2 P, P ) = e ( sR 2 v s P, P )
= e ( sR 2V pub , P )
(12)
e ( sS 2V pub , P ) = e ( sS 2 v s P, P ) = e ( v YS , P )
(
) (
= e ( sR 2 ) sS 2 v s sR 2 P, P = e ( sR 2 ) VSR , P
−1
−1
)
(13)
Of course, the following two equations should be also fulfilled (see KeyGenerate algorithm and equations (13)-(14)):
e (YS + YR , P ) = e ( X S + X R , Ppub )
(
)
e ( sR 2 ) VSR + sR 2Vpub , Ppub = e (YS + YR , Vpub )
−1
(14)
(15)
If equations (9), (14) and (15) are not valid, then a signcrypted message SDTS
should be rejected.
169
Directed threshold signcryption scheme from bilinear pai ring…
(
)
(b) Compute k = H1 (σ S ) = H1 W − ( sR 2 ) VSR ; note that
−1
σ S = W − sS 2V pub = W − ( sR 2 ) sS 2 v s sR 2 P
−1
(16)
= W − ( sR 2 ) VSR
−1
(c) Compute m vYS vYR PK S = Dk ( C ) .
(d) Next, calculate σ = σ S − ( sR 2 ) V pub and check the following equality (compare equation (11)):
−1
( (
)
e (σ , P ) = η e H 2 m e ( Pk R , sR 2Vpub ) Pk S , YS
)
(17)
Accept the common signature σ and message m if and only if both sites of the equation (17) are equal, otherwise, reject.
PVerify: If it is necessary (for example, to settle a dispute between the sender and
the recipient), the recipient can forward the signcrypted message SDTS = (W, µ, C, Vpub,
VSR) to any third party IDC convinces it that the ciphertext is the signcrypted version of a
given plaintext message m made by the sender. To make this verification the third party
IDC needs the additional information, i.e. VS = vYS and VR = vYR , from the sender IDS
or from the recipient IDR. Then, because sS 2V pub = ( sR 2 ) VSR = vYS and sR 2V pub = vYR
(compare equations (13) and (14)):
(a) The third party checks for the correctness of the equations (9), (14) and (15). If
this equation holds, the values (W, µ, Vpub, VS, VR) are accepted, otherwise
rejected.
(b) If above values are valid, the third party IDC can follow the steps below
a. Compute k = H1 (W − vYS ) .
−1
b.
Compute m vYS vYR PK S = Dk ( C ) and compare vYS and vYR to the
c.
values received from the sender IDS or the recipient IDR. If both values are
different, the reject the signcrypted message as invalid and abstain the verification process.
Finally, check the following equality
(
e (σ , P ) = µ e H 2 ( m e ( Pk R , vYR ) ) Pk s , YS
)
(18)
5. Analysis of our ID-DTS-DS scheme
In this section we discuss the security aspects of our proposed scheme. The security
considerations include correctness, verifiable directedness, public non-repudiation verifiability and unforgeability as follows.
Correctness. From Theorem 1, we can see the correctness of our schemes is sound.
170
Jerzy Pejaś
Theorem 1. Given a valid signcrypted message SDTS = (W, µ, C, Vpub, VSR), following
the steps in the ID-DTS-DS directed threshold signcryption scheme, the recipient will
surely recover and verify the message m from the signcrypted message.
Proof: The proof is obvious and results form the construction of the algorithm Unsigncrypt.
Verifiable directedness. Directed threshold signcryption scheme is said to be with
the property of verifiable directedness if the invisibility and transitivity conditions are
satisfied (see R. Lu et al. [[2]]).
Theorem 2. The proposed ID-DTS scheme is indeed a directed threshold signcryption scheme.
Proof: The detailed proving techniques of the above statement are similar to those
presented in the paper of R. Lu et al. [[2]] and are omitted here.
Public Non-repudiation Verifiability. An ID-based directed threshold signcryption
scheme is said to provide public non-repudiation verifiability if given a signcrypted
message and possibly some additional information provided by the recipient, a third
party can verify that signcrypted message (and all information included in it) can be
proven to have originated from a specific sender, without knowing the recipient’s private key.
Theorem 3. The proposed ID-DTS scheme is indeed a public non-repudiation verifiability scheme.
Proof: The implication of the Theorem 2 is that our scheme should satisfy the transitivity property. It means, that with the help of the signer IDS or the designated IDR any
third party can check the validity of a signcrypted message SDTS = SDTS = (W, µ, C, Vpub,
VSR), i.e. it can recover a message m and verify a signature σ as well (see the PVerify
algorithm).
When
a
signature
σ
is
valid
then
the
equation:
(
)
e (σ , P ) = µ e H 2 ( m e ( Pk R , vYR ) ) Pk s , YS must be met. This implies that a source of
this signcrypted message SDTS is the signer IDS with public key PKS and, moreover, this
message was designed for the receiver IDR. Additional proof for the correctness of these
conclusions results also from the equations (9), (14) and (15) binding together identities
of the signer and the receiver. We observe also, that because of the KeyGenerate algorithm the signer cannot refer to the fact that the PKG always knows the signcrypter's
private key and is capable of sign any messages at will.
(
Confidentiality. Decryption of the C = Ek m vYS vYR PK S
)
requires the know-
ledge of the session key k = H1 (σ + vYR ) . A passive or an active adversary has no
information about v or sR2 value. So, due to difficult to calculate the vYR or sR 2V pub
based on the public values YR or Vpub only, since it is difficult to solve discrete logarithm
problem without the knowledge of the v or sR2 (note, the last value is the secret part of
the private key which is owned by the receiver R).
Unforgeability. Let assume the adversary is allowed to corrupt the designated verifier R and at most m-1 parties in the authorized group B. Such corrupted group isn’t
able itself to reconstruct the private signing key SkS and therefore to generate the correct
final signature σ. Moreover, the signer S can detect each trail of making such forgeries.
Directed threshold signcryption scheme from bilinear pai ring…
171
On other hands, if the adversary is able to forge valid signature σ, then even knowing
the m-1 partial signature (created by controlled parties) σ ji , ∀ji ∈ B (for i=1, …, m-1)
the adversary isn’t able to calculate the share S jm , jm ∈ B of m-th honest party.
6. Conclusions
The ID-DTS-DS scheme presented in this paper allows a designated signcrypter to
control a signcryption process. It is done this way that shares of a signer’s private key
are distributed among n different shareholders (servers) and an authorized subset of
shareholders is able to prepare a valid signcrypted message only in this case when a
designated signcrypter prepares two commitments V pub = vPpub and VSR = sS 2 vYR . This
second one depends on a secret sS2 known to a designated signcrypter and being a part
of his or her private key. Furthermore, nobody knows both a verifier and a signcrypter
of a signcrypted message unless the verifier agrees to disclose their identities.
We analyze different security aspects of the proposed scheme and among them informally show the confidentiality and unforgeability. However, these last aspects need
to use the techniques from provable security like a sequence of games (a.k.a. the game
hopping technique) that the adversary plays, starting from the real attack game (see V.
Shoup [[22]] and B. Blanchet, D. Pointcheval [[23]]). Due to space limitation, such
formal security proofs of the proposed ID-DTS scheme’s confidentiality under adaptive
chosen-ciphertext-and-identity attacks and the existential unforgeability under adaptive
chosen-message-and-identity attacks are omitted here.
References
[1] Lim C. H., Lee P. J. Modified Maurer-Yacobi’s Scheme and its Applications, Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques: Advances in Cryptology, Lecture Notes In Computer Science; Vol. 718,
1992, pp. 308 - 323
[2] Lu R., Lin X., Cao Z., Shao J., Liang X. New (t,n) threshold directed signature
scheme with provable security, Information Sciences, vol. 178 (2008), pp.756–765
[3] Zheng Y. Digital Signcryption or How to Achieve Cost (Signature & Encryption)
<< Cost(Signature) + Cost(Encryption), Advances in Cryptology, Lecture Notes in
Computer Science, volume 1294, pages 165–179. Springer-Verlag, 1997
[4] Malone-Lee J. Signcryption with non-interactive non-repudiation, Technical Report CSTR-02-004, Department of Computer Science, University of Bristol, 2004.
[5] Kumar M. A Cryptographic Study Of Some Digital Signature Schemes, PhD Thesis, Ambedkar University, AGRA-INDIA, 2005, http://arxiv.org/abs/cs/0501010v2
[6] Shamir A. How to share a secret, Communications of the ACM, 22(11):612–613,
November 1979
[7] Shamir A. Identity-based cryptosystems and signature schemes, Advances in Cryptology-Crypto 1984, LNCS 196, pp.47-53, Springer-Verlag, 1984
[8] Boneh D., Franklin M. Identity Based Encryption from the Weil Pairing, SIAM
Journal of Computing, Vol. 32, No. 3, pp. 586-615, 2003
172
Jerzy Pejaś
[9] Sherman S. M. Chow Forward Security from Bilinear Pairings: Signcryption and
Threshold Signature, MSc Thesis, University of Hong Kong, August 2004
[10] Joux A., Nguyen K. Separating decision Diffie-Hellman from Diffie-Hellman in
cryptographic groups, Journal of Cryptology, 2003, 16(4), pp. 239-247
[11] Ng E. M. Security Models and Proofs for Key Establishment Protocols, Msc thesis,
University of Waterloo, Ontario, Canada, 2005
[12] Boneh D. The decisional Diffie-Hellman problem, in Third Algorithmic Number
Theory Symposium, pages 48–63, Springer-Verlag, 1998.
[13] Boneh D., Gentry C., Lynn B., Shacham H. Aggregate and Verifiably Encrypted
Signatures from Bilinear Maps, Lecture Notes in Computer Science, Vol. 2656, pp.
416–432, Springer, 2003.
[14] Boneh D., Lynn B., Shacham H. Short Signatures from the Weil Pairing, Lecture
Notes in Computer Science, vol.2248, pp. 514–532, Springer, 2001.
[15] Sherman S. M. Chow, Lucas C.K. Hui, S.M. Yiu, K.P. Chow. Forward-secure
multisignature and blind signature schemes, Applied Mathematics and Computation 168 (2005), pp.895–908
[16] Berreto P. S. L. M., Kim H. Y., Scott M. Efficient algorithms for pairing-based
cryptosystems, Advances in Cryptology – Crypto 2002, Lecture Notes in Computer
Science Vol.2442, Springer-Verlag (2002), pp. 354-368.
[17] Menezes A. Elliptic curve public key cryptosystems, Kluwer Academic Publishers,
1995.
[18] H. Ker-Chang Chang, Erl-Huei Lu, Pin-Chang Su Fail-stop blind signature scheme
design based on pairings, Applied Mathematics and Computation 169 (2005),
pp. 1324–1331
[19] Baek J., Zheng Y. Identity-Based Threshold Signature from the Bilinear Pairings,
Proceedings of ITCC 2004, Track, IEEE Computer Society, 2004
[20] Baek J. Construction and Formal Security Analysis of Cryptographic Schemes in
the Public Key Setting, PhD Thesis, Monash University, January, 2004
[21] M. Choudary Gorantla, Raju Gangishetti, Manik Lal Das, Ashutosh Saxena. An
Effective Certificateless Signature Scheme Based on Bilinear Pairings, Proceedings
of the 3rd International Workshop on Security in Information Systems, WOSIS
2005, Miami, USA, May 2005, INSTICC Press 2005
[22] Shoup V. Sequences of games: a tool for taming complexity in security proofs,
Cryptology ePrint Archive, 2004/332
[23] Blanchet B., Pointcheval D. Automated Security Proofs with Sequences of Games,
CRYPTO'06, Lecture Notes on Computer Science, Santa Barbara, CA, August
2006. Springer Verlag
[24] Directive 1999/93/EC of the European Parliament and of The Council of 13 December 1999 on a Community framework for electronic signatures, Official Journal
of the European Communities, January 19, 2000.
[25] Chocianowicz W., Pejaś J., Ruciński A. The Proposal of Protocol for Electronic
Signature Creation in Public Environment, in Enhanced Methods in Computer Security, Biometric and Artificial Intelligence Systems, Springer New York 2005
[26] Pejaś J. ID-based Threshold Directed Signcryption Scheme Using a Bilinear Pairing, Polish Journal of Environmental Studies
Lack of information – average distribution
of probability density
Andrzej Piegat1, Marek Landowski1,2
1
Faculty of Computer Science and Information Technology, Szczecin University of Technology,
2
Quantitative Methods Institute, Szczecin Maritime University
Abstract:
In many real problems we have to face up to information gaps. The paper presents the
method of decreasing granulation of elementary events, which finds an average
distribution of probability density, which represents infinite number of distributions. If we
know the range of the unknown value and have qualitative knowledge about the general
character of its distribution, then we can use this knowledge to surmount the information
gap in a better way than the way proposed by the principle of indifference. According to
the authors' knowledge the concept of the safe distribution is new and unknown in the
literature. It is of fundamental importance for probability theory.
Keywords:
Bayesian networks, prior probability distribution, principle of indifference, information
gaps, uncertainty theory.
1. Introduction
Solving problems under uncertainty (partial lack of knowledge) is one of the most
difficult aims of artificial intelligence (AI). People can solve such problems. To make
AI comparable with the human intelligence it has to be also able to solve problems
under uncertainty. Problems of information gaps are being intensively investigated at
present [7]. An information gap means lack of knowledge about values of variables,
about distributions of their probability or possibility, about variability intervals, etc. The
problem of information gaps is a common one in Bayesian networks where the prior
distributions are necessary but they frequently are unknown.
Prior distributions are also necessary in all other problems where Bayes' rule [5] is
applied. Let A and B be two events. The conditional probability p(A|B) of event A is not
known but necessary for a problem solving. If the inverse conditional probability p(B|A)
and the prior probability p(A) are known then the unknown probability p(A|B) can be
calculated with Bayes' theorem [5],
p( A | B) = α ⋅ L( B | A) ⋅ p( A)
(1)
where: α – normalizing coefficient, L(B|A) = p(B|A) – likelihood of event A given B.
Bayes' theorem is used in probabilistic, automated reasoning. Unfortunately, it
requires knowledge of the prior probability p (A) that frequently is not known. Also in
many other problems, which have nothing to do with Bayes' rule, some data frequently
are unknown.
174
Andrzej Piegat, Marek Landowski
E.g., to solve a problem we need numerical value x* of variable x. But its value is
unknown (information gap). Experts can give us then the interval [xmin, xmax] in which
the value is contained. Example of such simple problem can be famous Bertrand'
problem [3].
“The train leaves at noon to travel a distance of 300 km. It travels at a speed of
between 100 km/h and 300km/h. What is the probability that it arrives before 2 p.m.?”.
To give an answer to the above question the knowledge of the probability density
distribution (function) pdf(v) is necessary. However, this distribution is unknown. Can
we, in spite of all, answer the question? Of course, we can not give a precise and 100%
sure answer because we have here to do with a partial ignorance. Nevertheless, we can
try and give an approximate and surely not the worst solution of the problem with use of
the principle of indifference (the PI) by Laplace [2],[3],[5]. This principle suggests
assuming the uniform, rectangular distribution as shown in Fig.1.
Figure 1. The uniform distribution of probability density (pd) of the train velocity in Bertrand's
problem suggested by the principle of indifference
If the train has to travel the distance of 300 km in a time shorter than 2h, its velocity
must be higher than 150 km/h. Probability of this event for the uniform distribution of
the velocity equals 3/4. Thus, the PI allows us to get a solution of problems with
information gaps. However, it has been attacked and is at present attacked by its
opponents, e.g. in [1] and [7].
Thus Yakov in [7] writes: “The uncertainty is an information gap .... We have now
information, not even probabilistic. By principle of indifference elementary events,
about which nothing is known, are assigned equal probabilities. Knowing a specific
probability is knowledge.”
The above argumentation is not correct. The PI does not claims that the uniform
distribution is the real distribution. It only suggests assuming this distribution to get a
credible, approximate solution of the problem. This principle should only be used if we
have to take a decision and we need a possibly good solution of a problem in conditions
of ignorance. O. Magidor gives in [3] a convincing explanation of the question:
“Assume that two alternatives are equally probable if you do not have any reason
not to do so. Such formulations present action-guiding principles. They do not claim
that in the case mentioned the probabilities are equal - they simply direct us to assume
so. In these cases, the principle can at best be viewed as a rationality principle.”
However, is the uniform distribution of probability really a rational assumption?
A. Piegat carried out investigations, published in [4], that were based on the method
of decreasing granulation of elementary events (DGEE-method). The investigations
showed that the uniform distribution is the average distribution of the infinite number of
Lack of information – average distribution of probability density
175
all possible distributions that can exist in a given interval [xmin, xmax] of the variable.
Assuming the uniform pdf(x) we minimize the sum of relative errors in relation to the
real distribution, independently of which form this distribution has! Thus, the uniform
distribution can be called not only a rational one but also a safe one, in the sense of the
absolute error sum minimization.
2. The Average, Unimodal Distribution of Probability Density
Distribution – Version without Boundary Distributions
(AUPDD-VwBD)
Let us assume that our knowledge concerning the real value x* of variable x is as
follows:
I. The value x* is contained in the interval [xmin, xmax]. For simplicity let us
assume the normalized interval [0,1].
II. The pdf(x) is unimodal one. However, we do not know whether it is symmetric
or asymmetric one. Therefore, we have to allow both the left asymmetry, the
symmetry, and the right asymmetry of the pdf(x).
III. We know that the distribution is not the boundary one, which means that its
maximum does not lie both at the right boundary 1 and at the left boundary 0
of the interval [0,1]. It lies between the boundaries.
Fig. 2 presents few examples of unimodal distributions, which satisfy conditions
I-III.
Figure 2. Few examples of unimodal distributions from the infinite number of distributions that
satisfy conditions I, II, III
The number of possible unimodal, non-boundary (UnB) distributions is infinitely
large. The real pdf(x)-distribution in the considered problem can be any one of them. It
is, in general, possible to determine the average distribution of the infinite number of
distributions?
It seemingly seems impossible. However, there exists a possibility. The average
distribution can be determined with the method of decreasing granulation of elementary
events that was proposed by A. Piegat in [4]. According to the condition I the variable x
can take values only in the normalized interval [0.1]. This interval can be partitioned in
n subintervals ∆xi of width 1/n. Let i be the number of a subinterval, 1≤ i ≤n. As
elementary event will be understood the event x*∈∆xi. By granulation of the elementary
176
Andrzej Piegat, Marek Landowski
event will be understood the width 1/n of the subinterval ∆xi of the event. Granulated
will not only be the variable x but also probability p of elementary events. In this case
the granulation of probability 1/n will mean that probability can take only (n+1) discrete
values. E.g. for n = 3 probability can only take values p ∈ {0, 1/3, 2/3, 1}. Now, let us
consider the question how many distributions are possible for the granulation 1/3. This
granulation is assumed both for the variable x and for probability p of elementary
events. All possible UnB-distributions (histograms) for this case are shown in Fig.3.
Figure 3. All 4 possible UnB-distributions of probability for the granulation 1/3 of the variable x
and of probability p
On the basis of all possible distributions from Fig.2 the average probabilities p1, p2,
p3 of particular elementary events x∈ [0,1/3], x∈ [1/3, 2/3], and x∈ [2/3, 1] can be
calculated.
p1 =
p2 =
1 4
1
p1 j = (0 + 1/ 3 + 1/ 3 + 0) = 1/ 6
∑
4 j =1
4
1 4
1
p2 j = (1 + 2 / 3 + 1/ 3 + 2 / 3) = 4 / 6
∑
4 j =1
4
p3 =
1 4
1
p3 j = (0 + 0 + 1/ 3 + 1/ 3) = 1/ 6
∑
4 j =1
4
The average UnB-distrubution for the granulation 1/3 is shown on Fig.4.
Figure 4. The average UnB-distribution for granulation 1/3 in the form of a histogram (a)
and of pdf(x) (b)
In the second step of the method of decreasing granulation the granulation was
decreased from 1/3 to 1/4. Decreasing the granulation causes an increase of the number
177
Lack of information – average distribution of probability density
of possible UnB-distributions. This time they will be shown in the form of a table in
Tab.1.
Table 1. 14 possible distributions of probability at granularity 1/4 and the average probability of
the particular elementary events i, i∈ {1,2,3,4}
Distribution Probability of subinterval i
j
P1j
P2j
P3j
P4j
1
0
4/4
0
0
2
1/4
3/4
0
0
3
0
3/4
1/4
0
4
1/4
2/4
1/4
0
5
0
2/4
2/4
0
6
0
2/4
1/4
1/4
7
0
0
4/4
0
8
0
1/4
3/4
0
9
0
0
3/4
1/4
10
0
1/4
2/4
1/4
11
1/4
1/4
2/4
0
12
1/4
1/4
1/4
1/4
12
∑p
4/4
20/4
20/4
4/4
Pi aver
pdaver
1/12
1/3
5/12
5/3
5/12
5/3
1/12
1/3
j =1
ij
Fig.5 shows the comparison of the average pdf(x) for the granulation 1/3 and 1/4.
Figure 5. The average distribution of probability density (pd) of 4 possible distributions from
Fig.4 for the granulation 1/3 (a) and the average distribution of 12 possible distributions for the
granulation 1/4 (b)
If we stepwise decrease the granulation of the variable x and of probability p (1/3,
1/4, 1/5, 1/6/ ... ,1/n), then we will more and more approach a limiting distribution that
represents the infinitive number of possible UnB-distributions and which corresponds to
the infinitely small granulation 1/n: n → ∞. The increase of the distributions' number is
very strong and rapid. So, the granulation 1/3 is corresponded by 4 possible
distributions, 1/4 by 12 distributions, ... , 1/25 by 927.797, and 1/27 by 1.888.686
distributions. This rapidly increasing number of distributions causes a very large
memory burden for computers. However, the investigations made by the author's [4]
178
Andrzej Piegat, Marek Landowski
have shown that succeeding average distributions corresponding to decreasing
granulation of elementary events quite quickly approach a certain limiting distribution
and that differences between distributions corresponding to small granulation 1/n
become negligible. In the practice one can observe this phenomenon already at
granulations 1/24, 1/25, 1/26. Therefore the authors stopped generating the distributions
at the granulation 1/27. The average UbN-distribution for this granulation (fig.6) was
approximated with formula (2):
pd ( x) = (97.0167 x6 − 291.0501x5 + 331.8880 x 4 − 178.6925 x3
+39.1084 x 2 + 1.7296 x + 0.0423) / 0,9989
(2)
where x ∈ [0;1] , the mean absolute error equals 0.0017.
Figure 6. The average distribution of probability density (pd) representing 1.888.686 possible
UnB-distributions at the granulation 1/27 (a) and its smoothed approximation (mean absolute
error equals 0.0017) (b)
3. The Average, Unimodal and Boundary Distribution of Probability
Density (AUPDD)
Let us assume that we have the following knowledge about the numerical value x*
of variable x and about its distribution:
VI.
The unknown value of the variable is contained in the interval [xmin, xmax].
For simplicity the normalized interval [0, 1] is used.
VII.
The pdf(x) is unimodal one. However, we do not know whether it is
symmetric or asymmetric one. Therefore, we have to allow both the left
asymmetry, the symmetry, and the right asymmetry of the pdf(x).
VIII.
We know that the distribution is can be the boundary one, which means
that its maximum lie both at the right boundary 1 and at the left boundary
0 of the interval [0,1].
Fig.7 presents few examples of distributions corresponding to the knowledge
contained in VI, VII, VIII.
In the process of determining the average (AUDPD) - distribution also the method
of decreasing granulation of elementary events was applied. For granulation 1/27 there
exist 1.894.704 distributions satisfying conditions VI, V, VI. The average distribution is
shown in Fig.8.
Lack of information – average distribution of probability density
179
Figure 7. Few examples of unimodal (AUDPD) – distributions of probability density of possible
values x* of variable x.
Figure 8. The average, unimodal, right-asymmetric (AUDPD) – distribution and its polynomial
approximation (3), mean absolute error equals 0.0012
pd 27 ( x) = (102.4538x 6 -307.3615x 5 + 350.4505x 4 -188.6318x 3
+41.6527x 2 + 1.4363x + 0.0560)/0.9999
(3)
4. The Average, Unimodal, Right-Asymmetric (or Left-Asymmetric)
Distribution of Probability Density – Version without Boundary
Distributions (AUAPDD-VwBD)
Let us assume that we have the following knowledge about the numerical value x*
of variable x and about its distribution:
IX. The unknown value of the variable is contained in the interval [xmin, xmax].
For simplicity the normalized interval [0, 1] is used.
X.
The real distribution of probability density is unimodal and right-asymmetric
(or left-asymmetric) one. The probability of the left side exceeds 0.5.
XI. The real distribution surely is not the boundary one.
Fig.9 presents few examples of distributions corresponding to the knowledge
contained in IX, X, XI.
180
Andrzej Piegat, Marek Landowski
Figure 9. Few examples of unimodal, right-asymmetrical (AUADPD-VwtBD) – distributions of
probability density of possible values x* of variable x
In the process of determining the average (AUADPD-VwtBD) – distribution also
the method of decreasing granulation of elementary events was applied. For granulation
1/27 there exist 938.461 distributions satisfying conditions IX, X, XI. The average
distribution is shown in Fig.10.
Figure 10. The average, unimodal, right-asymmetric (AUADPD-VwtTBD) - distribution and its
polynomial approximation (4), mean absolute error equals 0.0049
(−455.4885 x5 + 593.9639 x 4 − 333.0256 x 3 + 73.1849 x 2

+3.8007 x + 0.0819) / 0.9997

pd aver1/27 ( x ) = 

6
5
4
3
(1167.1152 x − 5692.2778 x + 11532.8869 x − 12435.4133x
2
+7535.8986 x − 2438.0789 x + 329.87) / 0.9997
for x ∈ [0;14/27]
(4)
x ∈ (14/27;1]
Lack of information – average distribution of probability density
181
5. The Average, Unimodal, Asymmetric Distribution of Probability
Density – Version with Boundary Distributions (AUADPD-VBD)
Lets us assume, we have the following knowledge about the numerical value x* of
variable x and its distribution:
XII. The real value of the variable is contained in the interval [xmin, xmax]. For
simplicity the normalized interval [0, 1] will be used.
XIII. The real distribution pdf(x) is unimodal and right-asymmetric (or leftasymmetric) one. Probability of the left side is higher than 0.5.
XIV. We can not exclude (it is possible) that the real distribution is the boundary
one.
Fig.11 shows few examples of distributions that satisfy the above conditions and
correspond to our qualitative knowledge.
Figure 11. Examples of unimodal, right-asymmetric, (AUADPD-VBD) distributions – version
with boundary distributions
Fig.12 presents (AUADPD-VBD)-distributions for granularity 1/27. For the
granularity 1/27 there exist 941.470 possible distributions.
Figure 12. The average (AUADPD-VBD) - distributions for granulation 1/27 (a) and its
polynomial approximation (b).
182
Andrzej Piegat, Marek Landowski
The distribution AUADPD-VBD pdaver1/27(x) was approximated by the
polynomial, mean absolute error equals 0.0054, (5).
(−431.3794 x5 + 560.4006 x 4 − 316.2614 x 3 + 69.8168 x 2

+3.9402 x + 0.0978) / 0.9994

pd aver1/27 ( x) = 

6
5
4
3
(1163.4027 x − 5674.178 x +11496.2364 x − 12395.9281x
+7512.0008 x 2 − 2430.3619 x + 328.8288) / 0.9994
for x ∈ [0;14/27]
(5)
for x ∈ (14/27;1]
6. Conclusions
In the paper the authors present average probability distributions of density obtained
by method of decreasing granulation of elementary events. The average distributions
can be used when problems with information gaps occur, when we have some
information about unknown, lacking distribution. When we have knowledge about
unimodality or symmetry of distribution we can find appropriate average distribution
using the method of decreasing granulation. The polynomials (2), (3), (4) and (5) can be
used instead of the uniform distribution as assumption for the information gap if
according to our knowledge the real distribution have a specific characteristic. Average
distribution replaces the lack of knowledge, and the solution obtained using average
distribution is characterized by minimal error relatively to any possible solutions. So it
gives opportunity to make a right decision. The problem of average distributions is of
fundamental importance for probability theory, and generally, for uncertainty theory.
References
[1] Bandrit C., Dubois D., Guyonenet D. Joint propagation and exploitation of
probabilistic and possibilistic information in risk assessment. IEEE Transactions
on Fuzzy Systems, Vol. 14, No. 5, pp. 593-608, 2006.
[2] Wikipedia, The Free Encyclopedia,
http://en.wikipedia.org/wiki/Principle_of-indifference, 2008.
[3] Magidor O. The classical theory of probability and the principle of indifference. 5th
Annual Carnegie Mellon/University of Pittsburgh Graduate Philosophy
Conference, http:// www.andrew.cmu/org/conference/2003, pp.1-17, 2003.
[4] Piegat A., Landowski M. Surmounting information gaps - safe distributions of
probability density. Methods of Applied Computer Science, No. 2/2007, pp. 113126, Szczecin, 2007 [in Polish]
[5] Russel R., Norwig P. Artificial Intelligence – A Modern Approach. Second edition,
Prentice Hall, Upper Saddle River, NJ, 2003.
[6] Rutkowski L. Metody i techniki sztucznej inteligencji. Wydawnictwo Naukowe
PWN, Warszawa, 2005.
[7] Yakov B. H. Info-gap decision theory-decisions under severe uncertainty. Second
edition, Academic Press, London, 2006.
Dynamic group threshold signature based on
derandomized Weil pairing computation
Jacek Pomykała, Bartosz Źrałek
Warsaw University, Institute of Mathematics
Polish Academy of Sciences , Institute of Mathematics
Abstract:
We propose the Weil Pairing based threshold flexible signature scheme for dynamic
group. The protocol applies the simple additive secret sharing device. Its security is based
on the computational Diffie-Hellman problem in the gap Diffie-Hellman groups. The
computation of the Weil pairing is the crucial point of our proposition. We have managed
to avoid the random numbers generation in the corresponding Miller’s algorithm without
an essential increase in the computational cost. The system is particularly interesting
when the threshold size is small in relation to the group cardinality.
Keywords:
threshold cryptography, Weil Pairing, secret sharing, digital signature
1. Introduction
Threshold cryptography constitutes a great challenge in the modern fault-tolerant
distributing systems. The corresponding threshold cryptosystems allow to increase
the trust and improve the availability and efficiency of services in the electronic
commerce.
Generally speaking we can distinct between the threshold encryption and decryption
systems, according to whether the respective shared secret is reconstructed in the encryption phase (digital signature) or in the decryption phase (threshold decryption systems). In this paper we shall be concerned with the threshold signature schemes, where
the group G private key is distributed among the group members, so that the messages
could be signed only by the authorized subgroups of G. We shall consider the case of
dynamic group, with the flexible threshold level. This means that the group can increase
(within the suitable restrictions) and the threshold level (size) can vary together with the
group extension. The proposed scheme based on the additive secret sharing admits to
simplify and make more efficient the process of joining the new members to the group
than in the traditional approach based on the polynomial secret sharing device. To handle efficiently with the variable threshold level we have released the restriction to assign
the distinct shares for the distinct group members. The efficient performance of the
corresponding protocol was due to the application of the BLS short signatures, which
provide us with the elegant and secure way of the respective verifiable secret sharing
process (for the corresponding partial signatures). The additional simplification concerns the computation of the Weil pairing which plays the significant role in the signa-
184
Jacek Pomykała, Bartosz Źrałek
ture verification process. We were able to derandomize the corresponding Miller’s algorithm used for the computation of the Weil pairing. The security of the proposed protocol is based on the computational Diffie-Hellman (C-DH) problem.
The current work is the extended and modified version of the article [19]. In particular we present here the efficient computation of the Weil pairing proving that the suitable Miller’s algorithm can be derandomized.
2. Preliminaries and assumptions
In the general approach to the threshold secret sharing protocols we require that
r-distinct values (called the secret shares) are distributed among the group members (not
necessarily in one-to-one correspondence. The minimal number of shares needed to
reconstruct the secret is denoted by t and called the threshold level. The second important parameter - k (called the corruption bound) points out the maximal number of distinct shares that could be controlled by the corrupted players. In our model we admit the
dynamic group G (of variable cardinality n), with r=r(n), t=t(n) and k=k(n) being the
functions of n. For the security reasons we have the following inequalities: k < t ≤ r ≤ n.
Let us assume for the moment that the r shares are distributed uniformly in the initial group G. This means that the classes Ci of members with the same shares have the
cardinality comparable with n/r and therefore the maximal number of completely corrupted classes is approximately kr/n. This value should not overcome r-t-1 in order to
allow the honest users to reconstruct the secret value, hence k < min (r, (r-t-1)n/r).
Clearly the case r=t implies the worst estimate k < min (r, n/r) ≤ n , for the admissible
number of corrupted players, but as a benefit gives us the chance to replace the polynomial secret sharing by the additive sharing device. Having in view the efficient performance and protocol’s security we will deal with this case in the paper.
The system consists of a trusted dealer D, a public board and the (dynamic) group G,
identified with the set of identities: G={ID}. G is split into disjoint classes composed of
members having the same secret shares. The dealer and the group members are connected to each other and to the public board by the secure point-to-point channels. Denote by C = {C1, …, Ct} - the set of all initial classes, L (L ≥ 2)- the number of disjoint
classes an initial class can be split into, a - the number of new players added to a class.
We assume that:
k<t≤
2
n
3
L
(1)
In the system the group cardinality can increase from n to n+t(L-1)a and the threshold
size from t to tL. The new members are added to all except one of the classes falling
apart.
3. Related work
The idea of threshold cryptosystems has been introduced in [5] and [6]. Their solution was based on the secret sharing device (see [16], [1]). The flexibility of the threshold size in the threshold decryption system based on RSA [15] cryptosystem has been
the subject of paper [7]. In [14] the simple RSA based decryption system applying the
Dynamic group threshold signature based on derandomized Weil pairing computation
185
Chinese remainder theorem and the message padding device was presented. Threshold
flexible signature scheme based on RSA cryptosystem was considered in [11]. The
efficient threshold signature scheme based on BLS short signature [4] was presented in
[2]. The dynamic groups approach to threshold signatures in gap Diffie-Hellman groups
was the subject of paper [13], [18]. Another approach particularly interesting for Ad hoc
groups, based on the additive secret sharing using the RSA cryptosystem has been proposed in [12].
Here we apply the additive secret sharing to propose the Weil pairing based threshold signature scheme for dynamic groups. Besides the computational savings due to
the application of the BLS signatures the computation of the Weil pairing (c.f. [3]) will
be derandomized without the significant additional cost.
4. Gap Diffie-Hellman groups and Weil Pairing
Let G = (G, +) be a group of prime order q and P, Q be any nontrivial elements of
G. The discrete logarithm problem (DLP) in G may be stated as follows:
Find a ∈ Z q such that aP = Q.
Let us formulate the following related problems.
The computational Diffie-Hellman problem (C-DH): Given the triple (P, aP, bP)
find the element abP.
The decisional Diffie-Hellman problem (D-DH): Given a quadruple (P, aP, bP, cP)
decide whether c = ab (q) (in which case we shall write that (P, aP, bP, cP)=DH). Here
and in the sequel we use the notation x (q) to stand for x (mod q).
We call the group G=(G, +) a gap Diffie Hellman (G-DH) group if (roughly speaking) the D-DH problem is computationally easy, while the C-DH problem is hard.
In this paper we shall apply the elliptic group structure with the corresponding Weil
pairing [8] to obtain the required GDH group. To be more precise, let E be an elliptic
curve over a finite field K of characteristic p and let n an integer not divisible by p.
Denote by cl(K) the algebraic closure of K. It can be shown that the group E[n] of ntorsion points of E/cl(K) is isomorphic to Zn ×Zn. The Weil pairing is a map
e: E[n] ×E[n] → cl(K)*,
satisfying the following properties:
1. Alternation: For all P, Q ∈ E[n], e(P, Q) = e(Q, P)-1.
2. Bilinearity: For any P, Q, R ∈ E[n] we have e(P + Q, R) = e(P, R)e(Q, R).
3. Non-degeneracy: If P ∈ E[n] is such that for all Q ∈ E[n], e(P, Q) = 1, then P = O.
4. Computability: There exist an efficient algorithm to compute e(P, Q) for any P,
Q ∈ E[n].
We now turn our attention to a more concrete situation. Let p be prime, a ∈Zp*.
Consider the elliptic curve E over Fp and the map Φ: E/cl(Fp) → E/cl(Fp) defined by
E: Y2 = X3 + a, Φ(O) = O; Φ(x, y) = (ζx, y), where ζ ∈ Fp*2 \{1}, ζ 3 = 1, p = 2
(3)
or
E: Y2 = X3 + aX, Φ(O) = O; Φ(x, y) = (-x, iy), where i ∈ Fp*2 , i 2 = -1, p = 3.
(4)
186
Jacek Pomykała, Bartosz Źrałek
One can easily check that Φ is an automorphism. Pick up a point P ∈E/Fp of prime
order q, q | p + 1 = card E/Fp . Then E[q] = < P, Φ(P) >. We define the modified Weil
pairing ê by
ê: G1 ×G1 → G2, ê(R, S) = e(R, Φ(S)), where G1 = < P >, G2 = Fp*2 .
It easy to show that
Fact 4.1 For every R ∈< P > such that ê(R, P) = 1, we have R = O.
It is known that the C-DH problem in G1 is hard (cf. [3]), but as it is shown in [10]
not harder than the DLP in G2. The existence of Weil pairing implies directly that D-DH
problem is easy in G1. The randomized algorithm computing the Weil pairing was proposed by Miller [9]. Below we shall propose the derandomization of the Miller’s algorithm.
5. A simple deterministic version of Miller's algorithm for
computing the Weil pairing
Let's briefly recall the explicit construction of the Weil pairing. We refer the reader
to [17] for further details. Keep the notation from the previous section. Let E be an
elliptic curve over a finite field K and let n an integer not divisible by p = char K. Let (f)
stand for the divisor of a rational function f ∈ K(E). The support of a divisor
D = ∑ P∈E nP ( P) is the set supp D = {P ∈ E : nP ≠ 0} . For a rational function f ∈ K(E)
and a divisor D such that supp (f) ∩ supp D = ∅, the evaluation of f at D is
f ( D) = ∏ P∈supp D f ( P) nP ∈ K * .
We now define the value e(P, Q) for P, Q ∈ E[n]. Choose R, S ∈ E such that
AP = ( P + R ) − ( R ) and AQ = (Q + S ) − ( S ) have disjoint supports. Take a function f P ( f Q )
representing the principal divisor nAP (nAQ respectively). Then
e( P, Q) = f P ( AQ ) / fQ ( AP )
In Miller's algorithm the values f P ( AQ ) and fQ ( AP ) are computed separately, yet
analogously. We restrict our attention to the computation of f P ( AQ ) .
Let Ab= b(P + R) - b(R) - (bP) + (O), (fb)=Ab. Note that (fP) = (fn) and f P ( AQ ) =
f n ( AQ ) . We have the recursive formula
f b+c ( AQ ) = f c ( AQ ) f b ( AQ ) g1 ( AQ ) / g 2 ( AQ )
(2)
where g1 is the line passing through bP and cP, (g1)= (bP) + (cP) + (-(b + c)P) - 3(O), g2
the line passing through (b + c)P and -(b + c)P, (g2)= ((b + c)P) + (-(b + c)P) - 2(O).
Furthermore fn satisfies the initial condition f1 = h1/h2, where h1 is the line passing
through P + R and -(P + R), (h1)= (P + R) + (-(P + R)) - 2(O), h2 the line passing
through P and R, (h2) = (P) + (R) + (-(P + R)) - 3(O).
Dynamic group threshold signature based on derandomized Weil pairing computation
187
Let C(fb(AQ) , fc(AQ) , bP, cP) denote the right-hand side of equation 1. Write n in
the binary representation with the digits aj ( a m =1). The above considerations lead to
the following Miller's algorithm:
Algorithm 5.1 (V. Miller)
INPUT: P, Q ∈ E[n], R, S ∈ E
OUTPUT: fP(AQ)
Let g := f1(AQ) , f := g, Z := P
For j = m - 1 to 0 do
Let f := C(f, f, Z, Z), Z := 2Z
If aj = 1 then let f := C(f, g, Z, P), Z := Z + P
Return f
It can be easily shown that Miller's algorithm succeeds with “high probability” for
a “random” choice of R, S. Our idea of its derandomization depends on setting R := P,
S := Q and checking whether supports of the appropriate functions intersect nontrivially.
Suppose for example that supp (fb) ∩ supp AQ ≠ ∅ for some b involved in Miller's
algorithm and that 2 | n. Then one of the following conditions is satisfied:
1. 2P = 2Q, that is 2(P - Q) = O. This implies P = Q (since 2 | n) and e(P, Q) = 1.
2. P = Q or P = 2Q. This forces e(P, Q) = 1.
3. Q = 2P or Q = bP or Q = O. This implies e(P, Q) = 1.
4. 2Q = O which gives again Q = O (as 2 | n).
5. bP = 2Q . There exist x, y ∈ Z such that 2x + ny = 1. We have Q = (2x + ny)Q =
x(2Q) + y(nQ) = xbP and e(P, Q) = 1.
This leads to the following algorithm:
Algorithm 5.2 (deterministic version of Miller's algorithm)
INPUT: P, Q ∈ E[n]
OUTPUT: or a relation between P and Q proving that e(P, Q) = ±1
Let R1 := {2P = 2Q, 2P = Q, -2P = 2Q, -2P = Q, O = 2Q, O = Q, P = 2Q, P = Q},
R2 := {Z = 2Q, Z = Q, -2Z = 2Q, -2Z = Q, 2Z = 2Q, 2Z = Q},
R3 := {Z = 2Q, Z = Q, -(Z + P) = 2Q, -(Z + P) = Q, Z + P = 2Q, Z + P = Q}
If a relation in R1 is satisfied then return this relation
Let g := f1(AQ) , f := g, Z := P, b := 1
For j = m - 1 to 0 do
If a relation in R2 is satisfied then return this relation with Z = bP
Let f := C(f, f, Z, Z), Z := 2Z, b := 2b
If aj = 1 then
If a relation in R3 is satisfied then return this relation with Z = bP
Let f := C(f, g, Z, P), Z := Z + P, b := b + 1
Return f
188
Jacek Pomykała, Bartosz Źrałek
Note that the algorithm has to check only a “small” number of equalities. Moreover,
if 2 | n, it always outputs fP(AQ) or a relation between P and Q proving that
e(P, Q) = 1.
6. The protocol
6.1. Distribution phase
1. The dealer D executing the algorithm Keygen, generates the bilinear structure
(G1, G2, ê, P) as in section 3, together with a secure hash function H: {0, 1}* → G1.
Moreover he chooses L and the initial value of the threshold size t.
2. Using the public algorithm, D splits the set G into disjoint classes C1, …, Ct such
n
that the following condition holds: card Ci = + θi, |θi | ≤ 1, for every i. He publishes
t
the list of pairs (ID, Ci).
3. D generates at random the group secret s∈Zq, chooses randomly the shares s1, s2,
t −1
..., st-1 and computes st = s − ∑ i=1 si and the verification keys s1P, ..., stP. He sends the
shares by the secure channels to the corresponding group members and divulges the list
of pairs (Ci, siP).
4. D destroys all the computed values and quits the system.
6.2. Threshold increasing phase
1. If some initial class Ci (with the attached secret value si) should be split to
increase the threshold size by an integer l, l ≤ L-1, then the first initializer from Ci starts
the algorithm Threshold increase. He is therefore responsible for
(a) Splitting Ci into disjoint classes Ci, 1, …, Ci, l+1 as in step 2 of the
distribution phase, with obvious modifications. The initializer publishes all the
corresponding pairs (ID, Ci, j).
(b) Via the secure point-to-point channels, distributing new shares uj to each
member of the corresponding Ci, j, j=1, …, l+1, and asking every user from a
fixed class C', chosen among Cm or Cm, 1 for some m≠i, to add si-u1-...-ul+1 to his
share. The initializer publishes all the pairs (Ci, j, ujP) and the pair (C', s'P+(si-u1...-ul+1)P), where s'P is the public key of C'.
2. Every action in (a) and (b) taken above by the current initializer must be
approved (via the public board) by at least t players from the corresponding class (Ci, Ci,
1, …, Ci, l+1 or C'). If not then the next initializer from Ci executes the Threshold
increase algorithm.
6.3. Joining phase
1. If a new user requests through the public board to join a class Ci, j, j≠1, then each
member of Ci, 1 checks whether the limit a for players addition has not been exhausted in
Ci, j. Either at least t confirmations coming from Ci, 1 are collected and the corresponding
new pair (ID, Ci, j) is published, or the request is rejected.
Dynamic group threshold signature based on derandomized Weil pairing computation
189
2. The new member asks for the secret share from the corresponding class via a
secure channel and verifies that the received private key matches with the public key
from the public board.
6.4. Signing and verification phase
1. Given any message m the members apply the algorithm Sign having as input m
and the corresponding shares si and as output the corresponding partial signature σi.
2. Any group member can check the validity of the partial signatures and combine
the first t valid partial signatures using the algorithm Check-combine.
3. Any user can verify the final signature using the algorithm Verify.
7. The algorithms
The threshold flexible signature scheme (in the dynamic group) is a 5-tuple:
TFSS=(Keygen, Threshold increase, Sign, Check-combine, Verify).
Algorithm 1. Keygen(1κ)
B ← (G1, G2, ê, P), ord P = q
return B
Algorithm 2. Threshold increase(t, l, C, Ci, C')
u1, ..., ul+1 ←random Zq*
u0 ← u1+...+ul+1 mod q
s' ← s' + (si - u0) (the members of C', who were given the value si - u0, add it to their
share)
Kj ← new class, j=1, …, l+1
uj ← new share for Kj, j=1, …, l+1
C ← (C \{Ci})∪(K1∪…∪Kl+1)
return (t + l, C )
Algorithm 3. Sign(M, s(ID))
parse M as (m, t)
σID ← s(ID)H(m||t)
return (M, σID)
Algorithm 4. Check-combine(M, σ1, …, σt)
parse M as (m, t)
for i=1, …, t do
r ← (P, siP, H(m||t), σi) = DH ?
if r=0 then reject
σ ← σ1 +…+ σt
return σ
190
Jacek Pomykała, Bartosz Źrałek
Algorithm 5. Verify(M, σ)
parse M as (m, t)
return (P, sP, H(m||t), σ) = DH ?
8. Correctness and security discussion
8.1. Correctness
Recall that (P, aP, bP, cP) is a Diffie-Hellman tuple if and only if ê(aP, bP)= ê(P,
cP). This is a direct consequence of the bilinearity of ê and fact 4.1. Moreover, σi =
siH(m||t) if and only if (P, siP, H(m||t), σi) is a Diffie-Hellman tuple. The correctness of
Check-combine follows. The algorithm Verify is also correct; if (P, siP, H(m||t), σi) is
a Diffie-Hellman tuple for every i then so is (P, sP, H(m||t), σ).
8.2. Robustness
We will prove that the system of confirmations described in 4.1.2 and 4.1.3 allows a
coalition of honest players to permit legal actions and at the same time prevents a
coalition of corrupted players from validating illegal ones.
Consider in the first place the case when an initializer proposes a splitting of Ci into
Ci, 1, …, Ci, l+1. On the one hand, there are, by (1), at most t-1 corrupted players in Ci.
Therefore the corrupted users alone cannot validate the splitting. On the other hand, if
the splitting is proper, it will be permitted by the honest members of Ci. Indeed, still
n
7
from (1), there are at least - 1 - (t - 1) ≥ t of the honest ones.
2
2
Suppose that the splitting is proper and has been accepted. The initializer now
distributes new shares to the players of Ci, 1, …, Ci, l+1 and a correcting additive term to
the members of C' (cf. step 1b from the threshold increasing phase). We deal with the
case when confirmations are coming from a class Ci, j, j fixed. When members of C'
report confirmations then the argument is similar if C' = Cm, 1 and as above if C' = Cm
(m≠i). As previously, the corrupted players of Ci, j cannot validate the initializer's action.
It remains to show that Ci, j contains at least t honest users, which boils down to
n
1
−
−1.
justifying the inequality card Ci, j ≥ 2t-1. We have card Ci, j ≥
t ( l + 1) l + 1
Therefore it is enough to prove that 2t +
1
n
≤
. This in turn is a direct
l + 1 t ( l + 1)
consequence of (1). The following should be observed: even if the initializer acts in
such a way that exactly t confirmations from Ci, j are reported, no honest player of Ci, j
will be left aside in the game. At least one honest member of Ci, j had to receive the
corresponding correct private share from the initializer. This honest user can send it (via
the secure point-to-point channels) to the players of Ci, j who would have obtained the
incorrect share.
Dynamic group threshold signature based on derandomized Weil pairing computation
191
Finally, we must show that the last word on whether to add new users to some Ci, j,
j≠1, in the joining phase belongs to the honest members of Ci, 1. This follows from the
above, for new users cannot join Ci, 1 and, as has been already proved, card Ci, 1 ≥ 2t-1.
Note that we have shown in particular that every class contains at least one honest
player; there is thus always enough honest users to issue a correct combined signature.
8.3. Unforgeability
We first show that the corrupted players do not control, at any time, all the secret
shares and therefore cannot reconstruct the group secret. The proof is by induction on
the number of successful Threshold increase operations followed by additions of new
members.
Originally the dealer creates t classes. By (1), t exceeds the number of corrupted
players. There is thus at least one class containing only honest players, hence at least
one secure secret share.
Now assume that after some number of initial class splittings followed by new players additions the system is secure; it consists of the classes C1', …, Cr' with the corresponding secret shares s1', …, sr' and there are at most r-1 corrupted players. Suppose
that an initial class Ci' is split into K1, …, Kl+1 and the threshold size increased by calling
Threshold increase(r, l, C, Ci', Cj'). We can also suppose that the members of the split
Ci' are all honest. In the contrary case there is no corrupted player among the members
of some class Cm', m≠i. Then the secret share sm' (or sm' + ( si'-u1-...-ul+1) if m=j) is secure. Consider the situation when new users are added to K2, …, Kl+1. There is no loss of
generality in assuming that these new players, as well as some player of Cj' are corrupted. The class K1 has only honest members. Then the corrupted players cannot compute its secret u1. Indeed, their knowledge about u1 is nothing but a system of l+1
equations (they know the numbers si'-u1-...-ul+1, u2, ..., ul+1) in l+2 unknowns: u1, ..., ul+1
and si'. u1, ..., ul+1 are random, as every user from Ci', in particular the initializer who
distributed the new shares, is honest by assumption. si' is also random, because it is
derived from a random number generated by the honest dealer and unknown to the
corrupted players. Consequently, the system is still secure. It remains to prove that the
signature scheme itself is secure. The security of each partial signature against existential forgery on adaptive chosen-message attack follows from theorem 3.2 of [4] - an
adversary who could forge a partial signature with non-negligible probability could also
solve the C-DH problem in G1 with non-negligible probability. For the security of the
combined signature let us consider the worst case when the adversary possesses the
secret shares s1, …, st-1, but doesn't know the remaining secret share st. Suppose that he
can forge a combined signature sH(m||t) of some chosen message m. Then he can forge
the partial signature (s-s1-…-st-1)H(m||t) of m on behalf of the class with the secret share
s-s1-…-st-1 = st. This number, however, is random from the adversary's point of view.
We are thus led to a contradiction with the security of the partial signatures justified
above.
192
Jacek Pomykała, Bartosz Źrałek
9. Final remarks
In the paper we have proposed the model and security analysis of the threshold flexible signature scheme based on the derandomized Weil pairing computation. The solution has a nice property: the length of the corresponding secret shares and verification
keys depends neither on the group cardinality nor the threshold level. We proved that
the signature scheme is robust and unforgeable in the random oracle model provided the
C-DH problem is intractable. For the clarity of presentation we have considered in details only the most important case when each class is to be split only once. However this
obstruction can be easily overcome when decreasing suitably the bound for the threshold level. Finally let us also remark that by the suitable changes in the protocol we
can extend the model for more general case with the inequality k+h ≤ t, where h points
out the least number of the honest members needed to participate in signing.
References
[1] Blakley G. R. Safeguarding cryptographic keys, AFIPS Conference Proceedings,
48, 1979, 313-317.
[2] Boldyreva A. Threshold signatures, multisignatures and blind signatures based on
the Gap-Diffie-Hellman-Group signature scheme, LNCS 2567, 2003.
[3] Boneh D., Franklin M. Identity-based encryption from the Weil Pairing, Proc.
Crypto, LNCS 2139, 2001, 213-229.
[4] Boneh D., Lynn B., Shacham H. Short Signatures from the Weil Pairing, J. Cryptology 17(4), 2004, 297-319.
[5] Desmedt Y. Society and group oriented cryptography: a new concept. In: Crypto'87, LNCS 293, 120-127, Springer-Verlag, 1988.
[6] Desmedt Y., Frankel Y.Threshold cryptosystems, In: Crypto'89, LNCS 435, 307315, Springer-Verlag, 1990.
[7] Ghodosi H., Pieprzyk J., Safavi-Naini R. Dynamic Threshold Cryptosystems: A
New Scheme in Group Oriented Cryptography, Proceedings of PRAGOCRYPT '96
-- International Conference on the Theory and Applications of Cryptology (J.
Pribyl, ed.), Prague, CTU Publishing house, 1996, 370-379.
[8] Joux A. A one-round for tripartite Diffie-Hellman, Proceedings of ANTS IV,
LNCS vol. 1838 (2000), 385-394.
[9] Miller V. Short programs for functions on curves, unpublished manuscript, 1986.
[10] Menezes A., Okamoto T., Vanstone S., Reducing elliptic curve logarithms to logarithms in a finite field, IEEE Transactions on Information Theory, 39, 1993, 16391646.
[11] Nakielski B., Pomykała J. A., Pomykała J. M. A model of multi-threshold signature
scheme, Journal of Telecommunications and Information Technology, 1, 2008, 5155.
[12] Pietro R. Di, Mancini L. V., Zanin G. Efficient and Adaptive Threshold Signatures
for Ad hoc networks, Electronic Notes in Theoretical Computer Science, 171,2007,
93-105.
[13] Pomykała J., Warchoł T. Threshold signatures in dynamic groups, Proceedings of
FGCN, Jeju Island, Korea, IEEE Computer Society, 2007, 32-37.
Dynamic group threshold signature based on derandomized Weil pairing computation
193
[14] B. Nakielski B, Pomykała J., Simple dynamic threshold decryption based on CRT
and RSA, submitted.
[15] Rivest L., Shamir A., Adleman L. M. A Method for Obtaining Digital Signatures
and Public-Key Cryptosystems, Communications of the ACM 21(2), 1978, 120126.
[16] Shamir A. How to share a secret, Communications of the ACM, 22(1), 1979, 612613.
[17] Silverman J. H. The Arithmetic of Elliptic Curves, Springer, 1986.
[18] J. Pomykała, T. Warchoł, Dynamic multi-threshold signature without the trusted
dealer, International Journal of Multimedia and Ubiquitous Engineering, v. 3 no 3,
2008, 31-42.
[19] J. Pomykała, B. Źrałek, Threshold flexible signture in dynamic group, Proceedings
of 15-th International Multi-Conference ACS 15-17, Miedzyzdroje, 15-17 October
2008.
Determining the effective time intervals in the recurrent
processes of identification of dynamic systems
Orest Popov, Anna Barcz, Piotr Piela
Szczecin University of Technology,
Faculty of Computer Science and Information Technology
Abstract:
Using the mathematical models of dynamic objects in the simulation and modeling tasks
we must pay attention to quality and speed of creation of those models. Depending on the
amount of information about the considered object we can distinguish various tasks of
model creation. One of the way of create model is using the identification methods. In
case when we need the mathematical model of considered system while this system is
operating it is necessary to use the recurrent algorithms of identification. Length of
duration of the identification algorithm is specific a priori by the researcher. In the paper
the way of using the singular value decomposition (SVD) in the identification equation for
determining the effective time intervals of identification process is shown. It allows to
determine the time of ending the identification algorithm.
Keywords:
dynamics model, task of identification, singular value decomposition
1. The task of identification
Generally speaking, task of identification of real dynamic objects can be seen as a
problem of determining structure and defining parameters of their mathematical models.
Depending on the amount of information we can distinguish various tasks of identification [3]. It is one of the basic problems of modern theory of systems to determine structure and parameters of real objects model. It is not possible to provide a high quality
simulation of behavior of some real objects and thus it is not possible to computer aided
controlling, without having a high quality mathematical model. Identification of nonlinear dynamic objects could be done in two ways. The first one relies on collecting right
amount of data and next carrying out the identification procedure (off-line identification). Such an organization of identification process is not effective for the sake of
speed of algorithm operating and causes that the model is available after end of whole
identification process. However, in many cases it is necessary to have a model of the
object available on-line while the object is in operation (on-line identification). The
recurrent method of identification has such a possibility. In these methods the evaluation of model parameters in given time of measurement is defined as an evaluation of
parameters in previous time plus a certain correction. One of methods of such a type is
the recurrent least squares method.
196
Orest Popov, Anna Barcz, Piotr Piela
Let assume that the identifiable dynamic object could be described by the linear mathematical model with the fixed parameters in form:
Xɺ = AX + BU ,
X ∈ Rn , U ∈ Rm
(1)
where X – vector of state variables, U – vector of control signals, A and B - unknowns
matrices with adequate dimension and with fixed coefficients.
Let assume, also, that we could measure X(t) and U(t) and it is possible to calculate
ɺ
X (t ) in each moment of time. Thus the identification equation of the matrices A and B
that is based on the least square method could be written in the known form [4]:
Cs Ps = Rs
(
where: Cs = Aˆ s
Bˆ s
)
(2)
– the matrix of the evaluations of matrices A and B elements,
s
s
Xj
Rs = ∑ ( Xɺ j Z j T ) , Ps = ∑ Z j Z j T , Z j =   , s – amount of measure points. Let emj =1
j =1
U j 
phasize that the dimension of matrices has form: dim C = n × ( n + m ) ,
dim Ps = ( n + m ) × ( n + m ) , dim Rs = n × ( n + m ) .
If the condition rankPs = ( n + m ) is fulfilled the solution of identification equation
(2) is unambiguous and has the form:
Cs = Rs Ps−1
The same solution in recurrent form could be shown as [3, 4]:
Cs = Rs Ps−1 = ( Rs −1 + Xɺ s Z sT ) ⋅ ( Ps−−11 − K s Ps−−11 Z s Z sT Ps−−11 )
where: s – number of next measurement, K s =
(3)
1
.
1 + Z Ps−−11 Z s
T
s
To use the recurrent algorithms, initial values of R0 and P0−1 for their start-up are
required. Usually R0 is matrices of zeros with ( n × ( n + m ) ) dimensionality, however
P0−1 is the diagonal matrix with
(( n + m ) × ( n + m ))
dimensionality and the elements
form the diagonal are from range (100 ÷ 106 ) [1].
2. Singular value decomposition in identification tasks
It is known that any rectangular real numerical matrix W of the size ( n × p ) can be
presented as the singular value decomposition in form [2]:
W = Q ⋅ M ⋅ RT
(4)
Determining the effective time intervals in the recurrent processes of identification…
197
where Q and R – orthogonal matrices of dimensionality ( n × n ) and ( p × p ) accordingly. If n < p the rectangular matrix M is in the special form:
 µ1 0 0

M = 0 ⋯ 0
0 0 µ
n

0
0

0 ⋯ 0
0
0 
(5)
Size of matrix M is equal ( n × p ) . The nonnegative elements from this matrix
{µ1 , µ2 ,…, µn }
are the singular values of the matrix W. They are located decreasing
order, that is
µ1 ≥ µ2 ≥ ⋯ ≥ µn > 0 .
(6)
Singular value decomposition could be used for the real matrix Ps−1 in identification
equation (3). This matrix is calculated for each measurement during operating the identification algorithm:
Ps−1 = Gs ⋅ Τ s ⋅ H sT
(7)
where Gs and H s – orthogonal matrices with suitable dimensionality, matrix Ts is
constructed in the same way as matrix M.
Let introduce the quantity that is an inverse to spectral condition number of a matrix
Ts [5, 6]:
∆
ξ=
τ
1
= n .
Cond 2(Ts ) τ 1
(8)
The quantity ξ is a convenient quantitative measure of informative density of identification process as shown in [7] and it can be using for determining the stop time of
the identification process. In fact the most efficient part of identification process is the
section of time in which the index of informative density ξ of a process is rising. The
dξ
= max is meeting, determines the end of the efficient
dt
part of identification process. The continuation of the identification processes in minimal extent influence the results that had been achieved in advance.
moment, when the condition
3. Determining stop time of recurrent identification algorithm with
using the singular value decomposition in the identification
equation – the example
The application of singular value decomposition in the identification tasks will be
demonstrated on an example of fourth order system with one control signal. It can be a
system spring-pendulum presented in a figure 1.
198
Orest Popov, Anna Barcz, Piotr Piela
Figure 1. System spring-pendulum
pendulum
Consider a model of spring-pendulum
pendulum system that is characterized, under some conco
ditions, by the set of nonlinear differential equations:
(
(
)
)
)
(
(

M + m sin 2 ϕ ɺɺ
z = u (t ) − c ⋅ z − k + k sin 2 ϕ zɺ + + m sin ϕ l ⋅ϕ 2 + g cosϕ

1 2

ml 2 M + m sin 2 ϕ ϕɺɺ = − ml cos ϕ ⋅ u (t ) + ml cos ϕ ⋅ c ⋅ z +



+l cos ϕ mk − Mk zɺ − k l 2 M + m sin 2 ϕ ϕɺ +

1
2
2

− ( M + m ) mgl sin ϕ − m 2l 2 sin ϕ cos ϕ ⋅ϕɺ 2

(
)
)
(
)
(9)
where: M – mass of block, m – mass of pendulum, l – length of pendulum, z – displacement of block from the point of balance, ϕ – displacement of pendulum from the
point of balance, u – control signal, g – acceleration of gravity, c – constant of spring,
k1 – friction coefficient of block, k2 – friction coefficient of pendulum.
As a result of using the linearization of the object model for selected point of state
space the object (9) could be described as a linear model with fixed parameters
parame
in form
(1).
Additionally for simplification let assume that U (t ) = 0 then the identification will
be applied to parameters of linear homogeneous model in form:
Xɺ = AX ,
X ∈ R4 ,
(10)
where X – vector of state variables X = ( z ϕ zɺ ϕɺ ) , A – matrix of unknown
parameters.
The measurement data necessary in identification were obtained as a result of simusim
lation the nonlinear model (9) for fixed initial conditions. The identification experiment
lasts for a 20 sec. The measurements were done each 0.01 second. After identification
on basis of the recurrent least squares method, the matrix A has been obtained in the
following form:
T
Determining the effective time intervals in the recurrent processes of identification…
 0.0020

-0.0022
A=
 -0.2002

 0.2006
0.0001 

0.1073 0.0186 1.0187 
1.2227 -0.0490 -0.0130 

-11.2083 -1.9859 -1.9249 
-0.0120
199
1.0006
(11)
The eigenvalues of matrix A are equal:
 -0.1403

 -0.1403
 - 0.7920

 - 0.7920
+ 0.4064i 

− 0.4064i 
.
+ 3.1925i 

− 3.1925i 
In figure 2 and 3 the tracks of the state variables of nonlinear model and the tracks
of the state variables of model after identification are shown. After analysis of both
graphs it follows that the linear model (10) with parameters (11) quite good describes
the behavior of given object.
Figure 2. The track of the state variable z of nonlinear model and the track of the state variable of
the model after identification
After each measurement in the identification process the equation (3) is solved, and
what follows the matrix Ps−1 is calculated. The singular value decomposition is done
and the coefficient ξ is calculated on the basis of equation (8). In figure 4 the track of
the coefficient ξ is shown. The analysis of speed of changes this coefficient (figure 5)
allows to determine the time when the speed of changes has maximum value. The next
identification experiment was conducted for the same initial condition as in previous
experiment and lasts for a 2.44 seconds. The time was determined on the basis of time
of appearance the maximum value of speed of coefficient changes.
200
Orest Popov, Anna Barcz, Piotr Piela
Figure 3. The track of the state variable φ of nonlinear model and the track of the state variable of
the model after identification
Figure 4. The track of coefficient ξ
Figure 5. The track of speed of change of coefficient ξ
Determining the effective time intervals in the recurrent processes of identification…
201
As a result of identification we obtain matrix A1 in form:
 0.0021

-0.0028
A1 = 
 -0.2006

 0.2034
0.0002 

0.1067
0.0140 1.0175 
1.2223 -0.0521 -0.0139 

-11.2057 -1.9665 -1.9198 
-0.0119
1.0009
The eigenvalues of matrix A1 are equal
 - 0.1412

 - 0.1412
 - 0.7903

 - 0.7903
+ 0.4063i 

− 0.4063i 
+ 3.1918i 

− 3.1918i 
and they almost do not differ from the eigenvalues of matrix A. In spite of cut the time
of identification experiment down, the tracks of state variables of model Xɺ = A1 X do
not differ from the tracks of state variables of models Xɺ = AX for the same initial
conditions. It follows that the time of appearance the maximum value of speed of
changes of coefficient ξ determines the stop time of the identification experiment,
which fundamentally influences time and number of necessary calculations.
4. Summary
There are many publications that concerned the recurrent algorithms of identification, but they do not touch on the problem of automatic determining the stop time of the
identification process. In presented paper authors show the possibility of automatic
determining the stop time of identification process with using the singular value decomposition. The results of such task allow to create efficient algorithms of identification in
real time. Presented material poses the outline and point at direction for further research
connected with problem of automatic determining the stop time of recurrent algorithm
of identification.
References
[1] Bielińska E., Finger J., Kasprzyk J., Jegierski T., Ogonowski Z., Pawełczyk M.
Identification of process, Wydawnictwo Politechniki Śląskiej, Gliwice, 2002 (in
polish).
[2] Kiełbasinski A., Schwetlick H. Numerical linear algebra. Introduction to numerical computation. Second edition. Wydawnictwa Naukowo Techniczne, Warszawa,
1992 (in polish).
[3] Ljung L. System Identification Theory for the User. Prentice Hall PTR, Upper Saddle River, New York, 1999.
[4] Popov O. Elements of systems theory – dynamic systems. Wydawnictwo Uczelniane Politechniki Szczecińskiej, Szczecin 2005 (in polish).
202
Orest Popov, Anna Barcz, Piotr Piela
[5] Popov O. Investigation of structural qualities and informative density of dynamic
processes. The method of quantitative estimations. International Conference of
Control Problems, IPU, Moscow, 1999.
[6] Popov O., Tretyakov A. Structural properties and informative density of dynamic
processes: The method of quantitative estimation at the control, management and
identification problems. Proceedings of the 5th International Conference Advanced
Computer Systems, part II, p. 216 – 224, Szczecin, 1998.
[7] Popov O., Tretyakov A., Quantitative measures of systems structural qualities in
control, management and identification problems. Proceedings of Workshop on
European Scientific and Industrial Collaboration WESIC’99, Newport, 1999.
Infrastruktura zarządzania uprawnieniami
wykorzystująca kontrolę dostępu opartą na rolach
zintegrowaną z jądrem systemu operacyjnego
Michał Słonina, Imed El Fray
Politechnika Szczecińska, Wydział Informatyki
Abstract:
Interconnectivity of computers in network environments increases the risk of security
breach in distributed computer systems. In many system architectures security is provided
only in application space. This paper proposes an operating system enforced access
control policy where Role Based Access Control and Privilege Management
Infrastructure(PMI) based on X.509 attribute certificates are integrated into the
operating system kernel. The resulting architecture tries to leverage the cost of
maintaining the security policy by providing an easy way for managing security role
assignments to users of the system.
Keywords:
UNIX, RBAC, PKI, PMI
1. Wprowadzenie
Kontrola dostępu [1,2,3,4,5] jest integralną częścią wszystkich popularnych systemów operacyjnych. Kontrola dostępu opierająca się na rolach RBAC [6][7] stała się
standardowym mechanizmem wykorzystywanym w wielu architekturach systemów
informatycznych przedsiębiorstw. W dzisiejszych systemach informatycznych bardzo
często kontrola dostępu wykorzystuje infrastrukturę klucza publicznego do weryfikacji
toŜsamości podmiotu w systemie, jak i infrastruktury zarządzania uprawnieniami w celu
dynamicznego zarządzania jego uprawnieniami. Projekty takie jak PERMIS[8][9],
PRIMA[10] zapewniają narzędzia integrujące kontrole dostępu RBAC z infrastrukturą
PKI i PMI. Systemy te realizują jednak kontrolę dostępu jedynie na poziomie warstwy
aplikacji.
Problem z bezpieczeństwem na poziomie warstwy aplikacji wynika ze skomplikowanej natury dzisiejszych systemów operacyjnych jak i zawiłości środowiska na którym
kod aplikacji jest wykonywany. W przypadku kontroli dostępu na poziomie warstwy
aplikacji błąd w kodzie programu który z pozoru nie jest krytyczny z punktu widzenia
bezpieczeństwa (np. w bibliotece ładującej obrazki) umoŜliwia nam całkowite obejście
mechanizmu bezpieczeństwa zaimplementowanego w aplikacji.
JeŜeli system operacyjny wykonujący aplikację nie jest chroniony dodatkowo przez
restrykcyjną politykę dostępu MAC istnieje duŜe prawdopodobieństwo wycieku informacji. Skompromitowany system moŜe być uŜyty jako wektor dalszego ataku na cały
system informatyczny.
204
Michał Słonina, Imed El Fray
W [11] badacze dowodzą, Ŝe zagroŜenia stwarzane nowoczesnym środowiskom
komputerowym nie mogą zostać zniwelowane bez wsparcia ze strony systemu operacyjnego i zachęcają do dalszych badań na tym polu.
Większość z dzisiejszych systemów operacyjnych wspiera kontrolę dostępu RBAC
wykorzystującą role. W szczególności w systemach o otwartych źródłach jądra systemu
istnieje wiele łatek wspierających taki mechanizm kontroli dostępu. W systemach tych
brakuje jednak integracji mechanizmów kontroli bezpieczeństwa z architekturą PMI.
W tym artykule podejmujemy próbę integracji mechanizmów kontroli bezpieczeństwa z architekturą PMI (architektura modułu kontroli dostępu bazującego na rolach
RBAC umoŜliwiającego integrację infrastruktury klucza publicznego PKI i infrastruktury zarządzania uprawnieniami PMI z jądrem systemu w oparciu o standardy PKI [12]
i PMI [13]) i próbujemy wyjaśnić dlaczego taka integracja jest potrzebna oraz jakie są
jej zalety.
2. Wymagania architektury systemu
2.1. Infrastruktura zarządzania uprawnieniami PMI
Infrastruktura zarządzania uprawnieniami PMI jest rozszerzeniem infrastruktury
klucza publicznego PKI. PMI umoŜliwia przypisanie dowolnych atrybutów uŜytkownikom infrastruktury klucza publicznego PKI poprzez wykorzystanie certyfikatów atrybutów. W infrastrukturze PKI dokument który wiąŜe klucz publiczny z toŜsamością
właściciela nazywa się certyfikatem klucza publicznego PKC (Public Key Certificate).
W infrastrukturze PMI dokumentem jest certyfikat atrybutów AC (Attribute Certificate)
który wiąŜe atrybut z toŜsamością. Atrybutem tym moŜe być np. przypisanie jakiejś roli
w systemie lub przydzielenie konkretnego prawa dostępu.
Certyfikaty atrybutów są potrzebne poniewaŜ:
 AC nie musi zawierać informacji o kluczu publicznym właściciela tak jak certyfikat
PKC,
 okres waŜności przypisania atrybutu przez AC jest zazwyczaj znacznie krótszy niŜ
okres przypisania klucza publicznego do toŜsamości przez certyfikat PKC,
 uniewaŜnienie AC nie wymaga uniewaŜnienia PKC,
 rozdział obowiązków/toŜsamość uŜytkownika jest uznawana przez inny urząd niŜ
urząd wydający uprawnienia. NaleŜy zwrócić tutaj uwagę Ŝe moŜe istnieć kilka
urzędów atrybutów, z których kaŜdy ma uprawnienia do nadawania innego zestawu
atrybutów, co bardzo często spotykane jest w róŜnego rodzaju organizacjach.
Certyfikaty atrybutów pozwalają nam w łatwy sposób zarządzać przypisaniami ról
do uŜytkowników. Połączenie infrastruktury PMI z kontrolą dostępu z wykorzystaniem
ról RBAC wymaga dobrze zdefiniowanego punktu kontroli uprawnień PVS (Privilege
Verification Subsystem). PVS jest odpowiedzialny za weryfikację toŜsamości oraz
autoryzację uŜytkownika do wykonywania czynności, zawartych w polityce bezpieczeństwa, związanych z rolą nadaną przez urząd atrybutów w certyfikacie atrybutów
AC. PVS weryfikuje równieŜ czy przypisanie roli zgodne jest z polityką przyznawania
ról.
Infrastruktura zarządzania uprawnieniami wykorzystująca kontrolę dostępu…
205
2.2. Wymagania systemu operacyjnego
System operacyjny jest szerokim pojęciem które definiuje oprogramowanie odpowiedzialne za zarządzanie, współdzielenie i alokację zasobów. Większość z dzisiejszych systemów ogólnego przeznaczenia (NT,*BSD,Linux,Solaris) bazuje na fundamentach stworzonych przez system operacyjny UNIX.
KaŜdy z tych systemów posiada następujące koncepcje:
 UID (User Identifier) - identyfikator uŜytkownika w systemie,
 PID (Process Identifier) - identyfikator procesu,
 hierarchię systemu plików - dla uproszczenia modelu załóŜmy, Ŝe wszystkie obiekty
podlegające kontroli dostępu znajdują się w hierarchii systemu plików.
Aby wspierać model PMI RBAC system operacyjny musi posiadać dodatkowo:
 koncepcję identyfikatora sesji SID - identyfikator sesji jest numerem przypisanym
do procesu który reprezentuje sesję uŜytkownika powstałą po jego zalogowaniu do
systemu. Identyfikator sesji moŜe zostać zmieniony tylko poprzez kolejne zalogowanie się. Procesy potomne dziedziczą identyfikator sesji rodziców. System powinien posiadać domyślną sesję dla procesów systemowych, które nie są związane
z Ŝadną rzeczywistą toŜsamością uŜytkownika,
 koncepcję ról - role są abstrakcyjnym pojęciem reprezentującym zbiór pewnych
uprawnień,
 przypisanie ról - funkcja przyporządkowująca identyfikator sesji do ról, przypisanie
roli moŜe zawierać ograniczenia (np. okresu waŜności przypisania) oraz identyfikator certyfikatu atrybutów który został uŜyty w procesie autoryzacji uŜytkownika do
roli,
 przypisanie toŜsamości uŜytkownika do sesji,
 przypisanie UID do toŜsamości X.509.
Tradycyjnie systemy UNIX wspierały tylko model uznaniowej kontroli dostępu
DAC [14] w którym nie było koncepcji ról. ToŜsamość uŜytkownika w systemie UNIX
jest w wysokim stopniu abstrakcyjną koncepcją, która nie jest związana w Ŝaden formalny sposób z prawdziwą toŜsamością uŜytkownika systemu. Najlepszym przykładem
ilustrującym problem jest uŜytkownik root. Nie tylko nie posiada toŜsamości ale
w implementowanych mechanizmach DAC posiada dostęp do wszystkich zasobów
systemu.
Kontrola dostępu DAC jest do tego stopnia zintegrowana z systemem UNIX, Ŝe nie
ma moŜliwości zastąpienia jej przez zupełnie nowy model. Integracja modelu kontroli
dostępu bazująca na PMI/RBAC z systemem UNIX tworzy pewien dysonans związany
z róŜnym znaczeniem toŜsamości w systemie DAC i PMI/RBAC. W modelu DAC
zachowane musi zostać stare znaczenie toŜsamości znane z systemu UNIX, natomiast
model PMI/RBAC musi stworzyć kolejną warstwę systemu kontroli dostępu, w tym
wypadku uznaniowego, w którym toŜsamość uŜytkownika systemu jest związana z jego
prawdziwą toŜsamością. Z tego powodu podsystemy DAC i MAC kontroli dostępu
powinny być traktowane jako osobne koncepcje.
2.2.1. Koncepcja integracji modelu PMI z systemem operacyjnym
Model PMI/RBAC jest abstrakcją wyŜszego poziomu której celem jest bardziej bezpośrednia kontrola nad dostępem uŜytkownika do zasobów systemu. Aby obejść pro-
206
Michał Słonina, Imed El Fray
blem pewnej niekompatybilności związanej z toŜsamością w obu modelach, architektura systemu bezpieczeństwa musi zawierać funkcję odwzorowującą prawdziwą toŜsamość uŜytkownika na jego UID. Zbiorem wartości tej funkcji będą tylko numery UID
które są przypisane do konkretnej prawdziwej toŜsamości uŜytkownika. Z kolei śledzenie sesji poprzez wprowadzenie numeru SID pozwala na autoryzację uŜytkownika do
konkretnych ról tylko w danej sesji. Takie podejście pozwala na prostsze zarządzanie
wymaganym w danej chwili zbiorem uprawnień oraz umoŜliwia dziedziczenie uprawnień przez procesy w systemie.
Wprowadzenie SID pozwala takŜe na wykorzystywanie przez uŜytkownika systemu
zakazanych kombinacji ról, o ile role te są wykorzystywane w innych sesjach. Przypisanie ról łączy koncepcje SID i ról. Przypisanie ról powinno zawierać identyfikator certyfikatu atrybutów który został uŜyty przy autoryzacji do roli, okres waŜności oraz inne
ograniczenia w nim zawarte. Identyfikator certyfikatu atrybutów jest wymagany aby
umoŜliwić implementację mechanizmu uniewaŜnienia certyfikatów. System operacyjny
po stwierdzeniu uniewaŜnienia certyfikatu moŜe odwołać przypisania ról istniejących
w systemie związanych z danym certyfikatem uŜywając identyfikatora certyfikatu.
Potrzeba zawarcia informacji o okresie waŜności w przypisaniu roli podyktowana jest
samą naturą certyfikatu atrybutów. Certyfikat atrybutów z definicji jak opisaliśmy wyŜej jest certyfikatem o krótkim okresie waŜności. Dodatkowe ograniczenia czasowe
mogą wynikać z zastosowań systemu w rzeczywistości (np. lekarz powinien mieć moŜliwość dostępu do danych pacjentów tylko w czasie pracy ).
2.3. Kontrola dostępu oparta na rolach
Wymagania podsystemu RBAC (wymagania podyktowane są cechami infrastruktury PMI, systemu operacyjnego oraz uŜyteczności w środowiskach produkcyjnych):
 hierarchiczny model RBAC z ograniczeniami - jest najbardziej zaawansowanym
formalnym modelem kontroli dostępu przy pomocy ról zdefiniowanym w [15],
 tymczasowa natura przypisania roli - natura przypisania roli jest dynamiczna poniewaŜ okres waŜności przypisania roli jest sprecyzowany w certyfikacie atrybutów.
Przypisanie roli moŜe wygasnąć z powodu wygaśnięcia certyfikatu PKC, certyfikatu
atrybutów lub uniewaŜnienia któregokolwiek z nich. Model Temporal RBAC[16]
idealnie pasuje do tego scenariusza.
Wymóg tymczasowej natury przypisania roli, hierarchii i ograniczeń moŜna łatwo
zrozumieć poprzez spojrzenie na wymagania bezpieczeństwa w organizacjach. Hierarchizacja ról jest naturalnym rezultatem podziału w organizacji wynikającego z odpowiedzialności za dany aspekt jej działalności. Pozwala na odzwierciedlenie wewnętrznej
struktury organizacji w abstrakcyjnej hierarchii ról. Z kolei wymóg okresu waŜności roli
związany jest z przetwarzaniem certyfikatów. Sprawdzenie waŜności przypisania roli za
kaŜdym razem gdy uŜytkownik wymaga prawa z niej wynikającego byłoby kosztowne
obliczeniowo. Lepszym rozwiązaniem jest zapamiętanie przez system okresu waŜności
roli i porównywanie tego czasu z zegarem systemowym gdy dane uprawnienie jest
potrzebne.
Infrastruktura zarządzania uprawnieniami wykorzystująca kontrolę dostępu…
207
3. Implementacja systemu
Implementacja proponowanej architektury systemu moŜe być osiągnięta poprzez
modyfikację istniejącego systemu operacyjnego. Otwarte systemy operacyjne stanowią
idealną platformę do eksperymentów z róŜnymi architekturami bezpieczeństwa z powodu dostępności kodu i dokumentacji, a takŜe istnienia innych rozwiązań kontroli dostępu.
3.1. Komponenty architektury systemu
MoŜemy wyróŜnić następujące komponenty proponowanej architektury:
 jądro systemu bezpieczeństwa - składa się z punktu decyzyjnego uprawnień (PDP Permission Decision Point) oraz punktu egzekwowania uprawnień (PEP - Permission Enforcement Point),
 podsystem weryfikacji uprawnień - jest komponentem odpowiedzialnym za implementację logiki związanej z infrastrukturą PMI. Analizuje i weryfikuje certyfikaty
PKC i AC, a takŜe sprawdza ich poprawność pod kątem polityki bezpieczeństwa.
Jest to komponent działający w przestrzeni uŜytkownika,
 narzędzia przestrzeni uŜytkownika - są to narzędzia i biblioteki wykorzystywane do
zarządzania kontekstem bezpieczeństwa sesji (pozwalają na manipulację toŜsamością sesji oraz przypisaniem ról).
Separacja podsystemu PVS od jądra systemu bezpieczeństwa oraz komponentów
przestrzeni uŜytkownika jest potrzebna aby uniknąć ryzyka związanego z przetwarzaniem skomplikowanych struktur ASN.1 kodujących certyfikaty PKC i AC.
3.2. Podstawowe operacje w systemie
Aby wspierać model PMI RBAC system operacyjny musi udostępniać sposoby manipulacji toŜsamością sesji oraz przynaleŜnością do ról. Podstawowymi operacjami są:
 Ŝądanie_zmiany_toŜsamości (PKC) - Ŝądanie przyporządkowania toŜsamości do
sesji, certyfikat PKC zawiera informacje o toŜsamości którą chcemy przyporządkować danej sesji,
 Ŝądanie_przyznania_roli (AC) - Ŝądanie przypisania roli zawartej w certyfikacie
atrybutów AC do bieŜącej sesji. Właściciel certyfikatu atrybutów musi zgadzać się
z bieŜącą toŜsamością sesji,
 uniewaŜnij rolę (rola) - uniewaŜnia daną rolę w konkretnej sesji
Weryfikacja toŜsamości w proponowanym systemie PMI/RBAC powinna być koncepcją ortogonalną do tradycyjnej toŜsamości uŜytkownika reprezentowanej przez UID
w tradycyjnym systemie DAC, poniewaŜ zmiana UID w systemie UNIX oznacza czasami tylko zmianę w poziomie uprawnień, natomiast toŜsamość w modelu PMI/RBAC
jest ściśle związana z prawdziwą toŜsamością uŜytkownika (rysunek 1).
208
Michał Słonina, Imed El Fray
Rysunek 1. Określenie toŜsamości uŜytkownika w systemie
Aby ustalić toŜsamość sesji uŜytkownik podaje systemowi swój certyfikat PKC
a następnie potwierdza swoją toŜsamość w sposób określony w polityce bezpieczeństwa
(np. poprzez podanie hasła dostępu). PVS weryfikuje to potwierdzenie a takŜe waŜność
certyfikatu, po czym zwraca informacje o weryfikacji wraz z certyfikatem X.509 do
jądra systemu.
Z kolei autoryzacja roli (rysunek 2) dokonywana jest przez uŜytkownika poprzez
wskazanie odpowiedniego certyfikatu atrybutów systemowi operacyjnemu. Pole właściciela certyfikatu atrybutów musi zgadzać się z toŜsamością uŜytkownika który tworzy
Ŝądanie, a wystawca certyfikatu musi mieć prawo nadawania konkretnej roli w polityce
bezpieczeństwa. Rola i ograniczenia zawarte w certyfikacie determinują parametry
operacji przyznania roli. Certyfikat atrybutów jest weryfikowany i analizowany przez
PVS. PVS sprawdza waŜność certyfikatu, uzyskuje informację o przypisaniu roli, waŜności tego przypisania oraz jego ograniczeniach. PVS zwraca do jądra systemu informację o tym jaką rolę przypisać do danej toŜsamości, jaki był numer seryjny certyfikatu
atrybutów Ŝądania oraz jaki jest okres waŜności przypisania roli i jakie są ograniczenia.
Rysunek 2. Autoryzacja roli w systemie
Infrastruktura zarządzania uprawnieniami wykorzystująca kontrolę dostępu…
209
3.3. Korzyści wynikające z systemu
Podstawową zaletą proponowanego systemu jest zwiększone bezpieczeństwo kaŜdego komputera występującego w systemie informatycznym poprzez wprowadzenie
dodatkowej warstwy kontroli dostępu modelującej bezpośrednio w strukturę organizacji
w której jest wdraŜany poprzez zastosowanie infrastruktury PMI/RBAC. Kontrola dostępu jest bardzo silnie zintegrowana z jądrem systemu operacyjnego co istotnie zmniejsza podatność systemu na zagroŜenia wynikające z błędów w aplikacjach działających
w systemie. W najgorszym scenariuszu jeŜeli pokonane zostaną zabezpieczenia uŜytkownika aplikacji, to implementowany system MAC nie pozwoli na rozprzestrzenienie
się zniszczeń poza domenę określoną bieŜącymi uprawnieniami uŜytkownika w systemie.
4. Wnioski
Integracja kontroli dostępu PMI/RBAC z systemem operacyjnym daje wymierne korzyści zarówno w sferze bezpieczeństwa systemu jak i łatwości administracji. Implementacja takiego systemu wydaje się być moŜliwa wykorzystując szkielet LSM
systemu Linux oraz kryptograficzne narzędzia open source. Zdaniem autorów kolejnym
krokiem jest stworzenie takiego systemu oraz analiza jego stosowalności w świecie
rzeczywistym.
Bibliografia
[1] Lampson, B.: Protection. In: Proceedings of the 5th Annual Princeton Conference
on Information Sciences and Systems, Princeton University (1971) 437–443
[2] Bell, D., La Padula, L.: Secure Computer Systems: Mathematical Foundations
(Volume 1). Technical report, ESD-TR-73-278, Mitre Corporation (1973)
[3] Lipton, R., Snyder, L.: A Linear Time Algorithm for Deciding Subject Security.
Journal of the ACM (JACM) 24(3) (1977) 455–464
[4] Harrison, M., Ruzzo, W., Ullman, J.: Protection in operating systems. Communications of the ACM 19(8) (1976) 461–471
[5] Denning, D.: A Lattice Model of Secure Information Flow. Communications (1976)
[6] Ferraiolo, D., Kuhn, R.: Role-based access controls. In: 15th NIST-NCSC National
Computer Security Conference. (1992) 554–563
[7] Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, D., Chandramouli, R.: Proposed NIST
standard for role-based access control. ACM Transactions on Information and System Security (TISSEC) 4(3) (2001) 224–274
[8] Chadwick, D., Otenko, A., Ball, E.: Role-based access control with X. 509 attribute
certificates. Internet Computing, IEEE 7(2) (2003) 62–69
[9] Chadwick, D., Otenko, A.: The PERMIS X. 509 role based privilege management
infrastructure. Future Generation Computer Systems 19(2) (2003) 277–289
[10] Lorch, M., Adams, D., Kafura, D., Koneni, M., Rathi, A., Shah, S.: The PRIMA
system for privilege management, authorization and enforcement in grid environments. Grid Computing, 2003. Proceedings. Fourth International Workshop on
(2003) 109–116
210
Michał Słonina, Imed El Fray
[11] Loscocco, P., Smalley, S., Muckelbauer, P., Taylor, R., Turner, S., Farrell, J.: The
Inevitability of Failure: The Flawed Assumption of Security in Modern Computing
Environments. Proceedings of the 21st National Information Systems Security Conference 10 (1998) 303–314
[12] Housley, R., Polk, W., Ford, W., Solo, D.: RFC3280: Internet X. 509 Public Key
Infrastructure Certificate and Certificate Revocation List (CRL) Profile. Internet
RFCs (2002)
[13] Farrell, S., Housley, R.: RFC3281: An Internet Attribute Certificate Profile for
Authorization. Internet RFCs (2002)
[14] Department of Defense: Department of Defense Trusted Computer System Evaluation Criteria. (December 1985) DOD 5200.28-STD (supersedes CSC-STD-00183).
[15] Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based access control models. Computer 29(2) (1996) 38–47
[16] Bertino, E., Bonatti, P., Ferrari, E.: TRBAC: a temporal role-based access control
model. Proceedings of the fifth ACM workshop on Role-based access control
(2000) 21–30
Evolving weighted topologies for neural networks using
genetic programming
Marcin Suchorzewski
Szczecin University of Technology,
Faculty of Computer Science and Information Technology
Abstract:
NeuroEvolution of Augmenting Topologies (NEAT) is a method of evolving weighted
topologies for neural networks, which has been showed to be effective in solving double
pole balancing problems. Its usability, however, is largely reduced by its high specificity
and custom architecture. In this paper we propose much more standardized framework for
evolving neural networks, achieving comparable or even better performance in three
benchmark problems. We show that tree-based genetic programming (GP) requires only
minor modifications to represent and evolve neural networks.
Despite its high performance, however, we remain sceptical about the robustness of the
proposed method. In a series of further experiments we demonstrate the performance is
sensitive to parameter settings and algorithm details. Therefore we refrain from making
conclusions about performance of our method and only stress the improvement regarding
its simplicity.
Keywords:
NeuroEvolution of Augmenting Topologies, NEAT, genetic programming, neural networks,
parameter setting
1. Introduction
Designing neural networks is a difficult task. Although practical guidelines exist on
how to design a network for a typical problem, no proved methodology exists to
synthesize networks capable of solving arbitrary and complex tasks. One promising
direction of research is to borrow the method from nature and employ evolution. But is it
simpler to design evolutionary algorithm sufficiently powerful to yield robust neural
networks? Many researchers believe so.
NEAT [11, 12, 4] is a method of evolving weighted topologies for neural networks,
i.e. hard-wired, non-learnable networks with homogeneous neurons. It has been shown to
be more effective than several other methods of this kind, as well as conventional
reinforcement learning algorithms. As Stanley and Miikkulainen [11] claim, its increased
effectiveness over previously proposed methods is due to:
1. Homologous crossover, originally called “a principled method of crossover of
different topologies” and is implemented using so called historical markings. It
212
Marcin Suchorzewski
addresses the problem of variable length genomes and the problem of competing
conventions.
2. Minimal initialization – networks in initial population have no hidden neurons and
only then slowly build up, thus reducing the initial exploratory overhead.
3. Speciation of neural networks during the evolution, protects promising innovations
from premature elimination and helps to avoid the competing conventions problem.
The importance of these features was demonstrated in “ablation” experiments.
Deprivation of any of them caused severe impairment in performance – by a factor of 1.5
in case of the lack of crossover and even several times in case of the two other.
NEAT has been shown to be successful in solving XOR problem, pole balancing and
double pole balancing with and without velocities. (It was further applied to several
non-standard problems [12, 10, 9]). For all these benchmarks it performed very well. The
analysis of NEAT, however, reveals that the method doesn't scale up well. Adding just
one more input to the XOR problem (parity-3) makes it much more difficult to solve for
NEAT. The method is only capable of randomly adding connections one-by-one, whereas
N-parity problem is hardly susceptible for a slowly grown solutions – it requires a
scalable pattern grown at once. NEAT can't exploit regularities in the problem partly
because it doesn't facilitate modularity, iteration nor recursion.
The aim of this paper, however, isn't to improve the NEAT performance, but to
question whether its sophistication really pays off. The above mentioned essential
features are quite complicated and require a considerable effort in implementation.
Beside them, there is mutation operator in 3 variants, a mechanism for detecting recurrent
connections and few more. Are these features really justified by performance?
In section 2 we present an alternative, considerably simpler method of evolving
weighted topologies for neural networks. In section 3 we compare it against original
NEAT on 3 benchmark problems: double pole balancing with and without velocities and
parity-3. In section 4 we show that unlike in NEAT, performance of our solution doesn't
depend on some high-level features, but on rudimentary parameters and algorithm details,
what is very common in evolutionary computation. We conclude the paper in section 5.
2. Evolving neural networks using GP
2.1. Neural network and its representation
We evolve random feed-forward networks, except double pole balancing without
velocities problem, where auto-recurrent connections are used. Following the NEAT,
only one type of neuron is allowed across all problems, namely generalized
1
McCulloch-Pitts neuron with modified sigmoid transfer function φ ( x) = 1+ exp( −4.9 x ) .
We represent networks with trees and evolve them using GP [5, 7], which is general
algorithm intended to evolve programs in functional languages, such as LISP
expressions. Yet, any feed-forward, single-output neural network can be represented with
Evolving weighted topologies for neural networks using genetic programming
213
a tree using just one type of terminal node (input xi , with x0 = 1 being input for bias)
and 3 types of function nodes: addition + , weight w , and transfer function φ () .
The grammar of the tree is almost unrestricted, with one exception. Children nodes of
a weight node w must be either input nodes or transfer function nodes, i.e. addition can't
appear directly below weight node. 1 All other node configurations in trees can be
interpreted as valid neural network topology. Figure 1 shows an example of genetic tree
solving XOR problem and its corresponding neural network. The crucial feature of the
tree representation is that neurons or network inputs having multiple outputs – as often is
– are represented multiple times in the tree. Adding a connection between neurons
requires duplicating the whole subtree containing the pre-synaptic neuron and adding it
under post-synaptic neuron. This fact has severe consequences regarding the pattern of
variation and code reuse, though we can't yet decide, whether these consequences foster
or hinder the overall performance. An alternative to the tree representation would be
graph encoding, also used to evolve neural networks in conjunction with Parallel
Distributed Genetic Programming [8, 6].
(a)
(b)
Figure 1. An example of evolved solution for the XOR problem. Tree representation (a) and its
translation to neural network (b).
This is if we assume all neurons are homogeneous and use the φ () transfer function. If we
allow linear neurons then such a restriction is not necessary.
1
214
Marcin Suchorzewski
The representation just proposed is capable of representing feed-forward networks,
only. Solving the two pole balancing problem without velocities, however, requires some
kind of memory or recurrent connectivity. While this is obvious shortcoming of the
representation, we are able at least to circumvent it using another type of transfer function
node φˆ() , acting as if it had an auto-recurrent weighted connection:
yt = φˆ( x + wyt −1 ),
where y t is output of the neuron at time step t , x is the sum of incoming connections
and w is internally stored weight for the auto-recurrent connection.
2.2. Initialization and operators
“Minimal initialization” was recognized as a very important factor in the performance
of NEAT. It means that inputs are initially connected to the output and only weights are
randomly assigned. We confirm such an initialization is a kick-start for the evolution and
apply it as well, except we don't require every input be actually connected once. Weights
are drawn from normal distribution with mean 0 and standard deviation 2 ( N (0, 2) ).
We employ three types of operators:
 point mutation – applies to weights (including weights of auto-recurrent connections
in φˆ nodes) and inputs. The node to be mutated is drawn uniformly from all w and
xi nodes and it is given a new random value, drawn from normal ( N (0, 2) ) and
discrete uniform distribution, respectively.
 subtree mutation – replaces randomly selected node with a new, random (but valid)
subtree. The maximum depth of the new subtree is limited to 3 levels. The subtrees are
generated with “grow” method using probability 0.66.
 crossover – a non-standard, two-offspring operator swapping selected subtrees
between 2 parents. The node to swap is selected randomly in the first parent, but in the
second, selection is restricted to transfer function nodes, only. Chances are that one
offspring will not end with a transfer function node in the root. While this is not a
problem in general, it violates formal requirements and therefore such a tree is
considered invalid, assigned some poor fitness and effectively eliminated.
3. Evaluation
We evaluate the performance of our method on three benchmark problems:
 Double pole balancing with velocity information (DPV). The network has 6 inputs:
position and velocities for a cart and the two poles. The fitness is calculated as
log(T / t ) , where t is the number of time steps the poles are kept balanced.
Candidate neural network qualifies as a solution if t = T = 100 000 .
Evolving weighted topologies for neural networks using genetic programming
215
 Double pole balancing without velocities (DPNV, 3 inputs). The network must be
able to keep the poles balanced over T = 100 000 time steps and moreover to
generalize to at least 200 initial states (test cases) to be qualified as a solution.
Following description in [11], the fitness includes a penalty for “jiggling” and is
calculated as 0.1log(T / t ) + 0.9(2 / (1 + exp( − j / 100)) − 1) , where j is the amount
of jiggling in the control (see [11] for details).
 Parity-3 problem. We assume the network is a solution if absolute error is less than
0.33 for each of the 8 test cases. We evaluate the performance of the original NEAT
for this task with jNeat package2.
GP parameters used in the evaluation are summarized in Table 1.
Table 1. GP-NEAT parameters tableau
Parameter
DPV
DPNV
Parity-3
Terminal nodes
x0 – x6
x0 – x3
x0 – x3
Function nodes
φ , +, w
φˆ , + , w
φ, +, w
Std fitness ( J )
log(T / t )
see text
MAE
Final fitness
Using parsimony: F = J (1 + p ) , p = 0.001exp(0.01tree_size)
Selection
Generational, non-elitist, tournament selection of size:
7
20
7
150
1000
1000
Population
Operators
pc = 0.0
pc = 0.4
pc = 1
pm = 1.0
pm = 0.8
pm = 0.8
Given mut., point mut.: p pm = 1.0 , subtree mut.: psm = 0.5
Termination
Solution found or maximum no. generations τ elapsed:
τ = 200
τ = 100
τ = 100
Table 2 compares the results reported in [11] with our reimplementation of the
original NEAT and the GP-NEAT proposed in this paper. We measure the performance
using success rate (SR) and average number of evaluations to yield a solution (‘#E’).
A single evolutionary run is considered successful, if it delivers a solution within
simulation time (see Termination parameter in Tab. 1). Following the original report, the
results are averaged over 120 simulation runs in case of DPV and only 20 in case of
DPNV. We choose 100 runs for parity-3. Only successful simulations are accounted in
2
See http://www.cs.ucf.edu/~kstanley/neat.html.
216
Marcin Suchorzewski
average number of evaluations ( ×1000 , column ‘#E’) and its standard deviation (column
‘Std’).
We reimplemented the NEAT in two variants – using speciation and island model
(using demes). Despite considerable effort in parameter tuning, we were unable to
reproduce the results reported in original paper. We found many algorithm details hardly
mentioned in the paper, e.g. selection type or details about recurrent connections. So
apparently, the performance depends on details in high degree. On the other hand, so
different population structuring approaches as speciation and island model produced very
similar results.
Table 2. Performance comparison between several NEAT variants. See text for explanations.
NEAT
variant
#E
DPV
Std
Original
Re. speciation
3.60
9.91
2.70
13.2
SR
1.0
1.0
#E
DPNV
Std
33.2
45.1
21.8
34.3
SR
1.0
1.0
Parity-3
#E
Std
SR
57.7
55.4
28.7
22.2
0.59
0.70
Re. demes
9.90
6.51
1.0
41.4
26.7
1.0
38.5
15.7
0.62
GP-NEAT
3.41
1.72
1.0
20.4
17.3
0.95
34.3
24.2
0.73
As can be seen, GP-NEAT slightly outperforms3 the original method, though only
after parameter tuning by hand. We find the performance to be sensitive to parameter
settings and algorithm details. This is illustrated in the next section.
An important observation is that pole balancing problems can be solved using just a
single neuron. In fact, the most effective way to solve it is to restrain the network growth
and just mutate weights. So in our view the problem is not a good benchmark for growing
neural networks.
Quite reverse situation is in case of parity-3 problem, which is solved only by a few
neurons (minimum 3 as observed) and the crossover is better in adding new neurons than
mutation. Moreover this is highly epistatic problem, i.e. the fitness landscape is very
rugged here. In such a scenario, the evolutionary process is close to random search and
even very intense variation should not impair the performance.
4. Experiments
As already mentioned in the introduction, Stanley and Miikkulainen [11] identified 3
features essentially responsible for the improved effectiveness of NEAT and their
observations were confirmed in ablation experiments. We perform experiments in a
similar vein, but instead of high-level features, we consider rather primitive parameters.
During extensive experimentation with the algorithms we observed how thin is the border
3
We don't perform statistical analysis, first because of lack of detailed data from original research, and secondly because in the light of the next section, there is little point in demonstrating
statistical significance of improvement in peak performance.
217
Evolving weighted topologies for neural networks using genetic programming
between success and failure and how effectiveness depends on parameters seemingly of
secondary importance.
The experiments are:
1
1. Simplification of sigmoid transfer function to φ ( x) = 1+ exp( − x ) . This is almost
equivalent to narrowing the normal distribution used in construction and mutation of
weight nodes by 5 times, i.e. using N (0, 0.4) instead of N (0, 2) .
2. Increase in the maximum depth of subtree mutation operator to 5.
3. Modification of crossover operator so that instead of restricting the set of candidates
in the second parent tree to φ nodes, the set of candidates consists of all nodes of the
same type as the type of the node selected in the first parent. This modified operator
also preserves syntactic correctness.
4. Fixation of the probabilities of mutation and crossover to pm = 0.5 and pc = 0.5 .
The results are shown in Table 3. In the first experiment, the change concerned the
phenotype of neural network, so the effects are likely to be relevant not only to
GP-NEAT, but the NEAT as well. Particularly notable is the decrease of performance in
DPNV problem. The second modification affects performance in all problems, though
not so radically. Modifying crossover operator in the third experiment, turned out to be
fatal in the parity-3 problem. (It doesn't affect DPV because the crossover is disabled in
that case.) Fixing the probabilities of operators ( pc in particular) severely degraded
performance in DPV. Surprisingly the results for parity-3 considerably improved,
meaning our prior parameter tuning might not be too accurate.
Table 3. Results of experiments
Setup
GP-NEAT
Exp.1.
Exp.2.
Exp.3.
Exp.4.
#E
DPV
Std
SR
3.41
4.93
4.64
3.41
5.95
1.72
2.83
4.12
1.72
6.37
1.0
0.925
0.942
1.0
0.5
#E
DPNV
Std
SR
Parity-3
#E
Std
SR
20.4
–
34.0
29.4
24.3
17.3
–
25.1
11.6
13.9
0.95
0.0
0.95
1.0
0.95
34.3
62.1
38.2
49.3
28.7
24.7
19.7
23.0
13.6
18.4
0.73
0.66
0.63
0.03
0.79
The experiments showed that although peak performance of GP-NEAT is high, it is
sensitive to many details of algorithm and therefore its robustness is questionable. It's
difficult to say how robust is the original NEAT. Experiments with NEAT
reimplementation suggests that it has its own peculiarities, but we don't explore this
further. Fair comparison between evolutionary methods, including not only their peak
performance, but also their robustness is widely recognized problem [1]. Setting the
parameters of evolutionary algorithms in a systematic way is a major part of this problem
218
Marcin Suchorzewski
[3]. In [2] Daida et al. vividly demonstrated how badly spoiled the comparison and
conclusions can be, when the performance is attributed to alleged novelty in the
algorithm, whereas it actually comes from specifically tuned parameters and algorithm
details.
5. Summary and conclusions
In this paper we proposed a new method of evolving weighted topologies for neural
networks. The GP-NEAT method performs favorably to already known and effective
NEAT [11], but is much more standardized. It makes use of standard, tree-based GP
framework, requiring only minor changes to variation operators and initialization
procedure. In our opinion GP-NEAT is much easier to implement and use in practice,
given the popularity and wide availability of GP software.
We showed GP-NEAT performs favorably in terms of peak performance – the
measure usually used in evaluation and comparison. In section 4, however, we showed
GP-NEAT is sensitive to parameter settings and algorithm details and therefore peak
performance results might be delusive as its overall measure of utility. Accounting for the
effort of parameter tuning, required to obtain peak performance would say more about
method's robustness. A new experimentation framework is necessary to evaluate and
compare evolutionary methods fairly. This is important area for future work.
References
[1] Bartz-Beielstein T., Preuss M. Experimental research in evolutionary computation.
In Proceedings of the 2007 GECCO conference companion on Genetic and
evolutionary computation, pages 3001-3020. ACM Press New York, NY, USA,
2007.
[2] Daida J., Ampy D., Ratanasavetavadhana M., Li H., Chaudhri O. Challenges with
verification, repeatability, and meaningful comparison in genetic programming:
Gibsons magic. In Proceedings of the Genetic and Evolutionary Computation
Conference, volume 2, pages 1851-1858, 1999.
[3] Eiben A. E., Michalewicz Z., Schoenauer M., Smith J. E.. Parameter control in
evolutionary algorithms. In Parameter Setting in Evolutionary Algorithms, Studies
in Computational Intelligence. Springer, 2007.
[4] James D., Tucker P. A comparative analysis of simplification and complexification
in the evolution of neural network topologies. In Keijzer M. (ed.), Late Breaking
Papers at the 2004 Genetic and Evolutionary Computation Conference, Seattle,
Washington, USA, 26 July 2004.
[5] Koza J. R. Genetic Programming. MIT Press, 1992.
[6] Poli R. Parallel distributed genetic programming. In Corne D., Dorigo M., Glover
F. (eds.), New Ideas in Optimisation, chapter 27, pages 403-432. McGraw-Hill Ltd.,
Maidenhead, UK, 1999.
[7] Poli R., Langdon W., McPhee N. A Field Guide to Genetic Programming. Lulu
Press, 2008.
Evolving weighted topologies for neural networks using genetic programming
219
[8] Pujol J., Poli R.. Evolving the topology and the weights of neural networks using a
dual representation. Applied Intelligence, 8(1):73-84, 1998.
[9] Stanley K., Kohl N., Sherony R., Miikkulainen R. Neuroevolution of an automobile
crash warning system. In GECCO’05: Proceedings of the 2005 Conference on
Genetic and Evolutionary Computation, pages 1977-1984, New York, NY, USA,
2005. ACM.
[10] Stanley K. O., Bryant B. D., Miikkulainen R. Real-time evolution in the NERO
video game. In Proceedings of the IEEE 2005 Symposium on Computational
Intelligence and Games. IEEE, 2005.
[11] Stanley K. O., Miikkulainen R. Evolving neural networks through augmenting
topologies. Evolutionary Computation, 10(2):99-127, 2002.
[12] Stanley K. O., Miikkulainen R. Competitive coevolution through evolutionary
complexification. Journal of Artificial Intelligence Research, 21:63-100, 2004.
Efektywne algorytmy wyznaczania wyraŜenia
postaci Y=(A⊗
⊗B)X
Galina łariova, Alexandr łariov
Politechnika Szczecińska, Wydział Informatyki
Abstract:
The two algorithms of Y=(A⊗B)X expression realization with reduced number of
arithmetic operations are proposed.
Keywords:
Matrix-vector multiplication, Kronecker product, fast algorithms, reduction of number of
arithmetical operations
1. Wprowadzenie
MnoŜenie wektora przez macierz, reprezentującą sobą iloczyn tensorowy (inaczej
mówiąc - iloczyn Kroneckera [1, 2] ) dwóch innych macierzy, jest typową „makrooperacją” wielu algorytmów cyfrowego przetwarzania sygnałów [3-5]. Najbardziej powszechnym jej zastosowaniem jest implementacja szybkich algorytmów dyskretnych
transformacji ortogonalnych [6].
Operacja ta potrzebuje duŜych nakładów obliczeniowych poniewaŜ w najbardziej
ogólnym przypadku dla macierzy o wymiarach M×N oraz K×L będących czynnikami
iloczynu tensorowego wymaga wykonania 2KLMN operacji mnoŜenia oraz KM(LN-1)
operacji dodawania. Obecnie nie istnieją algorytmy wymagające przy realizacji tej makrooperacji mniejszej liczby operacji arytmetycznych dla dowolnych macierzy. Okazuje
się, Ŝe moŜliwość konstruowania takich algorytmów jednak istnieje. Dlatego w niniejszej pracy będą syntetyzowane dwie modyfikacje „szybkich”, algorytmów realizacji tej
„makrooperacji”.
Sprecyzujmy najpierw podstawowe wyraŜenie z uwzględnieniem rozmiarów czynników wektorowo-macierzowych. Zakładamy, Ŝe naleŜy zrealizować działania według
następującego wzoru:
YKM ×1 = ( A M × N ⊗ B K × L ) X LN ×1 ,
(1)
gdzie symbol „ ⊗ ” tu i w dalszej części artykułu oznacza operację iloczynu tensorowego, zaś macierze A M × N oraz B K × L są czynnikami iloczynu tensorowego o dowolnych
rozmiarach.
222
Galina łariova, Alexandr łariov
Określimy równieŜ X LN ×1 = [ x0 , x1 ,..., xLN −1 ]Τ jako wektor danych wejściowych oraz
YKM ×1 = [ y0 , y1 ,..., yKM −1 ]Τ jako wektor danych wyjściowych, których rozmiary wynikają z postaci iloczynu tensorowego.
Przypomnijmy równieŜ, iŜ operacja iloczynu tensorowego dwóch macierzy zdefiniowana jest w następujacy sposób:
A M ×N ⊗ BK ×L
 a0,0 B K × L
 a B
1,0 K × L
=

⋮

 aM −1,0 B K × L
a0, N −1B K × L 
a1, N −1B K × L 
.

⋱
⋮

⋯ aM −1, N −1B K × L 
⋯
⋯
a0,1B K × L
a1,1B K × L
⋮
aM −1,1B K × L
(2)
Analiza wyraŜenia (2) pokazuje, Ŝe operacja ta wymaga wykonania KLMN mnoŜeń.
Ponadto dalsze mnoŜenie tej macierzy przez wektor X LN ×1 według wzoru (1) wymaga
KLMN dodatkowych operacji mnoŜenia oraz KM(LN-1) operacji dodawania. Łączna
liczba operacji arytmetycznych niezbędnych do wykonania omawianej makrooperacji
jest więc dosyć wielka, co powoduję przy realizacji obliczeń duŜe straty czasowe. Spróbujemy zredukować tę liczbę. PokaŜemy, iŜ moŜna syntetyzować algorytm realizacji tej
makrooperacji, posiadający mniej operacji mnoŜenia i dodawania.
2. Synteza „szybkich” algorytmów realizacji operacji mnoŜenia
wektora przez macierz, będącą iloczynem tensorowym dwóch
innych macierzy
Zbudujmy najpierw konstrukcję macierzową B KN × LN , określającą operacje przetwarzania elementów wektora danych na pierwszej iteracji procesu obliczeniowego. Zdefiniujmy ją za pomocą iloczynu tensorowego dwóch macierzy I N oraz B K × L :
B KN × LN = (I N ⊗ B K × L ) ,
(3)
gdzie macierz I N - jest macierzą jednostkową N-tego rzędu.
Wprowadźmy teŜ macierz tasowania elementów wektora danych, wyznaczonych w
wyniku realizacji obliczeń na pierwszej iteracji:
PKMN × KN = I N ⊗ (1M ×1 ⊗ I K ) ,
(4)
gdzie 1M ×1 = [1,1,...,1]Τ - macierz składająca się z samych jedynek, ktorej rozmiary określone są za pomocą dolnego indeksu.
Wprowadźmy diagonalną macierz:
N −1
M −1
n=0
m=0
n)
n)
, gdzie D(KM
D KMN = ⊕ D(KM
= ⊕ (I K ⋅ am , n ) ,
(5)
223
Efektywne algorytmy wyznaczania wyraŜenia postaci…
gdzie symbol ⊕ - oznacza sumę prostą (tensorową) dwóch macierzy [6].
Zdefiniujmy teraz jeszcze jedną konstrukcję macierzową określającą prawo sumowania wybranych elementów wektora przetwarzanych danych:
ΞKM × KMN = 11× N ⊗ I KM ,
(6)
Wtedy końcowa procedura obliczeniowa szybkiego algorytmu realizacji omawianej
makrooperacji przybiera następującą postać:
YKM ×1 = ΞKM × KMN DKMN PKMN × KN B KN × LN X LN ×1 .
(7)
MoŜna zaproponować teŜ inny sposób organizacji obliczeń przy realizacji rozpatrywanej makrooperacji. W tym przypadku poszczególne konstrukcje macierzowe będą
wyglądały tak:
ɶ
B
KM × LM = (I M ⊗ B K × L ) ,
(8)
Pɶ LMN × LN = (1M ×1 ⊗ I LN ) ,
(9)
M −1
N −1
m=0
n=0
ɶ
ɶ (m) ɶ (m)
D
LMN = ⊕ D LN , D LN = ⊕ ( I L ⋅ am , n ) ,
(10)
ɶ
Ξ
LM × LMN = I M ⊗ (11× N ⊗ I L ) ,
(11)
zaś procedura końcowa będzie następującej postaci:
ɶ
ɶ
ɶ
ɶ
YKM ×1 = B
KM × LM ΞLM × LMN D LMN PLMN × LN X LN ×1 .
(12)
3. Przykłady konstruowania „szybkich” algorytmów realizacji
operacji mnoŜenia wektora przez macierz, będącą iloczynem
tensorowym dwóch innych macierzy
Rozpatrzmy syntezę szybkiego algorytmu wyznaczenia wyraŜenia (1) dla K=3,
L=2, M=2, N=3. Mamy wtedy:
X6×1 = [ x0 , x1 , x2 , x3 , x4 , x5 ]Τ , Y6×1 = [ y0 , y1 , y2 , y3 , y4 , y5 ]Τ ;
A 2 ×3
 a0,0
=
 a1,0
a0,1
a1,1
 a00
a0,2 
, B 3× 2 =  a10
a1,2 
 a20
a01 
a11  ;
a21 
Y6×1 = ( A 2×3 ⊗ B3×2 ) X6×1 .
Odpowiadający temu przykładowi szybki algorytm realizacji rozpatrywanej makrooperacji według procedury (7) będzie opisywany za pomocą następującego przekształcenia wektorowo-macierzowego:
224
Galina łariova, Alexandr łariov
Y6×1 = Ξ6×18 D18 P18×9 B9×6 X6×1 ,
zaś poszczególne czynniki macierzowe będą wyglądać następująco:
B 9×6 = I 3 ⊗ B 3× 2
P18×9
B 3× 2

=  03× 2
0
 3× 2
1




1








= I 3 ⊗ (12×1 ⊗ I 3 ) = 














03× 2
B 3× 2
03× 2
03× 2 

03× 2  ;
B 3×2 


1


1
0 6 ×3
06×3 


1


1

1


1

1

06×3
06×3 
1

1


1


1

1 
1

06×3
0 6 ×3
1

1 

1 ,
gdzie 0 -macierz zerowa, której rozmiary określone są za pomocą dolnego indeksu.
2
D18 = ⊗ D6( n ) = diag ( D6(0) , D6(1) D6(2) ) ,
m=0
D(0)
6 = ( a0,0 ⋅ I 3 ) ⊕ ( a1,0 ⋅ I 3 ) = diag ( a0,0 , a0,0 , a0,0 , a1,0 , a1,0 , a1,0 )
D(1)
6 = ( a0,1 ⋅ I 3 ) ⊕ ( a1,1 ⋅ I 3 ) = diag ( a0,1 , a0,1 , a0,1 , a1,1 , a1,1 , a1,1 ) ,
D(2)
6 = ( a0,2 ⋅ I 3 ) ⊕ ( a1,2 ⋅ I 3 ) = diag ( a0,2 , a0,2 , a0,2 , a1,2 , a1,2 , a1,2 ) ,
225
Efektywne algorytmy wyznaczania wyraŜenia postaci…
Ξ6×18
1
1
1

 1

1
1




1
1
1
= 11×3 ⊗ I 6 = 
.
1
1
1



1
1
1 


1
1
1

Na rysunku 1 został przedstawiony model grafostrukturalny, reprezentujący strukturę algorytmiczną organizacji procesu wyznaczenia wyraŜenia (1) według produry (7)
dla rozpatrywanego przykładu. Model zorientowany jest od lewej do prawej. Liniami
prostymi oznaczone są operacje transferu danych. Trapezami oznaczone zostały bloki
mnoŜenia wpisanych w nie macierzy przez odpowiednie podwektory danych. Kółkami
oznaczono operacje mnoŜenia przez wpisane w nie wartości.
Syntezujmy teraz inną modyfikację algorytmu dla tego samego przykładu, lecz na
podstawie procedury (12).
Procedura (12) dla tego przykładu przybiera następujacą postać:
ɶ Ξɶ D
ɶ ɶ
Y6×1 = B
6× 4 4×12 12 P12× 6 X6×1 ,
zaś poszczególne czynniki macierzowe będą wyglądać w sposób następujący:
B3× 2
Bɶ 6× 4 = I 2 ⊗ B3× 2 = 
 03× 2
03× 2 
,
B3×2 
1
1 
1
Ξɶ 4×12 = I 2 ⊗ (11×3 ⊗ I 2 ) = I 2 ⊗ 
=
1
1
 1
1
1
1

02×6
 1

1
1

;
=

1
1
1 
02×6


1
1
1

1
2
~
~
~
~
~
D12 = ⊗ D (6m ) = D (60 ) ⊕ D 6(1) , D (6m ) = ⊕ ( a m ,n I 2 )
m =0
n =0
~
D (60) = ( a0, 0 ⋅ I 2 ) ⊕ (a0,1 ⋅ I 2 ) ⊕ ( a0, 2 ⋅ I 2 ) = diag (a 0, 0 , a 0, 0 , a 0,1 , a 0 ,1 , a 0 , 2 , a 0 , 2 ) ,
~
D 6(1) = ( a1, 0 ⋅ I 2 ) ⊕ (a1,1 ⋅ I 2 ) ⊕ (a1, 2 ⋅ I 2 ) = diag (a1, 0 , a1, 0 , a1,1 , a1,1 , a1, 2 , a1, 2 ) ;
226
Galina łariova, Alexandr łariov
Pɶ12×6
1

 1





1


1



1 


1

= 12×1 ⊗ I 6 = 
;
1


 1



1




1


1 


1

a0,0
a0,0
a0,0
a1, 0
a1, 0
x0
x1
x2
x3
x4
x5
B 3×2
a1, 0
a 0 ,1
a 0 ,1
B 3×2
a 0 ,1
a1,1
a1,1
B 3×2
a1,1
y0
y1
y2
y3
y4
y5
a0 , 2
a0 , 2
a0 , 2
a1, 2
a1, 2
a1, 2
Rysunek 1. Graf ilustrujący organizację procesu obliczeniowego według bezpośredniej realizacji
procedury (7) dla K=3, L=2, M=2, N=3
227
Efektywne algorytmy wyznaczania wyraŜenia postaci…
Na rysunku 2 został przedstawiony model grafostrukturalny, reprezentujący strukturę algorytmiczną organizacji procesu wyznaczenia wyraŜenia (1) według procedury (12)
dla rozpatrywanego przykładu.
a0 ,0
a0 ,0
a0 ,1
x0
x1
a0 ,1
a0 , 2
x2
x3
x4
x5
a0 , 2
y0
B 3×2
a1, 0
a1, 0
B 3×2
a1,1
y1
y2
y3
y4
y5
a1,1
a1, 2
a1, 2
Rysunek 2. Graf ilustrujący organizację procesu obliczeniowego według bezpośredniej realizacji
procedury (12) dla przykładu K=3, L=2, M=2, N=3
4. Oszacowanie liczby niezbędnych operacji
Łatwo zauwaŜyć, iŜ realizacja procedury (7) wymaga wykonania KN ( L + M ) operacji mnoŜenia oraz K [( L − 1) N + ( N − 1) M ] operacji dodawania. Wprowadźmy współczynniki zysku obliczeniowego osobno dla operacji mnoŜenia oraz dla operacji
dodawania dla kaŜdej z syntetyzowanych procedur. Dla procedury (7) współczynniki te
przyjmują następujace wartości:
k×(1) =
k+(1) =
2 KLMN
2 LM
,
=
KN ( L + M ) L + M
( LN − 1) KM
( LN − 1) M
.
=
( L − 1) KN + ( N − 1) KM ( L − 1) N + ( N − 1) M
Realizacja procedury (12) wymaga wykonania LM ( K + N ) operacji mnoŜenia oraz
M [( N − 1) L + ( L − 1) K ] operacji dodawania.
Dla tej procedury współczynniki zysku będą miały następują postać:
228
Galina łariova, Alexandr łariov
k×(2) =
k+(2) =
2 KLMN
2 KN
,
=
ML ( N + K ) N + K
( LN − 1) KM
( LN − 1) K
.
=
( L − 1) KM + ( N − 1) LM ( N − 1) L + ( L − 1) K
Jak moŜna zauwaŜyć ciekawą właściwością jest fakt, Ŝe opracowane procedury dla
tych samych rozmiarów macierzy wchodzących w skład iloczynu tensorowego mają
róŜne stopnie redukcji operacji arytmetycznych (róŜne wartości współczynników zysku). W jednych przypadkach korzystniejsza jest procedura (7), w drugich zaś – procedura (12). Jak widać, dla rozwaŜonego w artykule przykładu procedura (12) daje lepsze
wyniki, poniewaŜ wymaga wykonania 24 operacji mnoŜenia i 14 operacji dodawania
zamiast 36 mnoŜeń i 21 dodawań dla procedury (7). Na marginesie podkreślimy, Ŝe
bezpośrednia realizacja procedury (1) dla tego przykłady wymaga wykonania 72 operacji mnoŜenia oraz 30 operacji dodawania.
5. Podsumowanie
Zaproponowane w pracy algorytmy posiadają zredukowaną względem bezpośredniej realizacji wzoru (1) liczbę operacji arytmetycznych. Czyni je to bardziej konkurencyjnymi do zastosowania w systemach cyfrowego przetwarzania danych (sygnałów,
obrazów) czasu rzeczywistego, gdy mamy do czynienia z koniecznością wykonania
wszystkich operacji obliczeniowych i sterujących w czasie wystarczającym na niezakłócony przebieg trwającego procesu. Warto podkreślić, Ŝe decyzję o wyborze jednej
z dwóch przedstawionych procedur w kaŜdym konkretnym przypadku naleŜy podejmować na podstawie wstępnego oszacowania wartości współczynników zysku dla obu
wariantów.
Bibliografia
[1] Graham A., Kronecker Products and Matrix Calculus: With Applications. Ellis
Horwood Limited, 1981.
[2] Regalia P. A., Mitra S. K., Kronecker Products, Unitary Matrices and Signal
Processing Applications, SIAM Review, v. 31, no 4, pp. 586-613. 1989.
[3] Brewer J.W., Kronecker Products and Matrix Calculus in System Theory. IEEE
Transaction on Circuits and Systems, v. 25, pp. 772-781, 1978.
[4] Granta J., Conner M., and Tolimieri R., Recursive Fast Algorithms and the Rrole of
Tensor Products. IEEE Transaction on signal processing, v. 40, no 12, pp. 29212930, 1992.
[5] Tsai C.-Y., Fan M.-H., and Huang C.-H., VLSI Circuit Design of Digital Signal
Processing
Algorithms
Using
Tensor
Product
Formulation,
http://jcst.ict.ac.cn/ptafile%5C2830.pdf
[6] Huang C.-H., Johnston J.R., and Johnston R.W., A tensor product formulation of
Strassen’s matrix multiplication algorithm., Appl. Math Letters, 3(3) pp. 104-108,
1990.
Efektywne algorytmy wyznaczania wyraŜenia postaci…
229
[7] Liu C.-B., Huang C.-H., and Lei C.-L., Design and Implementation of Long-Digit
Karatsuba’s Multiplication Algorithm Using Tensor Product Formulation, In: The
Night Workshop on Compiler Techniques for High-Performance Computing, pp.
23-30, 2003.
[8] Dagman E., Kukharev G. Szybkie dyskretne transformaty ortogonalne. Nauka,
Nowosybirsk, 1983 ( w języku rosyjskim).
[9] A. łariov, Modele algorytmiczne i struktury wysokowydajnych procesorów cyfrowej obróbki sygnałów, Szczecin, Informa, 2001.
[10] Tolimieri R., An M., Lu C., Algorithms for Discrete Fourier Transform and Convolution, Springer-Verlang, New York, 1989.
[11] Blahut R. E. Fast Algorithms for Digital Signal Processing. Addison-Wesley 1985.
Formation of the contents of knowledge’s bases for local
intelligent decision support systems
Tatiana Tretyakova, Abdullah Zair
Szczecin University of Technology,
Faculty of Computer Science and Information Technology
Abstract:
The problem of creation of intellectual decision support systems basing on use of
hydrometeorological information is considered at this article. Part of this problem is the
acquisition and structurization of knowledge at corresponding problem's areas. Formal
and structural models of intelligent warning and decision support system (IWDSS) on a
regional level are submitted. Local intelligent subsystems are included in structure of
IWDSS. These subsystems warns of threat of the dangerous natural phenomenons and
support of decision-making in management of region if the economic objects of this
region are on dangerous territories. In article formal models of decision-making process
and ontologies to area “Threat of mudflow” are submitted and role of ontologies creation
as one of tools of acquisition, structurization and knowledge's management is underlined.
The submitted models are the methodical basis for performance of phases of acquisition
and structurization of knowledge for local intelligent subsystems IWDSS. In article are
shown fragments of database IWDSS for administration of area Dzungarian Ala Tau in
Kazakhstan which is under constant threat of mudflow.
Keywords:
intelligence warning and decision support system, local intelligent system, elicitation and
structurization of knowledge, formal model, ontology, decision
1. Introduction
The task of decision support systems (DSS) is integration of the data and models
with the purpose of search of the decision of ill-structured problems[1,2]. Such class
systems are used in management for many years. Their important role in process of the
decision acceptance in economic activities is recognized as all. Last years DSS are
evolving by means of use of artificial intellect's methods. It considerably expands
sphere of their application. The high quality of their main components – knowledge
bases is the necessary conditions at their creation. Thus the stages of engineering of
knowledge: the elicitation and structurization play the most important role. Features of
problem area essentially influence on a choice of ways of the decision of tasks in this
area. Through this choice in process of elicitation and structurization of knowledge
unique methods of the decision of tasks of concrete problem area are forming.
Researches of authors concern to area of creation of knowledge bases for local intelligent decision support systems of IWDSS and development of methodical approaches
for elicitation and structurization knowledge for them on the example of one of areas of
232
Tatiana Tretyakova, Abdullah Zair
Kazakhstan - Dzungarian Ala Tau, which is positioned under threat of mudflow. Objects of management in area Dzungarian Ala Tau are agricultural, industrial, service,
social, communication and other economic objects. Subject domains to which functioning these objects is connected, and the problems arising at their functioning under influence of hydro- and meteorological factors, are demanding the corresponding
approaches to elicitation and structurization knowledge for DSS which can function as
local intelligent systems in structure IWDSS of the given object. The problem of decision-making at realization of processes of functioning of economic objects is always
connected to different subject domains. For this reason formal models of problem domains in which there are processes of functioning of economic objects, and of task of
decision-making in view of the hydrometeorological information can serve as the auxiliary tool in process elicitation and structurization knowledge for local intelligent subsystems of IWDSS of a different level.
2. Formal model of task of decision-making as the help tool of
elicitation and structurization knowledge for local intelligent
subsystems IWDSS
Elicitation and structurization knowledge for anyone intelligent DSS it is always
connected to studying of decision-making processes within the framework of processes
of functioning of economic objects. Any decision-making process should occur according to principles of the system analysis[3,4] and include stages of identification of problems, search of ways of their decision and a choice of best decision in view of the
chosen criterion of estimation and existing restrictions. Taking into account, that the
hydrometeorological information is not always reliable, in decision-making process it is
necessary to consider risk factor of occurrence of a problem under influence of hydrometeorological factors. In this connection the formal model of a problem of decisionmaking (MDEC) in view of the hydrometeorological information, shown in article[5], has
been submitted in view of a risk factor (RJn):
MDEC={DJ, RJn , CJ n , OJ n , AJ n , KJ n },
J
(1)
RJn
J
where: D – problem domain, in which we aim to make decisions;
– risk of occurrence of a problem under influence of hydrometeorological factors; C n – task’s goals,
concerns problem solving in the current domain; OJ n – limitation for the current task;
AJ n – set of decision’s alternate variations for problem solving; KJ n – set of criteria, to
which we aim to choose the right decision.
This formal model in principle presents stages for decisions making. These stages
are practically for every problematic situation, in which appearing under the influence
of the dangerous natural disasters. These stages permit partly to emphasize fields, which
should be described in one ontology’s level used to manage the knowledge of the expert
HMDEC system. It is possible to describe the decision-making process as a decision
tree. Working out all elements of the decision tree is demanding of constructing necessary models and rules to be used in the knowledge base of HMDEC. It is worthwhile
noticing, that providing the possibility of conclusion with the help of mechanisms of
deduction and creating the production part of the base needed include constructing of
Formation of the contents of knowledge’s bases for local intelligent…
233
cognitive models[6], based on studying main decision-making on the example of being
under threat of dangerous phenomena or natural disasters.
3. The structure of the intelligent warning and decision support
system (IWDSS) that includes local systems HMLevel and
HMDEC
Use of such systems as local intelligent DSS at the territories, which are subject to
constant threat of mudflow, is useful. Local systems HMLevel and HMDEC are included into structure IWDSS. System HMLevel analyzes and transfers in a mode on
line the information about a water level in mountain lakes, reacts to a water level exceeding a mark of a normal level, and transfers a signal about danger to control centre
of crisis situations. Other local system – expert system HMDEC is intended for support
of decisions making on the base of the hydrological and meteorological information in
the areas that are subject to threat of mudflow. On figure 1 the structure of the intelligent system of warning and support of decision-making is submitted. As follows from
figure 1, monitoring of a water level in mountain lake is carried out by automatic system. The system HMLevel analyzes and registers the data received from this automatic
system. This system transfers a signal about threat mudflow to in Crisis Situations Management Center (CSMC). The information received in CSMC is registered in a corresponding database of information system of regional management. This information
system contains the local expert system HMDEC. HMDEC serves for support of decisions in conditions of existing threat of mudflow. The model's base that also should be
stipulated in information system CSMC is accessible for HMDEC. On the basis of
modeling on these models and in view of simulation of possible development of dangerous situations in region at mudflow with help HMDEC risks are estimated and the
decisions on protective actions make.
The role of DSS in solving business problems is currently considered to be irreplaceable. It is connected with considerable improvement in decision-making quality
as a result of using this class systems. However, improvement in decision-making quality is only possible under one condition, when the quality of the main components this
type of systems – the knowledge base, is suitable. In paper [7] a concept of a three levelled information system with a model base was suggested. Later interest of the authors
of this paper was oriented towards elaborating a conceptual structure of an information
system towards IIS classes – Integrated Information System’s - with the addition of intelligent components such as, expert systems [8,9]. It is possible to increase the quality
of the decisions by adding Expert Systems (ES) to the information system. We should
notice, that improving the quality of decisions is based not only on the simulation on
various tasks, but also by decision supporting in situations which is not standard and by
preparing personnel within a framework of training with the assistance of suitable expert systems.
234
Tatiana Tretyakova, Abdullah Zair
Figure 1. The structure of the intelligent warning and decision support system that includes local
systems HMLevel and HMDEC. Source: own study
Looking to the formal models of the software (Sfw) and knowledge (Iint) of the DSS
structure, we can see that contents of knowledge bases are essential components in the
ability of providing suitable solutions.
4. Formal models of structure of software and knowledge in the
IWDSS
Software components (Sfw) in IWDSS class systems are presented in the following
set:
Sfw = {Drep, Db , Sdb, Kb, Skb , Interf, Aint, ESloc, Bweb}
(2)
where: Drep – repository and data warehousing connected witch OLAP technology;
Db-relational data bases; Sdb – data base management system; Kb - knowledge base; Skb
– knowledge management system; Interf – interfaces; Aint – intelligent agents; ESloc –
local expert systems; Bweb – browsers.
Knowledge components (Iint) is presented as a set:
Iint = {d, m, r}
where: d – data; m – models; r – rules.
(3)
Formation of the contents of knowledge’s bases for local intelligent…
235
In the represented formal model the structures of Sfw component are presented local
agent and expert systems, which were created taking into account the wishes of participants of the decision process. We should notice, that nowadays there is a possibility to
connect using interfaces relational database with expert system database or completely
replace knowledge base using a relational databases of DSS. We should emphasize,
that local ES type depends on the knowledge structure included in its knowledge's base,
which in considerable way is determined by type of problem domain[10]. In one case it
can be used to support decisions in economic process during unusual situations. In other
cases it can serve to e-learning and to e-training of personnel in order to pass on knowledge and form habits and skills essential for dealing with unusual situations.
5. Knowledge for IWDSS containing local HMDEC expert system
For a regional management or business enterprise located in a natural dangerous territories the solving problem may be based on hydro- and meteorological information’s
and on special knowledge from domain, where can develop specific problem. Taking
under consideration this information is vitally important, it rises its users adaptive potential, allowing them to choose the best strategy and co-operation with nature. Its main
advantage is that it allows its users to avoid or minimalize losses of natural catastrophes.
Hydro- and meteorological information is being used to solve various problems in different domain: regional and city management, transport (aviation, navigation and others), agriculture, water management, building industry, power engineering etc. Some of
these problems are [9] : regional and object management (process management); laying
out plans and managing establishment, aimed to preventing losses, which can occur as a
result of natural disasters; planning tasks which concerns choosing the best location for
building sites; ensuring the security of social objects, establishments and agricultural
objects from bad influence of hydrometeorology’s factors; managing limited water resources; etc.
Within a framework of such problems the managers, according to set goals, can
solve problems that arise under the strength of dangerous nature factors. High level of
uncertainty concerning natural disasters and the necessity of fast and correct reaction in
case of a threat calls for working out and making full use of proper methods and models. Those are risk management methods or models resolving possible issues concerning
the realization of actions preventing losses caused by natural disasters. Such technologies, like DSS class systems and their intelligent components - ES, allow the use of
knowledge included in certain knowledge base during decision making processes in
order to avoid possible negative effects, caused by dangerous natural disasters. In the
knowledge base of the information system (of region, city, economic object) different
models can be set in order to make the right decision based on the current trends concerning the current situation. Adding inference rules to the knowledge base, we create
ES, which on the ground of worked out scenario and resolving problems models rising
while such progress in situation can formulate conclusions supporting decisions making.
This expert system is called HMDEC. A concept of this systems structure HMDEC was
presented in paper[9]. In order to make use of HMDEC model we need specified data,
which should be located in its database and databases of IWDSS and others or operationally input as input/output data. Those are mostly data about economic, social, cul-
236
Tatiana Tretyakova, Abdullah Zair
tural objects of thee region (region, city, economic object), which are located in endanenda
gered areas. As the example, a database containing data about objects located in one of
Kazakhstan’s region can be used as a HMDEC expert system database. Figure 2 shows
the fragments of database
atabase project of objects located in one of Kazakhstan’s regions Djungarski Alatau (river Talgar valley).
Figure 2. The fragments of database of IWDSS: objects located in one of Kazakhstan’s regions –
Djungarski Alatau (river Talgar valley). Source: the own study on the ground of the information
from a research project[11]
On the ground of these data and with results of the simulation on problem solving
models based on situations taken into consideration in scenarios conclusions are exe
tracted. Taking those conclusions into consideration when dealing with different decidec
sions about: the evacuation of people and tangible property and cultural value;
realization of undertakings preventing loses caused by the mudflow; arranging new
buildings; agricultural objects; social objects etc.
DSS class system aiding decision-making
making processes on the various levels of regional
managing and in economic subjects can pick up and analyze information about the state
of the environment from different outside sources. In case of large amounts of analyzed
data, acquire from outside sources OLAP technology can be applied, which is a techtec
nology of the operating analytical data process, as a form of external data for the
HMDEC expert system data from different databases
abases of the hydrometeorology services
containing data about changes in hydrology characteristics of hydro objects over a long
Formation of the contents of knowledge’s bases for local intelligent…
237
period of time. It is worthwhile notice that the information about threats from natural
disaster comes from hydro- and meteorological services. At such threats, the management at the regional level sends the right message to special region commissions or cities, and they signal about threat to the management of economic, social, cultured
objects.
The entire knowledge essential to extraction conclusions aiding decision-making
processes is finding out in the process of knowledge elicitation with applying the ontological approach suitable for the problem domain description. This is one of the tasks
solved with knowledge engineering process for DSS. At the expert system HMDEC this
is a problem domain: “Threat of mudflow”. In this domain mainly weakly structured
problem are solving. Using HMDEC as a personnel-training tool one can acquire the
ability and the habit of making the right decision in a fast pace. The tool aiding the description of the task for decisions making at solving problems ill or unstructured can be
used as a formal model of the structure of this task.
6. Formal model of the ontology of domain “Threat of mudflow” in
managing the knowledge of the expert HMDEC system
Concepts from the expert HMDEC system domain, definitions of these concepts and
connections between them are presented in ontology domain: “Threat of mudflow”. It is
a well-known fact that ontologies can be used as instruments of knowledge managing.
The ontology of this domain presents the main concepts behind this field and the relationships between them. The problem models, which should be solved during the time
of natural disaster threats, which can affect the functioning of local commercial objects,
should also be presented. By ontology we mean a structuralized specification of the
domain in question[12]. Each ontology can be widened and made to better depending on
the process of elicitation knowledge in the domain in question. Using ontology we can
determine the hierarchical level of knowledge and also it is considered to be an easy to
use tool managing knowledge in knowledge bases. Also the basic concepts and relationships between them presented in the ontology create a tool for the fast introductions
to the domain in question. Thus it allows us to easily solve a problem of filling a knowledge base of any DSS class. While shaping the knowledge base of the expert HMDEC
system the quality of knowledge managing depend on described accuracy of ontology.
We will take under consideration the ontological approach on the example of domain
“Threat of mudflow”. Description of the ontology of domain mentioned above requires
the description of the entire hierarchy of ontology. These are only some of the fields,
introduced by ontologies to this hierarchy: managing system (region, city, economic
subject); possible results of the influence of threats of nature disaster (scenario); actions
taken to prevent losses caused by natural disasters; conclusion rules under the conditions of a natural disaster threat.
Usually different languages and systems are used for the description of ontology.
Graphs are comfortable form for the visual display and analyzing field. Such form of
display was demonstrated in[5]. A description of ontology in the formalized form is also
being used. We will introduce this last approach towards the description of ontology in
formalized form, by which formal model of the ontology of the problem domain “Threat
of mudflow” – MDMF – as following:
238
Tatiana Tretyakova, Abdullah Zair
MDMF = { MPA, PD,MS, MET }
(5)
where: MPA – ontology of subject domain, in which decisions are being taken (on the
level of the region, the city, the economic subject); PD – ontology of problems, solved
in the subject domain; MS – ontology of the domain “Scenarios of the development in
the situation”; MET – ontology of the domain “Protective actions”.
Falling below in borders of the hierarchy of ontology MDMF we will introduce the
model to the ontology of domain “Tasks, solved in subject domain” – PD:
PD = {MPS1, MPS2 … MPSk}
(6)
where: MPSk – models of solving problems.
Model of the ontology “ Scenarios of the development in the situation” – MS:
MS = {MRisk, MDm, MPr},
(7)
where: MRisk – ontology of risk; MDm – ontology of potential damages; MPr – ontology
of undertakings preventing loses.
The model of ontology „Protective actions” contains ontologies of the next lower
level:
MET = {MPinv, MEv},
(8)
where: MInv – ontology of the domain “Actions taken to face threats caused by mudflow
fall”; MEv – ontology of the field “Evacuation of people, financial and cultured values”.
This way looks the entire hierarchy of ontologies, being components of the ontology
of the problem domain “Threat of mudflow”. Every ontology should contain concepts
from described problem domain together with their definitions, mechanism of interpretation of concepts and relationships between them, as well as used axioms. Only then it
is possible to say, that ontology was completely described and stage of the conceptualization of knowledge while creating SE was implemented. Results of elicitation and
structurization of knowledge on the basis of the ontological approach at problem domain conceptualization give base to further realization of the knowledge engineering,
and that is to choose models of the presentation of knowledge in the knowledge base.
Task of knowledge's presentation in the knowledge base of the expert system HMDEC
is realized through presenting facts and rules (rule-based models). Rule models are being used to introduce the knowledge of the experts from the domain in tasks resolved
logically (e.g. evacuation of people in case of mudflow). Using rules for knowledge
presentation is an approach most often practiced in modern expert systems. Working out
set of rules type „if<antecedent>than<conclusion>” will let us introduce known variants
of solving a problem on the basis of the information about dangerous phenomena of the
nature in the base. Big part of some rules can be shown in the character of the scenario,
in which the state of the object is being described with the help of predicates (then the
whole description of the state of the object is a conjunction of all of those predicates), or
in the general form, containing the scenario of dangerous situations description. Frame
models are centre of the description of the static knowledge; they are comfortable for
the description of the hierarchy of abstract and concrete concepts. This approach is similar to the object attempt in introducing knowledge.
Formation of the contents of knowledge’s bases for local intelligent…
239
7. Conclusion
Changes of the climate even more often influence economic activities of the organizations and the enterprises. In this connection creation of such decision supporting systems, which promote fast adaptation to threats as the part of a nature, is necessary. The
structure and formal model of intelligent warning and decision support system (IWDSS)
is presented. The problem of knowledge's engineering for this system is considered.
One of tasks of engineering of knowledge is treated in article for intelligent decision
support systems with estimation of hydro meteorological information. The formal
model of ontology of problem area “Decisions making in a situation of a mudflow”,
submitted in article, is the methodical tool for search and structurization of knowledge
of projected system. With the description the ontology of problem domain “Decisions
making in a situation of a mudflow” preliminary conception of the knowledge bases,
worked with support from introduced formal models was shown. The fragments of database of objects located in area Djungarian Alatau of Kazakhstan are given. Models of
the presentation of knowledge offered for applying in the expert HMDEC system were
shortly discussed. Also the formal model of the structure of the task of making decisions and formal model of the ontology of domain “Decisions making in a situation of a
mudflow” in managing the knowledge of the expert HMDEC system was presented.
References
[1] Keen P. G. W., Scott Mormon M.S. Decision Support Systems: an organizational
perspective. Addison-Wesley, 1978.
[2] Radosiński E. Information systems in the dynamic decision analysis. PWN, Warszawa-Wrocław, 2001.
[3] Rudwic B. Systems Analysis for effective Planning: Principles and Cases. N.Y.
1969.
[4] Tretyakova T. The methodology of functional-structural analysis of decision processes and its role in the knowledge engineering for information systems. Materials
of the Polish Society of experts in the field of knowledge’s management, nr 8., Ed.
Waldemar Bojar, PSZW, Bydgoszcz, 2007.
[5] Tretyakova T., Zair A. Elicitation and structurization of knowledge for intelligence
subsystems of DSS. Polish Journal of Evironment Studies. Vol.17, No.3B. 2008.
[6] Solso R. Cognitive Psychology. PITER, St Petersburg, 2002 [in Russian].
[7] Popov O., Sołdek J., Tretiakowa T. Adaptive Information Management System.
Collection of articles: Information Systems in Strategic management, Informa,
Szczecin, 1997.
[8] Popov O., Tretyakova T. Approach to an Evaluation of Efficiency of the Integrated
Information System’s Implementation at the Enterprise: Orientation to Processes,
Proceedings of the 8-th International Conference Advanced Computer Systems
ACS’2001, Szczecin, Poland, 2001.
[9] Tretyakova T. The knowledge base of expert system “HMDecision” in information
system of class DSS – the object approach to construction. Proceedings of IV International conference The Analysis, forecasting and management in complex systems, St. Petersburg 2005 [in Russian]
240
Tatiana Tretyakova, Abdullah Zair
[10] Luger G. F. Artifical Intelligence. Structures and Strategies for Complex Problem
Solving. Addison-Wesley, 2002.
[11] Tretyakova T., Radugin D., Kolobov V., Titova E. St.Petersburg State Hydrological Institute: Scientific report on results of the research project: Development of a
technique of a social and economic estimation of mudflow actions, St. Petersburg
1990 [in Russian].
[12] Gruber T. R. Toward principles for Design of Ontologies Used for Knowledge
Sharing. International Workshop on Formal Ontology, Marcz, Padowo, Italy, 1993.
Impact of the presence of linguistic data
on the decision aid process
Jarosław Wątróbski, Zbigniew Piotrowski
Szczecin University of Technology,
Faculty of Computer Science and Information Technology
Abstract:
Many decision situations are described using both numerical and linguistic values.
Because of the presence of linguistic data, analytics are forced to apply appropriate
measures. These measures are often applied arbitrary, without consulting the Decision
Maker, which creates an intangible gap between the DM’s intentions and the final
decision model. The paper analyses the impact of applying different conventions for
utilising linguistic values in the decision aiding process. The considered measures include
quantification, fuzzy modelling and applying linguistic versions of MCDA methods.
Concluding remarks describes advantages of the alignment of the decision aiding
process to the Decision Maker’s problem formulation.
Keywords:
linguistic values, decision aiding
1. Introduction
Making decisions is a fundamental activity of human existence. Most Decision
Makers are focused on establishing potential actions in order to implement one of them.
A DM does all activities connected with analysing a domain specific aspect of the decision and with a methodological strategy of a given situation. Decision making is an
activity, whereas decision aiding is a process of helping a DM to make his decisions.
Furthermore decision aiding assumes involving an analyst into the process, who provides a DM with methodological framework and directs his expressions to suit the best
to the chosen decision aiding approach. In the result an synergetic effect is created between a DM’s preferences and the structure of a decision situation [1].
Existing decision situations cover virtually all areas of human’s life, and plays a
role in social phenomena, namely organisations. One of main concern of organisational
science is the decision theory. The high importance of decision made within organisation implies the significant role or aiding decision makers with their tasks. Supporting
them in order to gain the maximal benefit for the organisation requires ensuring high
quality of the process on all stages and from all points of view. This paper is focuses on
the data modelling aspect of decision aiding.
Subjects of decisions are frequently complex and detached from strict measurements, hence a situation cannot be described quantitatively. Furthermore for some aspects it would be inappropriate or even falsifying the reality to apply numerical grades.
242
Jarosław Wątróbski, Zbigniew Piotrowski
The most representative examples where applying qualitative measurements was suggested are: decision of choosing the appropriate strategy for a company [2], choosing an
information system [3] or evaluating localisations [4].
Data describing surrounding reality/environment can be divided into two main categories which are: hard data (numerical properties) and soft data (linguistic data, graphic
data, feelings). Therefore two main approaches to deal with these data are utilised:
quantitative methods for hard data and qualitative methods for soft data. Furthermore
systems for solving “hardly” defined problems operate on precise and crisp mathematical models, where “softly” defined problems are solved using linguistic reasoning and
dealing with imprecise entities [5].
The quality of input data used to describe a decision situation and to analyse available alternative is crucial for the overall reliability of the decision aiding process. The
recommendation cannot be of a better quality than data used to create a model. Hence,
using inaccurate or approximate data shall result in approximate recommendation.
A common mistake made in specifying requirements is to ask for an explicit recommendation, where available data are imprecise or ambiguous.
Data handling has to reflect characteristic of data used to describe the problem and
its possible outcomes. For that reason an analyst has to consider a source of linguistic
data used in the decision process because the data can be inputted by humans or gathered from measuring equipment. Probabilistic characteristics of data gathered from
instruments are often reflected by human-provided descriptions, however if human
input is the only source of a description of a particular feature, calculations shall be
done in a different manner, as different extensions principles for linguistic sets have to
be used [6].
2. Describing decision situations
Many real life decision situations have it source in the need of a human for choosing
the best option among a given set of options. The goal of a situation of that kind is to
satisfy the decision maker. It can be achieved by providing him with maximal satisfaction which can be also recognised as the “usefulness” or “utility value”. The source of
the decision situation lays inside human’s brain. Therefore the description of the problem is done in the method appropriate for “the human brain’s data model”, which is
based on linguistic information.
Mentioned conditions are important especially in situations where problems are unstructured and described mostly by qualitative criteria. Moreover criteria and attributes
values often cannot be described by numbers due to their specifics/characteristic/source.
Another difficulties which the DM is faced to are comparing objects that have similar
values of parameters and comparing options described with multiple attributes. Such
tasks are beyond human ability to make reliable statements [7].
Human provided linguistic judgements are inconsistent due to various opinions attached with the same label by different persons. The result of that ambiguity is a fact
that decision making involving multiple decision causes high risk for a decision quality
when all decision makers use the same scale. Moreover a value attached to a label is
determined by a context of a situation and a wide range of values causing an inconsistency in a value scale may be created in the result. A reason for such an inconsistency is
Impact of the presence of linguistic data on the decision aid process
243
that a human is forced to make judgements bonded by a fixed set of labels which source
is his vocabulary and common practice [8].
A common approach utilised by many widely applied decision aid method requires
a decision maker to specify his/her preferences on a given scale. The scale is strictly
defined and usually it’s a numerical scale with fixed distances. The scale can be described by labels, however it’s values are treated as (or even converted into) numbers.
The main data loss which happens in such a transformation is that in human’s perception judgements’ labels are not distributed evenly. Another aspect is practical meaning
of numerical values in some categories. As an example the accuracy of temperature is
important when designing a chemical or technological process, however in describing
the weather in leisure localisations it is enough to use one of commonly used labels like
“warm”, “hot”, “moderate”.
The Figure 1 presents the suitability of reflecting crisp values on linguistic descriptions. The main difference lays in technical and behavioral genesis of a given factor.
Many decision situations are directly related to human-specific activities and can be
described only by humans themselves. Hence human-specific language shall be used to
model such decisions. An example of such a language is the Precisiated Natural Language developed by L. Zadeh and described in [9].
Figure 1. Using linguistic values to describe numerical values (source: based on [9])
Another source of not crisp data are decision alternatives’ descriptions. Humancentric decisions are focused on subjects which are described subjectively by decision
makers. Furthermore in many situations it is more appropriate to assign a subjective
label for a precise numerical value of a property/an attribute than to consider the value
itself. The most common approach is to utilise the fuzzy sets theory in comparing alternatives’ performance for a given criterion. Such an approach helps to avoid judging
about the performance of an alternative based on an insignificant value difference between alternatives. The paper [10] provides a description of common areas when linguistic decision analysis is applied.
244
Jarosław Wątróbski, Zbigniew Piotrowski
An interesting and dynamically developed direction in the research on making ubituqous computing more friendly for humans is the Natural Language Processing. Utilising results of these research would allow to recognise a decision situation based on
a description in the natural language. The text summarisation capability should be able
to identify criteria and objectives from sentences in the natural language. Moreover it
should be possible to create an software agent which could search the internet for promising decision alternatives. The search would be directed on analysing various web
pages and performing text mining in order to extract an possible decision alternative.
The further reading about extracting knowledge from a text in the natural language the
paper is available in [11]. The issue is interesting due to the possible ability to use it for
widening the scope of gathering possible decision alternatives. It is a common convention to search for data in the DM’s language. However the NLP methodology can be
used to search for options described in other languages, even in such different from
western languages like Thai, which is a matter of creating an appropriate ontology [12].
Applying NLP to linguistic enabled decision aiding system allows to consider much
greater number of decision alternatives which increases the probability of achieving
better results for the DM.
The description of a decision problem consists of the following elements (described
in [13]):
 criteria, standing for tools for evaluation and comparison of possible outcomes of an
implemented decision,
 problem statement, one of possible problematics, which are: choice, sorting, ranking
and classification,
 potential actions or alternatives, which describe a subject of the choice made in
a given scenario.
Dealing with mentioned elements in the linguistic form requires a specific approach
to create a decision model. After identifying a problem, the DM elaborates the mentioned above elements and it is necessary to gather values for provided hierarchy of
properties along with appropriate scales. Expressing values on a scale can be done numerically, verbally or graphically. In the following stage, a judgement matrix is established an evaluations of criteria and alternatives are performed. Finally the final ranking
can be constructed and used to choose the best alternative [14].
3. Decision Makers internal preferences
Linguistic judgements specified by a human includes an amount of metainformation. This meta-data represent the DM’s tacit knowledge and cannot be extracted directly. The only possible manner for not losing that knowledge is to propagate
it throughout the decision aiding process and to elaborate it in the final recommendation. Such knowledge can include information about uncertainties, probabilities or approximations made by making such an elaboration. Even when a particular term is
associated with a triangular set, the DM can posses his own preferences independently
from the membership function. Hence the only method to discover such hidden assumptions is to face the DM itself with it.
Furthermore each human posses his/her own internal value system and each decision situation a DM builds an internal scale. One of the purposes of linguistic reason-
Impact of the presence of linguistic data on the decision aid process
245
ing/computations is to utilise such a scale instead of forcing the DM to express his preferences on an unsuitable for him fixed scale. An ideal decision aiding method would be
transparent for data used in the process and would provide a recommendation elaborated
in the same ontology/language as a description of a decision situation provided by the
DM. A fully linguistic decision aiding method would perform calculations with “granules” defined in [15] and distinguish it among basic types which include: possibilistic,
probabilistic, veristic and generalized [15].
Whereas currently developed methods MCDA methods utilise various approaches to include meta-information (tacit knowledge) which come with linguistic
data, these approaches are still based on reflecting uncertain and linguistic data on fuzzy
sets with its shape defined a priori. Utilised approaches provide different levels of
meta-data preservation. Hence decision aiding process is based on various layers of
information depending on a chosen MCDA method.
The first step in the linguistic decision process is to choose the linguistic term set
with its semantic. Meta-information of a decision has to be tied to a specific domain
(linguistic expression domain) in order to perform calculations. Further steps include
choosing an aggregation operator and performing all the calculations [10].
4. Using linguistic data in decision aiding
A course of a decision making process with linguistic variables can look as follows
(based on [8]):
1. Selecting linguistic terms by expert and defining fuzzy sets for selected terms,
evaluating alternatives.
2. Synthetising judgements for alternatives’ attributes.
3. Synthetising descriptions for all alternatives and formulating a decision.
In the paper [8] a problem of choosing a new computer system for a company was
solved using linguistic descriptions provided by a group of experts. First of all a scale of
linguistic variables was defined and encoded using triangular fuzzy sets. In the next step
domain experts from appropriate departments assigned values for all alternatives which
were considered as criteria performances for alternatives, because each department
analysed properties concerned with its area of expertise. Afterwards experts’ judgements are synthetised using weighted sum aggregating method and the best alternative
is pointed out.
The fuzzy extension of TOPSIS method was described in the paper [16], where
weights of criteria and values of qualitative properties were considered as linguistic
variables. The DM used tables of defined variables and trapezoidal fuzzy number to
specify his input. Further the calculations were made according to the TOPSIS algorithm adapted to deal with fuzzy sets treated as four points vectors.
A modified comparison of three approaches for solving decision problems are introduced to pinpoint impact differences between various methods of dealing with linguistic
data. The methods described below are based on an “aggregation-and-ranking scheme”
[17].
The first of analysed methods is based on the Extension Principle, the issue connected with using this method is a linguistic approximation for matching linguistic
terms with fuzzy sets. In the described example, Euclidean distance was applied. The
246
Jarosław Wątróbski, Zbigniew Piotrowski
next solution is based on the Symbolic Approach, where linguistic aggregation is used
along with a weighting vector, however the outcome lacks precision. Therefore the last
considered method avoids approximation of linguistic labels and uses the 2-tuple Fuzzy
Linguistic Representation Model. Information this model is stored as 2-tuples of the
form ( s, α ) , where s is a linguistic term and α is a value from the range [ −0.5, 0.5 )
where linguistic information is encoded in. From the mentioned approaches, the result
obtained with the last method was the most reliable and the only one of the satisfactory
accuracy [17].
5. Conclusions
Among decision situations met by humans, there is not many of them which can be
described using only quantitative measurements. Moreover the vast majority of decisions concerns some level of fuzziness or qualitative parameters. The first and still
common approach of dealing with such situations is to force a DM to express his/her
judgements on a defined numerical scale with verbal labels assigned to each values.
Performing numerical calculations about subjects which have qualitative nature creates a knowledge gap between a DM’s/a human’s description of a problem and a computer model. Therefore processing of linguistic data using various approaches were
introduced. The first important contribution of that direction was applying the fuzzy sets
theory to decision aiding, which allowed to model fuzziness of human judgements.
The paper describes approaches for linguistic decision aiding and supports its applications. The decision process was presented as a human-oriented process. Such a process has to offer alignment to a DM’s perception of a decision situation. Linguistic terms
are one of commonly applied methods for making communication with a computer
more natural for a human.
Decision aiding supporting linguistic descriptions in a DM’s preferences and in descriptions of decision alternatives makes the process closer to Perception Based Information Processing, as described in [18]. Furthermore, perceptions are the only
information available for many factors – especially for subjective ones. Most current
decision aiding approaches can be summarised as “database oriented”, whereas information is “internet oriented”. The differences are presented in the Table 1.
Table 1. Database and Internet oriented models
Database
Distributed
Controlled
Query (QL)
Precise
Structure
Internet
Distributed
Autonomous
Browse (Search)
Fuzzy/Imprecise
Unstructured
Source: [18]
Impact of the presence of linguistic data on the decision aid process
247
Further development of linguistic decision aiding was a result of including natural
characteristic of humans’ elaborated judgements. These characteristic includes asymmetry of verbal expressions and dependency of their meaning on a specific context.
Contextual character of human judgements was a foundation of Natural Language
Processing technologies, which can be used along with linguistic data mining to automate the process of gathering decision alternatives.
A recommendation for a DM has to be a response for his problem and to be
aligned with his expectation. Hence the accuracy and abstraction level of a recommendation as well as the whole decision aiding process shall be performed in accordance
with the precision and certainty of a problem formulation provided by the DM.
A variety of decision aiding methods is based on different approaches for including imprecise or linguistic information on all stages of decision aiding process. These
approaches include: linguistic criteria formulation, linguistic alternative descriptions,
and linguistic preferences elaboration. Furthermore linguistic data are encoded in different forms and calculations are done with various levels of propagation of linguistic
assessments.
The main issue connected with applying a method not aligned with a particular
situation is a loss of data during the decision aiding process. Inaccuracy in data leads to
inaccurate recommendation which makes the whole decision aiding process senseless.
Therefore a concern should be put on choosing an appropriate approach to deal with
linguistic data according to an available descriptions provided in the input to the process.
References
[1] A. Tsoukiàs, On the concept of decision aiding process: an operational perspective, Annals of Operations Research, 154 (2007), pp. 3-27.
[2] E. Ertugrul Karsak and E. Tolga, Fuzzy multi-criteria decision-making procedure
for evaluating advanced manufacturing system investments, International Journal
of Production Economics, 69 (2001), pp. 49-64.
[3] S.-L. Chang, R.-C. Wang and S.-Y. Wang, Applying a direct multi-granularity
linguistic and strategy-oriented aggregation approach on the assessment of supply
performance, European Journal of Operational Research, 177 (2007), pp. 10131025.
[4] J. Malczewski and C. Rinner, Exploring multicriteria decision strategies in GIS
with linguistic quantifiers: A case study of residential quality evaluation, Journal
of Geographical Systems, 7 (2005), pp. 249-268.
[5] V. A. Niskanen, A soft multi-criteria decision-making approach to assessing the
goodness of typical reasoning systems based on empirical data, Fuzzy Sets and
Systems, 131 (2002), pp. 79-100.
[6] A. Piegat, Are Linguistic Evaluations Used by People of Possibilistic or Probabilistic Nature?, in J. G. a. S. Carbonell, J., ed., Artificial Intelligence and Soft Computing - ICAISC 2004, Springer, Berlin / Heidelberg, 2004, pp. 356-363.
[7] H. Moshkovich, A. Mechitov and D. Olson, Verbal Decision Analysis, Multiple
Criteria Decision Analysis: State of the Art Surveys, 2005, pp. 609-633.
248
Jarosław Wątróbski, Zbigniew Piotrowski
[8] J. Ma, D. Ruan, Y. Xu and G. Zhang, A fuzzy-set approach to treat determinacy
and consistency of linguistic terms in multi-criteria decision making, International
Journal of Approximate Reasoning, 44 (2007), pp. 165-181.
[9] Zadeh, Precisiated Natural Language, Aspects of Automatic Text Analysis, 2006.
[10] F. Herrera and E. Herrera-Viedma, Linguistic decision analysis: steps for solving
decision problems under linguistic information, Fuzzy Sets Syst., 115 (2000), pp.
67-82.
[11] H. Mangassarian and H. Artail, A general framework for subjective information
extraction from unstructured English text, Data & Knowledge Engineering, 62
(2007), pp. 352-367.
[12] A. Imsombut and A. Kawtrakul, Automatic building of an ontology on the basis of
text corpora in Thai, Language Resources and Evaluation.
[13] B. Roy, Paradigms and Challenges, Multiple Criteria Decision Analysis: State of
the Art Surveys, 2005, pp. 3-24.
[14] M. S. Garcia-Cascales and M. T. Lamata, Solving a decision problem with linguistic information, Pattern Recognition Letters, 28 (2007), pp. 2284-2294.
[15] Zadeh, Some reflections on soft computing, granular computing and their roles in
the conception, design and utilization of information/intelligent systems, Soft
Computing - A Fusion of Foundations, Methodologies and Applications, 2 (1998),
pp. 23-25.
[16] Đ. Ertuğrul and M. Güneş, Fuzzy Multi-criteria Decision Making Method for Machine Selection, Analysis and Design of Intelligent Systems using Soft Computing
Techniques, 2007, pp. 638-648.
[17] V.-N. Huynh and Y. Nakamori, Multi-Expert Decision-Making with Linguistic
Information: A Probabilistic-Based Model, Proceedings of the Proceedings of the
38th Annual Hawaii International Conference on System Sciences (HICSS'05) Track 3 - Volume 03 (2005), pp. 91.3.
[18] M. Nikravesh and D.-Y. Choi, Soft Computing for Perception Based Information
Processing, Soft Computing for Information Processing and Analysis, 2005, pp.
203-255.