فصلنامه پردازش علائم و داده ها
سال چهاردهم شماره 3 (پیاپی 33، پاییز 1396)

Data Streams are infinite, fast, time-stamp data elements which are received explosively. Generally, these elements need to be processed in an online, real-time way. So, algorithms to process data streams and answer queries on these streams are mostly one-pass. The execution of such algorithms has some challenges such as memory limitation, scheduling, and accuracy of answers. They will be more important and serious, chiefly if the queries are not predefined but Ad-hoc, and also should be executed after data stream tuples are gone.
Countinous aggregate queries are types of queries with some special characteristics making it possible to perform more specific, efficient qeury processing techniques, specifiaclly beneficient for ad-hoc ones.
In this paper, a dynamic efficient techinque is proposed for answering the ad-hoc continiues aggregate queries over data streams. The main idea of the proposed technique is to generate and handle an efficiet tree data structure as the synopse, in the form of Dynamic Prefix Aggregate Tree.
In general, the two following approaches can be used to calculate any function such as ; either implementation of an algorithm for the calculation of function f, or storing the answers of function f for all possible states. When the algorithm runtime is high, the second method strengthened by proper selection of indices can return a proper answer in a very short time (even ).
But the major problem of the second method is the total number of possible answers which can be very high and also can be out of the possible storage capacity and processing potential within a certain acceptable time period. For example, suppose that the cardinality of each of the parameters of is 10. In this case, the total number of possible states will be . As it is evident, the total number of states increases with the number of parameters and their cardinalities.When the total number of states is so great that generating answers with respect to consumed time and space is impossible, a more convenient, practical method should be employed. This more practical approach can be the storing of some of the answers (selectively) with respect to the following conditions: Obtaining un-stored answers from the set of stored answers.
Higher probability of utilizing stored answers (i.e. higher probability of submitting requests from stored set).
Eliminating (not storing) null answers.
The same idea can be implemented for online and almost real time processing of queries, so that by receiving each tuple, all possible answers get obtained and stored. By doing so, in the time of need (when answering to an ad-hoc query) stored answers will be used instead of calculating each answer.
Accordingly, some answers are stored in a tree structure to be used at the right time. In this paper, in order to answer ad-hoc continuous aggregate queries over data streams, a method is proposed that uses a tree structure for storing the aggregate results. The important point in this method is that all steps of the construction, maintenance and using of the tree must be online. For these purposes, it is enough to keep all possible answers. But to apply an online construction and maintenance of tree, we must keep some answers, according to the inherent features of data streams. In this way, the main goal is to choose the answers possessing the most overlap with responses answers of received ad-hoc queries. The proposed method, creates the tree structure and maintains it dynamically to answer ad-hoc aggregate continuous queries over data streams.
For this purpose, queries at instant are modeled as in form of , where or (when , the aggregate over the whole sliding window is returned) and is the size of sliding window and (when , the aggregate over the whole is returned).
In order to increase the overlapping, a statistical task is performed on a dimensions of the received queries. In this way, dimensions are determined with the highest, lowest request. When , means that there is no request for this dimension. Therefore, we select and store the answers related to the dimension with highest request, and ignore those with the lowest. Obviously, these answers should be obtained and presented using stored answers.
As the request for dimensions may change, the tree structure must be dynamically constructed and maintenance that will be presented this dynamic structure in this paper. Experimental evaluattion of the proposed method shows that, using the proposed Dynamic Aggregate Tree for ansering countinous Ad-hoc aggregate queies is more cost-effective, in terms of response time and memory usage.

Nowadays smartphones and tablets are widely used due to their various capabilities and features for end users. In these devices, accessing a wide range of services and sensitive information including private personal data, contact list, geolocation, sending and receiving messages, accessing social networks and etc. are provided via numerous application programs. These types of accessibilities, functionalities, and facilities make privacy and security issues more critical. Therefore, traditional security mechanism including biometric authentication, data encryption, access control, and etc. are not adequate. Therefore, danger of installing and using malwares must be taken into account in order to provide practical security for end users. Installing new and unknown applications on these devices might lead to security threats. Recently, smartphones and tablets utilize powerful operating system in which security of application is provided by application permissions. Android and BlackBerry are two examples of operating systems which reduce attack surface by using application permissions. In these operating systems, in order to perform malicious activities, an attacker must deceive users to install a malicious app since other ways of intrusion are almost closed. Recent statistics show that Android is the most popular operating system. For installing an app, Android requires the user to grant privileges through the requested permissions. There is a large number of applications (Apps) developed for this operating system which require various permissions based on their functionalities and provided services. Therefore, measuring security risks of applications can help us to make better decision regarding to apps installation and removal. There exists some research regarding to enhance the Android security model and its security risk communication mechanism. In this mobile operating system, security risk values of applications can be computed using their requested permissions. In this study, a new software tool is designed and implemented to measure security risk values of mobile applications. This tool benefits from a new metric to compute the risk values. This risk metric exploits statistics of permission usages in known malwares and goodwares. However, they can be simply extended to other features of Android apps including static and dynamic ones. Moreover, we have attempted to give a better definition of permission criticality to aim users for making best decision in new apps installation or previously installed ones removal. In fact, we have designated a new formulation to assign higher risk values to permissions with a higher usage in malwares and very lower usage in benign apps. The idea is quite simple but produces interesting results. That is, the security risk of a permission is directly related to the difference of its usage in malicious and non-malicious apps. Given risk values of permissions, one can compute risk of an Android app based on its permission list. Since the proposed measurement compute the risk values of permissions according to simple statistics of known malwares and useful Android apps, they have good explainability. Users can be informed regarding to danger about approving risky permissions and they can make reasonable decisions based on total risk score of an app which can be simply computed using security risks of its requested permissions. In order to purpose the metric, we have analyzed requested permissions of large number of malicious and ordinary applications. Moreover, for realistic evaluations, we have constructed two new datasets of applications belonging to an Iranian market and new malwares. Experimental evaluations on real known malwares and benign apps reveal the superiority of the proposed criterion with respect to previously proposed method in terms of assigning higher risk values to malwares and lower risk values to the benign applications.

Hyperspectral (HS) imaging is a significant tool in remote sensing applications. HS sensors measure the reflected light from the surface of objects in hundreds or thousands of spectral bands, called HS images. Increasing the number of these bands produces huge data, which have to be transmitted to a terrestrial station for further processing. In some applications, HS images have to be sent instantly to the station requiring a high bandwidth between the sensors and the station. Most of the time, the bandwidth between the satellite and the station is narrowed limiting the amount of data that can be transmitted, and brings the idea of Compressive Sensing (CS) into the minds. In addition to the large amount of data, in these images, mixed pixels are another issue to be considered. Despite of their high spectral resolution, their spatial resolution is low causing a mixture of spectra in each pixel, but not a pure spectrum. As a result, the analysis of mixed pixels or Spectral Unmixing (SU) technique has been introduced to decompose mixed pixels into a set of endmembers and abundance fraction maps. The endmembers are extracted from spectral signatures related to different materials, and the abundance fractions are the proportions of the endmembers in each pixel. In recent years, due to the large amount of data and consequently the difficulties of real-time signal processing, and also having the ability of image compression, methods of Compressive Sensing and Unmixing (CSU) have been introduced. Two assumptions have been considered in these the finite number of elements in each pixel and the low variation of abundance fractions.
HYCA algorithm is one of the methods trying to compress these kinds of data with their inherent features. One of the sensible characteristics of this algorithm is to utilize spatial information for better reconstruction of the data. In fact, HYCA algorithm splits the data cube into non-overlapping square windows and assumes that spectral vectors are similar inside each window. In this study, a real-time method is proposed, which uses the spectral information (non-neighborhood pixels) in addition to the spatial information. The proposed structure can be divided into two parts: transmitting information into the satellites and information recovery into the stations.
In the satellites, firstly, to utilize the spectral information, a new real-time clustering method is proposed, wherein the similarity between the entire pixels is not restricted to any specific form such as square window. Figure 3 shows a segmented real HS image. It can be seen that the considering square form limits the capability of the HYCA algorithm and the similarity can be found in the both neighborhood and non-neighborhood pixels. Secondly, to utilize similarity in each cluster, different measurement matrices are used. By doing this, various samples can be achieved for each cluster and further information are extracted. On the other hand, usage of different measurement matrices may affect the system stability. As a matter of fact, generating the different measurement matrices is not simple and increases complexity into the transmitters. Therefore, it conflicts with the aim of CS theory, reducing complexity into the transmitters. As a result, in the proposed method, the number of the clusters is determined by the number of the producible measurement matrices. Figure 4 shows the schematic of the proposed structure in the satellites.
In the stations, we follow HYCA procedure in equation 8 and 9, but the different similar pixels are applied to the both equations. By doing this, we reach to the improved HYCA algorithm. Finally, the proposed structure is shown in the Table 1.
To evaluate the proposed method, both real and simulated data have been used in this article. In addition, normalized mean-square error is considered as an error criteria. For the simulated data, in constant measurement sizes, the effects of the additive noise, and for real data, the effects of measurement sizes have been investigated. Besides, the proposed method has been compared with HYCA and C-HYCA and some of the traditional CS based methods. The experimental results show the superiority of the proposed method in terms of signal to noise ratios and the measurement sizes, up to in the simulated data and in the real data, which makes it suitable in the real-world applications.

Designing a system with an emphasis on minimal human intervention helps users to explore information quickly. Adverting to methods of analyzing large data is compulsory as well. Hence, utilizing power of the data mining process to identify patterns and models become more essential from aspect of relationship between the various elements in the database and discover hidden knowledge. Therefore, Rough set theory can be used as a tool to explore data dependencies and reducing features outlined in a data set. The main purpose of the rough theory is to obtain approximate concepts of acquired data. This theory is a powerful mathematical tool for arguing in ambiguous and indeterminate terms that provides methods for remove and reduce unrelated or excessive knowledge information on the data sets. This process of data reduction is based on the main task of the system, and without losing the basic data of the data sets. Rough set theory can play a very effective role to support decision-making systems, but in some cases, with increasing data volumes, there are inconsistent or collisional results which using swarm intelligence-based methods can choose the best of the contradictory, effectless or dummy data. This will bring interesting, unexpected and valuable structures from within a wide range of data. Since the ant colony optimization compares all the exploratory paths generated by each ant and the best route is selected from the existing paths, so considering the improvement of the selecting the main features and improving the theory of the Rough set, paths are not eliminated from the possible paths. In this research, the combination of the ant colony optimization and rough set theory have been used to find the subset of the main features and to delete the inappropriate information with the loss of the minimum information. This research will improve the features reduction technique employment Rough set theory and ant colony optimization. The gist of this research is removing useless information with minimal information loss. The results on petroleum prices data evaluation demonstrate that the hybrid method is more efficient than recent methods.

Today, the importance of text processing and its usages is well known among researchers and students. The amount of textual, documental materials increase day by day. So we need useful ways to save them and retrieve information from these materials. For example, search engines such as Google, Yahoo, Bing and etc. need to read so many web documents and retrieve the most similar ones to the user query. In this example, necessity of real time ability should be mentioned. Keyphrase extraction and some other fields like Information extraction, natural language processing, text summarization, query understanding, machine translation, and text similarity are subsets of text processing. So many efforts in text processing have been established, but there are still many open problems, especially in semantically document understanding subjects. Although these subjects seem not to be very hard for humankind but they are very complex and confusing for a computer, because there is no standard structure to save documents so that computers be able to extract semantics and contents.
Document understanding and keyphrase extraction are some of the most important text processing goals. Many statistical and linguistic approaches are proposed in order to address these complex goals. Some methods work based on multi documents and some others on single document which all are generally more difficult than multi documents methods. Some methods use learning algorithms with training data and some others do not. Using natural language processing tools or resources -like ontologies- are effective ways to improve results, but these tools are not reliable for all languages. There are some articles for keyphrase extraction based on co-occurrence and also some statistical methods. Moreover, sometimes it is an important feature for a method to make real time outputs. Based on these characteristics, many approaches have been proposed in the literature.
In this paper, we present a new approach for keyphrase extraction from a single document. We present a language-independent approach based on combination of statistical information extracted from document and some logical rules named fundamental text rules. In this approach, there is no need to any natural language processing, nor to ontology and nor to any document corpus. We illustrate a real time method to understand each document focuses by extracting its phrases from segmented document without using any learning algorithm. Then, the Score for each phrase is calculated based on its occurrence and its related phrases occurrences. Then, fundamental text rules omit some phrases based on their scores and their places in text. Remained phrases shows the document focuses. Evaluation shows that our approach takes a high recall and precision in key phrase extraction with very good accuracy in text focuses understanding. These keyphrases extracted of a text presents the most important concepts of that text and it is used to retrieve documents in search engines more efficiently.

Due to increasing in cyber-attacks, the need for web servers attack detection technique has drawn attentions today. Unfortunately, many available security solutions are inefficient in identifying web-based attacks.
The main aim of this study is to detect abnormal web navigations based on web usage profiles. In this paper, comparing scrolling behavior of a normal user with an attacker, and simultaneous use of the access control policy alarms provided in web pages crawling with high access level, leads to an attacker to be detected among ordinary users. Indeed, the proposed method in this research includes two main steps: firstly web usage profiles are extracted as web main patterns of users’ behavior. In order to cluster similar web sessions we used a system inspired by artificial immune system. In the employed method, the rate at which a particular web page is visited as well as the time a user spends on the pages, is calculated so as to estimate how interesting a specific page is in a user’s session. Therefore, the similarity in the web page is defined based on the combination of the similarity of web pages URLs and that of the users’ level of interest in visiting them. Secondly, the difference between each current user session from the main profiles is calculated. Additionally, the access control logs are derived from corresponding sessions in this stage. Regarding the noisy nature of web server logs, a method was required so that a slight change in the data would not make a noticeable change in the results validity. Hence, a fuzzy neural network has been applied to distinguish normal and abnormal scrolling behavior in second step.
Due to the lack of a standard data that contains both web pages scrolling and access control logs corresponding to it, providing such a data was required. At first, those intended logs were produced. To do so, an Apache web server was run on the platform of a Centos machine. In order to create the logs completely similar to a real server’s log, an e-commerce website was set up on Apache server. This website had about 160 different web pages to be visited by different users. At this point, a novel method is proposed to simulate the behavior of web users when they visit a website. Likewise, the abnormal data was generated by means of a large number of existing attack tools. It should also be noted that the access control policy has been used is SELinux and It has been added to Linux kernel.
As mentioned, web server access log varies greatly with changing user behaviors, the stability of the proposed method against noise should be evaluated. For this reason, the results has been investigated on noisy profiles created by making random changes on the main profiles, and only the testing phase is conducted again. Subsequently, the distance from the profiles having noise is compared with the main ones. To demonstrate the ability of this method, the results have been compared with a Support Vector Machine (SVM). The carried out evaluations show that our approach performs efficiently in identifying normal and abnormal scrolling.

In this research, a system is proposed for detecting fertility of eggs. The system is composed of two parts: hardware and software. The fabricated hardware provides a platform to obtain accurate images from inner side of the eggs, without harming their embryos. The software part includes a set of image processing and machine vision processes, which is able to detect the fertility of eggs from captured images, without any sensitivities to different types of eggs (e.g. with different thickness of the eggshell). In order to classify the fertile and infertile eggs, two classifiers based on Artificial Neural Networks (ANN) and Support Vector Machines (SVM) are designed and tested. It means that, to have a fully automatic fertility detection machine, we design two machine learning approaches using SVMs and ANNs to classify fertile and infertile eggs. That is, instead of using a predefined threshold values for distinguishing fertile pixels of egg images from infertile ones, we try to train the machine to do the job automatically. After training the machine using both classification algorithms, the performance of them are accurately investigated and measured in order to select the appropriate one. To evaluate the system, an egg image dataset is provided including 1200 images captured from incubated eggs. Extensive experiments are performed using the provided dataset, which confirm the reliable performance of the system. Comparisons with other fertility detection approaches applying different methods and algorithms confirm that the proposed machine outperforms more complex systems. Performance evaluations of the two proposed classifiers confirm that the SVM based classifier, with average detection accuracy of 50.57% at day 1 of incubation, 83.67% at day 2, 94.20% at day 3, 98.03% at day 4, and 98.91% at day 5, performs better than ANN based classifier, and it is also less sensitive against the reductions in training samples, which can be a serious issue when we are not able to provide more training samples.

Data warehouse is a repository of integrated data that is collected from various sources. Data warehouse has the capability to maintain data from various sources in its view form. So the view should be maintained and during changes of the sources they should also be updated. Since the increase in updates may cause costly overhead, therefore it is necessary to update views with high accuracy. The algorithm presented in this paper is the combination of a grouping approach with Cuckoo heuristic Algorithm that reduces maintenance time of views and thus speed up maintenance time. Cuckoo optimization algorithm begins with an initial population. Trying to survive of the Cuckoo makes the base for optimization algorithm. The results show that the Cuckoo algorithm implementation compared with previous methods is faster in order to update its incremental view.

Named entity recognition (NER) is a natural language processing (NLP) problem that is mainly used for text summarization, data mining, data retrieval, question and answering, machine translation, and document classification systems. A NER system is tasked with determining the border of each named entity, recognizing its type and classifying it into predefined categories. The categories of named entities include the names of persons, organizations, locations (e.g. city and country), expressions of times, quantities, monetary expressions, and percentages. In general, corpus-based NER approaches have been proved to be well suited for NER problem. Using a NER corpus, recognition of named entities can be done through ruled-based or machine-learning methods.
Corpus-based NER systems need standard and appropriate annotated corpora. However, such corpora mainly exist in languages such as English, and are rarely found in Persian/Farsi or limited in volume. So, this paper is dedicated to describe the producing procedure of a standard named entity (NE) corpus - A’laam corpus - for Persian language. A’laam corpus contains about 250,000 tokens tagged with 13 NE tags. This corpus has been developed in the Research Center for Development of Advanced Technologies (RCDAT). Tokens of A’laam corpus are a part of Farsi Text Corpus. The Farsi Text Corpus is a standard Farsi corpus. This corpus, containing more than 100 million Farsi words, has been developed by the Research Center of Intelligent Signal Processing (changed to the Research Center for Development of Advanced Technologies in 2013). The words of this corpus, selected from diverse written and spoken sources, was tokenized and corrected manually. In addition, a part of the Farsi Text Corpus with 8 million words has part-of-speech (POS) tags at word level. Totally, about 8,400 sentences of the Farsi Text Corpus have been randomly selected to obtain about 250,000 tokens of A’laam Corpus. This corpus included words, POS tags, and named entity tags.
To evaluate A’laam corpus, a Persian NER system was trained based on this corpus. This corpus was so divided into the train and test sections. The train section accounted for 90% of the corpus and the remaining 10% belonged to the test section. Using Conditional Random Fields (CRF) method, the Persian NER system resulted in a 92.94% Precision and 78.48% Recall.

In robotic applications and especially 3D map generation of indoor environments, analyzing RGB-D images have become a key problem. The mapping problem is one of the most important problems in creating autonomous mobile robots. Autonomous mobile robots are used in mine excavation, rescue missions in collapsed buildings and even planets’ exploration. Furthermore, indoor mapping is beneficial in finding and rescuing missions. With recent advances, mobile robots are used in hazardous missions such as radioactive areas or collapsing buildings. Having the environment’s map beforehand can boost efficiency and effectiveness of the mission. In order to digitize the environment, several 3D scans are needed. However, these scans should be merged according to a global coordination system to create a correct, consistent model. This process is called image registration. If the robot with 3D scanner is able to accurately localize itself, the registration can be done directly by robots pose. However, due to imprecise robot sensors, self-localization is error prone. Therefore, the geometric structure of overlapping 3D scans is considered. In order to registering various points sets, Iterative Closest Point (ICP) algorithm is used. ICP is the most common approach to align point clouds in two consecutive image frames. This algorithm uses a point to point approach. RGB and depth images which are captured by Kinect are used in this study. In order to reducing data points and performing faster 3D map creation, depth images are converted to point clouds and then segmentation is done according to image planes. For this purpose RGB images are segmented by region growing segmentation algorithm. In this algorithm, the image was initially over segmented. This algorithm uses stack data structure and Euclidean distance in Lab color space to segment the image. Euclidean distance in Lab color space describes the resemblance of two colors to each other. In this algorithm, the aim is to label each pixel to a segment. To this end, each unlabeled pixels Euclidean distance to its neighboring mean color is checked to be within a threshold. For over-segmentation, if the distance satisfies the smaller threshold, the more pixels will be merged to the segment. Afterwards a plane was fit to each segment. After segmentation, each segment should be represented by a plane. Eventually, the segments were merged based on the product of normal vectors and plane fitting error criteria. After segmentation, planes were fit to the new segments again. A given number of points were generated on the plane. ICP algorithm was executed on these points and transfer and rotation matrices were obtained. Generating points on the plane results in fewer points. Therefore, the points were reduced and algorithms performance was increased. The results show that the proposed method increases the speed up to 55 and 91 percent in consecutive and non-consecutive frames on average, respectively.