Windows的跟踪日志(Event Tracing for Windows,ETW)子系统是性能测试以及系统诊断的最佳工具之一。微软通过引入ETW从而赋予程序开发人员判断应用程序在Windows Server 2003,Windows XP和Windows2000平台上的性能表现。同时,系统管...Windows的跟踪日志(Event Tracing for Windows,ETW)子系统是性能测试以及系统诊断的最佳工具之一。微软通过引入ETW从而赋予程序开发人员判断应用程序在Windows Server 2003,Windows XP和Windows2000平台上的性能表现。同时,系统管理员也能够得益于ETW在Windows系统内置应用程序、微软应用程序(例如:IIS)、其他第三方应用程序以及与系统相关服务的分析和排错工作。另外,ETW还可以帮助系统管理员在实际环境中,监视系统对工作负荷的性能指标。展开更多
HTTP-flooding attack disables the victimized web server by sending a large number of HTTP Get requests.Recent research tends to detect HTTP-flooding with the anomaly-based approaches,which detect the HTTP-flooding by ...HTTP-flooding attack disables the victimized web server by sending a large number of HTTP Get requests.Recent research tends to detect HTTP-flooding with the anomaly-based approaches,which detect the HTTP-flooding by modeling the behavior of normal web surfers.However,most of the existing anomaly-based detection approaches usually cannot filter the web-crawling traces from unknown searching bots mixed in normal web browsing logs.These web-crawling traces can bias the base-line profile of anomaly-based schemes in their training phase,and further degrade their detection performance.This paper proposes a novel web-crawling tracestolerated method to build baseline profile,and designs a new anomaly-based HTTP-flooding detection scheme(abbr.HTTP-sCAN).The simulation results show that HTTP-sCAN is immune to the interferences of unknown webcrawling traces,and can detect all HTTPflooding attacks.展开更多
Workflow logs that record the execution of business processes offer very valuable data resource for real-time enterprise performance measurement. In this paper, a novel scheme that uses the technology of data warehous...Workflow logs that record the execution of business processes offer very valuable data resource for real-time enterprise performance measurement. In this paper, a novel scheme that uses the technology of data warehouse and OLAP to explore workflow logs and create complex analysis reports for enterprise performance measurement is proposed. Three key points of this scheme are studied: 1) the measure set; 2) the open and flexible architecture for workflow logs analysis system; 3) the data models in WFMS and data warehouse. A case study that shows the validity of the scheme is also provided.展开更多
文摘Windows的跟踪日志(Event Tracing for Windows,ETW)子系统是性能测试以及系统诊断的最佳工具之一。微软通过引入ETW从而赋予程序开发人员判断应用程序在Windows Server 2003,Windows XP和Windows2000平台上的性能表现。同时,系统管理员也能够得益于ETW在Windows系统内置应用程序、微软应用程序(例如:IIS)、其他第三方应用程序以及与系统相关服务的分析和排错工作。另外,ETW还可以帮助系统管理员在实际环境中,监视系统对工作负荷的性能指标。
基金supported by National Key Basic Research Program of China(973 program)under Grant No.2012CB315905National Natural Science Foundation of China under grants 61172048,61100184,60932005 and 61201128the Fundamental Research Funds for the Central Universities under Grant No ZYGX2011J007
文摘HTTP-flooding attack disables the victimized web server by sending a large number of HTTP Get requests.Recent research tends to detect HTTP-flooding with the anomaly-based approaches,which detect the HTTP-flooding by modeling the behavior of normal web surfers.However,most of the existing anomaly-based detection approaches usually cannot filter the web-crawling traces from unknown searching bots mixed in normal web browsing logs.These web-crawling traces can bias the base-line profile of anomaly-based schemes in their training phase,and further degrade their detection performance.This paper proposes a novel web-crawling tracestolerated method to build baseline profile,and designs a new anomaly-based HTTP-flooding detection scheme(abbr.HTTP-sCAN).The simulation results show that HTTP-sCAN is immune to the interferences of unknown webcrawling traces,and can detect all HTTPflooding attacks.
文摘Workflow logs that record the execution of business processes offer very valuable data resource for real-time enterprise performance measurement. In this paper, a novel scheme that uses the technology of data warehouse and OLAP to explore workflow logs and create complex analysis reports for enterprise performance measurement is proposed. Three key points of this scheme are studied: 1) the measure set; 2) the open and flexible architecture for workflow logs analysis system; 3) the data models in WFMS and data warehouse. A case study that shows the validity of the scheme is also provided.
