Visible to the public Biblio

Found 108 results

Filters: First Letter Of Last Name is Q  [Clear All Filters]
A B C D E F G H I J K L M N O P [Q] R S T U V W X Y Z   [Show ALL]
Q
Q. Wang, Y. Ren, M. Scaperoth, G. Parmer.  2015.  "SPeCK: a kernel for scalable predictability". 21st IEEE Real-Time and Embedded Technology and Applications Symposium. :121-132.

Multi- and many-core systems are increasingly prevalent in embedded systems. Additionally, isolation requirements between different partitions and criticalities are gaining in importance. This difficult combination is not well addressed by current software systems. Parallel systems require consistency guarantees on shared data-structures often provided by locks that use predictable resource sharing protocols. However, as the number of cores increase, even a single shared cache-line (e.g. for the lock) can cause significant interference. In this paper, we present a clean-slate design of the SPeCK kernel, the next generation of our COMPOSITE OS, that attempts to provide a strong version of scalable predictability - where predictability bounds made on a single core, remain constant with an increase in cores. Results show that, despite using a non-preemptive kernel, it has strong scalable predictability, low average-case overheads, and demonstrates better response-times than a state-of-the-art preemptive system.

Qader, Karwan, Adda, Mo.  2019.  DOS and Brute Force Attacks Faults Detection Using an Optimised Fuzzy C-Means. 2019 IEEE International Symposium on INnovations in Intelligent SysTems and Applications (INISTA). :1—6.
This paper explains how the commonly occurring DOS and Brute Force attacks on computer networks can be efficiently detected and network performance improved, which reduces costs and time. Therefore, network administrators attempt to instantly diagnose any network issues. The experimental work used the SNMP-MIB parameter datasets, which are collected via a specialised MIB dataset consisting of seven types of attack as noted in section three. To resolves such issues, this researched carried out several important contributions which are related to fault management concerns in computer network systems. A central task in the detection of the attacks relies on MIB feature behaviours using the suggested SFCM method. It was concluded that the DOS and Brute Force fault detection results for three different clustering methods demonstrated that the proposed SFCM detected every data point in the related group. Consequently, the FPC approached 1.0, its highest record, and an improved performance solution better than the EM methods and K-means are based on SNMP-MIB variables.
Qadir, Abdalbasit Mohammed, Cooper, Peter.  2020.  GPS-based Mobile Cross-platform Cargo Tracking System with Web-based Application. 2020 8th International Symposium on Digital Forensics and Security (ISDFS). :1—7.
Cross-platform development is becoming widely used by developers, and writing for separate platforms is being replaced by developing a single code base that will work across multiple platforms simultaneously, while reducing cost and time. The purpose of this paper is to demonstrate cross-platform development by creating a cargo tracking system that will work on multiple platforms with web application by tracking cargo using Global Positioning System (GPS), since the transport business has played a vital role in the evolution of human civilization. In this system, Google Flutter technology is used to create a mobile application that works on both Android and iOS platforms at the same time, by providing maps to clients showing their cargo location using Google Map API, as well as providing a web-based application.
Qadir, J., Hasan, O..  2015.  Applying Formal Methods to Networking: Theory, Techniques, and Applications. Communications Surveys Tutorials, IEEE. 17:256-291.

Despite its great importance, modern network infrastructure is remarkable for the lack of rigor in its engineering. The Internet, which began as a research experiment, was never designed to handle the users and applications it hosts today. The lack of formalization of the Internet architecture meant limited abstractions and modularity, particularly for the control and management planes, thus requiring for every new need a new protocol built from scratch. This led to an unwieldy ossified Internet architecture resistant to any attempts at formal verification and to an Internet culture where expediency and pragmatism are favored over formal correctness. Fortunately, recent work in the space of clean slate Internet design-in particular, the software defined networking (SDN) paradigm-offers the Internet community another chance to develop the right kind of architecture and abstractions. This has also led to a great resurgence in interest of applying formal methods to specification, verification, and synthesis of networking protocols and applications. In this paper, we present a self-contained tutorial of the formidable amount of work that has been done in formal methods and present a survey of its applications to networking.
 

Qaisar, Muhammad Umar Farooq, Wang, Xingfu, Hawbani, Ammar, Khan, Asad, Ahmed, Adeel, Wedaj, Fisseha Teju.  2020.  TORP: Load Balanced Reliable Opportunistic Routing for Asynchronous Wireless Sensor Networks. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :1384–1389.
Opportunistic routing (OR) is gaining popularity in low-duty wireless sensor network (WSN), so the need for efficient and reliable data transmission is becoming more essential. Reliable transmission is only feasible if the routing protocols are secure and efficient. Due to high energy consumption, current cryptographic schemes for WSN are not suitable. Trust-based OR will ensure security and reliability with fewer resources and minimum energy consumption. OR selects the set of potential candidates for each sensor node using a prioritized metric by load balancing among the nodes. This paper introduces a trust-based load-balanced OR for duty-cycled wireless sensor networks. The candidates are prioritized on the basis of a trusted OR metric that is divided into two parts. First, the OR metric is based on the average of four probability distributions: the distance from node to sink distribution, the expected number of hops distribution, the node degree distribution, and the residual energy distribution. Second, the trust metric is based on the average of two probability distributions: the direct trust distribution and the recommended trust distribution. Finally, the trusted OR metric is calculated by multiplying the average of two metrics distributions in order to direct more traffic through the higher priority nodes. The simulation results show that our proposed protocol provides a significant improvement in the performance of the network compared to the benchmarks in terms of energy consumption, end to end delay, throughput, and packet delivery ratio.
Qasaimeh, Ghazi, Al-Gasaymeh, Anwar, Kaddumi, Thair, Kilani, Qais.  2022.  Expert Systems and Neural Networks and their Impact on the Relevance of Financial Information in the Jordanian Commercial Banks. 2022 International Conference on Business Analytics for Technology and Security (ICBATS). :1—7.
The current study aims to discern the impact of expert systems and neural network on the Jordanian commercial banks. In achieving the objective, the study employed descriptive analytical approach and the population consisted of the 13 Jordanian commercial banks listed at Amman Stock Exchange-ASE. The primary data were obtained by using a questionnaire with 188 samples distributed to a group of accountants, internal auditors, and programmers, who constitute the study sample. The results unveiled that there is an impact of the application of expert systems and neural networks on the relevance of financial information in Jordanian commercial banks. It also revealed that there is a high level of relevance of financial information in Jordanian commercial banks. Accordingly, the study recommended the need for banks to keep pace with the progress and development taking place in connection to the process and environment of expertise systems by providing modern and developed devices to run various programs and expert systems. It also recommended that, Jordanian commercial banks need to rely more on advanced systems to operate neural network technology more efficiently.
Qawasmeh, Ethar, Al-Saleh, Mohammed I., Al-Sharif, Ziad A..  2019.  Towards a Generic Approach for Memory Forensics. 2019 Sixth HCT Information Technology Trends (ITT). :094—098.

The era of information technology has, unfortunately, contributed to the tremendous rise in the number of criminal activities. However, digital artifacts can be utilized in convicting cybercriminal and exposing their activities. The digital forensics science concerns about all aspects related to cybercrimes. It seeks digital evidence by following standard methodologies to be admitted in court rooms. This paper concerns about memory forensics for the unique artifacts it holds. Memory contains information about the current state of systems and applications. Moreover, an application's data explains how a criminal has been interacting the application just before the memory is acquired. Memory forensics at the application level is currently random and cumbersome. Targeting specific applications is what forensic researchers and practitioner are currently striving to provide. This paper suggests a general solution to investigate any application. Our solution aims to utilize an application's data structures and variables' information in the investigation process. This is because an application's data has to be stored and retrieved in the means of variables. Data structures and variables' information can be generated by compilers for debugging purposes. We show that an application's information is a valuable resource to the investigator.

Qayum, Mohammad A., Badawy, Abdel-Hameed A., Cook, Jeanine.  2017.  DyAdHyTM: A Low Overhead Dynamically Adaptive Hybrid Transactional Memory with Application to Large Graphs. Proceedings of the International Symposium on Memory Systems. :327–336.
Big data is a buzzword used to describe massive volumes of data that provides opportunities of exploring new insights through data analytics. However, big data is mostly structured but can be semi-structured or unstructured. It is normally so large that it is not only difficult but also slow to process using traditional computing systems. One of the solutions is to format the data as graph data structures and process them on shared memory architecture to use fast and novel policies such as transactional memory. In most graph applications in big data type problems such as bioinformatics, social networks, and cybersecurity, graphs are sparse in nature. Due to this sparsity, we have the opportunity to use Transactional Memory (TM) as the synchronization policy for critical sections to speedup applications. At low conflict probability TM performs better than most synchronization policies due to its inherent non-blocking characteristics. TM can be implemented in Software, Hardware or a combination of both. However, hardware TM implementations are fast but limited by scarce hardware resources while software implementations have high overheads which can degrade performance. In this paper, we develop a low overhead, yet simple, dynamically adaptive (i.e., at runtime) hybrid (i.e., combines hardware and software) TM (DyAd-HyTM) scheme that combines the best features of both Hardware TM (HTM) and Software TM (STM) while adapting to application's requirements. It performs better than coarse-grain lock by up to 8.12x, a low overhead STM by up to 2.68x, a couple of implementations of HTMs (by up to 2.59x), and other HyTMs (by up to 1.55x) for SSCA-2 graph benchmark running on a multicore machine with a large shared memory.
Qazi, Zafar Ayyub, Penumarthi, Phani Krishna, Sekar, Vyas, Gopalakrishnan, Vijay, Joshi, Kaustubh, Das, Samir R..  2016.  KLEIN: A Minimally Disruptive Design for an Elastic Cellular Core. Proceedings of the Symposium on SDN Research. :2:1–2:12.

Today's cellular core, which connects the radio access network to the Internet, relies on fixed hardware appliances placed at a few dedicated locations and uses relatively static routing policies. As such, today's core design has key limitations—it induces inefficient provisioning tradeoffs and is poorly equipped to handle overload, failure scenarios, and diverse application requirements. To address these limitations, ongoing efforts envision "clean slate" solutions that depart from cellular standards and routing protocols; e.g., via programmable switches at base stations and per-flow SDN-like orchestration. The driving question of this work is to ask if a clean-slate redesign is necessary and if not, how can we design a flexible cellular core that is minimally disruptive. We propose KLEIN, a design that stays within the confines of current cellular standards and addresses the above limitations by combining network functions virtualization with smart resource management. We address key challenges w.r.t. scalability and responsiveness in realizing KLEIN via backwards-compatible orchestration mechanisms. Our evaluations through data-driven simulations and real prototype experiments using OpenAirInterface show that KLEIN can scale to billions of devices and is close to optimal for wide variety of traffic and deployment parameters.

Qbea'h, Mohammad, Alrabaee, Saed, Alshraideh, Mohammad, Sabri, Khair Eddin.  2022.  Diverse Approaches Have Been Presented To Mitigate SQL Injection Attack, But It Is Still Alive: A Review. 2022 International Conference on Computer and Applications (ICCA). :1–5.
A huge amount of stored and transferred data is expanding rapidly. Therefore, managing and securing the big volume of diverse applications should have a high priority. However, Structured Query Language Injection Attack (SQLIA) is one of the most common dangerous threats in the world. Therefore, a large number of approaches and models have been presented to mitigate, detect or prevent SQL injection attack but it is still alive. Most of old and current models are created based on static, dynamic, hybrid or machine learning techniques. However, SQL injection attack still represents the highest risk in the trend of web application security risks based on several recent studies in 2021. In this paper, we present a review of the latest research dealing with SQL injection attack and its types, and demonstrating several types of most recent and current techniques, models and approaches which are used in mitigating, detecting or preventing this type of dangerous attack. Then, we explain the weaknesses and highlight the critical points missing in these techniques. As a result, we still need more efforts to make a real, novel and comprehensive solution to be able to cover all kinds of malicious SQL commands. At the end, we provide significant guidelines to follow in order to mitigate such kind of attack, and we strongly believe that these tips will help developers, decision makers, researchers and even governments to innovate solutions in the future research to stop SQLIA.
Qbeitah, M. A., Aldwairi, M..  2018.  Dynamic malware analysis of phishing emails. 2018 9th International Conference on Information and Communication Systems (ICICS). :18–24.

Malicious software or malware is one of the most significant dangers facing the Internet today. In the fight against malware, users depend on anti-malware and anti-virus products to proactively detect threats before damage is done. Those products rely on static signatures obtained through malware analysis. Unfortunately, malware authors are always one step ahead in avoiding detection. This research deals with dynamic malware analysis, which emphasizes on: how the malware will behave after execution, what changes to the operating system, registry and network communication take place. Dynamic analysis opens up the doors for automatic generation of anomaly and active signatures based on the new malware's behavior. The research includes a design of honeypot to capture new malware and a complete dynamic analysis laboratory setting. We propose a standard analysis methodology by preparing the analysis tools, then running the malicious samples in a controlled environment to investigate their behavior. We analyze 173 recent Phishing emails and 45 SPIM messages in search for potentially new malwares, we present two malware samples and their comprehensive dynamic analysis.

Qi, Bolun, Fan, Chuchu, Jiang, Minghao, Mitra, Sayan.  2018.  DryVR 2.0: A Tool for Verification and Controller Synthesis of Black-box Cyber-physical Systems. Proceedings of the 21st International Conference on Hybrid Systems: Computation and Control (Part of CPS Week). :269–270.
We present a demo of DryVR 2.0, a framework for verification and controller synthesis of cyber-physical systems composed of black-box simulators and white-box automata. For verification, DryVR 2.0 takes as input a black-box simulator, a white-box transition graph, a time bound and a safety specification. As output it generates over-approximations of the reachable states and returns "Safe" if the system meets the given bounded safety specification, or it returns "Unsafe" with a counter-example. For controller synthesis, DryVR 2.0 takes as input black-box simulator(s) and a reach-avoid specification, and uses RRTs to find a transition graph such that the combined system satisfies the given specification.
Qi, C., Wu, J., Chen, H., Yu, H., Hu, H., Cheng, G..  2017.  Game-Theoretic Analysis for Security of Various Software-Defined Networking (SDN) Architectures. 2017 IEEE 85th Vehicular Technology Conference (VTC Spring). :1–5.

Security evaluation of diverse SDN frameworks is of significant importance to design resilient systems and deal with attacks. Focused on SDN scenarios, a game-theoretic model is proposed to analyze their security performance in existing SDN architectures. The model can describe specific traits in different structures, represent several types of information of players (attacker and defender) and quantitatively calculate systems' reliability. Simulation results illustrate dynamic SDN structures have distinct security improvement over static ones. Besides, effective dynamic scheduling mechanisms adopted in dynamic systems can enhance their security further.

Qi, Chao, Nagai, Keita, Ji, Ming, Miyahara, Yu, Sugita, Naohiro, Shinshi, Tadahiko, Nakano, Masaki, Sato, Chiaki.  2022.  A Magnetic Actuator Using PLD-made FePt Thick Film as a Permanent Magnet and Membrane Material for Bi-directional Micropumps. 2022 21st International Conference on Micro and Nanotechnology for Power Generation and Energy Conversion Applications (PowerMEMS). :309–310.
This paper proposes a magnetic actuator using a partially magnetized FePt thick film as a permanent magnet and membrane material for bi-directional micropumps. The magnetized areas act as flux sources, while the magnetized and unmagnetized areas play a role of the membrane part. The mechanical and magnetic characterization results show FePt has a large tensile strength and a lower Young’s modulus than Si crystal, and a comparable remanence to NdFeB. A magnetic pattern transfer technique with a post thermal demagnetization is proposed and experimentally verified to magnetize the FePt partially. Using the proposed magnetic actuator with partially magnetized FePt film is beneficial to simplify the complicated structure and fabrication process of the bi-directional magnetic micropump besides other magnetic MEMS devices.
Qi, Jiaqi, Meng, Hao, Ye, Jun.  2022.  A Research on the Selection of Cooperative Enterprises in School-Enterprise Joint Cryptography Laboratory. 2022 International Conference on Artificial Intelligence in Everything (AIE). :659—663.
In order to better cultivate engineering and application-oriented cryptographic talents, it is urgent to establish a joint school enterprise cryptographic laboratory. However, there is a core problem in the existing school enterprise joint laboratory construction scheme: the enterprise is not specialized and has insufficient cooperation ability, which can not effectively realize the effective integration of resources and mutual benefit and win-win results. To solve this problem, we propose a comprehensive evaluation model of cooperative enterprises based on entropy weight method and grey correlation analysis. Firstly, the multi-level evaluation index system of the enterprise is established, and the entropy weight method is used to objectively weight the index. After that, the grey weighted correlation degree between each enterprise and the virtual optimal enterprise is calculated by grey correlation analysis to compare the advantages and disadvantages of enterprises. Through the example analysis, it is proved that our method is effective and reliable, eliminating subjective factors, and providing a certain reference value for the construction of school enterprise joint cryptographic laboratory.
Qi, Jie, Cao, Zheng, Sun, Haixin.  2016.  An Effective Method for Underwater Target Radiation Signal Detecting and Reconstructing. Proceedings of the 11th ACM International Conference on Underwater Networks & Systems. :48:1–48:2.

Using the sparse feature of the signal, compressed sensing theory can take a sample to compress data at a rate lower than the Nyquist sampling rate. The signal must be represented by the sparse matrix, however. Based on the above theory, this article puts forward a sparse degree of adaptive algorithms which can be used for the detection and reconstruction of the underwater target radiation signal. The received underwater target radiation signal, at first, transits the noise energy into signal energy under test by the stochastic resonance system, and then based on Gerschgorin disk criterion, it can make out the number of underwater target radiation signals in order to determine the optimal sparse degree of compressed sensing, and finally, the detection and reconstruction of the original signal can be realized by utilizing the compressed sensing technique. The simulation results show that this method can effectively detect underwater target radiation signals, and they can also be detected quite well under low signal-to-noise ratio(SNR).

Qi, L. T., Huang, H. P., Wang, P., Wang, R. C..  2018.  Abnormal Item Detection Based on Time Window Merging for Recommender Systems. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :252–259.

CFRS (Collaborative Filtering Recommendation System) is one of the most widely used individualized recommendation systems. However, CFRS is susceptible to shilling attacks based on profile injection. The current research on shilling attack mainly focuses on the recognition of false user profiles, but these methods depend on the specific attack models and the computational cost is huge. From the view of item, some abnormal item detection methods are proposed which are independent of attack models and overcome the defects of user profiles model, but its detection rate, false alarm rate and time overhead need to be further improved. In order to solve these problems, it proposes an abnormal item detection method based on time window merging. This method first uses the small window to partition rating time series, and determine whether the window is suspicious in terms of the number of abnormal ratings within it. Then, the suspicious small windows are merged to form suspicious intervals. We use the rating distribution characteristics RAR (Ratio of Abnormal Rating), ATIAR (Average Time Interval of Abnormal Rating), DAR(Deviation of Abnormal Rating) and DTIAR (Deviation of Time Interval of Abnormal Rating) in the suspicious intervals to determine whether the item is subject to attacks. Experiment results on the MovieLens 100K data set show that the method has a high detection rate and a low false alarm rate.

Qi, Ling, Qiao, Yuanyuan, Abdesslem, Fehmi Ben, Ma, Zhanyu, Yang, Jie.  2016.  Oscillation Resolution for Massive Cell Phone Traffic Data. Proceedings of the First Workshop on Mobile Data. :25–30.

Cellular towers capture logs of mobile subscribers whenever their devices connect to the network. When the logs show data traffic at a cell tower generated by a device, it reveals that this device is close to the tower. The logs can then be used to trace the locations of mobile subscribers for different applications, such as studying customer behaviour, improving location-based services, or helping urban planning. However, the logs often suffer from an oscillation phenomenon. Oscillations may happen when a device, even when not moving, does not only connect to the nearest cell tower, but is instead unpredictably switching between multiple cell towers because of random noise, load balancing, or simply dynamic changes in signal strength. Detecting and removing oscillations are a challenge when analyzing location data collected from the cellular network. In this paper, we propose an algorithm called SOL (Stable, Oscillation, Leap periods) aimed at discovering and reducing oscillations in the collected logs. We apply our algorithm on real datasets which contain about 18.9\textasciitildeTB of traffic logs generated by more than 3\textasciitildemillion mobile subscribers covering about 21000 cell towers and collected during 27\textasciitildedays from both GSM and UMTS networks in northern China. Experimental results demonstrate the ability and effectiveness of SOL to reduce oscillations in cellular network logs.

Qi, Xiaoxia, Shen, Shuai, Wang, Qijin.  2020.  A Moving Target Defense Technology Based on SCIT. 2020 International Conference on Computer Engineering and Application (ICCEA). :454—457.
Moving target defense technology is one of the revolutionary techniques that is “changing the rules of the game” in the field of network technology, according to recent propositions from the US Science and Technology Commission. Building upon a recently-developed approach called Self Cleansing Intrusion Tolerance (SCIT), this paper proposes a moving target defense system that is based on server switching and cleaning. A protected object is maneuvered to improve its safety by exploiting software diversity and thereby introducing randomness and unpredictability into the system. Experimental results show that the improved system increases the difficulty of attack and significantly reduces the likelihood of a system being invaded, thus serving to enhance system security.
Qi, Xingyue, Lin, Chuan, Wang, Zhaohui, Du, Jiaxin, Han, Guangjie.  2021.  Proactive Alarming-enabled Path Planning for Multi-AUV-based Underwater IoT Systems. 2021 Computing, Communications and IoT Applications (ComComAp). :263—267.
The ongoing expansion of underwater Internet of Things techniques promote diverse categories of maritime intelligent systems, e.g., Underwater Acoustic Sensor Networks (UASNs), Underwater Wireless Networks (UWNs), especially multiple Autonomous Underwater Vehicle (AUV) based UWNs have produced many civil and military applications. To enhance the network management and scalability, in this paper, the technique of Software-Defined Networking (SDN) technique is introduced, leading to the paradigm of Software-Defined multi-AUV-based UWNs (SD-UWNs). With SD-UWNs, the network architecture is divided into three functional layers: data layer, control layer, and application layer, and the network administration is re-defined by a framework of software-defined beacon. To manage the network, a control model based on artificial potential field and network topology theory is constructed. On account of the efficient data sharing ability of SD-UWNs, a proactive alarming-enabled path planning scheme is proposed, wherein all potential categories of obstacle avoidance scenes are taken into account. Evaluation results indicate that the proposed SD-UWN is more efficient in scheduling the cooperative network function than the traditional approaches and can secure exact path planning.
Qian, Dazan, Guo, Songhui, Sun, Lei, Liu, Haidong, Hao, Qianfang, Zhang, Jing.  2020.  Trusted Virtual Network Function Based on vTPM. 2020 7th International Conference on Information Science and Control Engineering (ICISCE). :1484–1488.
Mobile communication technology is developing rapidly, and this is integrated with technologies such as Software Defined Network (SDN), cloud computing, and Network Function Virtualization (NFV). Network Functions (NFs) are no longer deployed on dedicated hardware devices, while deployed in Virtual Machines (VMs) or containers as Virtual Network Functions (VNFs). If VNFs are tampered with or replaced, the communication system will not function properly. Our research is to enhance the security of VNFs using trusted computing technology. By adding Virtual Trusted Platform Module (vTPM) to the virtualization platform, the chain of trust extends from the VM operating system to VNFs within the VM. Experimental results prove that the solution can effectively protect the integrity of VNFs from being attacked.
Qian, Jun, Gan, Zijie, Zhang, Jie, Bhunia, Suman.  2022.  Analyzing SocialArks Data Leak - A Brute Force Web Login Attack. 2022 4th International Conference on Computer Communication and the Internet (ICCCI). :21–27.
In this work, we discuss data breaches based on the “2012 SocialArks data breach” case study. Data leakage refers to the security violations of unauthorized individuals copying, transmitting, viewing, stealing, or using sensitive, protected, or confidential data. Data leakage is becoming more and more serious, for those traditional information security protection methods like anti-virus software, intrusion detection, and firewalls have been becoming more and more challenging to deal with independently. Nevertheless, fortunately, new IT technologies are rapidly changing and challenging traditional security laws and provide new opportunities to develop the information security market. The SocialArks data breach was caused by a misconfiguration of ElasticSearch Database owned by SocialArks, owned by “Tencent.” The attack methodology is classic, and five common Elasticsearch mistakes discussed the possibilities of those leakages. The defense solution focuses on how to optimize the Elasticsearch server. Furthermore, the ElasticSearch database’s open-source identity also causes many ethical problems, which means that anyone can download and install it for free, and they can install it almost anywhere. Some companies download it and install it on their internal servers, while others download and install it in the cloud (on any provider they want). There are also cloud service companies that provide hosted versions of Elasticsearch, which means they host and manage Elasticsearch clusters for their customers, such as Company Tencent.
Qian, K., Parizi, R. M., Lo, D..  2018.  OWASP Risk Analysis Driven Security Requirements Specification for Secure Android Mobile Software Development. 2018 IEEE Conference on Dependable and Secure Computing (DSC). :1—2.
The security threats to mobile applications are growing explosively. Mobile apps flaws and security defects open doors for hackers to break in and access sensitive information. Defensive requirements analysis should be an integral part of secure mobile SDLC. Developers need to consider the information confidentiality and data integrity, to verify the security early in the development lifecycle rather than fixing the security holes after attacking and data leaks take place. Early eliminating known security vulnerabilities will help developers increase the security of apps and reduce the likelihood of exploitation. However, many software developers lack the necessary security knowledge and skills at the development stage, and that's why Secure Mobile Software Development education is very necessary for mobile software engineers. In this paper, we propose a guided security requirement analysis based on OWASP Mobile Top ten security risk recommendations for Android mobile software development and its traceability of the developmental controls in SDLC. Building secure apps immune to the OWASP Mobile Top ten risks would be an effective approach to provide very useful mobile security guidelines.
Qian, Kai, Dan Lo, Chia-Tien, Guo, Minzhe, Bhattacharya, Prabir, Yang, Li.  2012.  Mobile security labware with smart devices for cybersecurity education. IEEE 2nd Integrated STEM Education Conference. :1—3.

Smart mobile devices such as smartphones and tablets have become an integral part of our society. However, it also becomes a prime target for attackers with malicious intents. There have been a number of efforts on developing innovative courseware to promote cybersecurity education and to improve student learning; however, hands-on labs are not well developed for smart mobile devices and for mobile security topics. In this paper, we propose to design and develop a mobile security labware with smart mobile devices to promote the cybersecurity education. The integration of mobile computing technologies and smart devices into cybersecurity education will connect the education to leading-edge information technologies, motivate and engage students in security learning, fill in the gap with IT industry need, and help faculties build expertise on mobile computing. In addition, the hands-on experience with mobile app development will promote student learning and supply them with a better understanding of security knowledge not only in classical security domains but also in the emerging mobile security areas.

Qian, Lei, Chi, Xuefen, Zhao, Linlin, Chaaban, Anas.  2021.  Secure Visible Light Communications via Intelligent Reflecting Surfaces. ICC 2021 - IEEE International Conference on Communications. :1–6.
Intelligent reflecting surfaces (IRS) can improve the physical layer security (PLS) by providing a controllable wireless environment. In this paper, we propose a novel PLS technique with the help of IRS implemented by an intelligent mirror array for the visible light communication (VLC) system. First, for the IRS aided VLC system containing an access point (AP), a legitimate user and an eavesdropper, the IRS channel gain and a lower bound of the achievable secrecy rate are derived. Further, to enhance the IRS channel gain of the legitimate user while restricting the IRS channel gain of the eavesdropper, we formulate an achievable secrecy rate maximization problem for the proposed IRS-aided PLS technique to find the optimal orientations of mirrors. Since the sensitivity of mirrors’ orientations on the IRS channel gain makes the optimization problem hard to solve, we transform the original problem into a reflected spot position optimization problem and solve it by a particle swarm optimization (PSO) algorithm. Our simulation results show that secrecy performance can be significantly improved by adding an IRS in a VLC system.