Intelligent classification of learning objects using

EDITORIAL BOARD Editor in Chief 

Dr. Muhammad Imran Babar Head of Department/Assistant Professor Department of Computer Science, Army Public College of Management & Sciences, Rawalpindi, Pakistan. [email protected], [email protected] +92-51-8444555 Ext:138 +92-321-5890896

Co-Editor in Chief 



Dr. Masitah Ghazali Senior Lecturer, Department of Software Engineering, Faculty of Computing University Technology Malaysia, Skudai, Johor Bahru, Malaysia. [email protected] Dr. Dayang N.A. Jawawi Associate Professor, Department of Software Engineering, Faculty of Computing University Technology Malaysia, Skudai, Johor Bahru, Malaysia. [email protected]

Editors 









Dr. Rafa E. Al-Qutaish Associate Professor, Ecole de Technologie Superieure, Montreal, Quebec, Canada. [email protected] Dr. Zeljko Stojanov Assistant Professor, University of Novi Sad, Serbia. [email protected] Dr. Mustafa Bin Man Associate Professor, School of Informatics and Applied Mathematics, Universiti Malaysia Terenggnau, Kuala Terengganu, Malaysia. [email protected] Dr. Basit Shahzad Assistant Professor, King Saud University, Saudi Arabia. [email protected] , [email protected] Dr. Farukh Zeeshan Assistant Professor, COMSATS, Lahore, Pakistan. [email protected]









 









Dr. Muhammad Siraj Assistant Professor, College of Engineering, King Saud University, Saudi Arabia. [email protected] Dr. Khalid Mehmood Awan Assistant Professor, COMSATS, Attock, Pakistan. [email protected] Dr. Noreddine Gherabi Assistant Professor, University Hassan 1er, National School of Applied Sciences, Department of Computer Science, Settat, Morocco Dr. Abid Mehmood Assistant Professor, King Faisal University, Al-Hada, Saudi Arabia [email protected] Dr. Nadir Omer Fadi Elssied Hamed Assistant Professor, University of Khartoum, Sudan. Dr. Sheikh Muhammad Jehanzeb Assistant Professor, Army Public College of Managment & Sciences, Rawalpindi, Pakistan. [email protected] Dr. Ghufran Ullah Yousafzai Assistant Professor, Department of Computer Science, City University of Science & Information Technology, Peshawar, Pakistan. [email protected] Dr. Sim Hiew Moi Assistant Professor, Department of Computer Science, Southern University College, Johor Bahru, Malaysia. [email protected] Dr. Ashraf Osman AAU, Khartoum, Sudan. [email protected] Dr. Awad Ali Abdur Rehman Head of Department/Assistant Professor, Department of Computer Science, University of Kassala, Sudan. [email protected]

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org

Intelligent classification of learning objects using information content, intra document terms and domain vocabulary 1 1,2

Imran Ihsan, 2Faisal Fayyaz Kiyani

Department of Computer Science, Air University, Islamabad, Pakistan Email: [email protected], [email protected]

ABSTRACT LMS, databases of learning objects, are used by teachers to store, search, and retrieve learning objects. Classification of these learning objects is a tedious job. Metadata standards are available in order to specify a learning object; however, a taxonomic path is normally left for the developer of the application to decide. A common taxonomic path consists of various domains and sub-domains in the form of a hierarchy. Annotators decide to place a particular learning object in a specified domain but this is a time consuming and laborious work. Automatic and intelligent classification of these learning objects in their respective domain is a great challenge. Each learning object has a pedagogical content and that content can be measured by various techniques. In this paper, we will try to find Information Content in a learning object and classifying it using intra-terms co-occurrences and their frequencies. By using this inverse co-occurrence factor and calculated information content, an intelligent and automatic classification of learning objects can be achieved by tagging it as positive or negative for a particular domain. Keywords: learning object; metadata; taxonomy; co-occurrence; information content; 1.

INTRODUCTION

A Learning Object is an Semantically Meaningful Unit (SMU) [1] that is “self-contained” [2]and be able to accomplish its learning objective. Thus, one of the important part of a learning object is “intended to be used for pedagogical purposes”[3]. In order for a piece of content to be considered a learning object, the content must teach something. If the content is not for instructional purposes then it is not a learning object. This distinction is made because not all digital files are learning objects since sometimes their contents are not intended for learning. Still the question remains that how much instructional content a Learning Object has. To answer this, we need to have a vocabulary of terms that defines concepts in a specified domain and the frequency of these terms within a Learning Object. This information about the amount of instructional content in a Learning Object can be stored in its metadata. According to Feldstein[4], “Usability in e-Learning is defined by the ability of a learning object to support a very particular concrete cognitive goal.” The specific sense of the term “usability” suggests particular goals like the context of the evaluation and its pedagogical or instructional intention. For possible context of use and for the evaluation to be feasible, the cognitive goal and its characterization must be described through metadata. Learning Object Metadata include pedagogical attributes such as; teaching or interaction style, grade level, mastery level, and prerequisites[5], however there is a need to add semantics of Learning Object that in return can be used to measure relatedness between two Learning Objects. To store, search and retrieve Learning Objects, Learning Object Repositories are used. We can say that a Learning Object Repository – LOR is a searchable database that houses digital resources and/or metadata that can be reused to mediate learning. A key process of such repositories is the efficient searching and accurate retrieval of Learning Objects. The question that such LORs fail to answer is; if the resultant Learning Objects are semantically related to the query or not and if they are related, they are related to what degree. Apart from that, queries are based on keywords rather than a Learning Object itself. If a user has a Learning Object, the system needs to find another Learning Object which is semantically similar or opposite. A survey and report conducted by Reuters found that office-based managers suffered from ‘Information Fatigue Syndrome’, caused by the frustration of sifting through large quantities of search results[6]. If the user is inundated with large amounts of information, he/she would either waste time manually searching through the results or refining their search queries. So, there is a need to go through the existing technologies and see in the field of information

184

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org retrieval, what are the weak areas that need to be improved. What should be an appropriate architecture for a semantic search? 2.

LERANING OBJECT METADATA

A number of Learning Object Metadata Standards exist such as Dublin Core[7], IEEE LOM [5] and SCORM [8] etc. These standards focus on the minimal set of attributes needed to allow Learning Objects to be managed, located, and evaluated. However, in this modern world, the pedagogical attribute of an instructional content is far more important. If we evaluate IEEE LOM [5] standards we see there are more than 80 attributes divided in 9 different classes. One of the defined category in IEEE LOM is classification using a predefined taxon path. Normally, author or annotator enters metadata values and assign a taxonomy to a learning object in order to classify it. However, if we can automatically find information content in a particular learning object, we can automatically classify it. We have proposed a system that can automatically classify a learning object and is described in next section. 3.

LEARNING OBJECT CLASSIFICATION SYSTEM

Learning Object classification system takes Microsoft PowerPoint® based lectures as an input and classifies it in positive or negative class based on domain terms vocabulary. Various components of this system are term extractor, co-occurrence matrix generator, inverse co-occurrence frequency ICF calculator for each term, Information Content IC calculator for each learning object and classifier. Figure 1 shows each component and their relations. Each of the component is explained in next sections. Input Leaning Object (PPT Lecture)

Term Frequency Extractor

Stop Words

Extracted Terms

Co-occurrence Matrix Generator

Domain Terms Vocabulary

ICF Calculator of Each Term

IC Calculator

Classifier

Positive Class

Nagative Class Output

Figure. 1 Proposed framework for learning object classification

185

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org 4.1. Input data Learning Objects are the building blocks of any Learning Management System. An LMS is an environment where developers can create, store, reuse, manage and deliver learning content from a central data repository. The LMS generally works with content that is based on a Learning Object model. While no standard definition of a Learning Object exists, a Learning Object generally is referred to a reusable unit of learning. A Learning Object in practice may be a piece of text, sound, an image, a video clip, a flash animation, a Java applet, a web page or an executable program. In our system, we have used only one specific format of learning object that is PowerPoint based lectures delivered at a higher education level. We surveyed different universities of Islamabad, Pakistan and asked different teachers to provide us their set of lectures in one of the following 5 domains of Computer Science. These are; 1. 2. 3. 4. 5.

Programming (C++ Programing, OOP, Java, Data Structures etc.) Databases (DBMS, Oracle, SQL Server, PL/SQL etc.) Networking (Protocols, Topologies, LAN, Wireless, AdHoc Networks etc.) Operating Systems (Windows, Linux etc.) Software Engineering (Testing, UML, Fault Tolerance etc.)

Following graph (Figure 2) represents the statistics of data collected from 5 different universities in each domain. A total number of 1050 lectures were collected. Distribution each domain is shown below;

Figure. 2 Input data set 4.2. Domain term vocabulary Domain Term Vocabulary contains the list of Keywords entered by different experts in a particular domain. We requested experts in each domain to outline keywords that relate to their particular domain and their semantics can mark them as an integral part of the domain. Collection of suck keywords thus formed the Domain Term Vocabulary. However, we do not consider this vocabulary as a closed one, rather it is open in nature, new keywords can be added or old ones can be deleted. Our first collection of each domain vocabulary and the number of keywords in each domain is shown in Figure 3.

186


Figure. 3 Domain vocabulary keywords 4.3. Term frequency extractor Content in a Learning Object is a group of material combined together to teach a single concept. Content material for online courses/tutorials can be any of the following: Explanations, instructions, definitions, images, animations, programs, quizzes, etc. In our case, we are using PowerPoint lectures as a learning object. This module takes learning object that is PowerPoint Lectures in PPT or PPTX format as an input and uses Microsoft Office Interop.PowerPoint Library to load the file. Once file is loaded, it uses two set of vocabularies “Stop Words” and “Domain Terms” to find and extract each term. It uses four steps approach as described below: 1.

2. 3.

PowerPoint lectures follow a distinct schema, where each file consists of slides and each slide has header, object and footer area. In the first step, it breaks down loaded PPT or PPTX file in slides, header, object area and footer area in each slide. Removes stop words and filter remaining terms using domain term vocabulary and their occurrence of term in particular area within a slide. Any term appearing in header is more significant as compared to term that appears in object area. Based on occurrence of terms in particular area within a slide, we assign weight and calculate frequency of each term in a particular slide. Weights are assigned on following basis. a. Highest weight for term appearing in header of a slide b. Medium weight for term appearing in object area of slide c. Lowest weight for term appearing in footer of slide

Using these weights, we can calculate term frequency “tf-idf” [9]within a slide and is shown in equation 1; tf(i) = tfh(i) x weight of header + tfo(i) x weight of object area + tff(i) x weight of footer Where

4.

tf(i) tfh(i) tfo(i) tff(i)

(1)

= term frequency of term “i” = term frequency of term “i” in header = term frequency of term “i” in object area = term frequency of term “i” in footer

In the last step, term frequency in all slides are combined to find a term frequency within a learning object using equation 2:

187

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org tf(i)

 tf(i) in a Slide(j)

= j

(2)

After calculating term frequency of each term, co-occurrence matrix [10] is calculated. 4.4. Co-occurrence matrix Each learning object has a “bag of words” that is a list of terms within that object. Apart from extracting and calculating frequency of terms within a learning object, a two-dimensional matrix can be created known as “Cooccurrence Matrix”[10]. A sample matrix is shown in Table I. Table. I Co-occurrence matrix

T1 3 2 4 2

LO 1 Learning LO 2 Objects LO 3 LO 4

T2 4 2 3 2

T3 5 2 5 3

T4 0 2 6 2

Terms T5 T6 9 2 0 5 0 0 4 0

T7 0 5 0 0

T8 0 0 1 0

T9 2 2 1 0

T10 1 3 2 0

Each tuple is unique for a learning object. A non-zero term positive frequency describes weighted frequency of each term and its co-occurred terms within a learning object. Based on these co-occurred terms, we can calculate inverse co-occurrence frequency of each term. 4.5. Inverse co-occurrence frequency – ICF Number of terms in each document that have non-zero positive values describe the first order co-occurrences of keywords. Thus, using this matrix, inverse co-occurrence frequency (ICF) [11]can be calculated with a slightly modified formula and is defined below in equation 3: ICF(i)

=

log  Overall number of terms  Total number of terms co-occurring with term i 

 x tf(i)

(3)

Where overall number of terms means the total number of terms that exist in a learning object irrespective of their individual frequency, whereas Total number of terms co-occurring with term “i” means unique set of terms that exist within a learning object. Using the ICF for each term, information content of a learning object can be calculated. 4.6. Information content To measure specificity for a concept, Information Content (IC) [12]is calculated. If the value is higher, it means the concept is more specific and if value is lower than we can say the concept is more general. Information content is calculated using frequency of concept or terms within a document. Using the ICF value calculated above, we can calculate the IC of each term in a learning object using equation 4: IC(i) = −log ICF(i)

(4)

And afterwards, IC of complete learning object can be calculated by summing all the IC for each term as shown in equation 5. IC(learning object) =

 ICF(i)

(5)

4.7. Classification Based on the Information Content calculated using the domain terms vocabulary, a simple decision can be made. If the IC value is higher, we can assign a learning object to a positive class but if the values are lower, it can be assigned to negative class. A threshold value can be used to form a decision for placing a learning object in relevant class. If a learning object is placed in positive class, we can say that the particular learning object belongs to that

188

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org particular domain. If it’s placed in negative class then it has to be rechecked for different domain unless it is placed in a positive class for a particular domain. Following flowchart (Figure 4) explains the procedure. Input Learning Object as PPT Convert PPT to String of Text Remove Stop Words Extract Terms and Their Frequencies using Domain Terms Vocabulary Generate Co-occurrence Matrix using Extracted Terms Calculate ICF of each Term Calculate IC of the Learning Object While the Learning Object has not marked as Positive for a Domain Check IC Value with the Domain Value If IC value falls in the Domain Mark the Learning Object as Positive Else Mark the Learning Object as Negative Figure. 4 Classification algorithm 4.

PROOF OF CONCEPT

A small application is created that has a domain vocabulary. In our case, 1050 selected PowerPoint lectures from different universities and professors was adopted to filter and place them in positive or negative classes for 5 different domains. These 1050 lectures were automatically processed in our application to check the results. Two of the processed lecture screenshot are shown in Figure 5 & 6, one for positive class and one for negative class respectively.

Figure. 5 “Positive” class file

189


Figure. 6 “Negative” class file The IC calculated for the selected lectures showed results 0 to 8.07. After careful analysis we marked IC = 2.0 as our threshold value, assigning IC >= 2.0 as “positive” class and IC < 2.0 as “negative” class. Based on this threshold value, results were tabulated and are shown in the figure below.

Figure. 7 Classification results 5.

RESULTS

Out of possible 1050 “positive” class lectures for all domains, application marked 818 as “positive” for their respective domain and 233 as “negative” or marked them wrongly, giving an accuracy of 77.9%.

190

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org 6.

CONCLUSION

This paper classifies a learning object as positive or negative for a particular domain using Information Content. Information content is calculated using intra terms frequency and their inverse co-occurrence factor ICF. The approach was tested with manual classification and 77.9% accuracy achieved in 1050 lectures. ACKNOWLEDGEMENT Special thanks to Faculty of Computer Science in Air University and Capital University of Science and Technology, Pakistan for providing support to complete this research. Moreover, specials thanks to all who have contributed. REFERENCES 1.

2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12.

Ihsan, I., et al. Semantically Meaningful Unit-SMU; An Openly Reusable Learning Object for UREKA Learning-Object Taxonomy & Repository Architecture-ULTRA. in Computer Systems and Applications, 2006. IEEE International Conference on. 2006: IEEE. Kevin, O., An Objective View of Learning Objects. American Society for Training and Development, 2002. 56(5): p. 103 - 105. Hesemeir, S.a., The Tao of Learning Objects: Part One Nature. Feldstein, What Is “Usable” e-Learning? ACM eLearn Magazine, 2002. IEEE (2005) IEEE Standards for Learning Object Metadata (1484.12.1). Wurman, R.S., Information anxiety. What to do when information doesn’t tell you what you. 1990: New York: Bantam Books. Community, T.M., Dublin Core Metadata Standards. 2017. SCORM, The Shareable Content Object Reference Model. 2017. Ramos, J. Using TF-IDF to Determine Word Relevance in Document Queries. in Proceedings of the first instructional conference on machine learning. 2003. Manning, et al., CS224n: Natural Language Processing with Deep Learning. 2017. Diederich, Jörg, and W.-T. Balke, The semantic growbag algorithm: Automatically deriving categorization systems. Research and Advanced Technology for Digital Libraries, 2007: p. 1 - 13. Pedersen, T. Information content measures of semantic similarity perform better without sense-tagged text. in 11th Annual Conference of the North American Chapter of the Association for Computational Linguistics (NAACL HLT 2010). 2010.

AUTHORS PROFILE Mr. Imran Ihsan is currently working as Assistant Professor in the Department of Computer Science at Air University Islamabad, Pakistan. He is also a PhD Candidate at Faculty of Engineering and Computer Science, Capital University of Science and Technology, Islamabad, Pakistan. Mr. Ihsan has more than 20 years of teaching, research & industrial experience. Mr. Ihsan’s current research activities are in the field of Semantic Computing, Ontology & Knowledge Engineering, E-Learning and Human Computer Interaction.

Mr. Faisal Fayyaz Kiyani is currently working as Lecturer in Department of Computer Science at Air University Islamabad, Pakistan. He is also a PhD Scholar at Faculty of Computer Science, Capital University of Science and Technology, Islamabad, Pakistan. Mr. Faisal has more than 12 years of software design & development experience in the industry and over 4 years of teaching experience. His areas of interest include Semantic Web, Web Mining, IR, NLP and Distributed Systems.

191


Interaction between team of requirement engineers and the stakeholders to obtain security requirements of an IT project 1

Muhammad Sadiq, 2Rana Muhammad Ashfaq

1

Department of Software Engineering, Bahria University, Islamabad, Pakistan Department of CS & SE, International Islamic University, Islamabad, Pakistan Email: [email protected], [email protected]

2

ABSTRACT Security Requirements are most important part of overall requirements but they are often not given due importance. Different guidelines are proposed by research for elicitation of security requirements. Security Requirements are often considered as non-functional only but studies reveal that most of the security requirements belong to functional part. Different methods are proposed to streamline the processes of security requirement elicitation, SQUARE proposed by SEI is most popular of those. SQUARE methodology consists of nine steps which uses different traditional techniques and define framework for security requirement engineering (RE). SQUARE method is difficult to integrate with current RE practices and in small organizations, thus a scaled down version was proposed named SQUARE Lite which has only four steps. A survey conducted by paper shows that SQUARE Lite is quite feasible for integration in current environment as many of its proposed guidelines already being practiced indirectly. Keywords: security requirements; non-functional; stakeholders; requirements engineering; SQUARE; prioritization; 1.

INTRODUCTION

Requirement engineering (RE) is the root process of an IT project and if there are some defects in this process they do reflect in other phases later as well and fixing these defects at that time can be a costly job. Security requirements are mainly considered as non-functional but studies show that security requirements are mostly functional [1]. Security requirement are an important part of overall RE process but requirement engineers usually lack specific knowledge, they have either no or very little training in design and architecture of security aspects like encryption, intrusion detection, password protection [2]. Requirements elicitation involves use of various techniques which can be broadly grouped into traditional, group elicitation, prototyping, model driven, cognitive and contextual techniques [3], many of these techniques involve stakeholder’s interaction at various levels. Apart from these general techniques several different methods have been developed for elicitation of security requirements specifically e.g. SQUARE (Security Quality Requirement Engineering) and CLASP (Comprehensive Lightweight Application Security Process). SQUARE developed by Software Engineering Institute (SEI) has been proved to be the most comprehensive model for security requirement elicitation. The purpose of this research is to study how effectively security requirements can be communicated; moreover, some general guidelines will be discussed. A scaled down version of SQUARE will be applied upon different projects to check at what extent security requirements are defined in conformance with SQUARE Lite. 2.

GUIDELINES

In order to produce an effective interaction between stakeholders and RE teams for elicitation of security requirements certain guidelines need to be followed. A) Criteria for security requirement a) RE must show that what security requirements are b) Incorporating behavior assumption c) Elicited requirement should satisfy security goals[4]. B) Requirement categorization Requirement categorization is very important in a sense that it helps to find out right stakeholders for a specific category for interaction. For all requirements there are broadly two types of requirements functional and non-

192

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org functional. Apart from this broad categorization a pattern is presented about some common specific security related categories which are given as under[5]: a) Functional i. Access management/control ii. Intrusion detection iii. Digital signatures iv. Data encryption and security v. Log of activities vi. Privacy policy (In some cases many organizations have their own privacy policy) vii. Login control b) Non-functional i. Authentication ii. Availability iii. Physical security iv. Risk analysis/assessment v. Security management vi. Security testing C) Security policy Different organizations develop their dedicated security policy, it is necessary for requirement engineers to communicate with stakeholders on the basis of this policy if it exists. Resolve any conflicts if posed by this document and clear ambiguities in it. D) What vs how We know that RE phase is concerned what part of software development; it is not the job of requirement engineers to specify the design of software so they should avoid drawing design or architecture when they are eliciting requirements from stakeholders[2]. E) Goals and threats Unlike other requirements which are driven by organizational goals security requirement depends on threats. Security requirements define what should not happen instead of what must happen. Thus, threats must be calculated based on some risk assessment. F) Misuse cases Use cases are usually used to document functional requirements; they are success scenario of a function along with possible alternatives. But there are users who usually disrupt the normal flow of a function and try to violate security of software. Such behavior and systems security oriented response is documented with the help of misuse cases. 3.

SQUARE AND SQUARE LITE

Software Quality Requirement Engineering (SQUARE) developed by SEI at Carnegie Mellon University is a method for elicitation, prioritization and categorization of security related requirements[6]. As we have already discussed that requirement engineers involved in security requirement elicitation must have good knowledge of security issue, this methodology emphasize the same[6]. SQUARE methodology is composed of nine basic steps which define certain input and exit criteria, methodologies and participants i.e. stakeholders. It is to be noted that SQUARE is not another elicitation technique like the traditional RE elicitation method but a model that uses a combination of these techniques to achieve quality goals towards requirements. Nine constituent steps of SQUARE are: Step1- Agreeing on definitions: A Set of different terms should be defined in the form of glossary. Requirement engineers can use existing set of terms defined by different standardization languages like IEEE, SEBOK but it is necessary these initial set of terms/definition should be communicated and approved by the stakeholder. Stakeholders

193

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org should also prepare list of terms/definitions and present them to requirement engineers. Exit criterion is a document having agreed set of definitions which is single point of contact (POC) between stakeholder and requirement teams. Step2-Secuity goal identification: The step requires stakeholder to set and prioritize security goals for the project. Requirement engineers should help stakeholder to define overall security goal with the help of brainstorming sessions, review meetings. A document containing overall security goal and prioritized list of sub goals should be prepared by requirement engineers. During the goal defining processes requirement engineer should help stakeholder and act as an expert for example for availability requirement, requirement engineer can suggest stakeholder to invest in backup software and hardware. Step3-Artificat development: Before specification of security requirements, requirement engineers should gather different artifacts of project e.g. system architecture diagrams, use cases, misuse cases, standard templates. In some cases, these documents may not be present, in that case it is responsibility of requirement engineers to motivate stakeholder for producing such documents and give them confidence that investing in these documents will add value to their system and business. Both stakeholder and requirement engineers should work together to verify different artifacts. An exit criterion for this phase is a set of artifacts identified and produced by engineers and shared by stakeholders. Step4-Risk assessment: This step focuses on discovery of threats and vulnerabilities, and their likelihood of becoming real attacks. Risk assessment helps to counter these attacks and shape security requirements according to this assessment. It is responsibility of requirement engineers to facilitate risk assessment, review that assessment and share it with stakeholders. Exit criterion is that all possible threats and vulnerabilities are assessed and classified according to their possibilities of occurrence. Step5-Secltion of elicitation technique: Requirement engineers are required to select an appropriate technique e.g. interviews, survey, soft system analysis, use cases/ misuse cases, attack trees. Technique or techniques should be according to needs of stakeholders, project scope and RE team’s expertise. Exit criterion for this phase is that RE team selects a technique and document it’s rational. Step6-security requirement elicitation: It is the most important step in SQUARE methodology. Requirement engineers should take that they document requirements in such way that they can be verified. Moreover, during elicitation process engineers should not try to add design aspect, requirement should only concern with what part not how. The elicitation techniques involve face to face collaboration thus, requirement engineers should make necessary arrangements for logistics involved. Stakeholders should cooperate with requirement engineers and follow their instructions in the process. Exit criterion for this phase is the initial draft ‘t’ of security requirements. Step7-Requirement categorization: Purpose of this step is to classify requirement such as essential, nonessential, architectural constraints or software level. Requirement engineers provide a formatted document to stakeholders in which they can place different requirements. It is responsibilities of requirement engineers to facilitate the stakeholders in the process and also provide them initial set of classification. A consensus needs to be developed between stakeholders and requirement engineers on categorization of requirements. Exit criterion is the initial set of categorized requirements. Step8-Priortize requirements: In many cases it is not possible to implement all security requirements, prioritization helps to identify critical requirements which need to be developed at first and which can be dismissed. There are various structured methods available for this purpose like Triage [7], Win-win [8], AHP [9], PHandler [10] and some other techniques like [11-13]. Requirement engineers should help stakeholder in understanding these methods and prioritization of requirements. Stakeholder’s responsibility is to prioritize requirements with the help of risk assessment and categorization. Security requirement prioritization is exit criterion for this phase. Step9-Requirment inspection: Inspection of requirements is last step in SQUARE methodology. The purpose of inspection is to identify defects in requirements, inspection method can be formal or informal like peer reviews. Requirement engineers should guide users in case of formal inspections and provide checklist in case of informal inspections. Stakeholders should verify a requirement and check its feasibility. Both RE teams and stakeholders should make sure that every requirement is applicable and in accordance with security goals. Verified requirements by stakeholders and RE team is an exit criterion for this step.

194

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org Different case studies conducted by SEI depicted that all steps of SQUARE are not feasible in many situations as they require high cost and efforts. Based on study conducted by the SEI a scaled down version of SQUARE was produced which contain only four steps which can be adopted along with existing RE processes in many organizations. This scaled down version of SQUARE is called SQUARE LITE. 4.

CASE STUDIES

SEI developed some case studies to check applicability of SQUARE method. These case studies depict that SQUARE is costly and lengthy method and difficult to implement in current conditions thus, they introduced its scaled down version [14]. Peer review is a useful technique for requirement inspects and risk assessment of security requirements lack in many organizations [15]. Overall feedback of client organizations was positive. 5.

SURVEY RESULTS

Based on SQUARE LITE guidelines we surveyed two systems, one from public sector organization and other from private sector. The purpose of survey is to find out the small to medium scale organization are doing security requirement elicitation and feasibility of incorporation of SQUARE LITE in Pakistan’s environment. Table 1 provides summarized comparison of those systems against SQUARE LITE. Table. 1 Summarized comparison Steps Definition agreement Org1

Clients also agree on usage of IEEE or other standards which are not in conflict with their organizational policies. There are no direct documents available. But as these kinds of organizations are more independent thus, adapting international standards such as IEEE or ISO is easier.

Org2

Org1

Participants Stakeholders and requirement engineers Difficult to find right stakeholders. As the one who have technical knowledge usually don’t have decision powers.

Exit Criteria Agreed set of definitions Available in form of glossary but can be separated from other terms/ definitions and an exclusive list can be prepared.

Same as above

Stakeholders (available and communication is relatively easier with RE teams)

Same as above

Security Goals

Both methods are used effectively.

Business documents.

policy

Surveys, interviews, facilitated work sessions

Stakeholders Teams

Stakeholders often mix the threats and goals.

Many complex documents available difficult to extract information from that, often conflicting information.

Facilitated work session tends to be more useful

Both stakeholders and RE teams available but selection of correct stakeholders is difficult

Business goals and policy documents are available and not much ambiguous as they are already following ISO standards. Risk assessment, selected techniques, different artifacts.

Interview works fine

Same as above

Security requirement elicitation

goals,

Methods/Techniques Interviews, surveys

Security goals identification

Org2

Org1

Inputs Set of Definitions from candidate or standard IEEE There is no defined document available; however, some indirect rules are available like PEDA rules which address some data security issues etc.

Risk assessment is not being practiced and it is difficult to perform a quantifiable risk

sessions

JAD, interviews, surveys, reviews, reusable requirements, checklists Interviews backed by prototypes checklists, surveys/

and

RE

Security Goals are not available in current software but addition of such goals is possible without much effort. Security goals are not available but can be added easily

Stakeholders (supported by RE teams)

Initial draft of security requirements

Requirement engineers need to guide stakeholder on different requirement

Security requirements are not available at the moment but can be

195

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org assessment, SRS is available which can be an input source.

Org2

questionnaires are effective tools, Use cases though indirectly provide good information e.g. different access level to managers depicts issue of data security.

Business process document is available which contains risk assessment from different business processes though it is not being practiced currently but can be included with little effort as organization is willing to do so to achieve different standards like ISO, UKAS.

Interviews, checklists, studying documents like BPP, use cases indirectly provide information e.g. Approval process and 24/7 availability of reports depicts data security and Performance related requirement.

Requirement prioritization

Categorized requirements, risk assessment

Org1

Requirement are available priority wise e.g. medium, high and low.

Requirements are being categorized but security requirement as category is missing from current implementation but it can be added.

Org2

Requirements are available priority wise e.g. medium, high and low.

Requirement categorization is missing. Requirements can be categorized.

AHP. Win-win, Traditional methods, PHandler There is no practice of requirement analysis in current systems. A quantifiable approach such as AHP’s implementation cannot be implemented easily as it requires budget and time justification difficult do so in current environment. Requirement analysis is not being done. Traditional techniques can be applied but some standard methods such as win-win, AHP which requires expertise and resources are not being welcomed.

6.

and a checklist can be given to stakeholder that lists possible security requirement that RE team summarized through introspection.

categorized separately from other requirements.

Stakeholder is usually one department or member but will be backed by other departments. (As they like to take more responsibilities) RE teams need to guide stakeholders may need to interact with variety of stakeholders for different requirements. People don’t like to take responsibility of other requirement for example data access may be dealt by one department and data backup by other i.e. IT support Stakeholders (facilitated by RE Teams)

Security Requirements are not available but can be added easily

Analysis and prioritization can be done by collaboration with stakeholders. (Prioritization is relatively difficult to do due to different point of views of stakeholders e.g. vice-chancellor and IT services head.)

Can be prepared by prioritization need to be focused as all requirements are deemed as important by stakeholder.

Stakeholders including the decision makers, RE teams. RE teams should make sure that stakeholder who has decision power and technical/domain expertise should be available if they are not following agile way of assigning some person with domain knowledge decision powers as well.

Priority-wise requirements already available prioritizations security can achieved.

Priority-wise requirements

are so of be

SQUARE LITE INTEGRATION STRATEGY

a) Define a document with definitions related to security terms. b) Document and define security goals: i. Approval of purchase order according to ISO documents (org2). ii. Secure and defined access to employee’s data only (org1). iii. No alteration to data once a transaction is processed except with due permissions (org1). iv. Mechanism for employee’s database backup along with manual file backup (org1). c) Define a risk assessment document for example (for org1, org2 respectively) as shown in Table 2 and 3:

196

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org Table. 2 Risk assessment grid (org1) Category High High Low Low

Id R1 R2 R3 R4

Risk SQL Injection Alteration into employee data Data Loss Server equipment failure

Possibility of occurrence High Medium Low Low

Table. 3 Risk assessment grid (org2) Category High High Low Low High

Id R1 R2 R3 R4 R1

Risk SQL Injection Order Approval Rights Data Loss Server equipment failure SQL Injection

Possibility of occurrence High Low Low Low High

d) Elicit security requirements by using different elicitation techniques e.g. i. Different access roles for employees ii. After editing employees record it should be approved before saving iii. Report generation log iv. Access log v. Daily backup of database e) Traceability matrix for prioritization of requirements is shown in Table 4 for org1: Table. 4 Traceability matrix (org1) Test case Access rights

Security Req. Dif. Access rights for employees

Risk Id R1

Business goals Defined access to employee’s data

Org1=Organization 1: Public Sector Organization (University of Gujrat), HR Management System Org2=Organization 2: Private Sector Organization (Kamal Labs Pvt. Ltd.) Purchase Process Automation System according to ISO standards. 7.

CONCLUSION

Security requirements are an important part of overall requirements and is often ignore. Security requirements lay both under functional and non-functional part. A comprehensive collaboration strategy is required in order to interact with stakeholders to elicit security requirements. Different methods are proposed in this regard, the most widely accepted method for security elicitation is SQURE proposed by SEI at Carnegie Mellon University. SQUARE is though quite comprehensive but also very costly and time consuming hence, a scaled down version of SQUARE was later introduced which can easily integrated into current RE processes. RE teams eliciting security requirements must have some technical knowledge in this area as they have to facilitate the stakeholders in the process and guide them on different issues they have to make them realize the importance of different security related issues and value of investment in such requirements implementation. ACKNOWLEDGEMENT This research was supported by Department of Software Engineering, Bahria University Islamabad, Pakistan and Department of Computer Science & Software Engineering, International Islamic University Islamabad, Pakistan. Special thanks to colleagues from NRSP who provided guidelines and expertise that greatly improved the quality of research. REFERENCES 1. 2.

Wilander, J. and J. Gustavsson. Security requirements–A field study of current practice. in E-proceedings of the symposium on requirements engineering for information security. 2005. Donald G. Firesmith, F.C., U.S.A., Engineering Security Requirements. JOURNAL OF OBJECT TECHNOLOGY, 2003. 1.

197

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org 3. 4.

5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15.

Nuseibeh, B. and S. Easterbrook. Requirements engineering: a roadmap. in ICSE '00 Proceedings of the Conference on The Future of Software Engineering. june, 2000. NewYork. Charles B. Haley, R.L., Jonathan D. Moffett, Member, IEEE, and Bashar Nuseibeh, Member, IEEE Computer Society, Security Requirements Engineering:A Framework for Representation and Analysis. IEEE Transactions on Software Engineering,, 2008. 34: p. 2,3. John Wilander, J.G. A Field Study of Current Practice. in Symposium on Requirements Engineering for Information Security (SREIS 2005). august 2005. Paris, France. Nancy R. Mead, E.D.H., Theodore R. Stehney II, Software Quality Requirements Engineering Methodology. 2005. Davis, A.M., The Art of Requirements Triage. Computer, 2003. 36(3). Barry Boehm, P.G., Robert O. Briggs, Developing Groupware for Requirements Negotiation: Lessons Learned. IEEE Software, 2001. 18: p. 2. Joachim Karlsson, K.R., A Cost-Value Approach for Prioritizing. IEEE Software, 1997. 14(5): p. 67-74. Babar, M.I., et al., PHandler: an expert system for a scalable software requirements prioritization process. Knowledge-Based Systems, 2015. 84: p. 179-202. Sher, F., et al. Multi-aspects based requirements priortization technique for value-based software developments. in Emerging Technologies (ICET), 2014 International Conference on. 2014: IEEE. Sher, F., et al. Requirements prioritization techniques and different aspects for prioritization a systematic literature review protocol. in Software Engineering Conference (MySEC), 2014 8th Malaysian. 2014: IEEE. Babar, M.I., et al., Stakemeter: Value-based stakeholder identification and quantification framework for value-based software systems. PloS one, 2015. 10(3): p. e0121344. SQUARE-Lite: Case Study on VADSoft. 2008: Pittsburg. Dan Gordon, T.S., Eugene Yu, System Quality Requirements Engineering (SQUARE):Case Study on Asset Management System,. 2005.

AUTHORS PROFILE Muhammad Sadiq completed his MS in Software Engineering from Department of Software Engineering Bahria University, Islamabad, Pakistan. Currently, he is working as Software Engineer in a public-sector organization in Islamabad, Pakistan. His research interests are in software design & architecture, design patterns, requirements engineering and component base software development, software evolution and data mining. Rana Muhammad Ashfaq completed his MS in Software Engineering from Department of Computer Science and Software Engineering at International Islamic University, Islamabad, Pakistan. Currently, he is pursuing his PhD in Software Engineering from Department of Computer Science and Software Engineering at International Islamic University, Islamabad, Pakistan. He has more the 9 years working experience as Senior Software Engineer in Public and Private Organizations in Pakistan. His research interests are in software engineering, GIS bases Software Development, software testing, requirements engineering and model driven development.

198


Comparative analysis of scrum and XP in Pakistani software industry 1

Muhammad Ibrahim, 2Muhammad Janas Khan, 3Abdus Salam 1,2,3

Department of Computer Science Abasyn University Peshawar, Pakistan E-mail: [email protected], [email protected], [email protected] ABSTRACT Agile methodologies promise to improve the productivity of software projects. Scrum and Extreme Programming (XP) are the most important agile methodologies. Both of the methodologies have a different framework and different style of implementations. These methodologies inherit the principles of agility. In order to implement these methodologies, the focus is on the agile manifesto. This research work presents exclusive evidence from Pakistani Software Industry for the comparison between Scrum and XP. The main focus of the research is to examine the similarities and differences by using a comparison between Scrum and XP in Pakistani Software Industrial context. The study is aimed to improve the quality of products and services, efficiency, and effectiveness of the developmental process and bring agility to the software development organization. The research is also focused to evaluate the challenges faced by software houses in the implementation of Scrum and XP. This study provides a solution to those challenges. A set of guidelines is presented to ensure the possibility of using both of them in one project. Keywords: agile software development; traditional software development; XP; scrum; Pakistan; feature driven development; 1.

INTRODUCTION

Traditional software development (TSD) is the old version for the software development among all the software development methodologies. Methodologies under the TSD are less flexible and the developers are unable to get the desired outcome. The life style of people is changing day by day and their plans also change thus, they demand the change in their requirements, which is not easy with TSD. In order to overcome such problems, agile software development methodologies (ASDM) were presented. Looking to the paradigm shift, agile was designed in such a way to solve the problems of TSD like time management, change management, quality assurance and customer collaboration. ASDM is a complete package of many lightweight methodologies. These include XP, Scrum, Crystal, DSDM, Lean development, FDD etc. Out of these lightweight processes, two methodologies are most popular; Scrum and XP. Although both these methods inherit the principles of agile development, both of them are two different frameworks. Scrum is highly concerned with project management techniques while XP is focused on engineering techniques. Both of them welcome to changes but have different agenda. Scrum is using short iteration to provide flexibility for changes to the projects, while XP welcomes to changes at any time. Section 3 completely discusses both of the frameworks. In this research, Section 2 presents literature review, Section 3 presents the methodology and data collection techniques, followed by Section 4, which presents exclusive evidence about Scrum and XP from software industry, results are provided in Section 5, and finally conclusion is presented in Section 6. 2.

LITERATURE REVIEW

Agile methodologies impose a disciplined process. A technique was introduced in 1975 based on iterative enhancement, which has become an agile methodology, to overcome the heavy nature of developmental processes. The name “agile” come about in 2001 [1, 2], when seventeen process methodologists held a meeting to discuss future trends in software development methodologies. In the methodologies of iterative enhancements, they found some common characteristics. Thus, they decided the name of agile, meaning it is both light and sufficient. As a result of this meeting, Marten Flower and Jim Highsmith presented “agile alliance” and its manifesto emerged for software development [3-6]. The agile methods claim to place more emphasis on people, interaction, working software, customer collaboration, and change, rather than on process, tools, contracts, and plan. The agile

199

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org development methods include Scrum, Extreme Programming (XP), Featured Driven Development Model, Crystal Model and some other. All of these work on the framework provided by the agile manifesto [7]. The research in [8] presents the impacts of agile methodologies on software development in Pakistan. A survey was conducted to see the different features of Agile, their impact on software quality and productivity of employees and adoption of agile methodologies in Pakistani software houses with a sample size of n=17. The research in [9] shows that SCRUM defines a flexible strategy for the development of a software which unites the team members to focus on the product objectives only. The challenges faced in TSD, SCRUM tries to solve those challenges. The people who work under SCRUM framework will be self-organized and will behave like a team. The members of the team will be motivated and encouraged towards the objectives of the software project. The main focus of SCRUM is on the customers. The customers may change their mind at any stage of the development and want to add some new functionality to the software [9-12]. XP is one of the agile methodologies that got a tremendous response among all agile methodologies in the recent past due to its wide applications in the software development life cycle (SDLC). XP is designed in such a way that improves quality of the software development. XP advocates short releases in shorter time span [13, 14][13-15]. XP short releases help to improve the quality of the products with special check points. Through these check points, the XP welcomes to the changes requested by the customers. Due to its wider application in the developmental processes, XP has been identified the most general methodology among all agile methodologies [7, 15-17]. The research in [18] focuses on agile in Pakistan and has significant evidence from Pakistan, it shows that scrum model is the favorite model for the agile development in Pakistan with more than 40% usage and surprisingly the XP is least used and the usage percentage is less than 5. 3.

MATERIALS AND METHOD

Data for this survey is collected, by using online emails, from different software professionals, working in different organizations of Pakistan. The questionnaire is divided into 3 indexes. Index 1 is used to get knowledge about the organization. On the base of index 1, it was decided to respond the index 2 or 3. The organizations that were using SCRUM were asked to respond index 2 while those using XP were asked to respond index 3. Index 1 has 5 questions only. Index 2 and 3 consists of 30 questions each. The questionnaire was sent to different software houses in the main cities of Pakistan like Karachi, Lahore, Islamabad, and Peshawar. The online data is analyzed by using an online tool provided by Google named as Google Forms. 4.

ANALYSIS OF DATA

This paper presents the analysis of data collected for the survey and then compared with each other. The data is analyzed based on the following steps. a) Data analysis strategy For this survey, we received 30 responses out of 100 software professionals to the questionnaires. The respondents were from different software organizations working in different context. Most of them were from web development (95.5%), 45.5% were from database development, 54.5% were from desktop software development, 27.5% were concerned about game development, and 50% were from Android app development and other different IT services. 33.3% were using pure Agile Development Methodologies, 42.9% were using both agile and TSDM. 9.5% were not using Agile while 14.3% were using some hybrid technology. 72.7% of them were using agile at any point of the project and 22.7% were using agile from the initial stage of the project. The results of the survey conducted in [18] showed that scrum has the highest percentage of usage that is 66.7% while 23.8% of organizations were using XP. On the other hand, 9.5% were using both scrum and XP in their projects. b) Comparison of evidence and comparison criteria This survey is aimed to compare scrum and XP. Here we are going to address some issues by comparing both methods. Following is the comparison criteria of collected evidence about both methodologies. Bar graphs are obtained by asking the same question from the respondents for both methods in the form of strongly agree, agree, neutral, disagree and strongly disagree. The number of respondents is different for questions asked for both scrum and XP. This difference is due to the reason that some organizations were using Scrum more than XP. If we look at the percentage of the usage of scrum in the projects, the 15% of our respondents were using scrum for more than 70% projects. In contemporary 18.8% of the respondents were using XP for more than 70% projects. Here we

200

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org need to keep in mind that the number of respondents to scrum is 20 while the number of respondents to XP is 18. Furthermore, following scrum 60% and 40% has the highest percentage (25% and 30%) than XP which is 25% and 12% in the same criteria with scrum. Equating both these equations and compare with the above results, we conclude that responses to scrum are more than to XP. In some context, the respondents respond to both the indexes of the questionnaires. Our evidence shows that they are using scrum more than XP but for small projects, they are also using XP. That's why they respond to XP and vice versa. The project size which implements these methodologies need to be considered. 18 respondents with the percentage of 77.8% were using scrum for medium size projects. 75% respondents out of 12 responses were using XP in small projects. This concludes that the percentage of implementing scrum for medium size projects is more than using XP for small projects development. 4.1 Requirements elicitation issue Scrum requirements elicitation is different from XP requirements elicitation. Scrum puts all the requirements in the backlog in a priority in the form of user stories. The analysis for prioritization is done by the development team by doing pre-analysis/pre-planning. Scrum meetings are helpful for this analysis. In XP the user writes his stories on a 4X6 inches card. Each card has one requirement. Here the user himself is going to ask the developer to develop the user story for him. We asked the question “Does the Scrum help the stakeholders to decide core requirements for the system?” Figure 1 depicts the requirements elicitation in the case of scrum while Figure 2 shows the requirements elicitation in the case of XP.

Figure. 1 Requirements elicitation in scrum The same question is asked for XP.

Figure. 2 Requirements elicitation in XP

201

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org 4.1.1 Results and recommendation If we count the number of respondents to strongly agree and agree in scrum portion in Figure 1, it clarifies that the percentage of responding to scrum is more than the percentage of responding to XP in the same criteria in Figure 2. Thus, we concluded that scrum helps the stakeholders more than XP to decide the core requirements for the system. 4.2 Communication gap Communication is the key to agility. Agile manifesto encourages us to communicate with stakeholders. The communication gap between the team members and other stakeholders causes problems such as misunderstanding, miscommunication etc. We ask the question, "Communication with stakeholders makes the scrum practice a difficult (crucial/critical) aspect of Agile”. Figure 3 depicts the communication gap in scrum.

Figure. 3 Communication gap in scrum The same question is asked from XP followers. Figure 4 depicts the communication gap in XP.

Figure. 4 Communication gap of XP 4.2.1 Results and recommendation The percentage of respondents for both questions is different because of the number of respondents in Figure.3. On this behalf, scrum has the high percentage of disagreement with the asked question. Referring to Figure 4, we concluded that scrum is helpful to avoid communication gap more than XP. In other words, communication between the stakeholders in scrum makes the scrum more efficient than XP.

202

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org 4.3 Changing requirements issues The popularity of agile methods is due to the accommodation of changes at any stage of the development. Both scrum and XP welcome to changes with different styles. Scrum incorporates changes after the completion of a sprint. The change request is made to the scrum master after the deployment of the first deliverable. The scrum master conducts a meeting and prioritizes the change in the product backlog. XP welcomes to change through check points. If the development team is working on a feature and a change request is made, the team will stop that feature and will try to develop the change request made by the client. We ask the question from the software professionals that, “Changing requirements make the scrum practice a difficult (crucial/critical) aspect of Agile”. Figure 5 depicts the result of changing requirements in scrum.

Figure. 5 Changing requirements in scrum The same question is asked by the software professionals. Figure 6 depicts the result of changing requirements in XP.

Figure. 6 Changing requirements in XP 4.3.1 Results and recommendation On behalf of the number of respondents to both questions the conclusion is made that the percentage to accommodate changes in the scrum is more than XP. Although XP is in the competition to scrum, but the number of

203

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org scrum followers are more than the number of XP followers. This enables us to get a tight decision in between scrum and XP. 4.4 Time frame and cost Time and cost of a project have a great impact on the quality of the product. Agile methods are specially developed to control both these important resources of the projects. The right product on right time with the right budget has a great mean to the market and thus an organization can survive in such situations otherwise the quality of the software products will decrease and the business values will also decrease. Here we also focused on both these. 4.4.1 Time frame For time, we asked different questions about scrum. Like “Scrum is followed because it decreases time/duration", "If Scrum is performed properly, it results in reduced time", "If Scrum is performed properly, it results in producing right product in the right time", and "Scrum makes the development process easy with respect to time delivery". The number of responses to all four questions is same and their results are also almost the same. Figure 7 shows the obtained results.

Figure. 7 Time management in scrum The same questions were asked about XP. Once again, the number of responses to all these four questions is same and their results are also almost the same. Figure 8 shows the obtained results.

Figure. 8 Time management in XP

204

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org a) Results and recommendation Comparing the above results, we concluded our results with some different aspects i.e. the number of disagreements. The number of respondents to the disagreements of questions about scrum has less percentage than XP as shown in Figure 7. Disagreements with XP in Figure 8 may have the possibility that the respondent who responds to the 1st question has also the possibility to respond the 2nd question in the same criteria and so on but we will ignore that. But this case is not valid for the scrum. Moreover, we need to keep in mind the size of the projects. All these evidences conclude that time management in scrum has high success rate than XP. We cannot ignore XP here. XP gives these results in small projects. Keeping the project size in mind, if we apply scrum to small projects, it will not make any sort of sense because we are wasting our time by applying scrum to small projects. Thus, XP has these applications in small projects which are efficient. We need to try in implementing the time frame of XP in scrum projects. This is one of the guidelines that we are going to present in the next sections. 4.4.2 Cost For cost: we asked some different questions about scrum. Like “Scrum is followed because it decreases development costs”, “If Scrum is performed properly, it results in increased business value”, “If Scrum is performed properly, it results in reduced budget”, “Small budget makes the scrum practice, a difficult (crucial/critical) aspect of Agile”, “Limited project resources make the scrum practice, a difficult (crucial/critical) aspect of Agile”. Figure 9 shows the obtained results.

Figure. 9 Cost management in scrum We asked the same questions about XP. Figure 10 shows the obtained results.

Figure. 10 Cost management in XP

205

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org b) Results and recommendation The scenario of the cost is quite different than time. Some of them (3 comparisons) will be treated with the same perspective i.e. percentage of disagreement and the remaining two will be treated with the percentage of agreement. The number of responses with disagreement to the first question is same but their percentage is different as shown in Figure 9. This difference is already discussed above. About the question business value, we mean here that which one methodology can give us the better business opportunity. We calculated the business value as a resource for our project. Better the business values, the better will cost management of the project. XP got 3 responses with disagreement in the same criteria as shown in Figure 10, while scrum got 0% response in the same context. The third question of our survey got almost the same responses to that of the first question. Keeping all these evidence in mind, XP got more responses in the disagreement criteria than scrum. This is the conclusion of one scenario. Let's go for another scenario. Scrum believes more than XP that small budget and limited project resources can cause difficulties with in the project. The ratio of respondents will be considered only when XP got any response in the agreement criteria but the fact is XP has 0% responses in the same criteria with scrum. From this perspective, we conclude that XP is more cost effective than scrum For the conclusion, we are comparing both scenarios. In the 1 st scenario, scrum believes that developmental cost will be decreased if scrum is performed properly. But the 2 nd scenario shows that limited project resources cause problems to scrum to be overridden. The scenarios with XP are totally different from the scrum in the same criteria or we can say totally opposite. This balances XP with Scrum. By keeping project size in mind, both methodologies are the need of modern era with different contexts. The recommendation here is that we need to put small budget (e.g. that of XP) to the medium size projects which further implements scrum as a developmental methodology. 4.5 Technological issues Before addressing this point, technological issues we mean that which methodology has a great percentage to be applied to the projects. If we look at those organizations which implements both scrum and XP to the projects, the percentage of implementation is different for both methods to the projects. We ask the question, “Scrum is vital methodology within Agile software development methods that are applied to what percentage of projects”. Figure 11 shows the obtained result.

Figure. 11 Technological issues in Scrum The same question is asked about XP, and Fig 4.12 is the obtained result.

206


Figure. 12 Technological issues in XP 4.5.1 Results and recommendation Comparing both, scrum has more responses to the higher percentage than XP as shown in Figure 11 & Figure 12. If we look at the trends of both methods, we can ignore the difference between the numbers of responses to both questions. The respondent percentage to the scrum in the higher criteria is more than XP. In the lower criteria scrum is also trending than XP. In the middle, XP is trending more than scrum with the high percentage but it cannot equate the percentage of the scrum in the higher criteria. This concludes that scrum is trending more than XP in the projects. 4.6 Rework issues Investigating the rework issue of both methods with two aspects, which one reduces rework (examine the percentage of responses) and what is the percentage of reducing rework? For scrum, we ask two simple questions from our respondents, “Scrum reduces rework”, and “Scrum reduces reworkup to”. The numbers of respondents to both questions are same. Figure 13 shows the obtained results.

Figure. 13 Rework in Scrum For XP, we ask the same questions. The numbers of respondents to both questions are same. Figure 14 shows the obtained results.

207


Figure. 14 Rework in XP 4.6.1 Results and recommendation Number of disagreement in the response of both methods is different. Scrum believes that it can reduce rework more efficiently than XP as shown in Figure 13. Although XP has also some responses in the agreement criteria as shown in Figure 14 but the trend is quite opposite to that of scrum. Scrum is trending more positively than XP which concludes that scrum reduces rework more than XP. Now let us investigate the percentage of reduction of rework. In the very upper criteria XP leads scrum but at the following criteria, scrum is trending far away from XP. At the lower criteria of 40% and 20%, the XP is again in the leading position than scrum. In this circumstance, the XP is in a tight position with scrum. If XP got more responses on the positive side of the first question, then the scenario will be changed dramatically. But for this, we conclude that scrum reduces rework more than XP. 4.7 Risk issues The risk is associated everywhere with a project with different aspects. The risk may be due to time, cost, failure or any other project resource. Agile methods reduce these sorts of risks. We are going to investigate scrum and XP to identify that which one method reduces risk more. For Scrum, we ask simple questions, “If the scrum is performed properly, it results in less risk”, “Scrum methodology signifies the success or failure of software project”, and “What is the impact of Scrum in term of software project success”. All these questions have the same meaning to us and Figure 15 shows the obtained results.

Figure. 15 Risk in Scrum

208

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org For XP, we ask the same questions. All these questions have the same meaning to us. Figure 16 shows the obtained result.

Figure. 16 Risk in XP 4.7.1. Results and recommendation Addressing the 1st question, Figure 15 and 16, the number and percentage of respondents, in the positive side to the first question of scrum, is far more than that of XP. For the 2nd question, the scenario is changed. The difference in the percentage is due to the number of respondents but the trend of both is same. Or we can say XP is leading Scrum because XP has a response in the strongly agreed criteria. For the 3rd question, the scenario is more interesting. In the upper criteria of 80%, XP is leading scrum. In the very next criteria of 60% scrum is leading XP. In 40% criteria, the XP leads scrum again. And in the very lower criteria, the scrum again leads XP. We will go with the very low criteria of 20%. It is because although the numbers of respondents are different the trends show that impact of scrum in the project success is less than XP. The last two scenarios are in the favor of XP but the 1st scenario is against XP. Here we are going to explore the nature of the questions. If we examine and have a deep look at the questions, the question associated with the 1st scenario is very straight. But the other two questions cover the over all aspects of the project success and failure. We put these two in different criteria than the 1st question. This concludes us that scrum mitigates risk more than XP. The recommendation is that risk management of scrum need to apply on XP. 4.8 Project validation and verifications issues Validation means, do right things. And verification we mean, do things right. Both of the terminologies, used in software engineering, ensure the quality of the software product. Verification is also done before the validation. We are going to investigate that which one of both these methods can verify and validate product more efficiently. For scrum, we ask simple questions like, “How much scrum is beneficial in software project validation” and “How much scrum is beneficial in software project verification”. The results are shown in Figure 17a and 17b.

209


Figure. 17a Validation and Verification in Scrum

Figure. 17b Validation and verification in scrum For XP, the same question is asked and the results are shown in Figure 18a and 18b.

Figure. 18a Validation and verification in XP

210


Figure. 18b Validation and verification in XP 4.8.1 Results and recommendation First, we are going to compare the results for project validation. XP in the highest category (80%) (Figure. 18a) leading scrum in the same category. But in the very next category of 60% (Figure 17a), the scrum leads XP with the high ratio. In 40% category, XP leads again over scrum. At the lower category, both are almost equal. Both the methods can equal each other when we talk about the number of responses for each method. Respondents to scrum are more than that of XP. For that reason, we cannot say clearly that XP is more helpful in project validation. For this case, we will prefer that both scrum and XP are equal in software project validation and both have a high impact on the project validation. In the software project verification, the scrum got the highest percentage in the higher categories of 80% and 60% as shown in Figure 17b. XP lost the competition in the same category as shown in Figure 18b. This concludes that scrum has the high impact on the software project verification than XP. 4.9 Customer satisfaction Projects success is highly dependent on customer satisfaction. Agile focuses on customer satisfaction more than TSD. To address the issue here means that we are going to find out which one method has the highest rate of customer satisfaction. For scrum, we ask simple questions, “If scrum is performed properly, it results in customer satisfaction”, and “Scrum makes the development process easy with respect to customer satisfaction". The responses to both the questions are same. Obtained results are given in Figure 19.

Figure. 19 Customer satisfaction in scrum For XP, we ask the same questions. The responses to both the questions are same. Respondents’ results are shown in Figure 20.

211


Figure. 20 Customer satisfaction in XP 4.9.1 Results and recommendation The nature of both questions is same. The number of respondents to both questions of each method is same. If we compare 1st questions of both methods, in Figure 19 scrum is trending to the positive side more than XP in Figure 20. For the 2nd question, scrum has no response on the negative side and XP has. Thus, stakeholders who are following scrum are more satisfied than XP. 4.10 Decision-making process Decision-making about the system is vital. If clients have time to take some sort of decisions about the system, the system that we are going to develop will have high success rate. As agile is highly customer centered, thus the decision-making process enables the customers to make good decisions about the system. The purpose of this comparison is to identify that what methodology consists of the good decision-making process. For scrum, we ask the question, “Does the scrum help stakeholders to make good decisions for the system?” The results are shown in Figure 21 and 22.

Figure. 21 Decision-making in Scrum For XP, we ask the same question. The results are shown in Figure 22.

Figure. 22 Decision-making in XP 4.10.1 Results and recommendation Comparing these both evidences, scrum has the high percentage in the positive aspect than XP. XP got more disagreement responses in the same category as shown in Figure 22. This concludes that scrum has a good decision-

212

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org making power than XP. It is because it provides some extra time to the clients to discuss the issues about the system developers. 5.

RESULTS

This section presents the results of the above discussion. The research questions are answered and a set of guidelines are presented in this paper. 5.1 Similarities and differences between scrum and XP From the above discussion, we found some of the following similarities between scrum and XP. 1. 2. 3.

The software developers have high percentage of practicing both scrum and XP Both scrum and XP make the development process easy with respect to change management. Both scrum and XP are equal in software project validation and both have high impact on the project validation.

The differences that we have found in scrum and XP are listed here: 1. 2. 3.

Scrum is more acceptable in Pakistan than XP. Communication between the stakeholders in scrum makes the scrum more efficient than XP. Time management in scrum has high success rate than XP. Both are implemented in different size projects. XP time management has validity in small projects while scrum has validity in medium size projects. Although scrum requires more time than XP, it is only because of the project size. 4. Scrum believes more than XP that small budget and limited project resources can cause difficulties with in the project. 5. Scrum believes that developmental cost will be decreased if scrum is performed properly 6. Scrum is trending more than XP in the projects within Pakistan 7. Scrum mitigates risk more than XP. 8. Stakeholders those are following scrum are more satisfy than XP. 9. Decision-making process of Scrum is quite successful than XP. It is because it provides some extra time to the clients to discuss the issues about the system developers. 10. Scrum reduces rework more than XP. 11. Scrum has high impact on the software project verification than XP Table 1 summaries the results. Table. 1 Summarized discussion

213

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org 5.2 Future enhancement Scrum is the most successful method in Pakistani industry. However, XP is mostly acceptable for the quick development of small projects. Scrum takes a longer time to develop a medium size project. Small project resources produce difficulties for the scrum. On the other hand, high risk is associated with XP. These features of one another are applied against each other to get hybrid of scrum and XP and is known as SuXP Hybrid. SuXP will cover medium projects in the short span of time and with low recourses, low amount of risk will be associated, customer satisfaction will be high and most importantly engineering techniques should be applied with a self-organized team to increase the success rate of medium size software projects. The first three points are taken from XP while the other three points are taken from the scrum. It is because these six points can overcome all those problems that we have discussed above for the Pakistani software industry. The combination of both is the SuXP hybrid. The architecture of SuXP is given in Figure 23.

Figure. 23 SuXP architecture 6.

CONCLUSION

Software industry of Pakistan is facing many problems in order to know the importance of agile development. XP is trending all over the world but Pakistani industry is unable to get results out of it. Scrum is the most acceptable method among all agile methodologies in Pakistan and organizations are ready to maximize their outputs from scrum development. Scrum and XP are quite different methods but still, they both have some common features which are used against each other to get a hybrid methodology and it is hoped that SuXP hybrid will solve some of the problems within Pakistani environment. This survey covers some aspects of scrum and XP but both frameworks are quite large. Some other aspects are missed like iteration enhancement. For the future, it is suggested to cover some different aspects of both methods. Develop a case study on the implementation SuXP in small as well as medium size projects and develop a report. ACKNOWLEDGEMENT I would like to thank to my teachers and colleagues. They motivated me and make me able to conclude the results. I would like to say my thanks to Mr. Azam Mughal from Karachi and Mr. Zafar Iqbal (Abasyn IT consultant) to help in the collection of research data. At the end, I would like to thanks my parents. It is because of them that I was able to be in this position. I dedicate my work to my beloved father for his kind support. REFERENCES 1.

Larman, C. and V.R. Basili, Iterative and incremental developments. a brief history. Computer, 2003. 36(6): p. 47-56.

214

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org 2. 3. 4. 5. 6. 7. 8.

9. 10. 11. 12. 13. 14. 15. 16. 17. 18.

Lindvall, M., et al., Empirical findings in agile methods. Extreme Programming and Agile Methods— XP/Agile Universe 2002, 2002: p. 81-92. Fowler, M. and J. Highsmith, The Agile Manifesto. August 2001. Software Development, The life cycle starts here. Ahmad, G., T.R. Soomro, and M.N. Brohi, Agile Methodologies: Comparative Study and Future Direction. European Academic Research, 2014. 1(11): p. 3826-3841. Fuster, J.E., Modern Software Project Management. 2010, University Politecnica De Valencia. Rosenberg, D. and M. Stephens, Extreme programming refactored: the case against XP. 2008: Apress. Beck, K. Manifesto for Agile Software Development. 2001 [cited 2017 17/06/2017]; Available from: http://agilemanifesto.org/. Faisal Shafique Butt, Z.A., Rabia Mukhtar, Daud Abdullah, Khalid Ibrahim and Riaz Ahmed, Agile methodologies, their impact on software development and implementation: Evidence from Pakistan. Canadian Journal of Pure & Applied Sciences, 2015. 9(3): p. 3643-3653. Henry, J. and S. Henry. Quantitative assessment of the software maintenance process and requirements volatility. in Proceedings of the 1993 ACM conference on Computer science. 1993: ACM. Alliance, S., What is Scrum? An Agile Framework for Completing Complex Projects-Scrum Alliance. Scrum Alliance. Available at: https://www. scrumalliance. org, 2016. Verheyen, G. Scrum: Framework, not methodology. 2013 [cited 2017 06/20/2017]; Available from: https://guntherverheyen.com/2013/03/21/scrum-framework-not-methodology/. Nonkaka, I. and H. Takeucho, The Knowledge Creating Company Oxford University Pres. 1995, NY. Rebolledo-Mendez, G. Designing for Collaborative as well as Indivualised Environments. in Human Centred Technology Workshop 2006 University of Sussex Falmer: University of Sussex. USFCA. Extreme Programming. [cited 2017 23/07/2017]; Available from: http://www.cs.usfca.edu/~parrt/course/601/lectures/xp.html. Cockburn, A., Agile software development. Vol. 177. 2002: Addison-Wesley Boston. Highsmith, J., Adaptive software development. Dorset House, 2000. Alliance, A., Agile manifesto. Online at http://www. agilemanifesto. org, 2001. 6(1). Ali, M.A., Survey on the state of agile practices implementation in Pakistan. International Journal of Information and Communication Technology Research, 2012. 2(4).

AUTHORS PROFILE Muhammad Ibrahim is a software engineering student. He completed his BS Software Engineering degree from Abasyn University Peshawar KPK, Pakistan. Currently he is teaching at a college in Peshawar. He loves research and is interested to explore more interesting research areas. His main research interest is in Agile Software Development. He is also a member of Pakistan Agile Development Society. Muhammad Janas Khan is currently working as a Lecturer in Department of Computer Science at Abasyn University Peshawar, Pakistan. He completed his MS (CS) specialization software engineering from COMSATS Islamabad, Pakistan. He is also a PhD Scholar at Faculty of Computer Science (Software Engineering), COMSATS Institute of Information Technology Islamabad Pakistan. Mr. Muhammad Janas Khan has more than 5 years of teaching experience. His area of interest includes Software Engineering. Dr. Abdus Salam is currently working as an HOD in Department of Computer Science at Abasyn University, Peshawar, KPK, Pakistan. He received his PhD from International Islamic University Islamabad, Pakistan. Dr. Abdus Salam has more than 10 years of professional experience and over 15 years of teaching experience.

215


Size optimization of steel trusses using a genetic algorithm in MATLAB Ersilio Tushaj Polytechnic University of Tirana, Albania Email: [email protected] ABSTRACT An important aspect of any engineering design problem is to achieve efficiency and efficacy. This can be in terms of energy consumption, performance, time, total weight and costs. In many cases, there are multiple solutions to a problem and you should select the one which satisfies better the criteria. This engineering design process is known as optimization. Optimization plays an important role in various engineering applications. Engineers are in continuity, challenged to design structures that use the least amount of resources and satisfy the structural requirements. The optimal design of structures can be decomposed into three major categories: topology, shape and size optimization. These methods have evolved with time and they may be divided in two maxi-groups: deterministic and non-deterministic algorithms. Size optimization of non-deterministic methods with genetic algorithms (GA) are investigated in this article and applied to some steel trusses in MATLAB soft R2017a. This is done by building an algorithm consisting in scripts and sub-functions, which are applied to the trusses for different constraints on stresses, displacements and buckling, depending on the case analyzed. Different values for the GA parameters are analyzed in such way to achieve the best design. The results are put in comparison with previous studies. Keywords: genetic algorithm; steel trusses; structural optimization; engineering; optimization; performance; 1.

INTRODUCTION

Reducing costs while meeting performance standards is a common challenge in structural design. Engineers typically rely on experience and standardized design procedures to make their structures more efficient [1]. A lot of systematic methods based on mathematical algorithms and grouped under the generic name of Structural Optimization are available to help designing efficient structures. Optimization is a vast field of mathematics whose theory is still actively being developed. But when applied to structural engineering, it is essentially regarded as a helpful to the engineer willing to design more efficient structures. Optimization of steel trusses has been largely investigated by authors from the beginning of structural optimization in civil engineering. The first who gave a mathematical formulation of nonlinear optimization of steel trusses was Schmit in 1960 [2]. Others will follow introducing better performant algorithms which can offer more reliable solutions at a minor time [3]. Optimization of steel trusses, with the developments of programming and computers, can be considered as an integration of knowledges in structural matrix analysis, optimization algorithms, and computer programming. Kirsch [4] in his book Structural optimization: Fundamentals and applications, reported the necessary step to follow a total layout optimization using matrix analysis of monodimensional structures and deterministic optimization techniques. 2.

PREVIOUS STUDIES AND GENETIC ALGORITHMS IN STRUCTURAL OPTIMIZATION

Different algorithms have been applied successfully in the steel structural design. A survey was prepared by the same author of this paper in [5]. Previous state of the art and reviews in structural size optimization have been prepared by different authors [6-9]. Optimization of steel structures have been largely studied in the international literature. Stasa [10] is an albanian case, from the Polytechnic University of Tirana. In her PhD Dissertation in 1994, she analyzed the optimal design of steel trusses using two deterministic methods: the Fully Stressed Design (FSD) and the Sequential Linear Programming with move limits (SLP). For each algorithm applied and constraints imposed, were given the results of the optimal weight and the final design of the steel elements. The Objective Function imposed was the minimal weight of the trusses. Stresses, displacement and slenderness criteria were applied to the problem. Comparisons were reported between the two methods. Hasancebi, 2009 [11], has studied the performance of some non-deterministic algorithms applied to the optimum design of steel trusses. Chain, 2015 [12] has done a survey on deterministic approaches applied to steel structures design. A state of the art in the use of genetic algorithms in structural optimization was prepared by Pezeshk as a chapter in the Report in Recent Advances in Optimal Structural Design, in 2002 [13].

216

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org Genetic algorithms are part of the evolutionary optimization techniques. The first to introduce these algorithms was Holland [14] in 1975. The (GA)s uses concepts from evolutionary biology. (GA)s are efficient and applicable in search procedures based on a stochastic approach which relies on the “survival of the fittest”. (GA)s can be a powerful design tool in optimization. They don’t require gradient information and can handle random data. (GA)s are search algorithms and are based on concepts of natural selection and natural genetics. (GA)s have a different approach from traditional optimization methods as they work with a coding of variables and not with the variables themselves; can operate on a population of potential solutions; search the optimum from an objective function, called fitness function, without having information on gradient; and they use a probabilistic search scheme. GAs have been largely used in optimization by many researchers [15-22]. Dhingra and Lee (1994) [23], applied a GA in obtaining a single - and multiple-objective design problems and presented several cases dealing with optimum design of truss structures with discrete variables. Adeli and Cheng (1993) [24] in their study used a GA in the design of space truss structures. They presented a (GA)s procedure for the optimization of threedimensional truss structures. Others have continuously developed and improved the performance of genetic algorithms. Combination of (GA)s with other algorithms have been studied too. 3.

GENERAL FORMULATION OF THE PROBLEM

The optimization problem finds a minimal optimal solution for an objective function, which can be total weight or cost of the structure. In this paper the study is done on the optimization of the total weight. The analysis is for steel trusses with constraints on stresses, displacements and buckling. The objective function for total weight is given in equation 1. 𝑚𝑖𝑛𝑖𝑚𝑎𝑙 𝑡𝑜𝑡𝑎𝑙 𝑤𝑒𝑖𝑔ℎ𝑡 𝑍 = 𝑓(𝑥) = 𝑓(𝑥1 , 𝑥2 , … , 𝑥𝑛 ) = ∑𝑛𝑖−1 𝑙𝑖 𝑥𝑖

(1)

𝑙𝑖 − 𝑙𝑒𝑛𝑔𝑡ℎ 𝑜𝑓 𝑒𝑣𝑒𝑟𝑦 𝑒𝑙𝑒𝑚𝑒𝑛𝑡 𝑜𝑓 𝑡ℎ𝑒 𝑡𝑟𝑢𝑠𝑠 𝑥𝑖 − 𝑠𝑒𝑐𝑡𝑖𝑜𝑛 𝑜𝑓 𝑡ℎ𝑒 𝑒𝑙𝑒𝑚𝑒𝑛𝑡 𝑛 − 𝑛𝑢𝑚𝑏𝑒𝑟 𝑜𝑓 𝑡ℎ𝑒 𝑒𝑙𝑒𝑚𝑒𝑛𝑡𝑠 Stress constraints consider that member forces should satisfy some maximum values as shown in equation 2. 𝜎𝑚𝑖𝑛,𝑖 𝑥𝑖 ≤ 𝐹𝑖 ≤ 𝜎𝑚𝑎𝑥,𝑖 𝑥𝑖

(2)

Sometimes in the comparison between different algorithms, loads and reduction factors are not applied, otherwise the constraints should include formulas from Structural Design Codes (Euro Code, AISC-LRFD, NTC 2008 etc.) Displacement limitations impose maximum values of deformation: |[𝑢]| ≤ [∆] 𝑚𝑎𝑥 The variables 𝑥𝑖 of every section should satisfy geometrical criteria. They can be continuous or discrete. Discrete sizing is more realistic since sections are taken from a commercial list. There are lower and upper limits to the sections equation 3. [𝑥]𝑙𝑜𝑤𝑒𝑟 ≤ [𝑥] ≤ [𝑥]𝑢𝑝𝑝𝑒𝑟

(3)

In this study, buckling when considered, is applied using NTC 2008 formula for compressed members. The resistance force member is given following by the formula in equation 4. 𝑁𝑐𝑟 =

𝜋2 ∙𝐸∙𝐽 𝑙0 2

𝜒=

𝐴∙𝑓𝑦𝑑

;𝜆 = √ 1

Ф +√Ф2 – 𝜆2

;

𝑁𝑐𝑟

; Ф = 0,5 ∙ [1 + 0,34 ∙ (𝜆 − 0,2) + 𝜆2 ] ;

𝑁𝑏,𝑅𝑑 =

𝜒∙𝐴∙𝑓𝑦𝑘 𝛾𝑀1

(4)

;

𝐸 − 𝑒𝑙𝑎𝑠𝑡𝑖𝑐 𝑚𝑜𝑑𝑢𝑙𝑢𝑠; 𝑙0 − 𝑒𝑓𝑓𝑒𝑐𝑡𝑖𝑣𝑒 𝑙𝑒𝑛𝑔𝑡ℎ 𝑐𝑜𝑙𝑢𝑚𝑛; 𝐽 − 𝑚𝑜𝑚𝑒𝑛𝑡 𝑜𝑓 𝑖𝑛𝑒𝑟𝑡𝑖𝑎; 𝐴 − 𝑠𝑒𝑐𝑡𝑖𝑜𝑛 𝑎𝑟𝑒𝑎; 𝑓𝑦𝑘 , 𝑓𝑦𝑑 − 𝑐ℎ𝑎𝑟𝑎𝑐𝑡𝑒𝑟𝑖𝑠𝑡𝑖𝑐𝑠 𝑎𝑛𝑑 𝑑𝑒𝑠𝑖𝑔𝑛 𝑠𝑡𝑟𝑒𝑛𝑔𝑡ℎ 𝑣𝑎𝑙𝑢𝑒; Ф, 𝜆 , 𝜒 − 𝑐𝑜𝑒𝑓𝑓𝑖𝑐𝑖𝑒𝑛𝑡𝑠.

217

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org The structural design problem is a constrained optimization problem. The solution is found applying algorithms which satisfy the given criteria, and seeks the best optimal solution. The objective function in genetic algorithms is given by the fitness function. 4.

TRUSS MATRIX STRUCTURAL ANALYSIS In general, the truss bars should satisfy the equilibrium condition equation 5 and the stiffness matrix equations {𝐾}[𝑢] = [𝑃]

(𝑑𝑖𝑟𝑒𝑐𝑡 𝑠𝑡𝑖𝑓𝑛𝑒𝑠𝑠 𝑚𝑒𝑡ℎ𝑜𝑑)

{𝐶}[𝐹] = [𝑃] {𝐾}[𝑢] = [𝑃]

𝑒𝑞𝑢𝑖𝑙𝑖𝑏𝑟𝑖𝑢𝑚 𝑐𝑜𝑛𝑑𝑖𝑡𝑖𝑜𝑛𝑠 (𝑚𝑒𝑡ℎ𝑜𝑑𝑠 𝑜𝑓 𝑗𝑜𝑖𝑛𝑡𝑠) (𝑑𝑖𝑟𝑒𝑐𝑡 𝑠𝑡𝑖𝑓𝑛𝑒𝑠𝑠 𝑚𝑒𝑡ℎ𝑜𝑑)

(5) (6)

𝐹 − 𝑚𝑒𝑚𝑏𝑒𝑟 𝑓𝑜𝑟𝑐𝑒𝑠, 𝐶 − 𝑡𝑟𝑢𝑠𝑠 𝑔𝑒𝑜𝑚𝑒𝑡𝑟𝑦 𝑚𝑎𝑡𝑟𝑖𝑥, 𝐾 − 𝑠𝑡𝑖𝑓𝑓𝑛𝑒𝑥 𝑚𝑎𝑡𝑟𝑖𝑥, 𝑃 − 𝑗𝑜𝑖𝑛𝑡 𝑒𝑥𝑡𝑒𝑟𝑛𝑎𝑙 𝑙𝑜𝑎𝑑𝑠 The direct stiffness method consist in evaluating the stress-deformation of the truss using the stiffness matrix. The global matrix of the structure {𝐾} is found by joining and reducing the single member matrixes of the truss, respective to the global system. Since some joint loads and displacements are known and some are not, the direct stiffness equation can be partitioned as given in equation 7. {𝐾 } { 11 {𝐾21 }

[𝑃 ] {𝐾12 } [𝑢𝑢 ] }[ ]=[ 𝑢 ] {𝐾22 } [𝑢𝑘 ] [𝑃𝑘 ]

(7)

where [𝑃𝑘 ] denote the vector of known forces, [𝑢𝑘 ] of known displacements, and [𝑃𝑢 ], [𝑢𝑢 ] unknown forces and displacements. Applying some matrix manipulation is possible to obtain the force members and final displacements of control joints. 5.

MATLAB SOFT R2017A

MATLAB SOFT R2017 is the last version of the software. It is a multi-paradigm numerical computing environment and a fourth-generation programming language, developed by MathWorks. It allows matrix manipulations, plotting of functions and data, implementation of algorithms, creation of user interfaces with other language programming such as C, C++, C#, Java, Fortran and Python. More information can be found on www.mathworks.com . Both commercial and educational versions are available. For example a simple script of mapping values in MATLAB applied in this study is: function x=discretevariable(x) global AV % Mapping of discrete variable % The possible values for all x are from AV x=AV(x); MATLAB can easily work on matrix analysis. Several authors have used MATLAB to operate on structural optimization problems. Cazacu, 2014 [22] has used MATLAB environment to optimize steel trusses using genetic algorithms and FEA. Hultman, 2010 [25] prepared a Report on weight minimization of steel trusses applying genetic algorithms. MATLAB can also be applied in collaboration with other open source structural design softs such as SAP2000. Wu, 2012 [26], proposed a procedure for wind-resistant optimization design of long-span portal-rigid frame by adopting the Optimality Criteria (OC) method and SAP2000 Application Programming Interface (API) for MATLAB developing environment. MATLAB has some toolboxes of optimization, the “Optimization Toolbox” and the “Global Optimization Toolbox”, which allow to perform some optimization problem. Some functions can be incorporated in the programming language of scripts. 6.

GENETIC ALGORITHM APPROACH

Genetic algorithm (GA) are part of the evolutionary algorithms group. (GA)s generate a series of new designs based on Darwin's survival of the fittest theory, seeking to mimic genetics. At each iteration, parents are selected among the best designs and the values of their optimization variables are mixed to generate children designs, and random changes are also applied to prevent early convergence of the population, using genetic crossovers and 218

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org mutations. The best children are added to the population, while old and less fit designs are removed from it. Before starting the (GA) procedure, it is necessary to: (1) Define the objective function and Constraints of the problem . (2) Code design variables into strings. Every variable is coded in strings of bits 10101. The variables then are concatenated in a single string to define a potential solution of the problem. (3) The fitness function f(x) can be the total weight of the structure. It determine how the algorithm choses the best individuals in the population. Most (GA)s are variations of the simple genetic algorithm (SGA) proposed by Goldberg in 1989 [15]. Its general procedure consist in the following steps: a. b. c.

d. e.

[Start] Generate random population of n chromosome (strings of 101010100110101, each of one corespond to a potential solution of the problem) [Fitness] Evaluate the fitness function f(x) for each chromosome in the population [New population] Create the new population picking parents among the best individuals applying the (GA) operators: i. [Selection] Selection of two parents from a population according to their fitness (best fitness, more chance to be selected etc.) ii. [Crossover] Generate children by mixing the parents properties with a crossover probability. If no crossover is applied the string is an exact copy of the parents. iii. [Mutation] Apply with a mutation probability changes to the children properties at each locus. iv. [Accepting] Place the new strings in the population. [Replace] Use new generated population for a further run for the algorithm. [Test] If the end condition is satissfied, stop and give the best solution in the current population.

Goldberg (GA)s consists in three genetic operators: reproduction, crossover and mutation. A. The selection scheme The selection or reproduction operator is the basic engine of the algorithm. The objective of the reproduction process is to allow the information stored in strings with good fitness values to survive into the next generations. Typically, each string is assigned a probability of being selected as a parent string based on string’s fitness. Rankbased selection scheme is largely used. Given the population, the selection scheme starts by sorting the population according to the values of the fitness function, constructing a ranking, where better solution have a higher rank. Individuals in the population are then selected in such a way, than higher the ranking, higher the probability of being chosen for reproduction. B. The Crossover Operators The Crossover operators specify how the genetic algorithm combines, to form a crossover child for the next generation. In this study is used a “scattered” approach. This operator, creates a random binary vector and selects the genes where the vector is a 1 from the first parent, and the genes where the vector is a 0 from the second parent, and combines the genes to form the child. C. The Mutation Operator. Mutation is a guarantee that some important regions of the search space may never be explored. Non-existing features from both parent strings may be created and passed to their children. The mutation operation can be beneficial in reintroducing diversity in a population. After the recombination step and again inspired in Nature, a mutation operator is introduced to simulate the errors that may arise during the copy process. The mutation operator is applied to each bit in the offspring chromosomes with a probability 𝑝𝑚 . The effect of this operator is a simple change of 1 into a 0 and vice-versa. To apply the (GA) it is further necessary to set up the population size. A population size of 150-1000 individuals (potential solutions) can applied with a maximum number of generations of the algorithm in the range 200-1000, a crossover probability of 0.5-0.8 and mutation probability of 0.001-0.05. 7.

METHODOLOGY USED IN THIS STUDY

The optimization of the steel schemes will be done applying a genetic algorithm to the matrix analysis equations of the deformation method, with stresses, deformation and buckling constraints. The analysis is done in MatLab soft R2017a. 219

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org Three algorithms are built: the first one with stresses and displacement criteria is used in the analysis of seeking the minimal total weight of a benchmark truss schemes and put in comparison with other previous studies. It consists in 4 scripts with function of Data.m, fitness function.m, constraint function.m, (GA) general parameters.m. The other two includes also buckling constraints for the members in compression. The algorithm is applied with discrete variables and results are put in comparison with previous studies. A. Coding and decoding All substrings are decoded and mapped to some integer values representing the sequence numbers of commercial steel sections in a given profile list. A multi parameter mapping consists in the equation 8. 𝐼

−𝐼𝑚𝑖𝑛

𝐼𝑖 = 𝐼𝑚𝑖𝑛 + ( 𝑚𝑎𝑥𝑙

2 −1

)∙𝛺

(8)

𝑙 − 𝑖𝑠 𝑡ℎ𝑒 𝑙𝑒𝑛𝑔𝑡ℎ 𝑜𝑓 𝑡ℎ𝑒 𝑠𝑢𝑏𝑠𝑡𝑟𝑖𝑛𝑔, 𝐼𝑚𝑖𝑛 , 𝐼𝑚𝑎𝑥 − 𝑠𝑒𝑞𝑢𝑒𝑛𝑡𝑖𝑎𝑙 𝑛𝑢𝑚𝑏𝑒𝑟 𝑜𝑓 𝑡ℎ𝑒 𝑓𝑖𝑟𝑠𝑡 𝑎𝑛𝑑 𝑙𝑎𝑠𝑡 𝑠𝑒𝑐𝑡𝑖𝑜𝑛 𝛺 − 𝑏𝑖𝑛𝑎𝑟 𝑐𝑜𝑑𝑖𝑛𝑔 𝑐𝑜𝑛𝑣𝑒𝑟𝑡𝑖𝑜𝑛 (𝑒𝑥𝑎𝑚𝑝𝑙𝑒) 10100 = 24 + 22 = 20 B. Fitness and penalty function Fitness function is the total weight and it is applied to determine the selection process as shown in equation 9: 1/ 𝑓𝑖 = 𝑊 = ∑𝑁 𝑒 𝜌𝑒 𝐿𝑒 𝐴(𝜂𝑒 )

(9)

Probability of selection is found based on the fitness function equation 10. 𝑓

𝑝𝐶 = ∑ 𝑖

(10)

𝑓𝑖

Penalty function is a linear function applied to limit the generation of individuals that do not satisfy constraint requirements. The penalty function is defined from equation 11. 1

∅𝑖 = { 𝑘|𝑝 | 𝑖

𝑝𝑚𝑎𝑥

𝑖𝑓 |

𝑝𝑖 𝑝𝑚𝑎𝑥 𝑝𝑖

𝑖𝑓 |

|≤1

𝑝𝑚𝑎𝑥

|>1

(11)

∅𝑖 − 𝑖𝑠 𝑡ℎ𝑒 𝑝𝑒𝑛𝑎𝑙𝑡𝑦 𝑓𝑢𝑛𝑐𝑡𝑖𝑜𝑛 𝑓𝑜𝑟 𝑐𝑜𝑛𝑠𝑡𝑟𝑎𝑖𝑛𝑡𝑠 𝑖, 𝑝𝑖 − 𝑓𝑎𝑐𝑡𝑜𝑟𝑒𝑑 𝑠𝑡𝑟𝑒𝑠𝑠𝑒𝑠 𝑜𝑟 𝑑𝑖𝑠𝑝𝑙𝑎𝑐𝑒𝑚𝑒𝑛𝑡𝑠, 𝑝𝑚𝑎𝑥 − 𝑚𝑎𝑥𝑖𝑚𝑢𝑚 𝑟𝑒𝑠𝑖𝑠𝑡𝑎𝑛𝑐𝑒 𝑣𝑎𝑙𝑢𝑒, 𝑎𝑛𝑑 𝑘𝑖 − 𝑝𝑒𝑛𝑎𝑙𝑡𝑦 𝑓𝑎𝑐𝑡𝑜𝑟. C. Crossover and mutation probability Various values of crossover and mutation are applied. They vary 0.6-0.8 for crossover and 0.01-0.03 for mutation. Higher values can retard the time processing of the algorithm. D. Population size, max generations and tolerance In this study, the (GA) parameters of population size, max generations, elite count and tolerances are considered with values as follow: options = optimoptions(@ga,'PopulationSize', 100-200, 'MaxGenerations', 100-400, 'EliteCount', 10,'FunctionTolerance', 1e-6); 8.

CASE STUDIES

Case studies are taken from previous studies of optimization. A comparison between the different results obtained is given. The optimization problem is discrete with variables that can have values only from standard commercial sections. % Available sections AV=[616 758 896 700 860 1018 1172 778 960 1138 1312 1262 1646 1164 1382 1806 2220 1740 2200 1660 1880 2380 2860 2300 2820 3340 2460 3020 3580 2780 3100 3740 3420 3900 3840 4540 4120 5920 4240 5020 5800 4640 5080 5940 6780 8020 6000 6940 7860 7000 8000 9000 8060 9140 10200 11300]; %mm2 sections double L www.oppo.it % Minimal moment of inertia I=[89400 110600 126200 128600 156800 183200 208000 179400 220000 256000 292000 346000 440000 390000 456000 584000 698000 668000 828000 742000 846000 1050000 1236000 1178000 1424000 1652000 1444000 1750000 2040000 2080000 2320000 2760000

220

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org 3160000 3540000 3540000 4140000 4700000 5240000 4780000 5600000 6380000 6260000 6820000 7880000 8900000 10340000 9440000 10800000 12100000 12780000 14460000 16100000 16900000 19000000 21000000 284840000];

A. Case study Nr.1. 10 bar truss with stress and displacement criteria Case Nr.1 is a typical case study, analyzed by most authors in structural optimization. A ten bar cantilever truss is given with loads at lower points. Due to its simple configuration the ten bar truss has been used as a benchmark to verify the efficiency of diverse optimization methods, with stresses and displacements criteria. Case 1a. The case study is given in Figure 1. This scheme was firstly analyzed by Venkayya and other authors in 1971 and 1979 [27, 28]. The scheme was analyzed for aluminium alloy with mass density 𝜌 = 27.14 𝑘𝑁/𝑚3 , elastic modulus 𝐸 = 10,000 𝑘𝑠𝑖 (68.95 𝐺𝑃𝑎) , stress limits of 25 𝑘𝑠𝑖 (172.37 MPa) , and displacements of 2 𝑖𝑛𝑐ℎ (50.8𝑚𝑚). After 25 cycles the study reported an optimal result of 2306 kg. Rayeev and Krishnamoorthy [29] in 1992, used a modifiable simple genetic algorithm to optimize the scheme. The result reported a best total weight of 2 497 kg. Pezeshk [18] in 1998, built a FEAPGEN algorithm using genetic algorithms. A six digit binary number is built to represent the cross sectional areas of each member. The parameters of the genetic algorithm were 𝛼 = 1.005, the crossover probability 0.85; the mutation probability 0.05. Small population sizes (20, 30 and 40) were applied and solutions were developed for 50 generations. The result reported a best design of 2 472 kg. Flager and others in 2014 [30] proposed the fully constrained algorithm based on the virtual work principle, for discrete sizing optimization of steel structures that balances computation efficiency with solution quality for application to large-scale problems. The method was based on optimality criteria and didn’t require gradient information. It was reported a minimal total weight of 2317 kg for the scheme. Kazemzadeh and Hacansebi in 2014 [31] proposed the (GSS) Guided Stochastic Search, used for discrete sizing optimization of steel trusses. The method worked on the basis of guiding the optimization based on the virtual work principle and on the information collected during the structural analysis. The optimal best result reported was 2490 kg. The performance of the proposed techniques was investigated according to AISC – LRFD specifications. 4

4

6

y 5

7 x O

1

1

9 3

2 F=444.8 kN (100 kips)

9.14 m

6

10

8

9.14 m

3

2

5 F=444.8 kN (100 kips)

9.14 m

Figure. 1 First case study - configuration of a ten-bar truss In this study the 10 bar truss geometry, was analyzed using the Genetic algorithm built in MATLAB soft R 2017a, with the same conditions. An optimal result of 2298 kg was reported in (Table.) 221

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org Table. 1 Case study nr.1a of the benchmark truss Stresses and displacements criteria Algorithm applied

Venkayya [26]

Minimum weight

2306 kg

Optimality Criteria

S. Rajeev and Krishnamoorthy [29] Modifiable simple genetic algorithm

Pezeshk study [18]

Flager and others in 2014 [30]

FEAPGEN using genetic algorithm

2497 kg

2472 kg

Improved optimality criteria (Fully Constrained Design) 2317 kg

Kazemzadeh and Hacansebi in 2014 [31] Guided Stochastic Search

This study

2490 kg

2298 kg

Genetic algorithm Matlab soft R2017a

Case 1b. This Case is similar to the previous one, but with some modification on geometry and material characteristics taken from Stasa [10]. Constraints are imposed on stresses and displacements. Load is approximated to 500 kN. Stasa [10] applied two different algorithm methods: the FSD (Fully stressed design) and the SLP with move limits (Sequential Linear Programming method). Stresses, displacements, geometry and materials characteristics are considered the same. The lowest value of minimal total weight is considered for comparison. In this study buckling constraints are applied from from NTC 2008 (7.METHODOLOGY USED IN THIS STUDY). Instead, Stasa [10] applied some empirical combination between the area of the section 𝐴 and the minimum radius of gyration 𝜌𝑚𝑖𝑛 of standard commercial sections, using a 𝛽 coefficient equation 12. 𝜌𝑚𝑖𝑛 = 𝛽√𝐴

(12)

The optimization problem is discrete with variables taking values from the standard commercial section list (8.CASE STUDIES). A function is built to map variables. Results are given in Table.. Table. 2 Results and comparison of case study 1b Stasa [10] Constraints

Minimum weight

𝑓𝑦𝑘 : 210 N/mm2 ∆: 3 cm Buckling approx. 888.08 kg

This study 𝑓𝑦𝑘 : 210 N/mm2 ∆: 3 cm 698 kg

This study 𝑓𝑦𝑘 : 210 N/mm2 ∆: 3 cm Buckling NTC 2008 1099 kg

Stasa [10] 𝑓𝑦𝑘 : 210 N/mm2 ∆: 1 cm 1504.52 kg

This study 𝑓𝑦𝑘 : 210 N/mm2 ∆: 1 cm Buckling NTC 2008 1453 kg

B. Case study Nr.2. English Truss with stresses and buckling constraints This case consist in the analysis of an English steel roof truss (Figure 2) with dimensions of 16.5m x 2.2m. Truss nodes are numbered from 1 to 16 and elements from 1 to 29. Lower elements 1-8 connect nodes : 1-2,24,4-6,6-8,8-10,10-12,12-14,14-16; upper elements 9-16 connect nodes: 1-3,3-5,5-7,7-9,9-11,11-13,13-15,15-16; vertical elements 17-23 connect nodes: 2-3,4-5,6-7,8-9,10-11,12,-13,14-15 and diagonals 24-29 connect 2-5,47,6-9,9-10,11-12,13-14. The truss has been analyzed applying the direct stiffness method. The design is based on the Italian Code NTC 2008, for steel S275. For the design are considered double L angular sections. Firstly, the truss is designed applying conventional methods, then is redesigned in MATLAB applying the genetic algorithm, built with constraints on stresses and buckling based on the NTC 2008. The fitness function is the total weight of the structure. The problem is discrete and variables are taken from the standard commercial sections list

Figure. 2 Case Nr.2 English roof truss 222

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org (Case 1b). Results and a comparison with previous studies is given in Table 3. Table. 3 Standard design of the roof truss under the NTC 2008 Code Standard design under NTC 2008 Code Elements Member forces Section design (mm) /Data (max values in kN) Lower elements

334.64 Kn

1312 mm2

Upper elements

-346.45kN (compression) 72.42 Kn -52.95 kN (compression)

3840 mm2

Diagonals Vertical elements

(GA)s optimized in this study (mm2) Different sections for every element: Total weight 749 kg Sections grouped: Total weight: 832 kg

778 mm2 778 mm2 832 𝑘𝑔

Standard design truss weight

749 − 832 𝑘𝑔

Optimized weight

Using genetic algorithms it is possible to optimize by 10% the total weight. Grouping elements may create some loops in the MatLab Code, so it should be written correctly developing the 4 variables. Difficulties may appear when setting up the design process. C. Case study nr.3 - 39 bars, with stresses, displacements and buckling constraints This case study is a 39 bar truss (Figure 3) with dimensions of 24.0 m x 1.0m (width x height). The truss is statically indeterminate, with steel material and a stress resistance of 𝑓𝑦𝑑 = 210𝑁/𝑚𝑚2 . Buckling constraints are defined in (7. METHODOLOGY USED IN THIS STUDY). There are considered two cases for displacements, the first one with a limit of ∆1 = 96𝑚𝑚 and the second one with ∆2 = 40𝑚𝑚. Two load combinations are applied to the truss: (1): 𝑃1 = 𝑃2 = 75.4 𝑘𝑁

(2): 𝑃1 = 75.4 𝑘𝑁 𝑃2 = 65.95𝑘𝑁

Figure. 3 Case study – 39 bars truss. Due to the high number of variables and to the high range of the set of values, in this operations was observed a need to consider a higher value for the ‘EliteCount’ function in the (GA) operator: 'EliteCount', 50. Elite count specifies the number of individuals that are guaranteed to survive to the next generation. It should be a positive integer less than or equal to the population size. The default value is 5% of the population size. Higher is this value, more are the individuals that survive in the next generations. Population size and max generations are defined to 200: 'PopulationSize', 200, ‘MaxGenerations', 200. The first loading combination gives greater values of the sectional areas. The best results that satisfy all the constraints are presented in Table 4. Table. 4 Results and comparison for case study Nr.3 – 39 bars

Total Weight Number of iterations

Stasa [10] Variant 1 ∆1 = 96𝑚𝑚 (best result mm2) 2657 kg 2 cycles

This study Variant 1 (mm2) ∆1 = 96𝑚𝑚 2356 kg 200 cycles 16 000 function evaluations 90 sec.

Stasa [10] Variant 2 ∆2 = 40𝑚𝑚 (best result mm2) 4032 kg 8 cycles

This study Variant 2 (mm2) ∆2 = 40𝑚𝑚 3514 kg 200 cycles 14 000 function evaluations 104 sec.

The analysis conducted for this case resulted in an increase in efficiency in the design of the truss. The results are compared for the same conditions, with the example analyzed by Stasa [10]. It is reported an improvement in the value of the objective function; the total weight of the truss is 10% less. In contrast, a large number of iterations and a longer time is needed to achieve the result, compared to other examples given. 223


DISCUSSION AND CONCLUSIONS

Genetic algorithms have been largely applied in the engineering design problems. In this study a (GA) was built in MatLab soft R2017a, with fitness function, the total weight of the structure. The truss schemes were solved applying the direct stifness method. Different values of (GA) parameters were analyzed in a such way to achieve better results in terms of efficiency and efficacy. Three algorithms were applied with constraints on stresses and displacements, stresses and buckling and all three of them simultaneously.

(GA)s as meta-heuristic show advantages in comparison to deterministic methods since they explore a larger space of values. In this study were reported better total weight designs of more than 10% in comparison to other studies, for some truss schemes. The bar elements of three different truss schemes were calculated and designed. The first one is a benchmark optimization problem, analyzed by most authors. In this case, since the number of variables is low, the algorithm process was fast, and it carried out also better results than the other optimization cases taken in consideration. Another similiar scheme was analyzed for steel sections and put in comparison with the design done by another author. In the second and third case, the optimization problem was applied to a roof english truss and a 39 bars truss, with constraints on stresses, displacements and buckling. There were reported good results too. (GA) offers an instrument with a high potential in increasing the design efficiency. There are some difficulties in writing down the optimization problem, since every case may have some particularities. But, once the algorithm has been written, it can be applied successfully in the analysis and the design of various trusses. A longer time may be necessary for further processing of the algorithm for obtaining a better result. To get better designs, it is necessary to analyze the broad range of possible values that algorithm parameters can take. Various authors have analyzed and continue to analyze these algorithms. Continuous improvements are reported in the way the Fitness function and the Penalty function is applied in finding a better solution in a shorter time. Use of these algorithms in the engineering practice would be higher, if there are built more readible interfaces with a variety of options. Further analyzes are needed to build fuller algorithms that allows in an automated way to solve problems facilitating with graphical interfaces. Topological and shape optimization can also be applied with size optimization, by starting a simultaneous process in finding the most favorable configuration, filling all the boundary conditions, constraints and loads. ACKNOWLEDGEMENT The author is thankful to the Polytechnic University of Tirana, Albania in order to provide research support towards completion of this research.

REFERENCES 1. 2. 3. 4. 5.

6. 7. 8. 9.

Christensen, P.W. and A. Klarbring, An introduction to structural optimization. Vol. 153. 2008: Springer Science & Business Media. Schmit, L.A. Structural design by systematic synthesis. in Proceedings of the 2nd conference on electronic computation, ASCE, New York. 1960. F. Bontempi, Phd course in structural optimization. 2016: Rome: Dottorato in Ing. Strutt. e Geotec. Universita' degli Studi di Roma "La Sapienza". Kirsch, U., Fundamentals and applications of structural optimization. 1993, Springer-Verlag, Heidelberg. Lako, E.T.a.N. A survery of size optimization algorithms applied in the structural engineering design. in 1st International Conference on New Research and Advances on Computer Science and Information Technology. 2017. Vlora, Albania. Arora, J.S., Methods for discrete variable structural optimization, in Advanced Technology in Structural Engineering. 2000. p. 1-8. Kicinger, R., T. Arciszewski, and K. De Jong, Evolutionary computation and structural design: A survey of the state-of-the-art. Computers & Structures, 2005. 83(23): p. 1943-1978. Azad, S.K. and O. Hasançebi, Optimum Design of Skeletal Structures Using Metaheuristics: A Survey of the State-of-the-Art. 2014. Rolvink, A., J. Coenders, and C. Mueller. State on the art of computational tools for conceptual structural design. in Proceedings of the IASS-SLTE 2014 Symposium" Shells, Membranes and Spatial Structures: Footprints", Brasilia, Brazil, 15-19 September 2014. 2014: International Association for Shell and Spatial Structures (IASS).

224

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org 10. 11. 12. 13. 14. 15. 16. 17.

18. 19. 20. 21. 22. 23.

24. 25. 26.

27. 28. 29. 30. 31.

Stasa, K., Projektimi Optimal i Kapriatave Metalike. 1994, Tirana, Albania: Universiteti Politeknik i Tiranes (UPT). Hasançebi, O., et al., Performance evaluation of metaheuristic search techniques in the optimum design of real size pin jointed structures. Computers & Structures, 2009. 87(5): p. 284-302. Chen, Y., Application of deterministic operations research for structural optimization. 2015, Massachusetts Institute of Technology. Pezeshk, S. and C.V. Camp, State of the art on the use of genetic algorithms in design of steel structures. Recent advances in optimal structural design, 2002: p. 55-80. Holland, J.H., Adaptation in natural and artificial systems. An introductory analysis with application to biology, control, and artificial intelligence. Ann Arbor, MI: University of Michigan Press, 1975. Goldberg, D.E., Genetic algorithms in search, optimization, and machine learning, 1989. Reading: Addison-Wesley, 1989. Lin, C.-Y. and P. Hajela, Design optimization with advanced genetic search strategies. Advances in Engineering Software, 1994. 21(3): p. 179-189. Chan, C.-M. and P. Liu, Design optimization of practical tall concrete buildings using Hybrid Optimality Criteria and Genetic Algorithms, in Computing in Civil and Building Engineering (2000). 2000. p. 263270. Camp, C., S. Pezeshk, and G. Cao, Optimized design of two-dimensional structures using a genetic algorithm. Journal of structural engineering, 1998. 124(5): p. 551-559. Kameshki, E. and M. Saka, Genetic algorithm based optimum bracing design of non-swaying tall plane frames. Journal of Constructional Steel Research, 2001. 57(10): p. 1081-1097. Petrucci, M., Structural optimization: an approach based on genetic algorithms and parallel computing. 2009, University of Trento. Toğan, V. and A.T. Daloğlu, An improved genetic algorithm with initial population strategy and selfadaptive member grouping. Computers & Structures, 2008. 86(11): p. 1204-1218. Cazacu, R. and L. Grama, Steel truss optimization using genetic algorithms and FEA. Procedia Technology, 2014. 12: p. 339-346. Dhingra, A.K. and B. Lee, A genetic algorithm approach to single and multiobjective structural optimization with discrete–continuous variables. International Journal for Numerical Methods in Engineering, 1994. 37(23): p. 4059-4080. Adeli, H. and N.-T. Cheng, Integrated genetic algorithm for optimization of space structures. Journal of Aerospace Engineering, 1993. 6(4): p. 315-328. Hultman, M., Weight optimization of steel trusses by a genetic algorithm. Lund University, Department of Structural Engineering, 2010. Wu, J., et al. Structural optimization of long span portal-rigid frames under wind action. in The Seventh International Colloquium on Bluff Body Aerodynamics and Applications (BBAA7) Shanghai, China. 2012. Venkayya, V., Design of optimum structures. Computers & Structures, 1971. 1(1-2): p. 265-309. NS Khot, L.B. and V.B. Venkayya, Comparison of optimality criteria algorithms for minimum weight design of structures. AIAA Journal, 1979. 17(2): p. 182-190. Rajeev, S. and C. Krishnamoorthy, Discrete optimization of structures using genetic algorithms. Journal of structural engineering, 1992. 118(5): p. 1233-1250. Flager, F., et al., Fully Constrained Design: A general and scalable method for discrete member sizing optimization of steel truss structures. Computers & Structures, 2014. 140: p. 55-65. Azad, S.K., O. Hasançebi, and M. Saka, Guided stochastic search technique for discrete sizing optimization of steel trusses: A design-driven heuristic approach. Computers & Structures, 2014. 134: p. 62-74.

AUTHOR PROFILE Ersilio Tushaj is a PhD Candidate at the Polytechnic University of Tirana in Civil Engineering. He currently works as lecturer at POLIS University, International School of Architecture and Urban Planning. He has a master degree from University of Bologna in Building Engineering and Architecture. He has some years of academic experience and is author of some publications. His main interest area structural optimization and application of algorithms

225


Adaptation of scrum activities and artifacts to Milton's knowledge management model 1

Zeinab Tavakoli, 2Taghi Javdani Gandomani, 3Majid Ghasemi 1,2

Dept. of Computer Engineering Boroujen Branch, Islamic Azad University Boroujen, Iran 3 Dept. of Computer Engineering Farsan Branch, Islamic Azad University Farsan, Iran Email: [email protected], [email protected], [email protected] ABSTRACT Application of specific activities and artifacts in Agile methodologies implies a different viewpoint toward development process in these methods. This viewpoint is fixed in minds due to obligation to Agile dominant principles and values in order to retain dynamicity of these methods. In fact, foundation of Agile methods is made by implicit knowledge which only in case of proper management leads to keeping of dynamic nature of these methods. Milton's model is one of the models of knowledge management. This model is based on the sharing of knowledge between actions groups. Therefore, the present study is an attempt to attain this goal through adaptation of activities and artifacts of Scrum Agile methodologies to one of the well-known knowledge management models. Keywords: knowledge management; Agile methodologies; implicit knowledge; Scrum; Milton's knowledge management model 1.

INTRODUCTION

Agile software development indicates a new approach based on achievements such as high quality, fast delivery, embracing the required changes and light-weight documentation [1, 2]. In this approach, focusing on shared collaboration and direct communications has made developmental process to encompass specific activities and artifacts which have often not explicit descriptions [3]. These artifacts require utilization of two principles including synergy and feedback and learning [4]. Synergy as a principle is connected with collaboration of knowledge and skill of individuals in order for shared resources to be achieved. Based on this principle, there should be individuals who are capable of sharing knowledge easily and can be adapted to goals of project [4]. Based on feedback and learning as a principle, focusing of Agility on project implementation against the ongoing programming should result in deepening of learning [4]. Observation of these principles by Agile activities requires utilization of mechanisms capable of keeping implicit knowledge dynamic as well as facilitating division of knowledge existing in the activities. It refers to mechanisms which make searching and scanning of the environmental knowledge feasible. These mechanisms are capable of reorganizing resources and checking up the unstable environment [5, 6]. It seems that due to having capacity to extract values from invisible assets knowledge management can be an efficient approach in this regard. Therefore, the present study focusing on Scrum methodology is an attempt to adapt the activities and artifacts existing in this method to one of the knowledge management models based on communication activities of the related procedures. This study is organized into five sections. Scrum activities and artifacts are discussed in Section II. In Section III, Milton’s knowledge management model will be elaborated. Adaptation of Scrum activities and artifacts to Milton’s knowledge management model will be described in Section IV. Finally, conclusions will be presented in Section V. 2.

SCRUM ACTIVITIES AND ARTIFACTS

Scrum is a process which regularly applies the best activities related to shared activities [7]. This process produces in the form of small iterations through specification of the team to the managed specialized groups [7]. Figure 1 shows Scrum activities and artifacts.

226


Figure.1 Scrum activities and artifacts [8] As is seen in this figure, product owner who has a mental image of the product gathers product’s backlog in the form of a prioritized list. In order to be sure of rational commitment of the developmental team, another backlog is made through an activity called sprint planning by Scrum team members, known as sprint backlog. Sprint backlog consists of the team’s activities and tasks which are planned in order to design, build, consolidate, and examine characteristics chosen in sprint. Sprint is done in order to accomplish these activities and features. In order to harmonize, check and adapt activities, daily Scrum is done day by day to manage affairs. Finally, the team finishes sprint by two activities based on checking and adapting which are called sprint review and retrospective meeting [7, 8]. 3.

MILTON'S KNOWLEDGE MANAGEMENT MODEL

Milton’s model has been formed according to two viewpoints based on connecting and collecting values from knowledge. These viewpoints complement each other [9, 10]. Connection in this model refers to connecting individuals to each other and making communities of practice in a way that individuals can share their knowledge. Email and face-to-face meetings are examples of these groups. In this regard, utilization of the peer assist as a mechanism for facilitating interaction of the team’s business and knowledge in the work sessions can be useful [9]. Collection is a mechanism which builds a valuable knowledge criterion and it covers major activities of the company and can have long-term efficiency as well [9, 10]. After Action Review (AAR) and retrospect are two activities which help collection as a mechanism. AAR is a mean of knowledge gathering during activity. It refers to a convention which is held by the team members for a short time. A team has to keep it in order to be in line with changing circumstances and make revisions during the project based on what has been learned. Retrospection is related to knowledge gathering done at the end of the project while all of the members are present (if possible). It is a fast and efficient way of knowledge achievement before project is accomplished [9, 10]. Figure 2 shows Milton’s knowledge management. As is seen in this figure, Milton’s model consists of knowledge assets and three groups of learning including learning before action, learning during action and learning after action. Based on Milton’s model, knowledge assets consist of reliable knowledge which is achieved and saved for reuse. Learning before action leads to becoming confident of start of the project based on knowledge and awareness. Learning during action based on the action groups leads to knowledge sharing among people who do activities and better accomplishment of the duties. Learning after action help knowledge to be gathered in order to be used in the future [9].

227


Figure.2 Milton's knowledge management model [10] 4.

ADAPTATION OF SCRUM ACTIVITIES AND ARTIFACTS TO MILTON'S KNOWLEDGE MANAGEMENT MODEL

Based on Milton’s model, knowledge assets consist of rules behind activities, a list of the individuals with related experiences or stories from the past which have been achieved and stored in the form of a reliable knowledge [9]. In Scrum teams as in other Agile teams, individuals are sources of the reliable knowledge, who have different experiences in the activities, rules and principles related to the project stored in their minds as implicit knowledge. Learning before action in Milton’s model, at the beginning of a project or part of a work, leads to becoming sure that the project is started based on knowledge and awareness through making knowledge accessible. In Scrum methodology, project is started with an activity called product backlog preparation. Product backlog leads to learning before action and building confidence that the project will begin based on knowledge and awareness through making features and requirements accessible in the form of a prioritized list. In Milton’s model, action groups which are shown as actors in Figure 2 are networks predicted to help in better accomplishment of the duties in the process of knowledge sharing among activities administrators. These groups can encompass some skills within the organization or some members of society who have common feeling toward a specific goal and are interested in sharing their related experiences and knowledge. They learn during action through confidence and royalty based on mutual reliance and doing related activities [10]. Scrum team is also consisting of individuals with different roles and responsibilities who accept commitments and that way they help short-term programming and decision-making activities be strengthened [11]. Daily Scrum which is done day after day for managing affairs and harmonizing, checking and adaptation of activities [8] is a sign of individuals’ common feeling toward a goal and their interest in sharing their related experiences and knowledge, and it leads to learning during action through AAR, as well. Based on Milton’s model, learning after action, through retrospective, leads to collection of knowledge from all of the individuals engaged in project at the end of it for future use. Scrum team, in continuation of its activities, finishes Sprint through two activities accompanied by checking and adaptation named sprint revision and reconsideration. Sprint revision and reconsideration like retrospect as a mechanism in Milton’s model leads to gathering knowledge related to revision changes in future sprints and somehow learning after action through consideration of the accomplished activities. In the above-mentioned activities, guidance of Scrum Master in the form of consultant as a mechanism for facilitating knowledge interactions and face-to-face communications of the

228

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org team members in conventions covers viewpoints toward building communications and knowledge gathering in Milton’s model. Figure 3 shows adaptation of scrum activities and artifacts to Milton's knowledge management model as a presented framework.

People in Scrum roles

Knowledge assets

Action groups Product backlog

Sprint retrospective/ review Daily Scrum

Learning before action

Learning during action

Learning after action

Figure3. Adaptation of Scrum activities and artifacts to Milton's knowledge management model

5. CONCLUSION AND FUTURE WORK Agile software development, due to focus on shared collaboration and direct communications, has made developmental process to encompass specific activities and artifacts which have often not explicit descriptions. It indicates the need for mechanisms such as knowledge management capable of keeping dynamicity of the implicit knowledge as well as facilitating the process of sharing knowledge existing in activities. Therefore, the present study focused on adaptation of activities and artifacts existing in Scrum method to Milton’s knowledge management model. This adaptation showed that each of the activities and artifacts existing in Scrum, through adaptation to a part of Milton’s model, can be a mechanism for maintaining dynamicity of the implicit knowledge and resolve the problem of lack of an explicit description of production as a process in Agile methods within a range. As a future work, we want evaluate the proposed model in Scrum teams in the real environment. With the aim of measuring the efficiency of this model in the sharing of implicit knowledge. ACKNOWLEDGEMENT Special thanks to Islamic Azad University, Boroujen Branch, Iran, for providing support in order to complete this research. REFERENCES

1.

Beck, K., Beedle, M., Van Bennekum, A., Cockburn, A., Cunningham, W., Fowler, M., & Kern, J. 2001. The Agile manifesto.

2.

Gandomani, T. J., Zulzalil, H., & Nafchi, M. Z. (2014, September). Agile Transformation: What is it about?. In Software Engineering Conference (MySEC), 2014 8th Malaysian (pp. 240-245). IEEE. Yanzer Cabral, A. R., Ribeiro, M. B., & Noll, R. P. 2014. Knowledge management in Agile software projects: a systematic review. Journal of Information & Knowledge Management, 13(01), 1450010. Franky, M. C. 2011. Agile management and development of software projects based on collaborative environments. ACM SIGSOFT Software Engineering Notes, 36(3), 1-6.

3. 4.

229


5. 6. 7. 8. 9. 10. 11.

Hahn, I., Bredillett, C., Kim, G. M., & Taloc, M. 2012. Agility of project manager in global IS project. Journal of Computer Information Systems, 53(2), 31-38. Gandomani, T. J., & Nafchi, M. Z. (2015). An empirically-developed framework for Agile transition and adoption: A Grounded Theory approach. Journal of Systems and Software, 107, 204-219. Alliance, S. 2016. Learn about scrum. Scrum Alliance. Rubin, K. S. 2012. Essential Scrum: A practical guide to the most popular Agile process. AddisonWesley. Arvin, M., Akbari, M., & Moghimnejad, M. 2014. The study of various models of knowledge management. Kuwait Chapter of Arabian Journal of Business and Management Review, 3(9), 347-358. Ahmadi, A. A., Salehi, A. 2013. Knowledge management. Payamenoor University: Payamenoor, [in Persian]. Moe, N. B., Dingsøyr, T., &Dybå, T. 2010. A teamwork model for understanding an Agile team: A case study of a Scrum project. Information and Software Technology, 52(5), 480-491.

AUTHORS PROFILE Zeinab Tavakoli received Ms. of Software Engineering from Islamic Azad University, Khomein branch, Iran. Currently, she is lecturing in Islamic Azad University. Her research interests are Knowledge Management and Agile Software Development. Taghi Javdani Gandomani received his Ph.D. in Software Engineering from University of Putra Malaysia, Malaysia. His research interests in software engineering are Agile software development, development methodologies and empirical studies. He is an Assistant Professor in Islamic Azad University, Iran and has more than 15 years’ industry experience in software development. Majid Ghasemi is doing his Ph.D. in Computer Engineering in Science and Research Branch of Islamic Azad University, Iran. He is also a faculty member in Department of Computer Engineering, Farsan Branch, Islamic Azad University, Iran.

230


A short review of requirements gathering in agile software development 1

Israr Ghani, 2Muhammad Irfan Khan, 3Adila Firdaus Arbain 1,2

University of Arid Agriculture Rawalpindi, Pakistan Limkokwing University of Creative Technology, Cyberjaya, Malaysia Email: [email protected], [email protected], [email protected] 3

ABSTRACT Collecting, understanding, and managing requirements is a critical aspect in all the development methods. This is true for agile methods as well. In particular, several agile practices deal with requirements in order to implement them correctly and satisfy the needs of the client. These practices focus on a continuous interaction with the client, customer and end user to address the requirements evolution over time, estimate and prioritize them, and deliver the most valuable functionalities first. Understanding and satisfying every individual client necessities have been perceived as a squeezing challenge for programming enterprises. In order to produce high quality software products and meeting stakeholder’s requirement is a major challenge in software requirement. Poor pre-requisites and changes to necessities are one of the causes for project overrun and quality issues in the delivered software. The research shares some of the existing studies that deal with this question “How different existing agile methodologies manage requirements and how collaboration issue affects these steps in a project?” Keywords: requirements engineering; team collaboration; communication; agile software development; software quality; requirement management; 1.

INTRODUCTION

Agile development methodology is an approach used in software development which has become more popular during the last few years due to the introduction of agile manifesto [1]. As compared with traditional software development life cycle (SDLC), effective collaboration and requirements gathering with team collaboration is a fundamental component for agile based development [2-6]. Agile software development is iterative and incremental development where you do development in small iterations. It attempts to provide many opportunities to assess the different stages of a project throughout the software development life cycle. There are a number of methods used by agile teams such as Scrum, eXtreme Programming (XP), Feature Driven Development (FDD), Dynamic System Development Method (DSDM), Kanban, Lean and Crystal. These methods aim to deliver software faster and ensure that the software meets customer’s changing needs and expectations. Agile methodologies focus on skills, communication and community clarifying the roles of customers, managers and developers for a more satisfying and productive relationship. Requirements gathering & communication is accepted as one of the most crucial stages in software engineering as it addresses the critical problem of designing the right software for the stakeholder. Agile development works in a different manner than tradition methods [2, 7]. Instead of specifying everything before you start developing, one need to take a small portion of the most important features and only specify and implement those. Requirement gathering is different for different methods [8, 9], but user story method is the most popular one used by many agile teams as shown in the Figure 1 below [10].

Figure. 1 User story in agile development [10]

231

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org Requirement specification is an iterative process that continues until the customer is satisfied with the product. By using this method, it is easier to react to changes and can have a better estimate and better control on the development leading towards a quality product and customer satisfaction. There are a number of agile methods that offer the ways to collect and analyse requirements. Some of these are discussed in the following section. 2.

REQUIREMENTS GATHERING IN AGILE METHODS This section discussed four most popular agile methods that offer requirements gathering. 2.1 Scrum and requirements gathering

Scrum is an agile approach to software development. It has been found out that Scrum is very beneficial when applied to small and medium projects. Rather than a full process or methodology, it is a framework which instead of providing complete, detailed descriptions of how everything is to be done on the project, much is left up to the team, because the team will know best how to solve its problem. For example, in a sprint planning meeting the discussion about requirements is in terms of the desired outcome (a commitment to set of features to be developed in the next sprint). Scrum relies on a self-organizing, cross-functional team. There is no team leader in a scrum team who decides which person will do what. The development begins with the discussion about requirements and user stories by the product owner. Based on this the developers try to have a clear idea of what to develop. It means product owner gathers the requirements and analysis is performed with the team during the project inception, sprint planning and review meetings. Still there are such issues? 2.2 XP and requirements gathering One objective for the agile methods is to lower the cost of changing requirements. Requirement gathering in XP addresses this issue by simplifying management tasks and documentation while the traditional software engineering places more emphasis on strict control and extensive documentation. In order to achieve simplicity, XP uses an iterative and incremental software process and very short development cycles. Here are XP practices namely: • • • • • • • • • • •

planning game small releases metaphor pair programming refactoring collective code ownership on site customer continuous testing simple design continuous integration and coding standard [11, 12].

2.3 FDD and requirements gathering Discovering list of features is a critical process. The quality of this step largely defines how precise the project will be tracked, how maintainable and extensible the code will be. This process requires full-time participation of customers. FDD includes: • • • • • • • •

the principle of least privilege the principle of failing securely the principle of securing the weakest link the principle of defence in depth the principle of separation of privilege the principle of economy of mechanism the principle of least common mechanism and the principle of complete mediation [13, 14].

232

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org 2.4 DSDM and requirements gathering Agile methods can be beneficial when combined with distributed development. This helped in reducing the cost involved and access to skilled resources. The main objective is to develop high quality products at lower cost than colocated developments by optimizing the resources sometimes, [15-17] the search for competitive advantage forces organizations to search for external solutions. Project and process management issues as high organizational complexity, scheduling, task assignment, and cost estimation becomes more problematic in distribute environments as a result of volatile requirements, changing specifications, cultural diversity, and lack of informal communication. Managers must control the overall development process, improving it during the enactment and minimizing any factors that may decrease productivity. 3.

COMPARISON OF APPROACHES

This section summarizes the strengths and weaknesses of existing agile approaches in relation to requirements gathering. Table 1 highlights the comparison of different approaches in the domain of agile software development. Table. 1 Comparison of approaches Approach [11] Online serious games in distributed requirements gathering.

Strengths 1. Enhances individuals’ creativity, and therefore customers are able to provide more innovative ideas about the software to be developed.

Limitations 1. Still need excessive involvement of different customers until an agreement is achieved.

2. Rich ICT mediated tool facilitates collaboration and off-site communication between software stakeholders, which might lead to effective requirements communication in distributed projects [13] Hybrid user-requirements and interface evaluation.

[15] Groom and prioritises.

Using prototypes and User interfaces to navigate the client in using the desired system and the gather the real requirements that the clients really need.

1. Users must be familiar with the prototypes navigation and that will take some effort and time.

1. Product backlog continuously evolving.

1. Rely on human skills and experience especially the role of product owner, not much on the setup approaches.

2. Priorities based on set of experiences that product owners have. [12] Method for Elicitation, Documentation and Validation of software user requirements (MEDoV)

1. Helps to prioritize the gathered requirements. 2. Requirements gathering is based on the business objectives. 3. No unwanted features will be created based on the method of requirement gathering that this approach propose.

2. Different navigation results from different types of users. Do not solve the issues of distributed stakeholders.

1. Excessive formal documentation that needed in order to gather the requirements. 2. Wasted efforts in understanding the whole individual Key Performance Index (KPI) for each requirement.

3.1 Critical analysis of solutions in agile requirement gathering Table 1 provides comparison of approaches investigated in the perspective of their strengths and weaknesses. Identification of agile approaches for requirement gathering needs the solution of problems related with the agile requirement gathering.

233

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org a) Collaboration A number of stakeholders involve in the agile and require the collaboration on every phase of iteration. Customers collaborate with the stakeholders and discuss the concerns of every stakeholder before reaching an agreement. Communication and coordination between stakeholders create a common vision also known as collaborative activity. Thus, socio-technical issues are resolved by discussion between stakeholders [18]. b) Requirement dependencies Requirement dependency is an issue that is not explored in the literature. Dependencies are considered to be the risk for the cost-effective execution of projects. Success and cost reduction of a project highly depend upon the identification of dependencies. Detecting the dependencies as early as possible is key for high gains. For a small sized project with the limited number of requirements, every member in a development team knows the dependencies between requirements. However, a large sized project with many stakeholders have a large number of dependencies. This is an area which requires more attention of researchers to find the solution of this issue. In [19] researchers presented their findings in an empirical study on dependencies for agile requirements. Some of the recommendations they made in the study included as that continuous collaboration and communication for an agile method were found to be critical to reduce the risk produced from requirements’ dependencies. c)

User stories

User story in agile methodology promotes the collaboration between software development team and customers. Storytelling is employed where a customer tells about the capability or needs based on an acceptance criterion. Thus, storytelling is a good source to establish the link between software stakeholders. Demonstration and iterations of storytelling continue until a customer tests and accepts the requirements. Storytelling has created more understanding and clear requirements as customers are in the immediate access. Acceptance criteria is set when a story is created. This acceptance criterion provides information that when a software is completed. It also tells that when a story is added to a sprint to adjust the acceptance criterion. Acceptance criterion also includes the specific performance, usability requirements, validation requirements and metrics. Research [20] proposes to add these requirements to a story is as to define the testable and measurable criteria for customers. In [21] it has been stated that requirement gathering processes are easier and reliable because customers meet directly with the developers in the agile software development. An individual’s memory keeps the information about discussion between the customers and team developers. In a traditional requirement gathering, a developer is not directly involved in process of requirement gathering. There may arise issues of lack of complete information between customers and requirement engineers. This issue has been resolved by clarifying and evolving the requirements in the agile software development. 4.

CONCLUSION

This research concentrates on the collaboration practices around requirements engineering and team collaboration within an agile time specifically to perform in depth analysis of issues related to communication in requirement gathering in agile-based software development. The most crucial skill is effective communication for agile-based requirements engineering methodology as it plays a vital role to deliver and accept information from both parties; software project team and stakeholders. This research also includes requirements envisioning, strategies, and modelling of a creative teamwork in agile-based development, the structure that the team adopts and specially the different roles that the methodology advises to define to validate the proposed model for effectiveness of communication, although communication analysis is an information system but this research defines a requirement gathering with communication method that proposes a model for effectiveness of communication strategies in agile with a flow of activities and a requirements structure. It also discusses the issues on communication in requirement gathering in agile software and disparity between the stakeholders which affects the agile-based software development project as a whole. The outcome of the requirements gathering process will be reported and analysed for future improvements and enhancements in agile-based software development. ACKNOWLEDGEMENT Authors gave special thanks to University of Arid Agriculture, Rawalpindi, Pakistan and Limkokwing University of Creative Technology, Cyberjaya, Malaysia for providing support and facilities to complete this research.

234

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org REFERENCES 1. 2. 3. 4. 5. 6.

7. 8. 9. 10. 11. 12.

13. 14. 15. 16. 17. 18. 19.

20. 21.

Alliance, A., Agile manifesto. Online at http://www. agilemanifesto. org, 2001. 6(1). Mahalakshmi, M. and M. Sundararajan, Traditional SDLC Vs Scrum Methodology–A Comparative Study. International Journal of Emerging Technology and Advanced Engineering, 2013. 3(6): p. 192-196. Helmy, W., A. Kamel, and O. Hegazy, Requirements engineering methodology in agile environment. International Journal of Computer Science Issues, 2012. 9(5): p. 293-300. Vithana, V., Scrum Requirements Engineering Practices and Challenges in Offshore Software Development. International journal of computer applications, 2015. 116(22). GILLANI, S.M., S. QADRI, and M. FAHAD, Customer Oriented Requirement Engineering By Using Scrum Methodology. International Journal of Natural & Engineering Sciences, 2014. 8(3). Carlson, D. Practical Agile Requirements Engineering. 2010 [cited 2017 05/04/2017]; Available from: https://ndiastorage.blob.core.usgovcloudapi.net/ndia/2010/systemengr/WednesdayTrack1_11106Matuzik.p df. Elshandidy, H. and S. Mazen, Agile and traditional requirements engineering: A survey. International Journal Of Scientific & Engineering Research, 2013. 9. Kennaley, M., SDLC 3.0: Beyond a Tacit Understanding of Agile, Towards the Next Generation of Software Engineering. 2010: Fourth Medium Press. De Lucia, A. and A. Qusef, Requirements engineering in agile software development. Journal of Emerging Technologies in Web Intelligence, 2010. 2(3): p. 212-220. FAQs, A. Two Days Authoring User Stories Workshop. [cited 2017 23/06/2017]; Available from: https://agilefaqs.com/services/training/user-stories. Ghanbari, H., J. Similä, and J. Markkula, Utilizing online serious games to facilitate distributed requirements elicitation. Journal of Systems and Software, 2015. 109: p. 32-49. Dragicevic, S., S. Celar, and L. Novak. Use of Method for Elicitation, Documentation, and Validation of Software User Requirements (MEDoV) in Agile Software Development Projects. in Computational Intelligence, Communication Systems and Networks (CICSyN), 2014 Sixth International Conference on. 2014: IEEE. Bias, R.G., The HURIE Method: A Case Study Combining Requirements Gathering and User Interface Evaluation. User-Centered Design Stories: Real-World UCD Case Studies, 2010: p. 163. Anwer, F. and S. Aftab, SXP: Simplified Extreme Programing Process Model. International Journal of Modern Education and Computer Science (IJMECS), 2017. 9(6): p. 25-31. Bass, J.M., How product owner teams scale agile methods to large distributed enterprises. Empirical Software Engineering, 2015. 20(6): p. 1525-1557. Al-Zewairi, M., et al., Agile Software Development Methodologies: Survey of Surveys. Journal of Computer and Communications, 2017. 5(05): p. 74. Shrivastava, S.V., Distributed agile software development: A review. arXiv preprint arXiv:1006.1955, 2010. Inayat, I., S.S. Salim, and Z.M. Kasirun. Socio-technical aspects of requirements-driven collaboration (RDC) in agile software development methods. in Open Systems (ICOS), 2012 IEEE Conference on. 2012: IEEE. Martakis, A. and M. Daneva. Handling requirements dependencies in agile projects: A focus group with agile software development practitioners. in Research Challenges in Information Science (RCIS), 2013 IEEE Seventh International Conference on. 2013: IEEE. Huckabee, W.A., Requirements engineering in an agile software development environment. Defense Acquisition Research Journal, 2015. 22(4): p. 394-415. Abdullah, N.N.B., et al. Communication patterns of agile requirements engineering. in Proceedings of the 1st workshop on agile requirements engineering. 2011: ACM.

AUTHORS PROFILE

235


A survey of agile development methods and tools in cloud environment 1

Muhammad Younas, 2Dayang N.A. Jawawi, 3Israr Ghani, 4Muhammad Irfan Khan, 5Imran Ghani 1,2

Universiti Teknologi Malaysia, Johor, Malaysia University of Arid Agriculture Rawalpindi, Pakistan 5 School of IT, Monash University Malaysia, Bandar Sunway, Malaysia 1 Email: [email protected], [email protected], [email protected], [email protected], 5 [email protected] 3,4

ABSTRACT Agile processes such as Scrum and eXtreme Programming (XP) are different from conventional software development life cycles (SDLC) like waterfall and spiral. The iterative development by making use of short development cycles, continuous integration of software versions, frequent feedback, customer involvement, team collaboration and adaptive planning to requirement volatility are the factors that make these processes different and popular. However, the environments where agile processes are executed are traditional (desktop or Intranet based), which require prolonged manual setup time to requirements, design, build, test and deploy a software project causing major delays. The traditional environments are also expensive, face issues related to timely availability and scalability, and hard to react to change (on-demand customization). This bring into account the need of a new end-to-end approach to support agile-based software production supported by major processing power, build, deploy and test capabilities. Based on our investigation, this can take place efficiently by making use of cloud service models such as Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). Thus, this paper attempts to investigate the above-mentioned issues and shares the findings obtained from the existing literature. Keywords: agile software development; cloud computing; survey; XP; SCRUM; agile tools; 1.

INTRODUCTION

Agile processes [1-3] such as Scrum [4] and eXtreme Programming (XP) [5, 6] make use of short development cycles, continuous integration of software versions, frequent feedback, customer involvement [7], team collaboration [8, 9]. On the other hand, use of cloud service models such as Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS) is growing fast in the agile development environment [10]. Academically, however, based on our previous survey [11], the findings show there are only a few literature reviews available that cover cohesively on these two cutting edge components of state-of-the-art software research i.e., agile team, agile methods or practices and cloud computing [12, 13]. Figure 1 presents a simple depiction of composition of agile team, methods and cloud services. Based on this Figure 1, a software team first must learn the agile concepts, methods and practices and start practicing agile without cloud-based tools. Once they are comfortable with the idea, methods and practices of agile then they may proceed to adopt cloud services for end-to-end software development and deployment.

Figure. 1 Interaction model: agile team, agile methods and cloud service

236

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org In order to implement the above depicted interaction model, our findings reveal that none of the proposed models is suitable to cover the needs of an end-to-end agile software development, and deployment in cloud environment. This gap has also been revealed in [7, 14]. Besides the gaps in existing approaches, the tools support pose significant difficulties for agile adoption in cloud computing [11, 15]. Though, there are a number of tools available that separately support agile development such as Jira [16], Confluence [17], and Trello. On the other hand, there are some quick development environments like: Nitrous.io [18] and Google App Engine [19]. However, these tools work in an isolated way for agile teams. For instance, the agile teams have to create project management in Jira or AgileBench and then decide which sprint should be built, tested, and deployed using available performance or security cloud service. Then, the build, test and deployment is processed using Nitrous.io [18], Google App Engine [19], for instance. This approach is quite inconvenient practically. One question comes to our mind is: which agile method is more critical to be supported by agile services? In order to find more on this, let us proceed to the next section. 2.

MOST POPULAR AGILE METHODS: SCRUM AND XP

According to a couple of surveys conducted by [11, 20, 21] in 2012, 2013 and 2016 respectively, the percentage of agile methods selection and adoption by software development communities and organizations around the world shows that Scrum is still the most popular method among all. Whereas a mix of Scrum and XP practices is the second most popular. Figure 2 from [21] shows that 58% companies/communities use Scrum for their software development.

Figure. 2 Most popular agile methods [20] Though, in spite of the importance of Scrum and XP as noted in the above mentioned studies, the effectiveness of using cloud environment for any other agile development method is also undisputed, but understanding the detailed mechanisms, activities and patterns that support this cohesion is less well-understood [9, 22]. Academically, there is a need to explore the existing studies and find research gaps in both the domains: agile development and cloud environment as shown in intersected area of two circles given in Figure 3.

Figure. 3 Domain of agile methods and cloud computing

237


DISCUSSION ON AGILE DEVELOPMENT IN CLOUD ENVIRONMENT

The agile methods depend on the interactive communication between developers and customers. On-premises, it is easy to establish communication and interaction, however, in distributed environment it is difficult. Cloud computing helps by providing different means of communication between user and software team such as file sharing, idea sharing, and discussion forums, wikis , real-time reports and code sharing [23]. Project management tools, code management and testing tools are provided as Software as a Service (SaaS). For project development and deployment different IDEs and platforms are provided through Platform as a service (PaaS) in the cloud computing. Several studies claim that cloud computing helps in agile methods. In addition, Emails [24], Skype chat [12, 25, 26], and video conferencing, cloud telephony by Amazon Web Service (AWS) [27] are also used for communication. After intensive review of existing studies, we have developed the block diagram to show agile development in cloud computing environment as shown in Figure 4. The block diagram shows that the framework consists of four artefacts to practice agile software development in cloud computing environment. Collection of communication and collaboration tools help for communication among all stakeholders of project. Collection of code repositories help for managing different versions of code belonging to distributed teams. Agile tools help in managing project management activities. Collection of cloud platforms helps in facilitating different hardware and software resources.

Figure. 4 Artefacts to show agile development in cloud computing There are only a few researches closely linked to agile development in cloud environment [4, 10, 12, 13, 25, 2830] as presented in Table 1.

238

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org Table. 1 Features and limitations of existing studies Paper # [4]

Features More than 15 tools are analyzed

[12]

• • • •

[13]

•

[10] [25]

• •

[28]

•

[29]

• Automated Build, Test, Deployment in the Cloud

[30]

• Investigated the effects of cloud software’s agile development in the area of client services in a New Zealand tertiary institution.

Cloud emphasized tools Agile emphasized tools Mentioned the need of a service to support fast iterative development through ubiquitous access to resources for team members Briefly discussed about benefits of cloud being an Agile accelerator and enabler of better business outcome Briefly discussed 4 maturity levels in SaaS architecture Fig. 4 is the most important Figure that shows comparison of duration of application development when using agile methods without and with cloud computing Figure 4. is the most important figure that shows a Cloud Based Agile Application Development Lifecycle

Limitations • Mentioned about the need of a new tool • New tool is not introduced • New service or model is not introduced • New service or model is not introduced • New service or model is not introduced • One application was developed but no new sharable service or model is not introduced • ACD model is proposed. But a few claims have been made without describing the experiments and results analysis. • A useful tool proposed: TeamForge by CollabNet • Limited to survey-based feedback gathered for staff development

The research in [25] focuses on Dynamic System Development Method (DSDM) only which is least used agile method based on the results revealed by recent surveys [11, 20, 21]. Authors of [28] proposed a model called Cloud Based Agile Application Development Lifecycle. However, they did not support their findings based on any case study or experiment. For instance, it has been mentioned that with ACD work load is highly utilized and stable and development cycle time is shortened up to 75%. Yet, no experiment or case study has been provided to prove it. Another related survey about agile and cloud tools is conducted in [4]. This survey summarizes the tool support for agile methods. In this study, authors classify the cloud-based agile tools into two main categories: agile emphasized tools and cloud emphasized tools. The former category emphasizes more on agile related features like agile project management, agile methods and less emphasize on cloud. The later one emphasizes more on cloud features such as PaaS, IaaS, SaaS, and DevOps but there is less emphasis on agile development. 4.

CHALLENGES IN AGILE DEVELOPMENT AND CLOUD COMPUTING ENVIRONMENT

With respect to limitations or hurdles introduced due to inclusion of cloud computing reported by several studies are as follows. 4.1 Overhead of cloud provider In agile software development, requirement gathering involves customers, users and developers but due to cloud computing environment now cloud provider also included in this activity [31, 32]. Cloud provider will know the size, architectures detail, virtualization strategy and infrastructure usage. Virtualization technique is used to cater many customers parallel. To fulfill the high demand of customer quality of service agreement required. Cost estimation also depends on cloud provider because cloud provider will estimate the cost of infrastructure. 4.2 Communication and coordination among cloud provider and software engineer It's hard to establish the interaction between a software engineer and cloud provider [31-33]. The amount of interaction depends on the type of cloud. In private cloud, the user has more power of governance and requires less interaction than public cloud. Software engineers feel comfortable with private cloud due to security and liberty, but it is costly.

239

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org 4.3 Security threat The study S19 reported that the security is a major concern in cloud computing, the threat can be due to data and code ownership. The enterprises feel uncomfortable in residing their data on public cloud S17. Furthermore, client interfacing groups deal the hosting on the public cloud that causes the security threat for enterprises regarding confident data [33, 34]. The study [35] and [28] addressed the issue of data privacy using private cloud but the scalability is an issue on the private cloud in term of increasing cost. 4.4 Lock-in and interoperability concerns In cloud computing, the big issue is interoperability, there are no universal standards or interface defined for collaboration among different cloud platforms. Each cloud provider has its own services. It is very difficult to select cloud service. After selecting cloud vendor, change of vendor leads to vendor’s lock-in. The studies [28, 31, 36, 37] reported about this issue. 4.5 Overhead of changed environment The software developer’s community feels uncomfortable in a new cloud computing platform without appropriate guidance and understanding for effective use of cloud computing standard architecture [36]. The study [35] reported that extra effort is spent by the team to search the open libraries for developing mobile cloud application. Then an extra effort is needed for modification and integration in existing code. 4.6 Lack of practical experience In most of the empirical studies, facilitation of cloud computing in agile software development practices are in theory, there is lack of actual practical aspect and challenges [27]. The no-technical problems such as inadequate training and poor leadership are pointed out by industry experts. The study [36] reported that it is difficult to find the enterprise having agile development methodology and cloud environment that can answer the question related to process practices (such as efficiency and productivity). 4.7 Requirement for online connectivity One challenge of cloud computing is to maintain an environment for different stakeholders of organization [27, 36]. This provision increases the cost of development. In addition, the provision of a platform for development and testing environment also increases cost. 4.8 Development environment safety During development, the team used tools in public domain which may expose code, built data and configuration files leading to huge risk in terms of security and project confidentiality [27, 35]. 4.9 Identity and access management Web hosting on AWS cloud is in public domain, thus it is a concern among users of hosted web portals. This will allow access to the user of one web portal to the user of some other web portal and hence prone to false identification and unauthorized access [27, 28, 33]. 4.10 Compliance to legal standards In European Union (EU), they practice legal standard regarding security and ownership of organizations data [27, 37]. Public cloud set up is not acceptable there. This is a challenge for global companies. 4.11 Quality concerns The study [27] reported that in cloud computing environment there is enhancement regarding cost and time however with respect to quality, on- premise software development produce quality software as compared to cloud environment due to security concerns. Communication and security threat is reported by the majority of the primary studies as a threat in this area. Change environment for software engineers is also a disturbing challenge.

240


CONCLUSION

This paper presents a survey on agile development methods and tools that can be used in a cloud environment for effective and efficient performance. We have surveyed 37 papers in relation to this topic and could only found 18 papers which are closely related to the subject of this paper. Though, there are a few commercial tools available that support agile development in cloud environment such as TeamForge, SourceForge, Jira, Confluence and so on. However, there are not sufficient models, approaches, or techniques to address the challenge of end-to-end management (from user story to software deployment). The traditional (non-cloud) environments are time consuming, expensive, face issues related to timely availability and scalability, and hard to react to change (on-demand customization). Hence, there is a need to propose end-to-end process management approaches for agile-based projects in the cloud environment. Agile software development in cloud computing environment is a growing area of research. Although it has a number of challenges and major contribution in this area is shown by the cloud providers. However, there is a significant number of studies reported the benefits of cloud in agile software development. Cloud computing seems the natural alliance for agile software development. With the advancement in cloud computing, the challenges in this area will be minimized. ACKNOWLEDGMENT This research work is supported by the Ministry of Science, Technology and Innovation (MOSTI) Malaysia under the eScience Grant vote: 4S113. Moreover, the facilities for this research have been provided by Universiti Teknologi Malaysia (UTM) and Monash University Malaysia. REFERENCES 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12.

13. 14. 15. 16. 17. 18.

Nicolaysen, T., et al., Agile Software Development: The Straight and Narrow Path. Security-Aware Systems Applications and Software Development Methods, 2012: p. 1. Cockburn, A., Agile software development. Vol. 177. 2002: Addison-Wesley Boston. Haberfellner, R. and O. Weck. 10.1. 3 Agile SYSTEMS ENGINEERING versus AGILE SYSTEMS engineering. in INCOSE International Symposium. 2005: Wiley Online Library. Younas, M., et al., A survey of Cloud-based Agile Tools, in The 7th International Conference on Internet (ICONI). 2015: Malaysia. Beck, K., Extreme programming explained: embrace change. 2000: addison-wesley professional. Chong, J. Social behaviors on XP and non-XP teams: a comparative study. in Agile Conference, 2005. Proceedings. 2005: IEEE. Sharp, H. and H. Robinson, Three ‘C’s of agile practice: collaboration, co-ordination and communication, in Agile Software Development. 2010, Springer. p. 61-85. Stavru, S., I. Krasteva, and S. Ilieva. Challenges of Model-driven Modernization-An Agile Perspective. in MODELSWARD. 2013. Krasteva, I., S. Stavros, and S. Ilieva. Agile Model-Driven Modernization to the Service Cloud. in The Eighth International Conference on Internet and Web Applications and Services (ICIW 2013). Rome, Italy. 2013. Reddaiah, B., V.H. Sree, and T. Lokesh, Saas as a Cloud Service for Agile Development. Academia. The State of Agile Software Development Bulgaria. 2013 [cited 2016 05/11/2016]; Available from: http://www.academia.edu/3487101/The_State_of_Agile_Software_Development_Bulgaria_2013. Zarinah, I.I.S.S.S. and M. Kasirun, AGILE-BASED SOFTWARE PRODUCT DEVELOPMENT USING CLOUD COMPUTING SERVICES: FINDINGS FROM A CASE STUDY. Science International journal (Lahore), 2013: p. 1045-52. Shriver, R., Agile Cloud Development. The Virtualization Practice, LLC, 2012. 4. Tignor, W.W. Agile project management. in International Conference of the System Dynamics Society, Albuquerque, NM. 2009. Lynch, M., T. Cerqueus, and C. Thorpe. Testing a cloud application: IBM SmartCloud inotes: methodologies and tools. in Proceedings of the 2013 International Workshop on Testing the Cloud. 2013: ACM. Atlassian. Agile Tools for Software Teams. [cited 2016 15/11/2016]; Available from: https://www.atlassian.com/software/jira/agile. Atlassian. Confluence. [cited 2016 12/01/2016]; Available from: http://www.atlassian.com/Confluence. Nitrous. Nitrous.IO. [cited 2016 15/11/2016]; Available from: https://www.nitrous.io/.

241

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org 19. 20. 21. 22.

23. 24. 25. 26. 27. 28.

29.

30. 31. 32. 33.

34.

35. 36. 37.

Google. GOOGLE APP ENGINE. [cited 2016 10/02/2016]; Available from: https://cloud.google.com/appengine/. CUNNINGHAM, L. State of Agile: Still Scruming After All These Years. 2016 [cited 2016 01/11/2016]; Available from: https://blog.versionone.com/state-of-agile-report-scrum-methodology/. VERSIONONE, The 10th Annual Sate of Agile Report. 2016. Luo, X., K. Tian, and X. Xu. Technology base and management pattern of agile product development. in Wireless Communications, Networking and Mobile Computing, 2008. WiCOM'08. 4th International Conference on. 2008: IEEE. Singh, S. and I. Chana, Introducing agility in cloud based software development through ASD. International Journal of u-and e-Service, Science and Technology, 2013. 6(5): p. 191-202. Franken, S., et al., CloudTeams: Bridging the Gap between Developers and Customers during Software Development Processes. Procedia Computer Science, 2015. 68: p. 188-195. Kalem, S., D. Donko, and D. Boskovic. Agile methods for cloud computing. in Information & Communication Technology Electronics & Microelectronics (MIPRO), 2013 36th International Convention on. 2013: IEEE. Qureshi, M.R.J. and I. Sayid, Scheme of Global Scrum Management Software. International Journal of Information Engineering and Electronic Business, 2015. 7(2): p. 1. Manuja, M. Moving agile based projects on Cloud. in Advance Computing Conference (IACC), 2014 IEEE International. 2014: IEEE. Nazir, A., A. Raana, and M.F. Khan, Cloud Computing ensembles Agile Development Methodologies for Successful Project Development. International Journal of Modern Education and Computer Science, 2013. 5(11): p. 28. Willie. Reinforcing Agile Software Development in the Cloud. 2012 [cited 2016 30/12/2016]; Available from: https://www.open.collab.net/media/pdfs/CollabNet%20Whitepaper_Reinforcing%20Agile%20Dev%20in% 20the%20Cloud.pdf. Sinclair, B., The impact of cloud software’s agile development on staff roles and delivery of client services: A case study of the University of Auckland Libraries & Learning Services. 2015. Guha, R. and D. Al-Dabass. Impact of web 2.0 and cloud computing platform on software engineering. in Electronic System Design (ISED), 2010 International Symposium on. 2010: IEEE. Patidar, S., D. Rane, and P. Jain. Challenges of software development on cloud platform. in Information and Communication Technologies (WICT), 2011 World Congress on. 2011: IEEE. Raj, P., V. Venkatesh, and R. Amirtharajan, Envisioning the cloud-induced transformations in the software engineering discipline, in Software Engineering Frameworks for the Cloud Computing Paradigm. 2013, Springer. p. 25-53. Durrani, U., et al. Lean traceability solution through SLAM model: A case study of a hybrid delivery team in a hybrid cloud computing environment. in 22nd Australasian Software Engineering Conference: ASWEC 2013. 2013: Engineers Australia. Almudarra, F. and B. Qureshi, Issues in adopting agile development principles for mobile cloud computing applications. Procedia Computer Science, 2015. 52: p. 1133-1140. Mwansa, G. and E. Mnkandla. Migrating agile development into the cloud computing environment. in Cloud Computing (CLOUD), 2014 IEEE 7th International Conference on. 2014: IEEE. Karunakaran, S., Impact of cloud adoption on agile software development, in Software Engineering Frameworks for the Cloud Computing Paradigm. 2013, Springer. p. 213-234.

AUTHORS PROFILE

242


Computer-aided diagnosis psoriasis lesion and other skin lesions using skin texture features and combination 1

Tanya Shakir Jarad, 2Ali J. Dawood, 3Zainab Hafedh Meteab

1,1

Department of Computer Science, College of Computer Science and Information Technology, University of Anbar, Anbar, Iraq, 3 Ramadi teaching Hospital, Ramadi, Anbar, Iraq College of Medicine Dermatologist, University of Anbar, Anbar, Iraq Email:[email protected], [email protected], [email protected] ABSTRACT Psoriasis is one of the weakening and persisting incendiary skin lesions. Frequently confused as a casual skin thickness, it is evaluated that approximately 125 million people overall endures because of this disease. The case is exacerbated when there is no known cure in the status norm. The common classification of psoriasis has been considered as unexpectedly separated, scaly and erythematous plaque at patient's skin. This lesion could follow anyplace on the human body. Diagnosis of psoriasis requires an experienced specialist in the field of dermatology because of the presence of other skin diseases similar to a large extent which lead to majority cases of an error in diagnosis. The purpose of this study is to establish a diagnosis system of psoriasis lesion to ease the role of the physician in diagnosis by providing better and more reliable results, to support the expert's decision to diagnose the lesion, especially doctors with little experience. In this paper, the researcher is interested in the diagnosis psoriasis lesion by using texture features and combination. Aggregate 220 image samples (70 healthy, 50 other skin lesions and 100 diseased) of psoriasis patients are used in our database. Machine learning approaches like Artificial Neural Network (ANN) classifier and Support Vector Machin (SVM) are used to obtain optimized performance. The proposed Computer-Aided Diagnosis (CADx) system shows optimal performance of 90.9% accuracy, 86.9% sensitivity and 87.7% specificity for texture feature combine RGB-Local Binary Pattren, Color Coocurrance Matrix and Gabor filter algorithms. CADx system became a tool for physicians and therefore it is important to have accurate and reliable CADx system. The presented texture features powerful in psoriasis disease classification. The experiments for all the aforementioned feature combination models using a combination of color and texture provide accurate results than using the single feature. Keywords: classification; texture features; combination; color-texture feature; Psoriasis lesion disease; color images; 1. INTRODUCTION Psoriasis is a constant skin disease influencing around 125 million individuals overall [1]. The predominance of psoriasis in various topographical areas, for example, Europe, USA, Malaysia and India are around 0.6% to 6.5% [2], 3.15% [2], 3% [3] and 1.02% [4], respectively. It can impact the patients' personal satisfaction because of its humiliating physical appearance [5]. This outcomes in expanded danger of thinking about suicide (~ 30%) which makes it a similarly hazardous sickness at standard with misery, coronary illness and diabetes [6]. Psoriasis shows up in an assortment of structures, specifically plaque, guttate, inverse, pustular, and erythrodermic. In 80% of the cases, plaque is observed to be the most widely recognized types of psoriasis [7] and in this manner the work displayed in this paper is engaged in five sorts of psoriasis lesion. Dermatologists by and large take after visual examination and the feeling of touch to anticipate the seriousness which requires talented preparation for better determination and investigation. Still the subjective appraisal is wasteful, unreliable and a difficult procedure. Subsequently, a ComputerAided Diagnosis (CADx) system could be valuable in clinical applications. Throughout the years, researchers created a considerably lot of CADx systems for the diagnosis of different skin lesions pictures. The model diagnosis psoriasis lesion vs. other similar skin diseases psoriasis lesion, the model must be with high accuracy because wrong diagnosis is dangerous for patient’s life. The proposed support system with more features depending on the texture features will give higher accuracy. These features are interactive for distinguishing between psoriasis lesion vs. other skin lesions.

243


2. RELATED WORK In diagnosis of skin lesions using image processing the important task is to detect the skin. In addition, the ANN can be effectively used to work with medical images in correct skin lesion diagnosis. Vimal K. Shrivastava et al [4] presented a review on the CADx system for psoriasis lesion severity risk stratification. In the introduced study, the goal is to present the psoriasis CADx a system utilizing distinctive different feature sets. Jason Brand et al [8] presented comparasion of three different methods for skin detection. Researchers utilized simple ratios and color space transforms and numerically efficient approach based on a 3-D RGB probability map. Anal Kumar Mittra et al. [9] Low cost and effective automatic system for recognizing lesion conditions of human skin had proposed by analyzing skin texture images utilizing a set of normalized symmetrical Gray Level Co-occurrence Matrices. Where the color and texture features play important role in diagnosis of skin diseases. 2013, Al Abbadi et al. [10] utilized skin color and texture features to classify skin texture from non skin texture. 3. MATERIALS AND METHODS 3.1 Materials In this research work, we have gathered colored imageries from the psoriasis section of Ramadi teaching Hospital, Ramadi, Anbar under the supervision of a dermatologist. The images were processed in Joint Photographic Expert Group (JPEG) format with color depth of 24 bits per pixel. For this work, a total of the image includes 220 psoriasis color images that amounted in a total of 120 samples (70 normal and 50 other skin diseases (Eczema, Herpes Zoster, Scarlet Fever, Measles and skin cancer)) and 100 psoriasis lesion cases with 200*200 pixels. Figure 1 shows the samples of the skin.

(a) (b) (c) Figure. 1 (a) Normal skin. (b) Abnormal skin (Psoriasis lesion). (c) Other skin lesions (Eczema, Herpes Zoster, Scarlet Fever, Measles and skin cancer) 3.2 Methods 3.2.1 The proposed framework Computer-Aided Diagnosis (CADp) framework is proposed by utilizing color and texture features and their combinations. There is an aggregate of 220 image samples in our database. Machine learning approaches like ANN and SVM classifiers are used to obtain optimized performance and comparisons between results. Combinations of features are powerful in psoriasis lesion classification, when combined, the machine learning model performs the best.

244

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org The model is automated, reliable and accurate. We have formed sets of feature combinations of features for accurate classification. Our CADp uses the machine learning paradigm based on ANN and SVM classifieers as shown in Figure 2.

Figure. 2 Proposed system for the psoriasis lesion diagnosis a) Feature extraction Feature extraction generally derives features according to the classification guidelines of the current problem. The derived features are called the raw features, and there is the difference between the abnormality segmentation and the diagnosis decision making problems. For the abnormality segmentation task, directly extracted features from images include color and texture. Color features are descriptors of the color information digitized by an imaging modality, and texture features describe regional color intensity changes and color correlation. In this stage, extracting characteristic of the initial set of measured data and building derived values (features) is intended to be a useful and non-redundant, the purpose is to facilitate the learning and dissemination of the subsequent steps leading to a better explanation. The feature extraction in the field of image processing is useful in classification and recognition of images [11, 12]. The main objective of the model is to compare the color and texture features in the classification of psoriasis disease vs. other skin diseases framework. Figure 3 shows the feature extraction stage.

Figure. 3 Feature extraction with different algorithm

245

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org We have made fourteen sets of feature and their combinations of five color and texture sets of features, i.e., (1) RED COLOR + THREE COLOR (FC1); (2) CCM + GABOR (FC2); (3) LBP + GABOR (FC3); (4) CCM + LBP + GABOR (FC4); (5) CCM + LBP (FC5); (6) THREE COLOR + CCM (FC6); (7) THREE COLOR + CCM + GABOR (FC7); (8) THREE COLOR + CCM + LBP + GABOR (FC8) and (9) RED COLOR + THREE COLOR + CCM + LBP + GABOR (FC9). We have performed nine experiments for all the afore-mentioned feature combination models using a combination of color and texture would provide accurate results than using the single feature. a) Texture features The purpose of a texture feature is to describe a textured zone with, at least, one numerical value. In an ideal scheme, two different textures will have two different values for one given feature. Unfortunately, this rarely happens because usually the discriminating power of each texture feature has been strongly dependent on the kind of treated textures. In a research, four principal texture feature families are identified: statistical methods, geometric methods, model-based methods and, finally, frequency-based methods [13]. There exist different approaches to extract and represent textures. They can be classified into space-based, frequency-based models, and texture signatures. Some popular techniques like wavelet transform, co-occurrence matrix, and Gabor filters are applied to express texture features for image [14]. Major goals of texture research in computer vision are to understand, model and process texture [15]. In this paper, Gabor filter, Color Co-occurrence Matrix (CCM) and Local Binary Pattern (LBP) are used to extract the texture feature of psoriasis lesions images. CCM and LBP methods achieved high accuracy to classify psoriasis lesions. Texture analysis has been an active area of research in pattern recognition. A variety of techniques have been used for measuring textural similarity. b)

Conversion to grayscale

The color image of the psoriasis lesion is converted into a grayscale image by behavior hue and saturation. Equation. 1 is used to convert RGB values to grayscale values by forming a weighted sum of R, G and B component, see Figure 4. Y = 0.299R + 0.587G + 0.114B Where R, G, B are red, green and blue components of the input color image, respectively.

(1)

Figure. 4 (a) Color image. (b) Grayscale image. (c) Median filter. (d) Adaptive histogram equalization filter c) Gabor filter feature Gabor filters are often used in texture analysis to provide features for texture classification and segmentation [16, 17]. The Gabor filter takes the form of a 2D Gaussian modulated complex sinusoidal grating in the spatial domain [16]. Gabor filters have long been used in the analysis of texture in images [18-20]. Briefly, given a Gaussian (𝑥 ′2 +𝛾′ 𝑦 ′2 )

distribution function 𝑒𝑥𝑝 (− ), called the envelope, with standard deviation and spatial aspect ratio, and a 2𝜎 2 complex sinusoidal exp(i(2𝜋x'/λ+ψ)), called the carrier, with spatial frequency 1/λ and phase shift, the Gabor filter is defined by: 𝑔(x,𝑦;𝛾,𝜎,λ,ψ) = exp𝑦(-

𝑥 ′2 +𝛾2 𝑦 ′2 2𝜎 2

exp𝑦(𝑖𝑦(2𝜋

𝑥′ 𝜆

+ ψ))

(2)

Where 𝑥 ′ = 𝑥 cos 𝜃 + 𝑦 sin 𝜃 and 𝑦 ′ = 𝑥 sin 𝜃 + 𝑦 cos 𝜃, is the rotation angle. The response of the Gabor filter is obtained by computing the convolution of the filter to the image.

246

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org 𝑟𝑥,𝑦 = ∬Ω 𝐼(µ, ŋ)𝑔(𝑥 − µ, 𝑦 − ŋ)𝑑µ𝑑ŋ

(3)

Where Ω is the set of image points. The response has both real and complex parts that we denote here by Re(rx,y) and Img(rx,y). The Gabor energy Ex,y is defined as the magnitude of the Gabor filter response [18]. E2x,y = Re(rx,y)2 + Img(rx,y)2

(4)

In this paper, we use the square of the Gabor energy because it is better in accentuating the differences between scaling in psoriasis lesion and other skin diseases than the more commonly used Gabor energy. The response is highest when the image intensity frequency is close to the Gabor filter. For smooth other skin diseases and normal skin the image intensity is relatively homogeneous and is not sensitive to Gabor filters. For rougher scaly skin, the change of intensity is relatively high. Further, the choice of the standard deviation of the Gaussian envelope depends on the spatial frequency 1/λ, 𝜎= 0.56λ. It is based on the assumption that each texture contains its highest energy in a narrow frequency as given in [21]. Scales are an important feature characterized by psoriasis and is an important factor in the diagnosis of psoriasis lesion from other skin diseases similar to them. Thus, we used the Gabor filter, the Gabor texture highlights difference between the rough scaling in psoriasis lesion and smooth scaling in other skin diseases or normal skin shown in Figure 5. Gabor filters are very sufficient for segmenting scaling of normal skin and then extract features of every filter, especially when the color difference between the two is small. Scaling is presented as a rough textured surface in 2-D images that distinguishes it from the more smoothly textured normal skin and other skin diseases. The rough texture of scaling combined with other features provide a good combination of features for diagnosis of psoriasis lesion vs. other skin diseases. Gabor filters are used to analyze the roughness of the scaly texture. A bank of Gabor filters is designed to differentiate different kinds of scaling from normal skin. The filtering results are fused into a gray-scale Gabor texture image, in which rough scaling has a higher intensity value than other skin lesions. The variations in the textures of scaling of psoriasis lesion, normal skin and other skin diseases in different lesions and in different people make the choice of one single Gabor filter unlikely. The algorithm uses a bank of 20 Gabor filters designed to respond well in a variety of skin and scaling texture conditions. 5 scales at different frequencies and 4 orientations every 45o degrees are θ=0, π/4, π/2 and 3π/4 are created. The bank of Gabor filters is applied to the image and the results are integrated into a single Gabor texture image using the technique given in [21]. First, the square of the Gabor energy image is filtered using a hyperbolic tangent to narrow the range. Second, the Gabor texture image is obtained by summing the smoothed output over all of the rotation angles and frequencies of the Gabor filters. Finally, we calculated mean and standard derivation for every filter at one orientation. The results of the 40 features of image are saved in a matrix to enter to NN and SVM classifiers. An example of a Gabor feature image is shown in Figure 5. Scaling has a high Gabor filter response while the normal skin and other lesions have a markedly lower Gabor filter response. The summation in the final step preserves the differences between the higher response from scaling and the lower response from normal skin and other skin diseases. However, the scaling presented as a rough textured surface in 2-D images that distinguishes it from the more smoothly textured normal skin and other diseases than psoriasis lesions. The rough texture feature of scaling is combined with other features (texture or color) to provide a good combination of features to diagnose psoriasis lesions.

(a)

(b)

Figure. 5 (a) Gabor feature for psoriasis image. (b) Gabor feature for other skin diseases image.

247

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org d) Classification phase based on NN and SVM Machine learning involves adaptive mechanisms that enable computers to learn from experience, learn by example and learn by analogy simulated human's brain. One of the main methods of machine learning is an Artificial Neural Network [22]. Classification is an important stage in identifying psoriasis lesion vs. other skin diseases. In classification, classifier is used for object recognition and classification. The classifiers recognize the object and classify based on the extracted features of an image given as an input. The objective of the step is to classify psoriasis lesion and other skin diseases. After preprocessing, features are extracted as feature vector and stored, there comes the diagnosis step. In our work, ANN is used to distinguish psoriasis lesion and other skin diseases along with SVM. The performance of ANN relies on the network architecture. Algorithm 1 describes the steps of a ANN. Algorithm. 1: NN Classification Input: A vector of combination texture features. Output: Total accuracy from the NN. Goal: Classification into psoriasis lesion or not. Step1: Loading of feature matrix. Step2: Creating a feed-forward neural network with one hidden layer, 60 neurons, the input layer of the neural network is identified by characteristics of the inputs. We have 286 feature vector. Therefore, the number of neurons in the input layer is 286, and output layer neurons are determined by the number of classes, we have two classes (psoriasis lesion vs. other skin diseases) therefore the number of neurons in output layer is two. Step3: Divide the available data into training, validation and test data. Step4: Determine the important parameter, learning rate equal to 0.00001, epochs equal to 10000, maximum number of iterations, training times infinity, data division function (divide rand), transfer function of ith layer hyperbolic tangent sigmoid transfer function is used 'tansig', the linear activation function is selected for output layer 'purelin', performance function, default = 'mse 'and training function is backpropagation function, weight and bias are generated randomly. Step5: Train the network by train data and target matrix, target matrix is a matrix with two rows and two columns, each row consists of a vector of zero values except a 1 in element i, where i is the class they are to perform. Step6: Simulate the neural network by taking the initialized net and a network input matrix (train data), return the indices to the large output as a class predict. Step7: Evaluate the model using the validation set by computing the network performance. Step8: Simulate the neural network by taking the training net, validation data and test data, return the indices to the large output as class predict. Step9: Assess this final model using the test set by computing the network performance.

Figure. 6 Structure of neural network for psoriasis lesion vs. other skin diseases

248

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org Figure 6 shows the network structure with one input layer, one hidden layer and two output layer. It is the 286×60×2 network structure. The input vector is 286. The output vector is two. This research uses the above ANN architecture, feed-forward backpropagation learning algorithm to generate, train and test the neural network for psoriasis lesion diagnosis. MATLAB software with its neural network toolbox is used. Data sets are portioned into three subsets, training set, validation set and testing set. The network gives high accuracy when train is equal to 90.1%, validation equal to 81.8 and test equal to 83.0% with a simple training time equal to (1 second) at 39 epochs with best validation performance is 0.2962 at epoch 33 as shown in Figure 7.

Figure. 7 Neural network training, validation and testing performance Table 1 refers to all the classification results when testing the program by using texture features, a color feature separately and combine features at training, validation and testing phases. The proposed model achieved high success rates during the classification stage and determined the type of disease if the psoriasis lesion vs. other skin diseases, when testing the program by using texture features combination (CCM+LBP+GABOR) at the training, validate and test phases give higher accuracy of 90.9% classification results in case of NN. Table. 1 Classification accuracy of psoriasis vs. other skin lesions by using ANN and SVM Features Type RED COLOR HISTOGRAM THREE COLOR HISTOGRAM GLCM CCM LBP GABOR FC1 FC2 FC3 FC4 FC5 FC6 FC7 FC8 FC9

ANN Accuracy 76% 78% 54.5% 87% 59% 73% 87.7% 84.1% 86.8% 90.9% 71.1% 62.7% 80.5% 77.7% 88.2%

SVM Accuracy 72.7% 76.1% 55.6% 77.2% 73.8% 73.8% 76.1% 82.9% 75% 69.3% 78.4% 72.7% 77.2% 80.6% 79.5%

249

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org e) Fusion implementation The fusion process implementation improves system accuracy for diagnosis of psoriasis lesion. f) Texture features fusion Figure 8 shows the classification accuracy for every feature separately and combination texture features in Table.1, fusing texture features derived from different methods, the combination texture features have the highest efficiency that improves the classification rate.

Figure. 8 Improved classification accuracy with feature combination g) Data analysis From a dermatologist's point of view, wrong diagnosis of psoriasis lesion is dangerous, harmful and sometimes fatal due to taking high doses of treatment. Also, the re-diagnosis results in high financial losses. From the other hand, if a patient with a psoriasis lesion disease is diagnosed to be healthy or even sick with other skin diseases, the patient may only need to do another future doctor visit for further examination. And that can only add the doctor visit fee. The accuracy of our model depends on two important factors: texture and color features. There are three texture features and two color features that were classified separately and combined in this research. The highest accuracy of 90.9% was achieved from using the combined texture features. Data training set of 110 samples and data testing set with 88 samples were used in the proposed model. Based on an experienced doctor examination, the test samples were characterized and 39 of which were labeled with psoriasis lesion, 27 were labeled as healthy skin and the rest of the 22 samples were diagnosed to have other skin lesions. The goal of this research is to correctly diagnose the nonpsoriasis lesion samples, otherwise the patient will be at risk of taking harmful medication for treating non-existed illness. In our proposed model, only 6 samples out of 49 were mistakenly diagnosed to have psoriasis lesion as shown in Figure 9. Those same 6 samples were also diagnosed by another doctor to have a psoriasis lesion. Moreover, the same doctor didn’t give a decision to another 4 samples that shouldn’t have a psoriasis lesion as shown in Figure 10. He would need a physical patient presence and more information about the patient, such as the family health history. The disease diagnosis can be different from one doctor to another, depending on the doctor experience.

250


Figure. 9 Six samples have two diagnoses (psoriasis lesion and not psoriasis) by two dermatologists. Our proposed model decision is psoriasis lesion

Figure. 10 Four samples the dermatologist and our model diagnosis not psoriasis. The other doctor is unable to make the decision The main challenge in psoriasis lesion a color feature imaging in in this research is associated with the similarities to other skin diseases in many properties such as the red skin and scaling (white pixels) which makes the diagnosis very hard to rely on the color features only. h) Performance evaluation measure for psoriasis lesion recognition When classification is done results may have an error rate, whether to fail to identify a psoriasis lesion vs. other skin lesions. Table. 2. Show overall performance assessment of the proposed ANN for diagnosis model psoriasis lesion vs. other skin disease.

Sensitivity Specificity PPV NPV Accuracy

Combine texture classification NN

Combine texture classification SVM

86.9% 87.7% 83.3% 82.6% 90.9%

75% 67.1% 46.1% 87.7% 69.3%

251

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org The system passed all the significant tests ensuring all classification parameters such as sensitivity, specificity and accuracy for all feature set. Further, it shows the dominant strong behavior of texture features. Overall, this research shows encouraging results and confirms the ability to develop a CADx system for diagnosis of psoriasis and its clinical translation. 4. CONCLUSIONS This paper presented a Computer-Aided Diagnosis system for psoriasis image classification using different feature sets like texture, color and combination. As in today’s world, CADx system became a tool for physicians and therefore it is important to have accurate and reliable CADx system. Classification psoriasis lesion vs. other skin diseases similar psoriasis diagnostic system using computer based techniques is more efficient than the conventional biopsy methods. The cost involved as well as the time taken for detection is less in this proposed methodology. These systems will be a great help in diagnosis of lesions for faster, inexpensive, more intuitive and efficient treatment. Support Vector Machines (SVM) have generally produced better results, but it is more difficult to find the optimal parameters which give the best results. For this reason it usually takes longer time to produce a good SVM model than an ANN model, ANN gives higher accuracy than SVM. REFERENCES

1. 2. 3. 4. 5. 6.

7.

8.

9. 10. 11. 12. 13. 14. 15.

Lu, J., Objective assessment of psoriasis treatment through skin images. 2014, University of Melbourne, Department of Computing and Information Systems. Taur, J., et al., SEGMENTATION OF PSORIASIS VULGARIS IMAGES USING ORTHOGONAL SUBSPACE TECHNIQUES. Lu, J., et al., Automatic segmentation of scaling in 2-d psoriasis skin images. IEEE transactions on medical imaging, 2013. 32(4): p. 719-730. Shrivastava, V.K., et al., First review on psoriasis severity risk stratification: An engineering perspective. Computers in biology and medicine, 2015. 63: p. 52-63. Taur, J.-S., Neuro-fuzzy approach to the segmentation of psoriasis images. The Journal of VLSI Signal Processing, 2003. 35(1): p. 19-27. Vij, S., S. Sharma, and C. Marwaha. Performance evaluation of color image segmentation using K means clustering and watershed technique. in Computing, Communications and Networking Technologies (ICCCNT), 2013 Fourth International Conference on. 2013: IEEE. Mohammed, M.A., et al., Automatic segmentation and automatic seed point selection of nasopharyngeal carcinoma from microscopy images using region growing based approach. Journal of Computational Science, 2017. 20: p. 61-69. Brand, J. and J.S. Mason. A comparative assessment of three approaches to pixel-level human skindetection. in Pattern Recognition, 2000. Proceedings. 15th International Conference on. 2000: IEEE. Mittra, A.K. and R. Parekh, Automated detection of skin diseases using texture features. International Journal of Engineering Science and Technology, 2011. 3(6): p. 4801-4808. Abbadi, N.K.E., N. Dahir, and Z.A. Alkareem, Skin texture recognition using neural networks. arXiv preprint arXiv:1311.6049, 2013. ping Tian, D., A review on image feature extraction and representation techniques. International Journal of Multimedia and Ubiquitous Engineering, 2013. 8(4): p. 385-396. Gonzalez, R.C. and R.E. Woods, Digital image processing. 1992, Addison-wesley Reading. Olivier, J. and L. Paulhac, 3D ultrasound image segmentation: Interactive texture-based approaches, in Medical Imaging. 2011, InTech. Vaishali Khandave and N. Mishra, CBIR By Integration of Color and Texture Features. International Journal of Recent Development in Engineering and Technology, 2014. 2(1). Tuceryan, M. and A. Jain, Texture Analysis, Handbook of Pattern Recognition and Computer Vision, 235-276. 1993, World Scientific.

252

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org 16. 17. 18. 19. 20. 21. 22.

Bovik, A.C., M. Clark, and W.S. Geisler, Multichannel texture analysis using localized spatial filters. IEEE transactions on pattern analysis and machine intelligence, 1990. 12(1): p. 55-73. Teuner, A., O. Pichler, and B.J. Hosticka, Unsupervised texture segmentation of images using tuned matched Gabor filters. IEEE transactions on image processing, 1995. 4(6): p. 863-870. Grigorescu, S.E., N. Petkov, and P. Kruizinga, Comparison of texture features based on Gabor filters. IEEE transactions on image processing, 2002. 11(10): p. 1160-1167. Li, M. and R.C. Staunton, Optimum Gabor filter design and local binary patterns for texture segmentation. Pattern Recognition Letters, 2008. 29(5): p. 664-672. Kato, Z. and T.-C. Pong, A Markov random field image segmentation model for color textured images. Image and Vision Computing, 2006. 24(10): p. 1103-1114. Jain, A.K. and F. Farrokhnia, Unsupervised texture segmentation using Gabor filters. Pattern recognition, 1991. 24(12): p. 1167-1186. Negnevitsky, M., Artificial intelligence: a guide to intelligent systems. 2005: Pearson Education.

AUTHORS PROFILE

253


Optimized energy ingestion in IoT enabled sensor nodes: a survey 1

Muhammad Ayzed Mirza, 2Muhammad Asif Habib, 3Muhammad Department of Computer Science, National Textile University, Faisalabad, Pakistan. Email: [email protected], [email protected], [email protected].

1, 2, 3

ABSTRACT This survey reviews the energy effective mechanisms that direct the Internet of Thing (IoT) evolution while examining the specific areas for energy optimization in wireless sensor nodes. This paper emphasizes the progress in evolving energy techniques which target to reform the skeleton of IoT. Energy dissipation of an IoT sensor node on its layer-based structure is discussed in the paper. An energy saving technique is surveyed under the relationship of IoT and the cognitive radio networks in mobility aspects. In addition, a feedback based energy profiling and reduction of control frame size techniques are discussed that in what manners do they help to reduce energy dissipation. In this paper, we focused on the need of energy optimization for sensor nodes by considering the heterogeneous nature of IoT node for the future needs. Keywords: cognitive radio networks; internet of things; wireless sensor networks; energy efficiency; security; routing; 1. INTRODUCTION The Internet of Things (IoT) is a network of heterogeneous communication nodes connected with each other through internet providing and exchanging data sensed and collected from other nodes. Smart homes, smart factories, smart cities and smart grids are the major application areas where IoT is playing a vital role [1]. Numerous sensor nodes are used in these types of environments in which most of the nodes are wireless and battery operated. Every node in that network is deployed for some specific purpose and is a foothold. Since every node is battery operated, therefore its energy consumption is a noticeable point. If any node is compromised due to low energy, it could cause a big decision failure for the network. As the majority of nodes are wireless and are using free ISM band and there are other devices too, which are using the free ISM band consequently when there is a huge number of nodes communicating at same channel, they would interfere each other [2]. This interference would lead to higher packet drop ratio and a flooding of control packets, so retransmissions would take part. In addition, by transmitting the same information multiple times would lead to higher power consumption in vain. Cognitive radio (CR) is an option, which can be used to challenge this issue. CR would not only confront this issue but would also make IoT network more reliable regarding connectivity communication and would also address bandwidth availability issues. In this paper, we have discussed the energy dissipation of an IoT sensor node on its layer-based structure. Different techniques used under different layers are considered. For the futuristic approach, some energy saving techniques are discussed under the relationship of IoT and the cognitive radio networks in mobility aspects, a feedback based energy profiling and reduction of control frame size is discussed that in what manners do they help to reduce energy dissipation. 1.1 Cognitive radios Cognitive radio networks (CRN) are composed of wireless cognitive radio nodes, which can intelligently scan the radio-frequency spectrum and identify available communication channels which are in use and which are not [3]. Donor network whose spectrum is being scanned for vacant channels is the primary network so users are the primary users (PU) and the opportunist network is cognitive radio network so users are the secondary users (SU). SUs switches itself instantaneously into unoccupied channels while avoiding the occupied ones. This optimizes the use of available radio-frequency spectrum while minimizing interference to other users [4, 5]. In November 2008, the federal communication commission (FCC) announced that vacant part of the radio-frequency spectrum (spectrum white spaces) should make available to be used by the public [6]. And the devices which can use the white spaces must be ensured to implement interference prevention, secure allocation of white spaces and geolocation identification techniques [7]. Cognitive radio is a hybrid technology, a CR can scan and sense and analyze neighboring nodes which are active or inactive, their identification and authorization, determination of geographic locations of nodes, identifies the channel opportunity to switch on, spectrum management and handoffs, spectrum sharing and allocation,

254

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org spectrum mobility, multiple adjustments of power and modulation techniques, encryption and decryption of signals [8]. 1.1.1 Spectrum sensing The major part of CR is its spectrum sensing capabilities, there are three main methods to sense a spectrum, how an SU will access the licensed spectrum. Opportunistic spectrum access (OSA): the SUs access the frequency channel if and only if it has been detected unused by the PU [9]. Spectrum Sharing (SS): an underlying scheme, SUs, and PUs coexist but SUs are on a condition to protect PUs and avoid harmful interferences [10]. A hybrid approach introduced to increase the throughput of the previously mentioned schemes. SUs sense for the active and idle frequency channels and reconfigure themselves accordingly by protecting PUs from harmful interferences [11]. Figure 1 shows the different spectrum sensing techniques. Spectrum Sensing

NonCooperative Sensing [10]

Cooperative Sensing [14]

Blind Sensing [18]

Eigen Value Based Sensing [19] Energy Detection Based Sensing [10][11]

Centralized Spectrum Sensing [14]

Signal Specific

Covariance Based Sensing [20]

Waveform Based Sensing [20]

Antenna Coorelation Based Sensing [20]

Transmitter Based Sensing [10][11]

Radio Identification Based Sensing [21]

Distributed Spectrum Sensing [14]

Energy Based Sensing [10][11]

Cluster Based Cooperative Sensing [15][16]

MatchedFiltering Based Sensing [10][12]

Relay-Assisted Spectrum Sensing [17]

Cyclostationary Feature Sensing [10][13]

Figure. 1 Spectrum Sensing Techniques Whatever the approach is, the whole CR system is relying on spectrum sensing. If this is not done efficiently and accurately it could not be guaranteed that it would work. Spectrum sensing techniques can be classified further into different categories as shown in Fig. 1. Every category has its own kind of features and application area [1223]. Cognitive radios are setting up new standards and opening new horizons for emerging technologies like defense, health monitoring, satellite communications, public safety, smart technologies, internet of things and next-generation technologies. Many wireless devices in small-cell configurations communicate on same spectrum parameters, due to this phenomenon the network nodes face a lot of interference from the neighboring nodes. This interference between neighboring channels can be avoided by using CR technology, because every node would be aware of its neighboring channel usage so will avoid using the same channel to communicate [24]. CRNs can also be implemented to increase network capacity as well as for higher throughput. Internet of Things is an emerging technology and is anticipated to connect thousands of billions of assorted devices/sensors/objects through internet [25].

255

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org 1.2 Cognitive radios and internet of things IoT is a new and evolving archetype that integrates numerous technologies, including wired and wireless sensors, mobile phones, smart devices, and actuators along with intelligent protocols for connectivity of these nodes through the internet. As IoT deals with heterogeneous nodes connectivity through the internet, it has evolved and the behavior of the potential user and several aspects of everyday life. The integration of IoT with CR can be used in communications, sensor networks for eHealth, logistics and security, smart technologies and many more [26]. This integration develops the effective communication system among the SUs [27]. One of the major parts in IoT nodes is of wireless sensor nodes. As these nodes are operated in free ISM bands [2] and face a lot of interference from numerous neighboring nodes. This interference is increasing as the number of nodes are increasing in the environment and efficiency of network decreases. Therefore, wireless sensor networks require a phenomenon to achieve efficiency to interconnect with the physical world in a more intelligent way. This gap can be covered by making the intelligent decisions based on the surrounding environment using cognitive radio technology [28]. 2. ENERGY INGESTION OF WSNs IoT and WSN have gained a lot of global attention in research and development. Therefore, it has initiated a massive development and implementation of sensors across diversified devices making them smart enough to communicate [29]. Nevertheless, wireless sensor nodes have some constraints regarding severe energy ingesting of the batteries, which is a substantial issue to its own existence causing scrambled network self-sufficiency. Consequently, reducing the energy consumption rate of batteries is an ultimate necessity for the existence and lifetime of sensor nodes in IoT. An ultimate challenge in IoT is how to communicate effectively while preserving and optimizing the energy levels of nodes. Subsequently, this communication is the most energy consuming part in these nodes. Figure 2 shows a descriptive energy consumption metric of a typical IoT sensor node [30].

Figure. 2 Energy consumption metrics of a typical wireless IoT sensor node In [31], an adaptive scheme is proposed to have power savings. This scheme works on the principal of redistribution and association for the green wireless networking and the base some modifications (station distribution and aggregation functions) are made in IEEE 802.11a and evaluated the performance of the scheme under different scenarios. Results show a considerable amount of energy that can be saved using this scheme. In [32], a power consumption investigation is done on the physical layer and considering the security aspect. Specifically pointing the security issues under the presence of eavesdropper along with physical circuitry requirements of sensor nodes for filtering and amplification of signals and the power consumption during emitting radio signals. A framework “relay-selection based cooperative beamforming” is proposed. Exponential complexity exhaustive search and linear-complexity relay ordering strategies are implemented to save energy while maintaining the security against eavesdroppers. The results show that the beamforming framework significantly outperforms the secrecy capacity with reduced computational complexity. In [33], a transmit beamforming scheme for base stations is proposed while considering the self-interference mitigation and physicallayer security. Zero forcing beamforming-based suboptimal algorithms are proposed to reduce the computational complexity. Golden search and closed-form solutions are used to obtain the results. The simulation results show considerable improvements in saving the energy while using the proposed algorithms. In [34], a device-to-device communication survey is compiled focusing on network layer functionalities including addressing, routing, mobility, security and resource optimization. Limitations in currently available TCP/IP protocol and 6LoWPAN are addressed that how it can be implemented in IoT based environment. An

256

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org interoperable device-centric protocol is proposed which theoretically shows that can be used with IoT environment better than the currently available solutions. In [35], a solid argument is aroused regarding IPv6 protocol that it can be used with WSNs but does not take power consumption into consideration. 6LoWPAN header compression algorithm applied to IEEE 802.15.6 in a solution to previously used IPv6. The simulation results are in a positive way that the improvement made is working to save the sensor node energy. In [36], a comprehensive survey is provided on current energy efficient technologies which can lead the IoT industry to the new horizons. Energy consumption units of a sensor node both in hardware and software level are classified and different approaches previously and currently used are discussed. In [37], a taxonomy of energy efficient attitudes in WSNs is projected. It presents a detailed study, discussions, and requirements to build an energy efficient mechanism for WSNs. Several IoT energy optimization techniques have been proposed earlier, which were generally based on data transmission using single-radio. But now the research is focusing on multiple heterogeneous radio interfaces for short and long distance IoT nodes and gateways [38, 39]. Software Defined Radios (SDR) provides a conceivable approach to have capabilities of multi-radios. SDRs equipped with cognition generates CRs, these CRs can be replaced by the existing radios to have the capabilities of multi-radios by having a plus point of cognition [40, 41]. 2.1 Layer based energy efficiency techniques According to the energy consumption matric, several energy efficiency techniques are used to limit the energy consumption patterns of an IoT sensor node. Figure 3 represents a comprehensive layer based classification of energy efficiency techniques.

Figure. 3 Classification of energy efficiency techniques 2.1.1 Physical layer Sensor nodes have a nature to perform modulation, transmission, reception, digitization, amplification and filtering any information to be received or to be transmitted. All these kinds of operations are done at physical layer circuitry and a considerable level of energy is consumed to perform these types of operations [42, 43]. In [44], a method of energy optimization is proposed for multi-hop wireless sensors networks. Used a matric for energy per bit and channel model and modulation scheme selection. Moreover, in [45], authors proposed a specified design for the upper layer to be aware of physical layer status. A scheme of protocols and application is designed that minimize energy consumption of the nodes. 2.1.2 Mac layer Responsibilities of a MAC layer includes reliability, low access delays, high throughput, and energy efficiency. Collisions, interference, control packet overhead and overhearing at MAC layer a large amount of

257

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org energy is required to do these types of operations and sometimes a huge amount of energy is wasted in these MAC protocol operations. Techniques like adaptive transmission range and period, packet scheduling, and duty cycling are majorly used in sensor networks to save energy at MAC layer [46-48]. 2.1.3 Network layer The network layer is responsible for routing process of a node to find out paths between the sources to destinations. It is an essential and key process to any network-based node. Finding out an optimal path between two communicating nodes is a key performance element for a sensor node regarding energy conservation. Because it needs repetitive transmission of control-packets between every hop from source to destination. This communication consumes a lot of energy as compared to the idle state of a node. Efficient routing techniques includes multipath routing, geographical routing, flat routing, and hierarchical routing [49, 50]. 2.1.4 Transport layer Duties of a transport layer in any network enabled device includes the creation of end to end connection between two host nodes, error recovery, flow control, and congestion avoidance. Connection and flow control is easy to handle as compared to error and congestion control. Hidden and exposed node problems are common in any wireless network. If it occurs, congestion also takes place so the data loss also occurs so an extra amount of energy is required to handle these issues [50, 51]. To save energy, energy-aware congestion avoidance, and energy efficient reliable communication mechanisms can be used as presented in [52], a congestion control mechanism, which considers node level congestion (NLC), and link level congestion (LLC) and results in the energy efficiency of the network. 2.1.5 Application layer Application layer runs multiple application-level services. Energy can be saved through these application services by controlling those particular services which are energy hungry. This can be obtained by summation of control information in a distributed manner used for request and response. This will ultimately reduce the number of packets to transmit so the energy would be saved. In [51], a distributed framework is suggested that employs power conservation. The goal of the framework is to reduce the data collection and delivery costs. 2.2 WSN topology-based techniques WSN node deployment also employs a key role on energy consumed by a node. The optimality in energy consumption mechanisms is achieved through active node positioning, coverage mechanisms, node localization and network partitioning techniques. 2.2.1 Node positioning scheme The optimal node placement in a network provides such placement mechanisms through which optimality in energy consumption is achieved. These mechanisms estimate the optimal node placements, coverage and connectivity costs along with energy consumption comparisons. An optimal node placement is essential to achieve load balance and extended network operational lifetime [53]. In [54], a distributed deployment scheme (DDS) for homogeneous distribution of Mobile sensor Nodes within the candidate region is proposed. This scheme provides a minimum overlapping with maximum coverage. The DDS also provides a multi-path connectivity with the same characteristics. But this scheme is limited to a minimum mobility and does not employ scalability. This is also not suitable for real-time systems scenarios. 2.2.2 Coverage approaches The QoS and performance of WSNs take a significant importance of coverage issues. It can be viewed as a target area, covered area, and a barrier coverage [55, 56]. The foremost objectives of area coverage technique are to cover a specified constituency and monitoring of each node in that region. Targeted coverage or point coverage is a mechanism used to cover a pre-specified fixed known location that needs to be observed. This scheme is used on a limited number of fixed immobile sensor nodes. The node placement is kept denser for better results. Because it is a fixed scheme so it provides guaranteed efficient coverage and monitoring. Barrier coverage in WSNs is used to make a barrier of sensor nodes. It is used specifically to sense movements across the sensor barrier. These coverage schemes are playing a vital role to minimize power utilization in sensor nodes and their lifetime [57]. 2.2.3 Localization Localization is a technique to identify pinpoint the location of sensor nodes. This technique is operated under local wireless based location identification instead of the global positioning system. The location identification

258

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org scheme is further divided into target localization and self-node localization. The location is estimated on received signal strength, size of data and time taken to transmit and the angle on which it is received [58, 59]. In [60], a mechanism is proposed to acquire the location while reducing the energy consumption in localization. The nodes are activated in a probabilistic opportunistic way. This opportunistic probability is calculated using trilateration localization algorithm. In this way, number of nodes in a specific time slot are minimized so the active number of nodes would be less so the sensing range and area is reduced so a reasonable amount of energy is saved. 2.2.4 Energy efficient security WSNs are the manufactured on the concept specified application domain. Due to this constraint, these sensor nodes are designed with limited resources. It usually has some processing power, memory, and communication range; all these operations need some power to operate. Concerning the security, there are no centralized mechanisms for monitoring the communication so all the security-concerned mechanisms are done by the node itself. This is also an extra overhead to the limited resourced node. Taking the security concerns and making it more secured needs high computational tasks so it consumes a significant amount of energy to perform these tasks. These are prone to network attacks like spoofed routing and acknowledgment information, Sybil attacks, sinkholes and wormholes attacks, selective packet forwarding and hello flood attacks [61-63]. Designing a secure mechanism which is resource efficient specifically regarding energy consumption against these routing attacks for WSNs is need to be addressed by the researchers. 3. FUTURE DIRECTIONS Current IoT networks demand innovative means of lowering the energy consumption. Based on study provided in the previous sections various research gaps have been identified regarding needs of energy optimization. The future directions to minimize energy consumption in IoT wireless sensor nodes while maintaining its heterogeneity nature following schemes can be helpful to reduce the energy ingestion. • • • •

Integration of cognitive radios with IoT sensors: a network-switching scheme for IoT sensors using cognitive radios based on energy consumption. Mobility profile based adaptive energy optimization schemes for fixed and mobile IoT sensor nodes. Adaptive energy profile creation and selection scheme based on current and previous energy consumption patterns and pushback communication scheduling policies. Adaptive selection scheme of control frame size and number of frames, based on sensor’s energy consumption rate and remaining energy.

3.1. Methodology To achieve the above-mentioned objectives of the scheme the following methodology regarding each objective is to be considered: 3.1.1 Integration of CR with IoT In this setup, an IoT sensor node would not be a simple node; it would be equipped with CR capabilities. An adaptive scheme would be developed to implement this objective. IoT sensor nodes will communicate with its central access point in normal conditions, whenever a sensor node faces high transmission cost regarding energy consumption it would try to shift itself on CR mode and would transfer its data through PU’s network. The cost analysis would be done on interference and retransmission ratio analysis afterward another analysis would be done between current transmission parameters cost and CR mode switching cost, whatever would be the beneficial one, sensor node would adapt that mode. Another analysis would be done regarding the distance between the sensor node and its access point. If the access point is far distant as compared to PU’s then calculating transmission cost for a long distant AP and a short distant AP including CR mode switching cost would be done and node would adapt optimal transmission mode. 3.1.2 Mobility aspect Sensor nodes are not always stationary nodes; it can be mobile nodes. Therefore, concerning mobile sensor nodes, same scheme would be implemented as of stationary nodes but the distance parameter would always be the changing one. So, to handle mobility, node’s mobility patterns and previous decision regarding mode switch would be observed and mode switching would be done adaptively after analyzing the costs.

259

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org 3.1.3 Adaptive energy profiling and pushback policy An energy profiling concept would be used in which sensor node would take record of its energy usage in the past and would predict its own life at remaining energy. It can be done on hourly or day basis. The node would compare energy consumption rate between current day and time with previous day and time plus today’s energy usage behavior analysis and would make decisions based on results weather to switch its mode or not. A predictive scheduling can also be done on these parameters and a node itself can make its own adaptive energy scheduling profiles. If a node is not capable enough to do these tasks, access points can also take part into this and make energy profiles of the sensor node and after analysis can make a schedule for sleep, awake and mode switching. After making the schedule this can be pushed back to the nodes to follow on. 3.1.4 Adaptive control frames algorithm An algorithm would be generated for control frames (RTS, CTS, ACK). This algorithm would have the capability to switch between size and number of frames sent during communication. These sizes and number of frames would be predefined and the selection would be based on the rate of energy consumption and remaining energy level. Reducing the size and number of frames would provide a measurable energy saving. 4. CONCLUSIONS A progress in evolving energy techniques that target to reform the skeleton of IoT is focused in this paper. We focused on the need for energy optimization for sensor nodes by considering the heterogeneous nature of IoT under the relationship of IoT and the cognitive radio networks in mobility aspects. Various research gaps have identified regarding needs of energy optimization. In the future prospects, directions to minimize energy consumption in IoT enabled nodes while maintaining its heterogeneous subsequent schemes can be helpful to reduce the energy ingestion. Integration of cognitive radios with IoT sensors can help to reduce the energy consumption rate. Another method to optimize the energy consumption is the mobility based adaptive energy optimization scheme that can also implement to reduce the transmission costs. Adaptive energy profiling with pushback communication scheduling policies is an alternative scheme to optimize energy consumption of the nodes. In addition, to reduce the energy ingestion is to develop an adaptive scheme for the selection of control frame size, selected on the status of energy level and needs. All the mentioned schemes can make a major contribution towards energy efficient IoT nodes. However, an advanced innovative energy optimized IoT node still needs to address by the researcher. REFERENCES 1. 2. 3. 4. 5. 6. 7. 8.

9. 10. 11. 12.

Xia F, Y.L., Wang L, Vinel A, Internet of things. International Journal of Communication Systems, 2012. 25(9): p. 1101. Qureshi FF, I.R., Asghar MN, Energy Efficient Wireless Communication Technique Based on Cognitive Radio for Internet of Things. Journal of Network and Computer Applications, 2017. Steenkiste Peter, S.D., Minden Gary, and Raychaudhuri Dipankar, Future Directions in Cognitive Radio Network Research. NSF Workshop Report, 2009. 4(1): p. 1-2. Wang, B., and K. J. Liu, Advances in cognitive radio networks: A survey." Selected Topics in Signal Processing. IEEE Journal, 2011. 5(1): p. 5-23. Wang, J., and Yuqing Huang, A cross-layer design of channel assignment and routing in Cognitive Radio Networks. IEEE, In Computer Science and Information Technology (ICCSIT), 2010. 7: p. 542-547. Reardon, M., in CNET. 2008. FCC, in Federal Communications Commission. 2017. Akyildiz, I.F., Won-Yeol Lee, Mehmet C. Vuran, and Shantidev Mohanty, NeXt generation/dynamic spectrum access/cognitive radio wireless networks: A survey. Computer networks, 2006. 50(13): p. 21272159. Liu, Q.Z.H.a.K.J.R., Resource Allocation for Wireless Networks: Basics, Techniques, and Applications. Cambridge Univ. Press, 2008. Ghasemi, A., and Elvino S. Sousa., Fundamental limits of spectrum-sharing in fading environments. IEEE Transactions on Wireless Communications, 2007. 6(2). Kang, X., Ying-Chang Liang, Hari Krishna Garg, and Lan Zhang, “Sensing-based spectrum sharing in cognitive radio. IEEE Transactions on Vehicular Technology, 2009. 58(8): p. 4649-4654. Bhargavi, D. and C.R. Murthy, Performance comparison of energy, matched-filter and cyclostationaritybased spectrum sensing. Eleventh International Workshop of Signal Processing Advances in Wireless Communications (SPAWC) IEEE, 2010: p. 1-5.

260


14. 15. 16. 17. 18.

19. 20. 21. 22. 23. 24. 25.

26. 27. 28.

29. 30. 31. 32.

33.

34. 35. 36.

37. 38. 39.

Zhang, W., Ranjan K. Mallik, and Khaled Letaief, Optimization of cooperative spectrum sensing with energy detection in cognitive radio networks. Wireless Communications, IEEE Transactions on 8, 2009. 12: p. 5761-5766. Cabric, D., Shridhar Mubaraq Mishra, and Robert W. Brodersen, Implementation issues in spectrum sensing for cognitive radios. IEEE, In Signals, systems and computers, 2004. 1: p. 772-776. Sutton, P.D., Keith E. Nolan, and Linda E. Doyle, Cyclostationary signatures in practical cognitive radio applications. Selected Areas in Communications, IEEE Journal, 2008. 1(26): p. 13-24. Akyildiz, I.F., B.F. Lo, and R. Balakrishnan, Cooperative spectrum sensing in cognitive radio networks: A survey. Physical Communication Science Direct ELSEVIER, March 2011. 4(1): p. 40–62. Sun, C., W. Zhang, and K.B. Letaief, Cluster-Based Cooperative Spectrum Sensing in Cognitive Radio Systems. Communications, 2007. ICC'07. IEEE International Conference, 2007: p. 2511-2515. Awin, F., Esam Abdel-Raheem, and Majid Ahmadi, Agile hierarchical cluster structure-based cooperative spectrum sensing in cognitive radio networks. IEEE, In Microelectronics (ICM), International Conference, 2014: p. 48-51. Astaneh SA, G.S., Relay assisted spectrum sensing in cognitive radio. InSystems, Signal Processing and their Applications (WOSSPA), 2011. 7th International Workshop: p. 163-166. De P, L.Y., Blind spectrum sensing algorithms for cognitive radio networks. IEEE transactions on vehicular technology, 2008. 57(5): p. 2834-2842. Zeng Y, L.Y., Eigenvalue-based spectrum sensing algorithms for cognitive radio. IEEE transactions on communications, 2009. 57(6). Yucek T, A.H., A survey of spectrum sensing algorithms for cognitive radio applications. IEEE communications surveys & tutorials, 2009. 11(1): p. 116-130. Akyildiz, I.F., Lee, W. Y., Vuran, M. C., & Mohanty, S, A survey on spectrum management in cognitive radio networks. Communications Magazine, IEEE, 2008. 46(4): p. 40-48. Panwar, N., Sharma, S., Singh, A.K., A survey on 5g: the next generation of mobile communication. Physical Communication, 2016. 18: p. 64-84. Mavromoustakis, C.X., Bourdena, A., Mastorakis, G., Pallis, E., Kormentzas, G, Anenergy-aware scheme for efficient spectrum utilization in a 5g mobile cognitive radio network architecture. Telecommunication Systems, 2015. 59(1): p. 63-75. Khan AA, R.M., Rachedi A, When Cognitive Radio meets the Internet of Things? InWireless Communications and Mobile Computing Conference (IWCMC), 2016. 5: p. 469-474. Zhang, Y., Zheng, J., Chen, H.-H, Cognitive Radio Networks: Architectures, Protocols, and Standards. CRC Press, 2016. Beltran F, R.S., Gutiérrez JA, Understanding the current operation and future roles of wireless networks: Co-existence, competition and co-operation in the unlicensed spectrum bands. IEEE Journal on Selected Areas in Communications, 2016. 34(11): p. 2829-2837. Misra, S., Misra, S. C., & Woungang, I, Guide to wireless sensor networks. Dordrecht: Springer, 2009. Sinaie M, Z.A., Jorswieck EA, Azmi P, A Novel Power Consumption Model for Effective Energy Efficiency in Wireless Networks. IEEE Wireless Communications Letters, 2016. 5(2): p. 152-155. Lall, S., Nitin, N., Jaiswal, A.K. and Paulus, R, Multi-Scenario Adaptive Station Re-Distribution/ReAssociation Scheme for Green Wireless Networking. 2016. Qian, M., Liu, C. and Zou, Y, Cooperative Beamforming for Physical-Layer Security in PowerConstrained Wireless Sensor Networks with Partial Relay Selection. International Journal of Distributed Sensor Networks, 2016. 12(3): p. 9740740. Zhu, F., Gao, F., Zhang, T., Sun, K. and Yao, M, Physical-layer security for full duplex communications with self-interference mitigation. IEEE Transactions on Wireless Communications, 2016. 15(1): p. 329340. Bello, O., Zeadally, S. and Badra, M, Network layer inter-operation of Device-to-Device communication technologies in Internet of Things (IoT). Ad Hoc Networks, 2016. Wang, L., Hao, S., Yu, P. and Huang, Z, Low-power Wireless Sensor Network protocol of Mobile Health based on IPv6. Control Conference (CCC), IEEE, 2016. 35th Chinese: p. 8479-8484. Airehrour, D., Gutiérrez, J. and Ray, S.K, Greening and Optimizing Energy Consumption of Sensor Nodes in the Internet of Things through Energy Harvesting Challenges and Approaches. AIS Electronic Library, 2016. Guru, R., Energy Efficiency Mechanisms in Wireless Sensor Networks: A Survey. International Journal of Computer Applications, 2016. 139(14). Foundation, O.C., in Open Interconnect Consortium. 2017. Foundation, L., in allseenalliance. 2017.

261


41. 42. 43. 44. 45. 46.

47. 48.

49. 50. 51. 52.

53. 54. 55.

56.

57.

58. 59. 60. 61. 62.

63.

Aust S, P.R., Niemegeers IG, Advances in wireless M2M and IoT: Rapid SDR-prototyping of IEEE 802.11 ah. Inthe Proceedings of the 39th IEEE Conference on Local Computer Networks (LCN), Demo Abstract, 2014: p. 1-3. Tragos. E, A.V., & Papadakis. S, Fighting Networking Heterogeneity in the Internet of Things. ERCIM News, 2015. 101: p. 33-34. Gehrke, Y.Y.a.J., The cougar approach to in-network query processing in sensor networks. Special Interest Group on Management Of Data (SIGMOD), 2002. 31(3). Sandra Sendra, J.L., Miguel García and José F, Toledo Power saving and energy optimization techniques for Wireless Sensor Networks. JOURNAL OF COMMUNICATIONS, 2011. 6(6). Wang, M.H.a.T., Optimizing Physical-Layer Parameters for Wireless Sensor Networks. ACM Transactions on Sensor Networks, 2011. 7(4). Eugene Shih, S.-H.C., Nathan Ickes, Rex Min, Physical Layer Driven Protocol and Algorithm Design for EnergyEfficient Wireless Sensor Networks. ACM SIGMOBILE, 2001: p. 272-286. Yang Liu, I., hairong Qi, An energy efficient QOS-aware media access control protocol for wireless sensor networks. in Proceedings of the IEEE International Conference on Mobile Ad hoc and Sensor Systems, 2005. Hu W, C.Q., Corke P, O’Rourke D., An Energy-efficient Rate Adaptive Media Access Protocol (RAMAC) for Long-lived Sensor Networks. . Sensors (Basel, Switzerland), 2010. 10(6): p. 5548-5568. Tz-Heng Hsu, T.-H.K., Chao-Chun Chen, and Jyun-Sian Wu, A Dynamic Traffic-Aware Duty Cycle Adjustment MAC Protocol for Energy Conserving in Wireless Sensor Networks. International Journal of Distributed Sensor Networks, 2012: p. Article ID 790131, 10 pages. V. Raghunathan, C.S., Park.S, and M.B. Srivastava, Energy-aware wireless microsensor networks. IEEE Signal Processing Magazine, 2002. 19(2): p. 40-50. Christophe J. Merlin, W.B.H., Schedule Adaptation of Low-Power-Listening Protocols for Wireless Sensor Networks. IEEE Transactions on Mobile Computing, 2010. 9(5): p. 672-685. Chen, S.S.W.a.Z.P., LCM: a link-aware clustering mechanism for energy-efficient routing in wireless sensor networks. IEEE Sensor Journal, 2012. 13(2). W. Heinzelman, A.C.a.H.B., Energy- efficient communication protocol for wireless microsensor networks. in Proc. of the 33rd Annual Hawaii Int' Conf. on System Sciences, Maui: IEEE Computer Society, 2000: p. 3005-3014. Zafar, S., A Survey of Transport Layer Protocols for Wireless Sensor Networks. International Journal of Computer Applications, 2011. 33(1). Ayadi, A., Energy-Efficient and Reliable Transport Protocols for Wireless Sensor Networks: State-ofArt. Wireless Sensor Network, 2011. 3: p. 106-113. Wen-Hwa Liao, S.-C.K., Mon-Shin Lin, An Energy-Efficient Sensor Deployment Scheme for Wireless Sensor Networks Using Ant Colony Optimization Algorithm. Wireless Personal Communications,, 2015. 82(4): p. 2135-2153. S. Bhattacharya, H.K., S. Prabh, & T. Abdelzaher, Energy-conserving data placement and asynchronous multicast in wireless sensor networks. In Proceedings of the 1st international conference on Mobile systems, applications and services, ACM, 2003: p. 173-185. K. Kar, S.B., Node placement for connected coverage in sensor networks. In: Proceedings of the Workshop on Modeling and Optimization in Mobile, Ad Hoc and Wireless Networks (WiOpt'03), Sophia Antipolis, France, 2003. Chhetri, M.B.a.S., A Survey on the Coverage of WSNs. International Journal of Advanced Research in Computer Science and Software Engineering, 2013. 3(3). Y. Weng, W.X., and L. Xie, Total least squares method for robust source localization in sensor networks using TDOA measurements. International Journal of Distributed Sensor Networks, 2011. 8. Xie, X.Q.a.L., Source localization by TDOA with random sensor position errors—part I: static sensors. in Proceedings of the 15th International Conference on Information Fusion, 2012: p. 48–53. Ho, K.C., Bias reduction for an explicit solution of source localization using TDOA. IEEE Transactions on Signal Processing, 2012. 60(5): p. 2101–2114. Long Cheng, C.W., Yunzhou Zhang, Hao Wu, Mengxin Li and Carsten Maple, Review Article A Survey of Localization in Wireless Sensor Network. International Journal of Distributed Sensor Networks, Hindawi Publishing Corporation, 2012. 12. Abduvaliyev, A., Al-Sakib Khan Pathan, Jianying Zhou, Rodrigo Roman, and Wai-Choong Wong, On the vital areas of intrusion detection systems in wireless sensor networks. IEEE Communications Surveys & Tutorials 2013. 15(3): p. 1223-1237.

262

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org AUTHORS PROFILE Muhammad Ayzed Mirza has received his BSCS degree from Govt. College University, Faisalabad in 2008 and MS degree in Computer Science (MSCS) from National Textile University, Faisalabad (NTU) in 2016. He is currently working as a Lecturer in Department of Computer Science, National Textile University, Faisalabad, Pakistan. His research interest includes Wireless Networks, Cognitive Radio Networks, IoT, and logics. Dr. Muhammad Asif Habib has received his PhD. In computer science Johannes Kepler University Linz, Austria in 2012. He is an approved HEC-Pakistan supervisor and currently working as an Assistant Professor in Department of Computer Science, National Textile University, Faisalabad, Pakistan. His research interest includes Computer Networks (Information Network Security (Access Control/Authorization), Cloud Computing Security. Muhammad has received his MIT degree from The Superior College Lahore in 2010 and MS degree in Information Technology (MSIT) from National University of Sciences and Technology (NUST) in 2016. He is working as a Lecturer in Department of Computer Science, National Textile University, Faisalabad, Pakistan. His research interest includes Wireless Sensor Networks, IoT, and Wireless Body Area Networks.

263


An improved lightweight privacy preserving authentication scheme for SIP-based-VOIP using smart card 1

Saeed Ullah Jan, 2Fawad Qayum, 3Sohail Abbas, 4Ghulam Murtaza Khan, 5Ajab Khan, 6Siffat Ullah Khan 1,2,3,5,6 Department of Computer Science & IT, University of Malakand, Khyber Pakhtunkhwa, Pakistan 4 Department of Computer Science Shaheed Benazir Bhutto University Sheringal, Khyber Pakhtunkhwa, Pakistan Email: [email protected], [email protected], [email protected], 4 [email protected], [email protected], [email protected]

ABSTRACT Secure information sharing has become very popular in immigration, military applications, healthcare, education and foreign affairs for the past few years. The security and privacy of such type of information cannot easily be compromised because the secure communication utilizes both wireless and wired communication media for exchanging sensitive information. Voice over IP (VoIP) offers many unique capabilities to its users. An important robust dynamism behind the use of IP telephony is cost savings, especially for businesses with large data networks. By transporting voice traffic over IP-based networks, businesses can decrease or abolish the toll charges related to carrying calls over the Public Switched Telephone Network (PSTN). Session Initiation Protocol (SIP) promises simple and efficient management of multimedia sessions amongst several users. To improve the security, integrity, authenticity and privacy issues while sharing sensitive information, numerous authentication schemes or set-ofrules have been recommended by different researchers in recent times. These authentication schemes are vulnerable to prospective security flaws e.g. replay attack, masquerading, insider attack, impersonation, password guessing, server spoofing, Denning Sacco and denial-of-service (DoS). Further, these schemes also fail to deliver mutual authentication. Almost, no researcher claims with conviction about a foolproof secure authentication scheme. This research mainly focuses on designing VoIP system based on SIP scheme that caters all the weaknesses in these schemes having low computation costs and low communication complexity and low storage overhead and shows a significant balance between performance and security. The proposed protocol also offers mutual authentication and reliable information delivery between user and server. A provable formal security analysis for the scheme will also be established mathematically, using BAN logic of authentication. Keywords: biohashing; transmission latency; π-calculus; public-key-infrastructure; discrete-logarithmicfunction; big numeral-factorization-complication; 1. INTRODUCTION In network communication (Internet), a major issue is the exchange of information confirmation of indigenous and foreigner consumer in the insecure distributed environment. Categorically, authentic users have extra control over the attackers. An authentic user retains information in the internal system that is not accessible to the attacker. Therefore, several remote user authentication schemes are proposed for the exchange information. These protocols claimed that they are more powerful against different attacks, but these schemes still pose weakness [1-3]. Furthermore, application programs are also developed in this regard to monitors task scheduling fragment of each part, authenticate the user recorded data and post a message to the remote server platforms for communication. The user interfaces part of that application program specially designed for end users to operate, understand and mainly communicate with a remote server for different activities like posting text, audio, video, graphics and animated data. Afterward, the server gets demands from clients, accomplishes record repossession, renews and regulates data integrity and finally posts replies to the clients. The server works like a software powerhouse that controls software, provides database facilities, controls printing devices, monitor communication line and enhance the performance of the high powered processor (CPU). The key aim of the server is to complete the back-end responsibilities that are mutual to related applications and users. Network Operating System installed in the server facilitates service areas, such as direction-finding, delivery, messaging, communication supervision services, and guidelines for different tasks [4]. Subsequently, the somatic link is identified and transfer control protocol (TCP) is carefully chosen for mutual authentication between the server and the client. Therefore, a strong authentication protocol becomes mandatory for distributed computation prior to the client gets the benefit of the network facilities. So that to provide a straightforward application for usage, neither in isolation nor a monolithic system and must not be a complicated and must support the latest technology – a centralized control model [4].

264

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org The authentication protocols presented so for, to preserve the security of the exchanged information, are classified as: 1) user has a secure PIN code for authenticity called one factor authentication protocol [5] in which the encryption and decryption of PIN code are done by some complex cryptographic algorithms; 2) smart card is used as a second factor together with the PIN code for the authentication of exchanging information called two factor authentication protocol [6]; 3) biometrics in addition to PIN code and smart card used to ensure the communication among the users called three factors authentication protocol [7] that is more secure as of 1) and 2) above. 1.1 Voice-over internet protocol In past few years, the popularity of voice-over internet protocol (VoIP) facilities has increased because numerous Web and VoIP applications depend on huge and extremely distributed infrastructures to process requests from millions of users in an appropriate manner. Due to their excessive requests, these large-scale internet applications frequently compromise security for other purposes such as performance, scalability, and availability [9]. As a result of these applications characteristically prefer weaker but well-organized security mechanisms in their foundations. Voice-over-IP (VoIP) method has spread in the markets due to low cost and more flexible implementation as compared to Public Switched Telephone Network (PSTN) [10]. 1.2 Session initiation protocol In last few years, many well-organized, extensible and riskless signalized schemes have been suggested to improve the applications usefulness and fast progression of Voice-over-IP. Among these signalized protocols, the Session Initiation Protocol (SIP) is commonly used because of its flexibility and significantly accessible designs and lightweight features. Session Initiation Protocol (SIP) is a presentation and application layers protocol which initiates, modifies and terminates IP-based multimedia intervals. Implementing SIP for secure communications has been a subject of study for the past few years and several proposals are available in the research domain [8]. However, security aspects are not addressed in most of these proposals because SIP is exposed to several threats and faces security issues at these layers like registration hijacking, impersonating a server, message tampering, session tear down, Denial of Service (DoS) and session-key agreement protocol. However, designing a good authentic key-agreement scheme for Session Initiation Protocol (SIP) is still a challenging task from the performance and security perspectives. Both the performance and security features are the critical factors stimulating SIP applications and these also always appear contradictory. The authentication scheme can secure against different attacks and transport many characteristics to achieve the security needs of IP “Internet Protocol” based communications. Alternatively, the algorithm inserted in authentication portion of IP must not contain complex or heavy computations in clients and SIP servers because VoIP network communications are more delicate to transmission latency [9]. 1.3 Smart card In recent years, the smart-cards have acquired an increasing acceptance as an authoritative contrivance for security, authenticity, authorization, identification, and validation. The term smart-card generally alludes to a flexible card having memory-chip, a microchip, and a complex instruction cycle processing mechanism which is not only capable of storing data but also does the process, computer, manage and perform high cryptographic algorithmic operations. Moreover, smart cards associated communications typically engage five entities namely company, software installer, card issuer, card-holder/data-owner and terminal. Typically, the uses of smart-card are health-care, employee ID, calling cards, ATM cards, government Identification (ID) Cards, SIM cards for telecommunication, transportation services control cards, electronic passports for immigration and foreign travel, voting system in advanced countries, campus cards, satellite TV cards and information security [11]. 1.4 Biometrics Biometrics is a term used for body measurements and a calculation which also refers to metrics those are relevant to human characteristics. In computer science, biometrics is used as a form of identification, authorization, and observations. The benefits of biometric verification are presented to basic cryptographic key supervisory systems for the purpose to enhance security and performance [12-13]. The paper is organized such as the part-2 gives some popular existing authentication schemes, part-3 gives detail about the proposed solution and part-4 gives the detail about the research methodology such as the robustness and security analysis of the authentication protocol by using BAN logic and an automated software toolkit ProVerif0.92. Finally, the performance of the scheme is compared with some recent popular authentication schemes, their computation cost, their communication cost and storage overhead.

265

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org 2. LITERATURE REVIEW Since the first authentication scheme was presented by Lamport in 1981 [1] using a simple PIN code or a simple password for remote user authentication, later on, considerable attention has been focused on this important research area. So far Liao et al.’s [2] presented dynamic ID-based remote user authentication scheme using lightweight cryptography functions such as bit-wise X-OR operation and a single-way digital hash function to deliver mutual authentication and session key arrangement. In addition, Liao et al.’s [2] protocol are based on 2-factor and the idea of 'nonce' which guaranteed computation effectiveness and individual anonymity. Hsiang et al.’s [3] proved that Liao et al.’s protocol is defenseless and shows inconsistency of impersonation, insider and server spoofing attacks and might not deliver mutual authentication. Then they presented a medication which is designed to restore the security weaknesses and succeeded a similar level of computation effectiveness by applying a single-way digital hash function and XOR-operation in it. Next, Sood et al.’s [4] used a two-server model design in which different points of confidence are allocated to the main services provider computer and the client’s authentic information is spread among a couple of servers called the services supplier and controller server. However, the flaws of the researchers [5-10] were demonstrated by researchers [11-13] correspondingly exposed to impersonation, replay, stolen smart card and leak of verifier attacks could not be delivered. Later, Lee et al.’s [5] demonstrated a single-sign-in-based authentication scheme for shared networks. The idea of single-sign-in can permit legitimate users to use a unary symbol to access distributed service providers. The client-server architecture is assumed in the Lee scheme and heavyweight exponential computation is implemented to convey the tough security density of their protocol. Based on Lee et al.’s scheme, the security parameters and their protocol appeared prima facie to be properly robust. However, the researchers in [6-8] found two flaws in Lee scheme such as user impersonation and credential recovery attacks. Another scheme was presented by Juang et al.’s [14] based on Elliptic Curve Cryptography (ECC) and symmetric cryptographic functions using a smart card for remote user authentication. They claimed that their protocol might gain identity protection, session key agreement, conflict to low communication, computation cost and insider attack. But, all these announcements couldn’t be completed by the researcher [8, 11]. Tsai et al.’s [8] suggest that Li et al.’s [11] protocol is weaker to de-synchronization attack. The personal sensitive data about a user “update mechanism” in Li protocol is not properly addressed and has also no effective registration database. So, Tsai et al.’s [8] validated an anonymous authentication protocol that doesn’t need a registration record to preserve privacy for its clients and also creates the protocol for an appropriate distributed system. Wang et al.’s [14] offered a remarkable learning to examine the confidence among smart cards and terminal; that is, whenever an attacker gets a lost smart card, the chance of user's information being compromised. Based on Common Adversary Model (CAM) containing three types of attackers and four important points are presented as: (a) a private key based schemes are secure against the type I and II (updating useful information and masquerading) attackers but not against a type III (Spoofing and password guessing) attacker, (b) a public key schemes are secure against type I, II and III attackers, (c) a public key Rivest–Shamir–Adleman (RSA) schemes are secure against type I and II attackers, but not against the type III attacker and (d) a public key based RSAbased (Rivest–Shamir–Adleman) schemes are secure against type I, II and III attackers. Then, Wang found that the scheme has many practical drawbacks and the protocol is defenseless in the type III attacker. Moreover, Wang et al.’s [15-16] also examined many password-based authentication schemes and offered 12 estimation principles for it. Wang et al.’s [17-18] also presented the security of two authentication protocols of Leu et al.’s [19] and found that their scheme is defenseless to offline and online dictionary attacks. Further, he proposed a comparative study of “two-factor authentication schemes using smart cards” and “common-memory device-based two-factor schemes” under two self-defined adversary models. Huan et al.’s [20] acknowledged two detailed security setups for password-based authentication using a smart card in the distributed environment: (1) attackers having similar data recorded in smart card and (2) attackers having different data recorded in the smart card. Then two medications were presented for the employment of two authentication schemes which are difficult and consistent counter-measures problem. In another scheme, Wang et al.’s [18] examined the probability of designing an anonymous two-factor authentication scheme with the concept of “Madhusudhan Mittal’ Evaluation Set. They presented the characteristics of local user password change and resistance to smart card loss attack which are tough to realize simultaneously. Later, Wang et al.’s [17] investigated the weaknesses between system efficiency and user anonymity and examined significant results of Public Key Infrastructure (PKI) technique and strong user anonymity. Moreover, Wang et al.’s confirmed that a password-based user authentication scheme of Li et al.’s

266

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org [11] doesn't resist Denial-of-Service (DoS) and offline password guessing attacks and therefore failed to provide strong user anonymity as well as forward secrecy. 3. PROPOSED SOLUTION The existing authentication schemes based on symmetric key primitives have many weaknesses. In this paper, all the existing weaknesses have been catered. The enhanced scheme consists of biometric characteristics and smart card – that has the capability to check the uniqueness of the biometric data because a pre-defined template will be stored before purchasing a smart card. Due to using the BioHashing technique if the smart card is stolen or misplaced, no one can extract the Biometrics from it [38]. When the user desires to get a smart card, the buyer asks for iris scan to generate seller Biometric characteristics; the computations between user Biometrics and other necessary parameters will be as: HB=H(BTia) and HB/=H(BTia*) Where BTia represents Biometric Template and BTia* represents newly extracted biometrics. Mainly three entities are used such as password, biometrics, and smart card and are divided into three phases: registration, login and authentication and password change phase. Each of which is briefly described under the following headings. Symbols and their description User’s A User’s A Identity User’s A Biometrics Matching Algorithm Private key of Sia Shared Session Key X-OR symbol

Uia IDia BTia Δ S sk ⨁

Sia PWia BTia* h(.) HB || t Notations Used

Server’s A User’s A Password User’s A input Biometric Secure Hash Algorithm BioHashing Concatenation function Timestamp

3.1 Registration phase of the proposed scheme When an authentic user Uia desires to register into a remote server Sia, the following computation with the server will be performed in this phase. R1:

Uia ⇒ Sia :( HB, IDia, N)

The user Uia selects his/her identity (IDia), password (PWia) and confirms an iris scan as biometrics to generate biometric template BTia. The BioHashing technique HB is applied to keep it secret HB=H (BT ia), At the same time chooses an integer number of high entropy ‘q’ and one-way hash function ‘h (.)’ that is {0, 1}*→ {0, 1}k, M=HB⨁q, N=PWia⨁IDia⨁M and O=h(M ⨁PWia⨁IDia)⨁q and conveys {HB, N, IDia} parameters to the remote server over a secure channel (⇒). R2:

Sia→ Uia :( A, F)

The remote server chooses a secret key ‘S’ and encrypts the IDia that is A=ES(IDia||t0). Also encrypt IDia along with the bitwise XOR of the server secret key ‘S’ such as B=E S(IDi⨁S), here using N to encrypt B which is F=EN(B) and submit {A, F} to the memory of a smart card for future usage. R3: After applying a one-way hash function to the parameter N such as P=h(N), the pre-stored values {O, N} and received parameters from the server {A, F}: the memory of smart card finally consists of {O, P, A, F} parameters. Legal User Choose IDia, PWia, q, h(.) Produce Iris Scan for Biometrics that is BTia HB=H(BTia) And calculates M=HB⨁q N=PWia⨁IDia⨁M O=h(PWia⨁IDia⨁M)⨁q {HB, N, IDia}

SIP Server

Selects key S And calculates A=ES(IDia||t0) B=ES(IDia⨁S) F=EN(B)

267

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org {A, F} P=h(N) Finally store {A, F, O and P} into Smart Card Phase – 1: Registration Phase 3.2 Login and authentication phase In this phase, the following computations are performed that as: LA1: The legal user (Uia) inserts his/her smart card into the machine, input IDia, PWia, and Iris scan to produce Biometrics BTia*. BioHashing technique is applied to secure the biometrics HB /=H(BTia*). The smart card generates a random number of high entropy ‘q’ from the stored values in ‘O’. The Uia then computes N/=PWia⨁IDia⨁HB/⨁q to confirm the calculation P?=h(N/), if becomes matched on both entities (smart card and biometric) decrypts F using N/ i.e. B=DN/(F) and if doesn’t matche computation ended and the processes terminated. Meanwhile, timestamp t1 is extracted from the machine and concatenated with the other parameters like R1=h(B||IDia||t1) and R2=EB(P||IDia||R1||t1). Finally, the terminal submits (A, R1, R2, t1) called “MESSAGE1” towards the server through a public channel (→). User Server Introduce smart card and enter IDia and PWia, and choose p Iris scan to obtain BTia* Extract q from O Calculate HB/ = H(BTia*) Compute N/ = PWia⨁IDia⨁HB/⨁q Check P ?=h(N/) B = DN’(F) Calculate R1 = h(B||IDia||t0) and R2 = EB(P||IDia||R1|| t1) MESSAGE1 {A, R1, R2, t1} Comparing (t1/ - t1) against Δt Decrypt A for IDia and check in the Identity table IDia||ts0 = DS(A) Calculate B= Es(IDia⨁S) Check R1 ?= h(B||IDia||t1) Decrypt R2 by using B and select n (P||IDia||R1||t1)=DB(R2) Calculate sk = h(p⨁n) R3 = EB(n||sk||ts1) An = Es(IDia||ts1) MESSAGE2 {R3, An, ts1} Comparing (t2/ - ts1) against Δt Decrypt R3 by using B i.e. n||sk/ = DB(R3) and compute sk/ = h(p⨁n) Check sk/ ?= sk if true keep sk as shared secrete key Phase – 2: Login and Authentication Phases LA2: The server deducts the received time from the current and compares it with the predefined threshold time of the server, also decrypts the user identity using secret key ‘S’ and verifying ID ia in its database table, if doesn’t exist the processing terminated otherwise calculates B=E S(IDia⨁S) and checks R1?=h(B||IDia||t1), if found equal, the processes of decryption is proceeded in R2 using ‘B’ and selects a shared session key sk=h(p⨁n) and compute R3=EB(n||sk||ts1) and An=ES(IDia||ts1). At the end the SIP server transmit parameters (R3, An, ts1) called “MESSAGE2” towards the user Uia over a public channel. LA3: After receiving the MESSAGE2 message, Uia checks the received time from the server time with the terminal time t2 and matches with the pre-defined threshold time in the user smart card, for the purpose of knowing that whether the value is received from the server is within the limit of threshold timing or not. If it is not, shall be considered as wrong and the computation session be terminated suddenly and “Access is Denied” message be shown on the screen of the terminal. Otherwise, the user Uia decrypts R3 using B and put a session key sk/=h(p⨁n) and checks that sk/?=sk if found true, the user keeps sk is a shared session key and starts communication with the server securely and anonymously.

268

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org 3.3 Password change phase In this phase of the proposed scheme, the legitimate user (Uia) can change his/her password easily and securely. Also, the user (Uia) doesn’t need to interact with the server, all the processes are completed between the terminal and smart card. The following steps are performed in this phase: User Provide IDia, PWia and biometric BTia* HB=H(BTia*) {IDia, PWia, HB}

Smart Card

Abstract q from O and q=O⨁h(PWia⨁IDia⨁HB/) Calculate HB/ = BTia*⨁q and compare Δ (HB, HB/) If similarity were found between the values {Request for a new Password} Input another password PWia* {PWia*}

Calculate O*=h(PWia*⨁IDia)⨁q F*=ES⨁PWia⨁HB⨁IDia(PWia*⨁HB⨁IDia) Update (O, F) with (O*, F*) Phase – 3: Password Change Phase PC1: If the owner of a smart card desires to change his/her password at any time and at any stage, he/she first inserts his/her smart card into the terminal and makes an iris scan to generate a biometric template BTia*, provides IDia and password PWia. The smart card memory has these parameters {IDia, PWia, BTia*} in its memory are transmitted to the terminal. It has the following computations: PC2: The smart card CPU and EEPROM generates a random number of high entropy say ‘q’ from its stored values O⨁h(PWia⨁IDia⨁HB/), calculates HB/=BTia*⨁q and associates with the stored template BT ia, that is HB=BTia⨁q. If equal by using matching algorithm ∆(HB, HB /) the smart card conveys a message {demand for new password} to the user, and if the value doesn’t match in the matching algorithm the process is definitely terminated. PC3: After getting {request a new password} message from the smart card, user inputs the new values PWia* and directs to the smart card. PC4: The smart card calculates O*=h(IDia⨁PWia*)⨁q and F*=ES⨁HB⨁IDia⨁PWia(HB⨁IDia⨁PWia*) separately, the value at the smart card {O, F} change with {O*, F*}, and new password overlap over the old. 4. SECURITY ANALYSIS To scrutinize the information of protocol’s participants and adversaries thoughtful ideas of cryptographic functions have to be needed. For this purpose, upon receiving a message by the participants, these questions must be given values: i. ii. iii. iv.

Does he/she know who sent it? Does he/she know that the message is fresh? Does he/she know that it is never just a repetition from the past message? Does network investigator know who is talking to whom?

These questions can be covered here both formally and informally in the security analysis part of the paper that is described under the following headings: 4.1 BAN – Logic A formal-method for expressing and investigating an authentication protocol was first recommended in the late 1980's by three popular mathematician names Burrows Abadi and Needham and is called BAN Logic [3132]. It is the first in a family of ep-onymous authentication logics – a logic of belief. The intended use of BAN is to analyze a protocol by deriving the security and authenticity of its authentic principles. When the protocol become executed as the BAN principles correctly executing a protocol or not and can come to produce a verifiable result. BAN has been highly successful in divulge protocol flaws. BAN needed ASSUMPTIONS and it is comparatively easy to use. BAN method used to prove that the above scheme accomplishes mutual authentication, resists all known attacks and realize preferred characteristics.

269

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org Table. 1 BAN definitions and their descriptions Protocol Steps 𝑃 ⟶ 𝑄: 𝑚𝑒𝑠𝑠𝑎𝑔𝑒 A⟶B: {A, Kab} Kbs

Description P sends message to Q B know Kbs and Kab another key to transfer with A. Tells B, recognizes key Kbs and Kab is another key to transfer with A. B sees the communication of A and b via Kab and Kbs is another key to transfer with A Confirmation is ok among A and B using K

K𝑎𝑏

𝐴 ⟶ 𝐵: {𝐴 ↔ 𝐵} 𝐾𝑏𝑠 K𝑎𝑏

𝐵 ⊲ {𝐴 ↔ 𝐵} 𝐾𝑏𝑠 𝐾

𝐴|≡𝐴↔𝐵,

𝐾

𝐾

𝐵|≡𝐴↔𝐵

𝐾

A believes B believes that A transfer data to B using K and vice versa. A believes communication to B over a public key K

𝐴 | ≡ 𝐵 | ≡ 𝐴 ↔ 𝐵, 𝐵 | ≡ 𝐴| ≡ 𝐴 ↔ 𝐵 𝐾

𝐴 | ≡→ 𝐵 𝑁𝑎 𝐴|≡𝐴 𝐵 ⇌

A and B might share some private secrets

The proposed scheme can be shown using BAN logic is summarized as follows: a. BAN goals for the proposed scheme Goal1: user |≡ Server↔

sk

user

Goal2: Server |≡ user |≡ Server↔ Goal3: user |≡ Server ↔

sk

sk

user

Goal4: user |≡ Server |≡ Server ↔

sk

user user

b. BAN idealized form for the proposed scheme Idealization is used in BAN logic to show the central information regarding the beliefs of the receiving party in each step of the protocol. In the proposed procedure idealized form is as follows: Msg1: user→ Server: A, R1, R2, t1: {A, IDia, R1, R2, t1}B Msg2: Server→ user: R3, An, ts1: {R3, An || ts1}B c. BAN assumptions for the proposed scheme i. ii.

A1: User |≡ ⧣ (t1) A2: Server |≡ ⧣ (p, n, ts1)

iii. A3: User |≡ Server ↔

B

iv. A4: Server |≡ Server ↔ v.

A5: User |≡ Server ↔

B

User User

sk = h(p⨁n) sk = h(p⨁n)

vi. A6: Server |≡ Server ↔ vii. A7: User |≡ Server ⇒ (R4, p) viii. A8: Server |≡ User ⇒ (t1)

User User

Next, take Msg1 and Msg3 as, A) Msg1: user→ Server: A, R1, R2, t1: {A, IDia, R1, R2, t1}B By applying seeing rule, B) S1: Server ⊲ A, R1, R2, t1: {A, IDia, R1, R2, t1}B According to S1, A3 and R1, C) S2: Server |≡ user~ (A, IDia, R1, R2, t1) According to A1, S2, R4, and R2 D) S3: Server |≡ user |≡ (A, IDia, R1, R2, t1); where t1 is the timestamp used by the user.

270

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org According to A7, S3, and Jurisdiction rule E) S4: Server |≡ (A, IDia, R1, R2, t1) According to A5, S4, and session key rule F) S5: Server |≡ user |≡ Server ↔ According to A7, S5, and R4 rule

sk = h(p⨁n)

sk = h(p⨁n)

G) S6: Server |≡ Server ↔ Taking the second idealized message as:

User

User

Achieved (Goal 2)

Achieved (Goal 1)

H) Msg2: Server→ user: R3, An, Ts1: { R3, An || ts1}B By applying seeing rule, I) S7: User ⊲ Server → user: R3, An, Ts1: { R3, An || ts1}B According to S7, A4 and R1, J) S8: user |≡ Server ~ (R3, An || ts1) According to A2, S8, R4, and R3 rules, K) S9: user |≡ Server|≡ (R3, An || ts1); Where, t2 is the timestamp produced by the server. so According to A6, S9, and R4 rule L) S10: user |≡ (R3, An || ts1) According to A4, S10, and session key rule sk = h(p⨁n)

M) S11: user |≡ Server |≡ Server ↔ According to A8, S11, and Jurisdiction rule N) S12: User |≡ Server ↔

sk = h(p⨁n)

User

Uia

Achieved (Goal 4)

Achieved (Goal 3)

4.2 ProVerif implementation It is a software package for automatically investigating the assurance of cryptographic protocols, capable of giving reach-ability materials and is very interactive for zero-knowledge verifications. It also shows us the messages acknowledgment, remarkable similarities, confidentiality, traceability and, verifiability. The verification of a protocol using ProVerif [25-26] is useful for computer security point of view. Whenever a property cannot be verified, this tool restructures and processes the weaknesses and robustness of the protocol. It is a language-based toolkit derived from PROLOG which uses π-calculus. The proposed scheme is formally proved using this toolkit; so that the work will best satisfy the mutual authentication and session key secrecy. This tool supports many cryptographic techniques like private key/public key encryption/decryption, hashing algorithm, Rivest–Shamir–Adleman (RSA) cryptosystem, Diffie-Hellman algorithm, Public-Key-Infrastructure techniques and digital signature. At the start, two different channels, a private channel ‘SCh’ is taken for the use of protected communication between user and server while public channel ‘PCh’ is used for unprotected communication between user and server. (*---------------- Channels ----------------*) free SCh:channel [private].

(*Secure Channel*)

free PCh:channel. (*---------------- Constants & Variables ----------------*) free IDia:bitstring. free PWia:bitstring [private].

271

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org free BTia:bitstring [private]. free S:bitstring [private]. (*---------------- Constructor ----------------*) fun H(bitstring):bitstring. fun h(bitstring):bitstring. fun XOR(bitstring,bitstring):bitstring. fun CONCAT(bitstring,bitstring):bitstring. fun E(bitstring,bitstring):bitstring. (*---------------- Destructors & Equations ----------------*) equation forall a:bitstring,b:bitstring; XOR(XOR(a,b),b)=a. reduc forall m:bitstring,key:bitstring; D(E(m,key),key)=m. (*----------------------- Events ----------------------------*) event beginUserUi(bitstring). event endUserUi(bitstring). event beginServerSIP(bitstring). event endServerSIP(bitstring). (*---------------------- Queries -----------------------------*) free SK:bitstring [private]. query attacker(SK). query id:bitstring; inj-event(endUserUi(id)) ==> injevent(beginUserUi(id)) . query id:bitstring; inj-event(endServerSIP(id)) ==> injevent(beginServerSIP(id)) . (*--------------------- User Ui ---------------------*) let UserUi= (*-------------------- Registration -----------------*) new q:bitstring; let HB = H(BTia) in let M = XOR(HB,q) in let N = XOR(PWia,(IDia,M)) in let O =XOR(h(XOR(PWia,(IDia,M))),q) in out(SCh,(HB, N , IDia)); in(SCh,(xA:bitstring, xF:bitstring)); let P =h(N) in

272

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org (*---------------- Login and Authentication ----------------*) event beginUserUi(IDia); new IDia':bitstring; new PWia':bitstring; new BTia':bitstring; let HB' = H(BTia') in let q' = XOR(O,h(XOR(PWia',(IDia',HB')))) in let N' = XOR(PWia',(IDia',HB',q')) in let P' =h(N') in if (P = P') then let (B:bitstring) = D(xF,N') in new T1:bitstring; let R1 = h(CONCAT(B,(IDia',T1))) in let R2 = E(CONCAT(P',(IDia',R1,T1)),B) in out(PCh,(xA, R1, R2, T1)); in(PCh,(xR3:bitstring, xAn:bitstring, xTs1:bitstring)); let (xn:bitstring,xSK:bitstring,xTs1:bitstring) = D(xR3,B) in let SK = h(XOR(P',xn)) in if(SK = xSK) then event endUserUi(IDia) else 0. (*--------------------- Server SIP ---------------------*) let ServerSIP= (*---- Registration ----*) in(SCh,(xHB:bitstring, xN:bitstring , xIDia:bitstring)); new ts0:bitstring; let A = E(CONCAT(IDia,ts0),S) in let B = E(XOR(IDia,S),S) in let F =E(B,xN) in out(SCh,(A, F)); (*---- Login and Authentication ----*) event beginServerSIP(S);

273

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org in(PCh,(xA:bitstring, xR1:bitstring, xR2:bitstring, xT1:bitstring)); let (xIDia:bitstring,xts0:bitstring) = D(A,S) in let B' = E(XOR(xIDia,S),S) in let R1' = h(CONCAT(B',(xIDia,xT1))) in if (xR1 = R1') then let (xP:bitstring,xIDia:bitstring,xR1:bitstring,xT1:bitstring)= D(xR2,B') in new n:bitstring; let SK = h(XOR(xP,n)) in new Ts1:bitstring; let R3 = E(CONCAT(n,(SK,Ts1)),B') in let An = E(CONCAT(xIDia,Ts1),S) in out(PCh,(R3, An, Ts1)); event endServerSIP(S) else 0. process ((!UserUi)

| (!ServerSIP) )

The above mentioned program has been executed on ProVerif 1.93. The following result has been displayed. -- Query inj-event(endServerSIP(id)) ==> inj-event(beginServerSIP(id)) Completing... Starting query inj-event(endServerSIP(id)) ==> inj-event(beginServerSIP(id)) RESULT inj-event(endServerSIP(id)) ==> inj-event(beginServerSIP(id)) is true. -- Query inj-event(endUserUi(id_624)) ==> inj-event(beginUserUi(id_624)) Completing... Starting query inj-event(endUserUi(id_624)) ==> inj-event(beginUserUi(id_624)) RESULT inj-event(endUserUi(id_624)) ==> inj-event(beginUserUi(id_624)) is true. -- Query not attacker(SK[]) Completing... Starting query not attacker(SK[]) RESULT not attacker(SK[]) is true. The above result shows that both the server and user evolvement beginning and ending successfully also confirms that the session key not exposed to an attacker. Therefore, the confidentiality is preserved. 5. PERFORMANCE AND COMPARATIVE ANALYSIS In this section the performance of the scheme in terms of attack resistance, functionality, storage-overhead, computation and communication cost is analyzed. As security is inversely proportional to cost and vice versa therefore, in the proposed scheme a delicate balance is shown between security and performance that is discussed one-by-one under the following headings: 5.1 Attack resistance and functionality analysis The attack resistance and functionality analysis of the proposed authentication scheme are compared with other authentication schemes namely Li et al.’s [40], Lue et al.’s [41], Zhang et al.’s [42], Wu et al.’s [43-44] and Kumari et al.’s [45] schemes.

274

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org The comparison results in Table 2 below determine that the proposed user authentication scheme provide resistance to all known attacks which in terms shows robustness, privacy-preserving authentication scheme. Table. 2 Performance analysis (comparison) Schemes Security Properties Resists Denning-Sacco-Attack Resists Stolen-Verifier Attack Resists Insider Attack Resists Password Disclosure Attack Resists Replay Attack Strong User Anonymity Rests Server Spoofing Attack Provides Mutual Authentication Provides Certified-Key Guarantee Resists Impersonation Attack

[40]

[41]

[42]

[43-44]

[45]

Proposed

Yes Yes Yes Yes No No Yes No Yes Yes

Yes Yes No Yes No No Yes Yes Yes No

Yes Yes Yes Yes No No Yes Yes Yes Yes

Yes Yes Yes Yes Yes No Yes Yes Yes Yes

Yes Yes Yes No Yes Yes No Yes Yes No

Yes Yes Yes Yes Yes Yes` Yes Yes Yes Yes

5.2 Computation cost analysis To scrutinize and evaluate the proposed scheme by comparing computational overhead in the eyes of complexity with six recent schemes e.g. Li et al. [40], Lue et al.’s [41], Zhang et al.’s [42], Wu et al.’s [43-44] and Kumari et al.’s [45] schemes, the proposed scheme is strong and efficient in terms of computational cost. Table 5 illustrates the comparison in terms of computation cost. Table. 5 Computational coast analysis of different schemes Different Schemes Phases Participan t User Registration Server Login and User Authenticatio n Server Password User Change Server Total (Only Login and Authentication phases are considered)

[40]

[41]

[42]

[43]

[44]

[45]

Propose d

1t⨁+1th 1t⨁+5th 4t⨁+9th

1t⨁+1th 7t⨁+5th 6t⨁+13th

5t⨁+1th 2t⨁+0 13t⨁+2t

3t⨁+1th 3t⨁+3th 9t⨁+7th

1t⨁+1th 2t⨁+3th 3t⨁+7th

2t⨁+1th 3t⨁+3th 10t⨁+6th

6t⨁+3th 1t⨁+0 8t⨁+5th

4t⨁+9th 6t⨁+7th 1 t⨁+3th

7t⨁+19th 4t⨁+3th 2t⨁+2th

9t⨁+3th 7t⨁+1th 0

4t⨁+8th 4t⨁+5th 3t⨁+1th

2t⨁+5th 4t⨁+5th 3t⨁+1th

3t⨁+5th 7t⨁+4th 0+2th

2t⨁+2th 8t⨁+3th 0

8t⨁+18t

13t⨁+32t

22t⨁+5t

13t⨁+15t

5t⨁+12t

13t⨁+11t

h

h

h

h

h

h

h

10t⨁+7th

Here th represents time efficiency of hash-function and t⨁ represents the time efficiency of exclusive-OR operation, then the mentioned table clearly shows the difference among these schemes. Furthermore, the performance analysis of scheme [42] above has reduced the computational cost of one-way hash function time th which is considered to be good but its XOR bitwise operation time is much higher than that of the proposed scheme. Also, if any function (either hash or XOR) takes less time for completion it must be higher clock frequency for stored operation. In this way, the computational complexity of the proposed scheme is much better than among all. Therefore, the proposed scheme shows good performance. 5.3 Storage overhead analysis This is actually the number of parameters stored in the memory of the smart card. The memory of smart card consists of A, F, O, P parameters and “p, q, S, m, n” symmetric key values. Assume that the Symmetric Cryptographic Functions (SHA-1) used in the proposed scheme which can occupy 160 bits key length and the number of parameters in the smart card at registration phase is just 4, so 4 x 160 = 640 bits which are the actual storage cost analysis as shown in Table – 3 below:

275

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org Table. 3 Storage overhead analysis Parameters The Parameters of Smart Card {A, F, O, P} Total

Storage Overhead (in bits) (160+160+160+160) 640

5.4 Communication overhead / cost analysis Power consumption is an attractive topic for research in wireless communication due to either computational overhead or communication determination that can be seen from different angles like its parameters, links, wait time, cryptographic-functions and many more. In fact, the communication cost is higher than computation cost in terms of power consumption. The communication cost is a cycle for the successful communication of messages exchanged between the user and server. When a legitimate user login into a remote server, it is easy to imagine that the proposed scheme is somewhere same as Li et al.’s [40], Lue et al.’s [41], Zhang et al.’s [42], Wu et al.’s [43-44] and Kumari et al.’s [45] schemes while somewhere stronger user login and authentication phase. Let suppose the length of each parameter in the proposed scheme is 160 bits because of using SHA – 1, the one-way hash function values are 256 bits and the operation performing by XOR value always yields zero which can be neglected, therefore, the proposed scheme is relatively small compared to Li et al. [40], Lue et al.’s [41], Zhang et al.’s [42], Wu et al.’s [43-44] and Kumari et al.’s [45] schemes, because in communication cost when using SHA-1 of key size is 160 bit which is for the proposed scheme is the number of transmitting and receiving bits of each entity. Uia transmits 4 x 160 = 640 bits and receives 3 x 160 = 480 bits; the total communication cost at Uia is 1120 bits. Similarly, the server receives 4 x 160 = 640 bits and transmits 3 x 160 = 480 bits, the total communication cost at server side is also 1120 bits; the total communicational cost of the scheme is 2240 bits, as shown in Table 4 below: Table. 4 Communication cost analysis Transmitting/Receiving bits

Messages

Uia:

640+480

1120

1

Sia:

480+640

1120

1

Total:

2240 bits

2

6. CONCLUSION AND FUTURE WORK Internet systems such as VoIP and Web applications are growing rapidly in size and complexity to support a large number of users. Mobile platforms such as smartphones and Internet of Things (IoT) are becoming the main medium to access the Internet content. Users will be generating more requests to Internet applications. The entire request load generated by applications needs to be properly handled. The result of which threat level against Internet application is increased and the powerful attackers struggle to compromise these systems. Therefore, more robust security mechanisms are needed. The already designed and implemented practical authentication protocols which guarantee for security which also satisfy the performance and scalability constraints of largescale VoIP and Web applications than currently deployed protocols based on symmetric cryptographic algorithms. A biometric cryptosystem was also offered in the aforementioned protocol which is a sign of robustness. To extend this three-factor security authentication scheme, one can also use Elliptic Curve Cryptography (ECC), Public Key Infrastructure (PKI) and Discrete Logarithmic Function (DLF) methodologies or else can use big numeral factorization complication. It is mandatory for every researcher to identify the knowledge or experiences that are required for finding out attack(s) on a protocol. ACKNOWLEDGEMENT Special thanks to Faculty of Basic & Applied Sciences International Islamic University Islamabad, Pakistan for providing resources to carry out this research. Moreover, special thanks to Dr. Shahzad Ashraf Chaudhry for his kind support in completion of this research.

276

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org REFERENCES 1. 2.

3. 4. 5. 6. 7. 8. 9.

10.

11.

12. 13.

14. 15.

16. 17. 18. 19. 20.

21. 22.

23.

Lamport, L., Password Authentication with Insecure Communication, ACM Communications, 1981. 24(11):p.770-772. Laio Xiong., Jianwei Niu., Saru Kumari., SK Hafizul Islam., Fan Wu., Muhammad Khurram Khan., and Ashok Kumar Das., A novel chaotic maps-based user authentication and key agreement protocol for multi-server environments with provable security, Wireless Personal Communications, 2016. p.1-29. Hsiang, C. and Shih, W.K., Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment, Computer Standards & Interfaces, 2009. 31(6):p.1118-1123. Sood, S. K., Sarje, A. K., Singh, K., A secure dynamic identity based authentication protocol for multiserver architecture, Journal of Network and Computer Applications, 2011. 34(2):p.609-618. Chang, C.C., Lee, C.Y., A secure single sign-on mechanism for distributed computer networks, IEEE Trans. on Industrial Electronics, 2012. 59(1):p.629-637. G.Yang., D. S. Wong., H. Wang, X. Deng., Two-factor mutual authentication based on smart cards and passwords, Journal of Computer and System Sciences, 2008. vol 74:p.1160-1172. Tsai, J.L., Lo, N.W., Wu, T.C., Novel anonymous authentication scheme using smart cards, IEEE Trans. On Industrial Informatics, 2013. 9(4):p.2004-2013. Yeh, Hsiu-Lien., Tien-Ho Chen., and Wei-Kuan Shih., Robust smart card secured authentication scheme on SIP using elliptic curve cryptography. Computer Standards & Interfaces 36, no. 2, 2014. p.397-402. Zhang Liping., Shanyu Tang and Shaohui Zhu., An energy efficient authenticated key agreement protocol for SIP-based green VoIP networks. Journal of Network and Computer Applications 59, 2016. p.126133. Zhang Liping., Shanyu Tang., and Shaohui Zhu., A lightweight privacy preserving authenticated key agreement protocol for SIP-based VoIP. Peer-to-Peer Networking and Applications 9, no. 1, 2016. p.108-126. Lue, X., Qiu, W., Zheng, D., Chen, K., Li, J., Anonymity enhancement on robust and efficient password authenticated key agreement using smart cards, IEEE Trans. on Industrial Electronics, 2010. 57(2):p.793-800. Juang, W.S., Chen, S.T., Liaw, H.T., Robust and efficient password-authenticated key agreement using smart cards, IEEE Trans. Industrial Electronics, 2008. 55(6):p.2551-2556. Wang, D., Ma, C., Cryptanalysis and security enhancement of a remote user authentication scheme using smart cards, The Journal of China Universities of Posts and Telecommunications, 2012. 19(5):p.104114. Wang, D., Ma, C., Wang, P., Chen, Z., iPass: Privacy preserving two-factor authentication scheme against smart card loss problem, Journal of Computer and System Sciences (In press), 2012. p.1-14. Wang, D., Ma, C., Wang, P., Secure password-based remote user authentication scheme with nontamper resistant smart cards, 26th Ann. IFIP Conf. on Data and Applications Security and Privacy, 2012. p.114-121. Wang, D., Wang, P., Offline dictionary attack on password authentication schemes using smart cards, 16th Information Security Conference, 2013. pp.1-14. Wang, Y., Password protected smart card and memory stick authentication against off-Line dictionary attacks, 27th IFIP TC 11 Information Security and Privacy Conference, 2012. p.489-500. Wang, D., Wang, P., On the anonymity of two-factor authentication schemes for wireless sensor networks: attacks, principle and solutions, Computer Networks, 2014. 73:41-57. Hsieh, W., Leu, J., Exploiting hash functions to intensify the remote user authentication scheme, Computers & Security, 31(6), 2012. p.791-798. Huan, X., Chen, X., Li, J., Xiang, Y., Xu, L., Further observations on smart-card-based password authenticated key agreement in distributed systems, IEEE Trans. on Parallel and Distributed Systems, 25(7), 2013. p.1767-1775. Eric Bach., Discrete logrithms and factoring. Techinical Report UCB/CSD84/186, Computer Science Division (EECS), University of California, Berkeley, June, 1984. Arshad Hamed and Morteza Nikooghadam., An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC. Multimedia Tools and Applications 75, no. 1, 2016.:p.181-197. Sun, D.Z., Huai, J.P., Sun, J.Z., Zhang, J.W., Feng, Z.Y., Improvements of Juang et al.’s password authenticated key agreement scheme using smart cards, IEEE Trans. on Industrial Electronics, 2009. 56(6):p.2284-2291.

277


26.

27.

28. 29. 30.

31. 32.

33.

34. 35. 36.

37.

38. 39.

40.

41. 42.

43.

44.

45.

Li, C.T., Lee, C.C., Liu, C.J., Lee, C.W., A robust remote user authentication scheme against smart card security breach, 25th Annual IFIP WG 11.3 Conference, 2011. p.231-238. Blanche, Bruno., Ben Smyth and Vincent Cheval, ProVerif 1.90: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial. URL: http://prosecco. gforge. inria. fr/personal/bblanche/proverif/manual. pdf, 2015. Blanchet Bruno., Ben Smyth and Vincent Cheval., ProVerif 1.88: automatic cryptographic protocol verifier, user manual and tutorial, INRIA Paris-Rocquencourt, LSV, ENS Cachan & CNRS & INRIA Saclay II le-de-France, Paris, Franc, 2013. Muir Paul., Shantao Li., Shaoke Lou., Daifeng Wang., Daniel J. Spakowicz., Leonidas Salichos., Jing Zhang et al., The real cost of sequencing: scaling computation to keep pace with data generation. Genome biology 17, no. 1. 2016. Braverman Mark and David P. Woodruff., Guest Editorial for Information Complexity and Applications. Algorithmica 76, no. 3, 2016. p.595-596. Hakke Sachin R., and Manohar S. Chaudhari., Attribute based encryption of data stored in Clouds with Anonymous Authentication. International Journal 4, no. 3, 2016. Lu Yanrong., Lixiang Li., Haipeng Peng and Yixian Yang., A secure and efficient mutual authentication scheme for session initiation protocol. Peer-to-Peer Networking and Applications 9, no. 2, 2016. p.449459. Burrows M., Abadi M., Needham R., A logic of authentication, ACM Trans Comput Syst Vol. 08,p.108126. Mart´ın Abadi and Andrew D. Gordon., A calculus for cryptographic protocols: The pi calculus Information and Computation, January 1999. 148(1):1–70. An extended version appeared as Digital Equipment Corporation Systems Research Center report no. 149, January 1998. Benjamin C. Pierce and David N. Turner. Pict: A programming language based on the pi-calculus. In Gordon Plotkin, Colin Stirling, and Mads Tofte, editors, Proof, Language and Interaction: Essays in Honour of Robin Milner, Foundations of Computing. MIT Press, May 2000. Blanchet Bruno., Ben Smyth and Vincent Cheval. ProVerif 1.90: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial, 2015. Stallings, W., Cryptography and network security: principles and practices, 3th edition: Prentice Hall, 2003. Gong L., Needham R., Yahalom R., Reasoning about belief in cryptographic protocols, Proceedings of IEEE Computer Society Symp. Research in Security and Privacy, Oakland, CA, 7–9 May, 1990. p.234– 248. Jin, Andrew Teoh Beng., David Ngo Chek Ling and Alwyn Goh. Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern recognition 37, no. 11, 2004. p.22452255. Eric Bach., Discrete logrithms and factoring. Techinical Report UCB/CSD84/186, Computer Science Division (EECS), University of California, Berkeley, June, 1984. Lee Cheng-Chi., Tsung-Hung Lin and Rui-Xiang Chang., A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications 38, no. 11m. 2011. p.13863-13870. Li, X., Xiong, Y., Ma, J., Wang, W., An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards, Journal of Network and Computer Applications, 2012. 35(2):p.763-769. Leu Jenq-Shiou and Wen-Bin Hsieh., Efficient and secure dynamic ID-based remote user authentication scheme for distributed systems using smart cards. Information Security, IET 8, no. 2, 2014. p.104-113. Zhang Liping., Shanyu Tang., and Shaohui Zhu., A lightweight privacy preserving authenticated key agreement protocol for SIP-based VoIP. Peer-to-Peer Networking and Applications 9, no. 1, 2016. p.108-126. Wu F., Xu L., Kumari S., Li X., A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client–server networks, 2015. Comput Electr Eng. doi:10.1016/ j.compeleceng. Wu Fan., Lili Xu., Saru Kumari., Xiong Li and Abdulhameed Alelaiwi. A new authenticated key agreement scheme based on smart cards providing user anonymity with formal proof. Security and Communication Networks 8, no. 18, 2015. p.3847-3863. Kumari Saru., Muhammad Khurram Khan and Xiong Li., An improved remote user authentication scheme with key agreement. Computers & Electrical Engineering, Vol. 40, no 6, 2014. pp 1997-2012.

278

AUTHORS PROFILE SAEED ULLAH JAN received the MPhil degree in network security from University of Malakand in 2016. He is working as a Lecturer in Computer Science at Higher Education, Achieves & Libraries Department Govt of Khyber Pakhtunkhwa – Pakistan. His research interests include Information Security, VoIP and SIP Authentication. Saeed Ullah Jan also working as BS – Coordinator at Govt College Wari (Dir Upper) and has started 09 BS Disciplines in the far-flung remote area of the province where most of the youngers have no access to Universities for higher education. Currently, he is PhD scholar in the Department of Computer Science & IT – University of Malakand. FAWAD QAYUM received PhD Degree from University of Leicester, U.K in 2012. He is working as In-charge Department of Software Engineering University of Malakand, Pakistan. His research Interests includes: Model-driven software evolution and re-engineering. QualityControlled Refactoring at Model Level Using Graphs and Search-Based Refactoring using Graph Transformation Systems. SOHAIL ABBAS received the PhD Degree from Liverpool John Moores University, Liverpool UK, in 2011. His research interest includes Cooperation Enforcement in Adhoc Networks, Reputation and Trust based schemes, detection of identity based Attacks, selfish or misbehavior node detection in routing and in MAC 802.11 protocols in static and mobile adhoc networks, as well as in Internet of Things (IoT) environments. GHULAM MURTAZA KHAN received the MS degree in Software Engineering from International Islamic University Islamabad in 2012. Currently he is working as Lecturer in Computer Science at Shaheed BB University Sheringal Pakistan. His research interest includes; Software Engineering, GSD, GSE, Agile computing, Green computing, Cloud computing and Mobile/Ubiquitous computing. Currently, he is PhD scholar in the Department of Computer Science & IT – University of Malakand. AJAB KHAN received the PhD Degree from University of Leicester, U.K in 2011. Currently he is working as In-charge Department of Computer Science & IT, University of Malakand. His research interest includes; Stochastic Simulation of P2P VoIP Network Reconfiguration Using Graph Transformation, Modeling Skype like VoIP protocol and graph transformation based modeling. SIFFAT ULLAH KHAN received the Ph.D. degree in computer science from Keele University, U.K. He is currently an Assistant Professor in the Department of Computer Science & IT, University of Malakand. He has authored over 110 articles, so far, in well reputed international conferences and journals. His research interest includes software outsourcing, empirical software engineering, agile software development, systematic literature review, and software metrics, cloud computing, requirements engineering, and green computing/IT.

279


Multi-classifier method based on voting technique for mammogram image classification 1

Mohamed Alhaj Alobeed, 2Ali Ahmed, 3Ashraf Osman Ibrahim 1

Information technology, Shendi University, Shendi, Sudan Faculty of computer science and Information Technology, Karary University, Khartoum North, 12305, Sudan 1, 3 Faculty of Computer Science and Information Technology, Alzaiem Alazhari University, Khartoum North 13311, Sudan 3 Faculty of Computer Science, Future University, Khartoum, Sudan Email: [email protected], [email protected], [email protected] 2

ABSTRACT Breast cancer is the disease most common malignancy affects female population and the number of affected people is the second most common leading cause of cancer deaths among all cancer types in the developing countries. Nowadays, there is no sure way to prevent breast cancer, because its cause is not yet fully known. But there are some ways that might lower risk such as early detection of breast cancer can play an important role in reducing the associated morbidity and mortality rates. The basic idea of this paper is to a propose classification method based on multiclassifier voting method that can aid the physician in a mammogram image classification. The study emphasis of five phases starting in collect images, pre-processing (image cropping of ROI), features extracting, classification and end with testing and evaluating. The experimental results show that the voting achieves accuracy of87.50 % which is a good classification result compared to individual ones. Keywords: mammograms; breast cancer; multi classifier voting; early detection; image classification; 1. INTRODUCTION Breast cancer affects women of all ages/ethnic groups. In spite of decades old breast cancer research regarding diagnosis and treatment, prevention continues to be the sole way to lower this disease’s human toll which currently affects 1 in 8 women in their lifetime [1]. In the United States in 2012, an estimated 227,000 women and 2,200 men are expected to be diagnosed with this cancer, and around 40,000 women are expected to succumb to it [2]. The term “breast cancer” includes more than one disease being an umbrella term for various cancer subtypes of the human breast. Breast cancer subtypes differ in clinical presentations, and show clear cut gene expression patterns in addition to having different genetic/molecular characteristics [3, 4]. Breast cancer subtypes have some shared and unique causes, and contributing factors influencing prevention approaches. Mammography cannot stop or decrease breast cancer but are supportive only in detecting the breast cancer at early stages to increase the survival rate [5]. Regular screening can be a successful strategy to identify the early symptoms of breast cancer in mammographic images [6]. Medical images classification is a form of data analysis that extracts models describing important data classes. Numerous methods have been created to classify masses into benign and malignant categories by using the multiclassifier method [7]. In [8], the researcher proposed a computer aided diagnosis to detect cancer automatically in mammograms without any help of radiologist or medical specialist. After that, enhancement has been performed so that cancer can be clearly visible and identifiable. Results show that proposed method has achieved 96.74% accuracy as well as 98.34% sensitivity. In [9], researchers compared the performance of an Artificial Neural Network, a Bayesian Network and a Hybrid Network used to predict breast cancer prognosis. The Hybrid Network combined both ANN and Bayesian Network. The Nine variables of SEER data which were clinically accepted were used as inputs for the networks. They achieved accuracy of (88.8%) using ANN and (87.2%) using Hybrid Network, both of the results outperformed the Bayesian Network result. Classification methods are becoming vast and constantly increasing [10]. The aim of this study is to evaluate the classification methods of medical images and the development of multiple mammography based on the method of voting (fusion). Voting is an assembly method used to combine decisions of multiple works.

280

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org In [11], researchers used a voting technique to choose which of the answers based on their functionality equivalent versions produce. More recent research presented in [12], concerned the identification of breast cancer patients for whom chemotherapy could prolong survival time and is treated here as a data mining problem. In this paper, we use techniques of voting, Voting is an aggregation technique used to combine decisions of multiple classifiers, normal and abnormal (either benign or malignant) mammograms. In its simplest form that based on plurality or majority voting, each individual classifier contributes a single vote. The aggregation prediction is decided by the majority of the votes, i.e. the class with the most votes is finally classified. The remainder of this paper is organized as follows: Section 2 introduces the materials and methods, voting algorithm and technique. The experiment is given in Section 3. Results and discussions are provided in Section 4. Finally, Section 5 concludes the study. 2. MATERIALS AND METHODS This study emphasizes on five phases starting with images collection, pre-processing, features extracting, individual classification and end with testing and evaluation followed by detail about each phase Figure 1 shows the five steps research method.

Figure. 1 Research phases 2.1 Mammogram images collection Dataset used in this study is downloaded from the MIAS (Mammographic Image Analysis) database website [13]. This dataset was recently used by many researchers. MIA’s dataset is used for experimentation purpose in this study which is a standard and publicly available dataset. The size of each mammogram is 1024 × 1024 pixels and 200 micron resolution. MIAS contains a total of 322 mammograms of both breasts (left and right) of 161 patients. 2.1.1 Image cropping based on ROI Next step is to extract Regions of Interest (ROI). ROI’s are defined as regions containing user defined objects of interest. Here we applied crop technique to the images; a cropping operation was employed in order to cut the interest parts of the image. Cropping removed the unwanted parts of the image usually peripheral to the regions of interest as shown in Figure 2.

281


Figure. 2 Full Mammogram with detected region of interest 2.1.2 Feature extraction The accurate classification and diagnostic rate mainly depends upon robust features, particularly while dealing with mammograms, after cropping the Region of Interest (ROI) from [x] position to [y] position and [radius] depend on the MIAS dataset. This stage applies the six functions (Mean, Standard Deviation, Skewness, Kurtosis, Contrast, Smoothness) to extract the feature values from each mammogram image. The following paragraphs give more details about the six functions used to extract features values. 2.1.3 Individual Classification The result of the previous three phases converts the data to numeric values. In this stage we apply five individual classifiers, namely SVM, Bayes Naïve and K-nearest Neighbours, Decision Tree and Artificial Neural Network. The process of classifying features into their respective classes, such as normal and abnormal or benign and malignant, is known as classification. In this paper we used the voting method on five classifiers (Decision Tree, NNA, BNC, KNN, SVM) to apply on medical image that is extracted from MIAS data set. In the next paragraphs, we review and present a brief overview of the five classifiers that are used in the classification stage of the mammogram images. a) Decision tree Decision tree induction is the learning of decision trees from class-labeled training tuples. A decision tree is a flowchart-like tree structure, where each internal node (non-leaf node) denotes a test on an attribute, each branch represents an outcome of the test, and each leaf node (or terminal node) holds a class label. The topmost node in a tree is the root node [14]. b) Support vector machine classifier Support vector machine (SVM) is a statistical learning theory to analyse data and to recognize patterns. It is a supervised learning method. SVM has some benefits like it can handle continuous and binary attributes, speed of classification and accuracy is good. But there are few drawbacks such as SVM take longer time for training dataset and do not handle discrete attributes [15]. c) K-nearest neighbours classifier Pattern classification the k-Nearest Neighbour (K-NN) is a non-parametric algorithm. The k-nearest-neighbour method was first described in the early 1950s. The method is labour intensive when given large training sets, and did not gain popularity until the 1960s when increased computing power became available. It has since been widely used in the area of pattern recognition, Nearest-neighbour classifiers are based on learning by analogy, that is, by comparing a given test tuple with training tuples that are similar to it [16]. d) Artificial neural network classification Artificial Neural Network (ANN) has emerged as an important tool for classification. Neural networks were introduced by McCollum and Pitts in 1943. The artificial neuron is a computer simulated model stimulated from the

282

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org natural neurons. The neuron is starting to work and send a signal through the axon once the signal extent to a certain threshold. This signal then transfers through to other neurons and may get to the control unit (the brain) for a proper action [17]. e) Bayes Naïve classifier Bayesian classifiers are statistical classifiers. They can predict class membership probabilities such as the probability that a given tuple belongs to a particular class. Bayesian classifiers have also exhibited high accuracy and speed when applied to large databases. Naive Bayesian classifiers assume that the effect of an attribute value on a given class is independent of the values of the other attributes [18]. f) Development of multi-classifier based on voting method In this phase, we proposed a multi-classifier based on the individual results obtained by each single classifier discussed above. The concept of our proposed approach depends on the voting method. Majority of the voting techniques are used to perform the final output of the given data. The voting technique presented by selecting the majority output from the experimental results of the five algorithms. The included Mammogram Image and transport data classification have five classes of output. The voting technique becomes difficult when the results of the five algorithms output equally during majority vote. Figure 3 describes the voting algorithm.

Figure. 3 Voting algorithm 3. EXPERIMENT The study contains two main processes the first one is built for each classifier using the 60,70,85 percentage (119 mammogram 72 images , 84 images , 95 images) to training dataset from the data set and after building the classifier, the 40,30,15 percentage (47 images , 35% images , 24 images ) of data is used in test stage. The results are presented in the upcoming section. To test the performance of the proposed method, different quantitative measures have been used. Accuracy has been used. These can be calculated by using mathematical equation 1: (𝑇𝑃+𝑇𝑃𝑁) (𝑇𝑃+𝑇𝑁+𝐹𝑃+𝐹𝑁)

(1)

Where TP is True positive, FP is false positive FN is false negative and TN is true negative.

283

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org 4. RESULTS AND DISCUSSION In this study, MIAS data set was used for five individual classifiers and applied multi classifier voting based on continues data set. The highest precision was given with a good accuracy for 85% of data splitting, which was 87.50 %, while in 70% the accuracy was 84.28 % and in 60 % the accuracy was 76.59 %. Generally, the accuracy was increased after applying voting in the five precisions as shown in Table 1. Table. 1 Results of the five classifiers Data set 60 – 40 70 – 30 85 – 15

Tree

BNC

ANN

KNN

SVM

Voting

72.34 % 80.00 % 75.00 %

57.50 % 57.11 % 58.33 %

57.44 % 62.44 % 66.67 %

68.75 % 73.33 % 70.00 %

51.06 % 42.86 % 50.00 %

76.59 % 84.28 % 87.50 %

After applying three different sizes of training and testing we calculated the overall accuracy, the final results are shown in Table 1 and Figure 4. As a result, our method, namely multi- classifier, outperformed single classifiers. Even the voting produced higher accuracy than these methods. This result shows the accuracy of our method consisting of some classifiers.

Figure. 4 Result of classification and voting accuracy We compared five classifiers methods in this experiment: multi- classifiers (Decision Tree, NNA, BNC, KNN, and SVM) and the proposed method based on voting. Figure 5 shows the experimental results of the multi-classifier and voting method.

Figure. 5 The compared results multi-classifier and voting method The main measurement of comparison is accuracy. In a previous study [19] researchers proposed a method to classify movie document into positive or negative opinions, consisted of three classifiers based on Decision Tree, ME and Score calculation. Using two voting method (Naïve and weighted and integration with SVMs, Classification

284

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org accuracy is achieved by Naïve voting is 85.8%, Weighted voting is 86.4%, SVM is 87.1%. The output results are comparable to the work in the literature which achieves 87.50% accuracy. Future work can explore optimizing the classifiers for improving the accuracy. 5. CONCLUSION This study aimed to build and implement the voting method on five classifiers (Decision Tree, NNA, BNC, KNN, SVM). The classifiers are applied on medical image that is extracted from MIAS data set. The study contains two main processes the first one is built for each classifier using the 60,70,85 percentage to training set from the data set and after building the classifier, the 40,30,15 percentage of data is used in test stage. The accuracy of the voting is 87.50 %. REFERENCES 1. 2. 3. 4. 5.

6. 7. 8. 9. 10. 11. 12. 13. 14.

15. 16. 17. 18. 19.

Pareek, A. and S.M. Arora, Breast cancer detection techniques using medical image processing. Breast cancer, 2017. 2(3). Horner, M., et al., SEER cancer statistics review. National Cancer Institute: p. 1975-2006. Curtis, C., et al., The genomic and transcriptomic architecture of 2,000 breast tumours reveals novel subgroups. Nature, 2012. 486(7403): p. 346-352. Perou, C.M., et al., Molecular portraits of human breast tumours. Nature, 2000. 406(6797): p. 747-752. Mencattini, A., et al., Mammographic images enhancement and denoising for breast cancer detection using dyadic wavelet processing. IEEE transactions on instrumentation and measurement, 2008. 57(7): p. 14221430. Zhang, G., et al. A computer aided diagnosis system in mammography using artificial neural networks. in BioMedical Engineering and Informatics, 2008. BMEI 2008. International Conference on. 2008: IEEE. Smith, R.A., V. Cokkinides, and H.J. Eyre, American Cancer Society guidelines for the early detection of cancer, 2006. CA: a cancer journal for clinicians, 2006. 56(1): p. 11-25. Jaffar, M.A., Hybrid Texture based Classification of Brea Mammograms using Ad boost Classifier. International Journal of Advanced Computer Science and Applications, 2017. 8(5). Choi, J.P., T.H. Han, and R.W. Park, A hybrid bayesian network model for predicting breast cancer prognosis. Journal of Korean Society of Medical Informatics, 2009. 15(1): p. 49-57. Anunciaçao, O., et al. A Data Mining Approach for the Detection of High-Risk Breast Cancer Groups. in IWPACBB. 2010: Springer. Vouk, M.A., et al., An empirical evaluation of consensus voting and consensus recovery block reliability in the presence of failure correlation. Journal of Computer and Software Engineering, 1993. 1(4): p. 367-388. Y.J. Lee, O.L.M.W.H.W. Survival -Time Classification of Breast Cancer Patients. 2008 [cited 2017; Available from: http://www.cs.wisc.edu/dmi/annrev/rev0601/uj.ppt. Clark, A.F. The mini-MIAS database of mammograms. 2012 [cited 2017; Available from: http://peipa.essex.ac.uk/info/mias.html. Usha, S. and S. Arumugam, Calcification Classification in Mammograms Using Decision Trees. World Academy of Science, Engineering and Technology, International Journal of Computer, Electrical, Automation, Control and Information Engineering, 2016. 9(9): p. 2127-2131. Arning, A., R. Agrawal, and P. Raghavan. A Linear Method for Deviation Detection in Large Databases. in KDD. 1996. Min Dong, Z.W., Chenghui Dong, Xiaomin Mu, Yide Ma, Classification of Region of Interest in Mammograms Using Dual Contourlet Transform and Improved KNN. Journal of Sensors, 2017. 2017: p. 15. Gershenson, C., Artificial neural networks for beginners. arXiv preprint cs/0308031, 2003. Han, J., J. Pei, and M. Kamber, Data mining: concepts and techniques. 2011: Elsevier. Tsutsumi, K., K. Shimada, and T. Endo. Movie Review Classification Based on a Multiple Classifier. in PACLIC. 2007.

AUTHORS PROFILE

285


A new centralized-distributed layers model to enhance the security of IoT 1

Hazem M. Bani-Abdoh, 2Fuad M. Fatfath

UniSZA University, Malaysia Email: [email protected], [email protected] ABSTRACT Internet of Things (IoT) is an emerging technology that penetrates into every aspect of human being. IoT is a network of connected IP devices. Since, IoT is mainly encompassed networking of IP devices, it emerges concept of sharing, thus, it must encounter challenges to privacy and security/threats. IoT covers different devices, these devices are governed with different technologies. These diverse technologies are associated with security or securing IoT networks. This research investigates the concept of IoT, its challenges, and the privacy and security issues. In addition, this research proposes a new centralized-distributed layers model (SIAM) to enhance the security of IoT. This model manages all of the collaboration’s and heterogeneity’s concerns. In reality, SIAM is able to represent different rules included in different types of independent organizations. It is also able to express the security policies for centralized and distributed structures as in IoT scenarios. SIAM includes the core concepts of the context and collaboration. Keywords: internet of things; IoT; security model; privacy; security; IP devices; 1. INTRODUCTION Internet of Things (IoT) is the network that is developed from a huge network connecting billions of wireless identifiable devices, objects and physical devices, interacting with each other with anything, anytime, anywhere [1]. In the field of management of information, the achievement of goals can formulate an influence on organizational performance, financial lack or organization’s credibility without consideration to risk. IS is the name for the risk control of the negative influences and utilization of possibility in accomplishing enterprise aims and intentions [2]. Availability, integrity and authenticity of information must be maintained as information is considered one of the major components within an organization, and national security [3]. Organization with a strategic and IS threats contains security information to become a primary part of it. However, the more information that is controlled and ran by the organization, the larger is the risk of threats to the information. Confidentiality, integrity and availability of information have dimensions of IS as a part of its setting and context which means dimensions of IS are continually in the setting of the accomplishment for objectives of business or organization missions. The leaking of information, waste of information or insufficiency of information is blocked and interrupted by the usage of IS risk control. IS turned to be a highly significant part to be employed in the organization by these conditions [2]. On the other hand, security awareness is considered another fundamental part that hugely influences the security of information [4]. This research article aims to investigate the security and privacy of protocols used in IoT; providing a comprehensive analysis of current solutions in the IoT’s privacy/security concerns; discusses different solutions to basic concepts of security; provides solutions to the problems troubling the IoT; and designs a secure platform of IoT architecture. The proposed model, in reality, is able to represent different rules included in different types of independent organizations. It is also able to express the security policies for centralized and distributed structures as in IoT scenarios. 2. IS GOVERNANCE Information technology (IT) is considered as an extremely primary entity in the regular activities of an organization, due to this it is a priority for the IT infrastructure to be administered and ruled accurately. Ensuring the value of well IT governance comes from the institute of directors’ report [5] on corporate governance. IT highlights that resource utilization, goals/services delivery, and risk management must be concentrated by its governance. From the viewpoint of the IT governance institute [5], the main components of the IT governance are the administration, organizational structures and processes. The main role for the mentioned components is to ensure that the organization’s IT preserves and enlarges the organization’s strategies and objectives. Moreover, to guarantee that the organization’s IT supports the business objectives, maximizes profits and possibilities, and aids in obtaining competitive advantage, its governance should result in a combination of good practices [5].

286

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org One of the main aspects of the information security (IS) governance is that it should serve valid IS practices by following a precise direction and should produce and present organizations with a recognition of the necessary aspects for a comprehensive IS plan. The organization’s needs and risk appetite also must be reflected by this IS plan [6]. Figure 1 shows that the strategic level is where the directing should begin at, and proceed through the tactical level and ended up with the operational level. The executive level directions in the direct process, are distributed and cascaded in the IS policies into lower-level. To assist in reaching to the tactical level and consequently to the strategic level controlling catching the operational data from the lowest execution layer.

Figure. 1 Information governance model [6] IT probably tracks executive management directives from the strategic level if IS governance applications are implemented efficiently, that can be done through the tactical level, onto the operational level. Moreover, control checking that occurs with the operational data is obtained at the lowest execution layer, within the operational level, the tactical level, to the strategic level. it can be argued that organization can actually claim agreement to IS governance only when directing and controlling are performed at all management levels [7]. 3. INFORMATION SECURITY RISK MANAGEMENT In the IS program management, risk management is considered as a significant portion that is arising from the organizational risk governance [7]. The definition for the term information risk management can be said as the “process of recognizing risk, evaluating the reasonableness of its happening and the influence it possibly holds and considering the action required to assure that the compensation from the activities presented will be received” [7]. The definition for IS program management distinguished the following main elements of risk management: (a) identification of risks (b) assessment of risks (c) actions to mitigate the risks (d) determining whether the reward is worth the effort, and (e) resources engaged to mitigate the risks. Consequently, in [8] the research outlined the elements of risk management to four blocks essential for recognition and handling IT risks, specifically discovery, measurement, classification, and prioritization. In the organization managing risk exists to preserve and defend the mission and assets of the organization. That is why risk management must not be a technical function and be a management function. It is essential to manage risks to systems. The owner of any system can protect the information system in the organization by understanding risk, understanding the precise risks’ effects to the system. Organizations can never be decreased to zero due to the fact that they all have limited resources and risk. Therefore, allows organizations to prioritize limited resources by understanding risk, mainly the quantity of the risk. Identifying threats and vulnerabilities gives the ability to assess the risk, then recognizing the probability and consequence for every risk. It’s clear, right?, risk assessment is a complex undertaking which something unfortunate, normally based on defective information. Thus, many methodologies pointed at supporting risk assessment to be repeatable and give consistent results [7]. Financial institutions and insurance companies employed quantitative risk assessment based upon methodologies. By attaching conditions and values to business processes, information, systems, recovery costs, etc. Accordingly, risk can be estimated in terms of direct and indirect costs.

287

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org A large range of uncertainty in the likelihood and impact values and describe them are assumed by qualitative risk assessments, and also risk, in subjective or qualitative terms. Comparable to the subjects in quantitative risk assessment, the likelihood and impact values are being defined by the numerous difficulties in qualitative risk assessment. Moreover, to allow the similar rules and scales to be consistently applied across varied risk assessments and these values need to be determined in a manner that can do this [8]. The outcomes of qualitative risk assessments are naturally more complex to concisely communicate to management. Results of “high”, “moderate” and “low” risk are degrees which typically given by qualitative risk assessments. Yet, it is potential to appropriately communicate the assessment to the organization’s management by implementing the impact and likelihood definition schedules and the classification of the Impact. Steps [7-9]: 1. Identifying threat Both threat-sources and threats need to be recognized as was alluded to in the part on threats. Threats should incorporate the threat-source to assure correct assessment. (Natural threats, human threats, deliberate actions, environmental threats). 2. Identifying vulnerabilities Vulnerabilities come with many ways of identifications. Several risk management plans give many methodologies for recognizing vulnerabilities. Begin with ordinarily available vulnerability tables or control states in a general way. Later, running with individuals or the system owners with knowledge of the system or organization, begin to identify the vulnerabilities that apply to the system. Additionally, while the following tools and techniques are typically used to identify vulnerabilities: ✓

Vulnerability scanners

✓

Audit of operational controls; and

✓

Penetration testing.

3. Relating threats to vulnerabilities Relating a threat to a vulnerability is considered one of the major complex activities in the risk management process. Anyway, it is a mandatory activity to establishing these relationships, since risk is determined as the instance of a threat against a vulnerability. 4. Defining likelihood It is fairly straightforward when determining likelihood. It is the possibility that a threat produced by a threatsource will happen versus a vulnerability. It is an outstanding concept to employ an official definition of likelihood on all risk assessments in order to assure that risk assessments are consistent. 5. Defining impact The best way to define impact is in terms of impact upon availability, impact upon integrity and impact upon confidentiality in order to assure repeatability. 6. Assessing risk The process of deciding the likelihood of the threat being applied against the vulnerability and the resulting influence from a successful compromise is called the process of assessing risk. When assessing likelihood and impact, take the current threat environment and controls into consideration. For each risk in the risk assessment report, a risk management strategy must be devised that reduces the risk to an acceptable level for an acceptable cost. Steps [9]. • • • •

Transference Mitigation Avoidance Acceptance

288

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org • Communicating risks strategies • Implementing the strategies 4. INTERNET OF THINGS – IOT This section is organized as follows: An introductory to the IoT, need for the IoT and security issues of the IoT. This section provides a brief introduction of IoT, the need for IoT in the organizations, data management in IoT, IoT challenges, challenges protocols that are used in IoT. 4.1 Introduction The sight of IoT is mainly to revolutionize the network (Internet) by building a huge network connecting billions of wireless identifiable devices objects and physical devices, interacting with each other with anything, anytime, anywhere. The existing improved processing, and storage capacities and wide distribution capabilities of wireless sensor networks (WSNs), RFID technologies may create a highly shared-decentralized pool of available resources and devices interconnected with each other [1]. For the time being, around two billion users around browse the Internet, using social networks, playing games, accessing multimedia, sending and receiving emails, and many other available tasks. With more access to the resources, available information and infrastructure, another important hop is coming, which is the use of the network as a global and shared platform for allowing devices and smart physical objects dialogue, compute, communicate, and coordinate. The IoT term refers to [10]. • The common network connecting smart-physical objects; • The group of technologies necessary in order to realize such a IoT vision (such as: actuators, RFIDs, etc.); and • The set of services enhancing such technologies in order to create strong new market opportunities [10]. 4.2 Need for IoT and organizations of interest In the past, accessing the internet has dramatically done by using desktop or laptop devices, nut nowadays it is evolved to use mobile devices like: Televisions, IPads, Mobiles, etc. In this field a new emerging technology called IoT (IoT) is quickly taking a place. The main base of this paradigm is to make each physical object as a part of Internet, communication with each other’s in order to reach a shared goal (i.e. the IoT attempts to link (connect) the physical objects found in its environments to the digital one’s). Figure 2 shows the paradigm of IoT [11].

Figure. 2 Internet of things paradigm. [11] Unlikely, IoT rises as a brand of new technologies. An incremental and progressively development, along with IoT current technologies will be effectively used in order to extend and enhance current ICT applications, offering a lot of additional features, attributes and capabilities related to the ability of communicating with the physical world. As shown in Figure 3 below, IoT consists of different technologies involved or (will be involved) in the future of IoT environment [11].

289


Figure. 3 The main elements of IoT [11] 4.3 IoT data management Data management systems (DMS) manage the storage, retrieval, plus renew of elementary information items, files and records. In the setting of IoT, (DMS) need to review and summarize data online at the same time enable logging, providing storage, and auditing facilities for offline examination. This extends the idea of data control from query processing, offline storage and transaction management operations into online-offline communication/storage dual operations. a) Data lifecycle The lifecycle of data in an IoT system (Figure 4) continue from data generation to collection, transfer, voluntary filtering, and state of preprocessing, and lastly to archiving and storage. Querying and analysis are the last result that launch (request) and use data production, but be pushing it to the (IoT) consuming services. Collection, filtering, Production, aggregation and some fundamental querying and preparatory processing functionalities are considered online, communication-intensive operations. Concentrated preprocessing, storage with long-term and archival and indepth processing/analysis are considered offline storage-intensive operations [12].

Figure. 4 Data management in IoT [12]

290

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org Making data open and accessible in the long term for regular access/updates, at the same time archival is involved with read-only data is the aim for Storage operations. Without any need to generate data further up to concentration points in the system some IoT systems can produce, process, and store data in-network for real-time and localized services [5]. In the next paragraphs, every element in the IoT data lifecycle is described: • Querying: In the setting of IoT, a query can be assigned either to ask for a real-time data to be gathered for temporary monitoring aims or to recover a particular view of the data stored in the system. • Production: It includes understanding and transfer of data by the Things in the IoT framework and summarizing and reporting this data to involved participants regularly, driving it up the network to aggregation points and afterward to database servers, or expressing it as a response triggered by inquiries that ask the data from sensors and smart objects. • Collection: The sensors in the IoT can store the data for a specific time or report it to directing parts. Data can be gathered at assembly points or gateways in the network where it is extra filtered and treated, and maybe combined into compact structures for efficient transmission. • Aggregation/Fusion: all the new data out of the network that Transmitting in real time is frequently growing data flowing rates and the restricted bandwidth. Gathering techniques use summarization and merging processes in real-time to decrease the volume of data to be stored and transferred. • Delivery: While data is aggregated, separated, clarified, filtered and probably processed either at the assembly points or at the independent virtual part within the IoT, the outcomes of these processes will require being posted further up the system, either as concluding answers, or for storage and in-depth analysis. • Preprocessing: IoT data will arrive from many origins with differing compositions and formations. It may require being preprocessed to manage lost data, eliminate repetitions and combine data from various origins into a united schema before being assigned to storage. • Storage/Archiving: This state controls the effective storage and preparation of data, as well as the constant, renew of data with new information as it shifts to be available. Archiving relates to the off-line long storage of data that is not directly required for the system's continuous operations. • Processing/Analysis: This state requires the continuous retrieval and review operations executed and collected and archived data in order to obtain penetrations into past data and predict future aims, or to identify irregularities in the data that may trigger additional inquiry or performance. 4.4 IoT challenges IoT as a service needs some kinds of requirements, such as: • Interoperability: With respect to different organization polices, the organization can use its own policy. So, IoT should be effectively modeled in order to support different types of organizations. • Context awareness: Context is very important in the environment of IoT [13, 14]. As, the applications employ knowledge from the context to gain information about users’ environment [15-17]. • Ergonomic: Non-expert consumer may use the services, so the used mechanism in access control must be simple as much as possible to use. • Heterogeneity: An IoT environment is considered as a collaborative environment, because it contains different [18-21]. This heterogeneity feature may result in complicated interoperation issues, such as different vendors provide completely different devices, which offering different features able to be accessed by several services using different behaviors and protocols [22]. • Lightweight solution: The mechanism of access control may reduce the usage of resources because of the nature of the IoT devices that characterized by its constrained energy. • Scalability: Managing vast volumes of devices, users, and applications must be done in a scalable manner. Furthermore, the mechanism of IoT must naturally be characterized by its extensibility in different number of organizations, structure [20]. A lot of challenges may affect the development of IoT due to two main reasons: connection between objects (devices), and numerous collecting of information for each object included in the IoT system. These challenges are [23, 24]:

291

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org 1. Standards challenge and interoperability problem In fact, standards are very critical everywhere we develop any new technology. There is a relation between interoperability and standards, while the interoperability will be more complex when different devices (objects) from different providers do not employ the same standards, thus why it new another additional gateways in order to translate different standards. 2. Radio spectrum challenge The expected huge growth in the volume of used wireless devices in IoT needs a huge radio spectrum. Based on the extent of using different technologies such as Wi-Fi and Mobile-Wireless, the type of using spectrum must be allocated in the IoT. 3. Security issues The development of IoT brings additional of security challenges to users, to organizations, and to business. Capturing sensitive, data unauthorized access, attacking servers, and intercepting network communications may be types of the security issues in IoT. 4. Privacy issues Privacy issues concerns with the protection of user’s privacy. As the information must be privately transmitted to the endpoint. 5. Data Understanding challenge Analyzing the gathered data is being successful depending on the correctness degree of preprocessing of data. While the preprocessing is mainly depending on the ranges of characteristics of observations which is estimated from data itself. 6. Standardization challenge. Standardized protocols is required in order to query Meta- information by devices and sensors. As well as it may be required to exchange of raw data. 7. Complexity, and integration issues. Testing and integrating IoT systems with different platforms, protocols and APIs, will be a challenge. The quick development of APIs consumes unexpected resources that will significantly reduce the ability to extend the system by adding new features or new core functionalities. 8. Evolving architectures challenges. With so many players, users, and technologies involved with the IoT system, it is bound to be continuous wars between legacy providers in order to hold strong systems advantages, features, and suitable competitive advantage. Figure 5 summarizes the possible challenges and risks faced by IoT layers. The possible threats to the Perceptual Layer of IoT are [25]: • • • • • • •

Node damage Information tampering Forgery attacks Replay attacks Fake attacks Channel blocking; and Copy attacks and so on.

While the challenges, that may affect the Transport Layer, are: • Heterogeneous network attacks • DOS attacks • Counterfeiting attacks

292

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org • Network security threats • Application risks • Conflicts of WLAN application and so on. As the threats of the Application Layer are: • • • •

Unstable platform The information disclosure Authentication and Illegal human intervention.

Figure. 5 Security challenges of IoT [25] 4.5 IoT security protocols It is obvious that Security is another feature of IoT applications which are significant and can be detected nearly in all layers of the IoT protocols [26]. All layers contain Threats incorporating application layers, data link, session, and network. In this part, we shortly review the security tools created in the IoT protocols [27]. 4.5.1 MAC 802.15.4 It grants several security methods in the Frame Control field in the header by employing the Security Enabled Bit. Security requirements include secured Time-Synchronized Communications, confidentiality, integrity, authentication, and access control mechanisms. 4.5.2 6Lo WPAN The 6Lo WPAN itself gives no proposition to mechanisms for security. Besides, related reports involve investigation of security threats, demand and procedure to take into consideration in IoT network layer. For instance,

293

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org RFC 4944 addresses the opportunity of duplicate (EUI-64) interface addresses that are thought to be uncommon (RFC4944). RFC 6282 addresses the security concerns that are constructed due to the obstacles presented in RFC 4944 (RFC6282). RFC 6568 discusses potential tools to select security within restrained wireless sensor mechanisms [RFC6568]. Moreover, a few up-to-date designs in [6Lo] review mechanisms to complete security in 6loWPAN [27]. 4.5.3 RPL By employing a (Security) field subsequent the 4-byte ICMPv6 message header the RPL contributes a distinct level of security. Data in this field shows the cryptography algorithm and the security level employed to encrypt the message. RPL offers protection versus replay attacks, assistance for information authenticity, confidentiality key management, and semantic security. Levels of security in RPL include Authenticated, Preinstalled, and Unsecured. RPL attacks involve Hello Flooding, Particular Forwarding, Sybil, and Sinkhole, Denial of Service attacks, Black hole and Wormhole. 4.5.4 Application layer Applications may afford an extra level of security utilizing TLS or SSL as a carrier layer protocol. In addition, to handle various levels of security as needed, an end to end authentication and encryption algorithms can be employed. 5. SECURE IOT ACCESS MODEL (SIAM) Secure IoT Access Model (SIAM) introduces the main concept of any institution as a collection of structured active entities interacted with each other. The entity’s activity is defined as a set of actions, but the entity’s view is defined as a set of objects, as well as the entity’s context is defined as specific situation. The entity’s role actually establishes structure of the connection link the Subjects and the organization itself. The relationship (org, r, and s) indicates that organization (org) utilizes specific subject (s) in specific role (r). Similarly, any objects which commonly satisfy a property can be directly specified using the action’s activities and views. Based on the security rules, we can be similarly defined the Prohibitions, Obligations, and Permission as (org, r, v, a, c). While (c) indicates the context, (org) indicates organization, (r) is the organization’s role (r), (a) is the organization’s activity, and (v) indicates organization’s view. Each (r) can be expressed through an entity, SIAM specifies the security policies of the heterogeneous organizations. Furthermore, SIAM takes into account the organization’s context like (the constraints of locations as well as the time). In addition, SIAM is comprehensively adapted to the IoT technology. As it can manage all of the collaboration’s and heterogeneity’s concerns. In reality, SIAM is able to represent different rules included in different types of independent organizations. As it is also able to express the security policies for centralized and distributed structures as in IoT scenarios. SIAM includes the core concepts of the context and collaboration. 5.1 SIAM Architecture Different architectures can be used to access control such as: • Centralized architecture This architecture has a single entity (called central entity) that perform the authorization process, On the other hand, sensors and actuators don’t play a significant role in this architecture, as the control process is fully located within a central entity). • Distributed approach In this approach, the access control for any resource is not actually located in centric device, but it is located in all of the end devices in IoT. As result, this approach allow the end-devices to act independently, effectively and smartly. • Centralized-distributed approach This approach gives the end-devices more intention by allowing them to partially participate in the process to convey the possible delays that may occurs when transmitting the information to the central entity. In our proposed model, we used Centralized-distributed Approach. We suggest to provide central authorization device in each separate set of IoT components. The selection of the entity that must perform the authorization process

294

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org at specific time mainly depends on the contextual feature in that set’s node as shown below in Figure 6. Thus, the process will performed in efficient time and smoother information exchange between the authorization engine and end devices. Absolutely, not all of the available devices have the same degree of constraint in the IoT environment.

Figure. 6 Centralized-distributed layers The main components of our model are: • Client Owner (CO) CO component owns the whole Client as well as it controls all of related authorization permissions of a Resource (R); • Resource Server (RS) CO component hosts a Resource (R), (R) can holds information or values, sensor or actuator; • Client (C) (C) is the component which asks to access a (R) from (RS); • Resource Owner (RO) (RO) is the entity that holds the resource and its access permissions; 5.2 SIAM Layers The SIAM model is proposed based on dividing the authentication process into four main layers as shown in Figure 7 Each layer has different capabilities, since each device is located to a different layer. These layers are: • Less Constrained Layer In order to mitigate the nodes that perform complex tasks in of constrained layer, this layer is used. Every set of actors in the constrained layer is associated to specific actor of this layer based on specific security domain. The component of the client part is called “Client Authorization Device” (CAD), and the component of the provider part is Resource Authorization Device (RAD). The CAD and C have the same security structure. It allows C to decide if RS is an unauthorized source or not for R by gaining required information for the authorization process, as it helps C to control the authorization process. On the other hand, the RAD, R, and RS have the same security structure. It helps RS to get the permission of C to access the resource R. Moreover, RAE helps RS in the authorization process, and it holds required information about the authorization process.

295

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org • Constrained Layer RS and C are lies in a constrained node have to execute access control tasks, because they are unable to control complicated tasks of any authorization process requests. Also, they are considered as actors of this layer due to the possibility of unstable network connectivity. Every constrained device is completely linked with a less constrained one, thus will handle the limitation in this layer. • Organization Layer In the real world, specific entities control both of C and R. These entities are called Client Organization (COr) and “Resource Organization (ROr) as shown in Figure 7.

Figure. 7 SIAM Layers. Consequently, the device’s security policy must be defined immediately by the organization itself, and it must structure these devices in specific security domain. The COr is responsible of the entity that request r, and it define security policies for client. Thus, COr has to define authorized S for R. The resource Organization ROr belongs to the same security domain as R and RS. ROr is in charge of R and RS and thus, must specify the authorization policies for R and decides with whom RS is allowed to communicate. That means that ROr has to configure if and how an entity with certain attributes is allowed to access R. ROr also configures RS and RAE in order to make them belong to the same security domain. On the client side, the authorized S of R can be subsequently defined by COr, but on the provider side, determining if the entity is allowed to access the requested resource can be achieved by ROr. Before the interaction between ROr and COr takes place, the term of service is used to agree both of them. • Collaboration Layer This layer is used to handle the collaborative interaction. It uses an agreement between the organizations in the same domain. According to SIAM format, the access rules is defined. Specific component (called PAM) is located in

296

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org organization layer is used to manage this agreement. The RS treats this agreement like all the other rules controlling local communication. Basically, SIAM begins with the negotiation of collaboration rules just like the related access control rules. Each Org determines which R it will offer to external C, after that it passes them into the PAM. Hence, other Org can contact PAM in case they want to use these resources. To perform that, the agreement of using resources must negotiate both of the COr and the ROr, after that, the COr and the ROr build a connection contract with defined security rules to access R. In fact, this access rules are registered in the collaborated organizations (in their PAM) based on SIAM format. Parallel to this, in the client side, virtual resource is locally created by COr in order to represents remote R, this resource is called R-image. After that, Then COr directlyregisters a rule in its SIAM policy in order to register all of the entities that can use R-image. 6. CONCLUSION The IoT until now is considered in the first stage of development. Security measures, application of architecture and the foundation have not yet built a standard system for extensive range usage. In the present research, first, a complete review of IoT is done, and a new secure design has been started. Although the IoT is based on the Internet, due to the features of the IoT, those experienced end-to-end security orders and protective measures on the Internet can not immediately afford the end-to-end data security. As the IoT security discussing issues, this research suggests the secure IoT design named SIAM. The common access handle and the identity authentication exclusively operates in the identical layer. SIAM is precisely composed for the IoT and it is understood by a reflection layer that gets used for a deep understanding of the IoT standard as it is applied in the real world. Because of those smart services, contextual information is a head element in choice making therefore only a real-time attention of this information will gain smartness. Because of this purpose, we heightened the “context” notion in order to match the IoT requirements. REFERENCES 1.

2.

3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14.

Mohamed Abomhara and G.M. Køien, Security and privacy in the Internet of Things: Current status and open issues, in International Conference on Privacy and Security in Mobile Systems (PRISMS). 2014, IEEE: Aalborg, Denmark. Ko, M. and C. Dorantes, The impact of information security breaches on financial performance of the breached firms: an empirical investigation. Journal of Information Technology Management, 2006. 17(2): p. 13-22. Syafrizal, M. ISO 17799: Standar Sistem Manajemen Keamanan Informasi. in Seminar Nasional Teknologi 2007 (SNT 2007). 2007. H. A. Kruger, S. Flowerday, and L. Drevin, An assessment of the role of cultural factors in information security awareness, in Information Security South Africa (ISSA). 2011: Johannesburg, South Africa. Whitman, M. and H. Mattord, Management Of Information Security, Course Technology. 2008. Von Solms, R. and S.B. von Solms, Information Security Governance: a model based on the direct–control cycle. Computers & Security, 2006. 25(6): p. 408-412. Risk, I., Enterprise risk: Identify, govern and manage IT risk. Retrieved from, 2009. Whitman, M.E. and H.J. Mattord, Readings and cases in the management of information security. 2005. Elky, S., An introduction to information systems risk management. 2006. Miorandi, D., et al., Internet of things: Vision, applications and research challenges. Ad Hoc Networks, 2012. 10(7): p. 1497-1516. Abdmeziem, R. and D. Tandjaoui, Internet of Things: Concept, Building blocks, Applications and Challenges. arXiv preprint arXiv:1401.6877, 2014. Abu-Elkheir, M., M. Hayajneh, and N.A. Ali, Data management for the internet of things: Design primitives and solution. Sensors, 2013. 13(11): p. 15582-15612. Abowd, G., et al. Towards a better understanding of context and context-awareness. in Handheld and ubiquitous computing. 1999: Springer. Bernardos, A.M., P. Tarrio, and J.R. Casar. A data fusion framework for context-aware mobile services. in Multisensor Fusion and Integration for Intelligent Systems, 2008. MFI 2008. IEEE International Conference on. 2008: IEEE.

297

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org 15. 16. 17. 18.

19. 20. 21. 22. 23. 24. 25. 26. 27.

Li, X. and S.B. Yoo. Extended role-based security system using context information. in Future Generation Communication and Networking, 2008. FGCN'08. Second International Conference on. 2008: IEEE. Martin, D., C. Lamsfus, and A. Alzua. Automatic context data life cycle management framework. in Pervasive Computing and Applications (ICPCA), 2010 5th International Conference on. 2010: IEEE. Ramparany, F., et al., An open context information management infrastructure-the IST-Amigo project. 2007. Floerkemeier, C., M. Lampe, and C. Roduner. Facilitating RFID development with the accada prototyping platform. in Pervasive Computing and Communications Workshops, 2007. PerCom Workshops' 07. Fifth Annual IEEE International Conference on. 2007: IEEE. Floerkemeier, C., C. Roduner, and M. Lampe, RFID application development with the Accada middleware platform. IEEE Systems Journal, 2007. 1(2): p. 82-94. Zeng, D., S. Guo, and Z. Cheng, The web of things: A survey. Journal of Communications, 2011. 6(6): p. 424-438. Riedel, T., et al. Using web service gateways and code generation for sustainable IoT system development. in Internet of Things (IOT), 2010. 2010: IEEE. Roman, R., et al., Key management systems for sensor networks in the context of the Internet of Things. Computers & Electrical Engineering, 2011. 37(2): p. 147-159. Davies, R., The Internet of Things Opportunities and challenges. 2015, European Parliamentary Research Service. p. 8. Stolpe, M., The internet of things: Opportunities and challenges for distributed data analysis. ACM SIGKDD Explorations Newsletter, 2016. 18(1): p. 15-34. Zhang, B., Z. Zou, and M. Liu. Evaluation on security system of internet of things based on fuzzy-AHP method. in E-Business and E-Government (ICEE), 2011 International Conference on. 2011: IEEE. Mayer, C.P., Security and privacy challenges in the internet of things. Electronic Communications of the EASST, 2009. 17. Salman, T. and R. Jain, Networking Protocols and Standards for Internet of Things. Internet of Things and Data Analytics Handbook, 2015: p. 215-238.

AUTHORS PROFILE

298


Mobile context awareness for managing context healthcare data: a survey 1 1, 2, 3

Hala Ahmed, 2Mohammed Elmogy, 3Ahmed Atwan

Department of Information Technology, Faculty of Computers and Information, Mansoura University, Mansoura P.O. 35516, Egypt Email: [email protected], [email protected], [email protected]

ABSTRACT Context awareness was introduced in several fields in routine human activities. Healthcare systems are the most important ones among context-aware applications. The existence and awareness of the context made mobile device users conscious of physical environments or situations. Smart devices, armed with multiple sensors, can sense and react based on their environment, and become context-aware agents. Smart devices are ideal assistants that provide accurate solutions for the critical aspects of healthcare, and medical staff works as well as the closer up to date state of the patient. In addition, hospital's staff members can communicate with the patients reliably and suitably by using smart devices offers. But the applications of healthcare have lack of standardization in handling the context and the perceived sensors data. To perceive the context, we can rely on sensors, which may be physical or virtual. More generally, our research will concern on contextual applications of healthcare that aroused increasingly important interest. To improve the user experience, the advantage of contextual data is aimed to take by context-aware applications. A useful tool to reason about context is proved by using case-based reasoning (CBR) and fuzzy techniques to deal with lack of standardization in handling the context and uncertainty of data. On the other side, it could be interesting to analyse how context reasoning relates to CBR. To assess how CBR can be integrated with contextual information is the primary concern of our research study. So, in this paper, we concrete on the mobile application of healthcare that deals with contextual data by using CBR techniques to analyse the context data. It gives a perfect situation in a right way or prediction for providing accurate solutions for the critical aspect of healthcare and medical staff work. It can overcome the problem of the standardization for dealing with context data. Keywords: case-based reasoning (CBR), nearest neighbor algorithm (NNA), geographical positioning system (GPS), context data management (CDM), profile translation based proactive adaption using context management (PTPACM) 1.

INTRODUCTION

Context-aware computing is a rapidly growing field of ubiquitous computing, which is concerning the adaptation of mobile application to the changes of surrounding environment and situations. Context-aware is a rich field of research involving communication engineering, computer science, information technology, and more precisely mobile communication. Also, the context-aware computing has significant uses in human-computer interaction (HCI), wearable computing, augmented reality, data management, feature extraction, artificial intelligence (AI), and decisionmaking. For many years the notion of context has been important in the conceptualization of computer systems. However, providing its constructive and precise definition proves to be a non-trivial task. The situation of an entity can be characterized by using any information this known as context. The interaction between a user and application is an entity can be a person, place, or object, also involving the user and applications themselves [1]. For mobile handheld devices, there are different sources of contextual information that are presented, as shown in in Figure 1. The information sources include sensors [2], device applications, user’s goals, and information gained via connecting infrastructure [3-5]. This is considered as one approach for categorizing context. Also, there are several other approaches have also been Presented for instance by Schilit et al. [6], Dix et al. [7], and Pascoe [8]. Context information has many possible ways to categorize [9-12]. Operational and conceptual categorizations are two kinds of categorization methods, which will be discussed in this paper. Based on how context is obtained. Operational categorization is the categorization that related to the way information is obtained, modeled, and treated. Contexts of different types differ substantially in their dynamic and reliable methods. Feng et al. [11] made another context categorization at a conceptual level, which differentiates user-centric context from environmental context [13].

299


Figure. 1 For mobile devices the contextual information sources [2] After the in-depth analysis of literature, there are four main requirements (4R) for every mobile context-aware system that should be met to confirm its high quality and to cope with such drawbacks. These four requirements are as follows [1]. Frist, intelligibility is the operation of the user should be allowed to understand and modify. Second, robustness is the changing user Traditions, or environment conditions should be adaptable, and uncertain and incomplete data should be able to handle. Third, privacy means sensitive data should be assured that data are secured and not reachable to the third party for the user Privacy that his or her. Finally, efficiency should be efficient both regarding resource efficiency and high responsiveness. There are many different approaches and frameworks resulted from research on context-aware systems. However, the diversity of the field, further development still need on the used hardware. This is especially true on the ubiquitous mobile devices that used for context-aware applications. New solutions need to be provided for today's mobile computing (e.g., smartphones or tablets) for all of the challenges to provide full support. Context modeling and classification not only the issue need to be addressed, but it is more important to create context-based reasoning layer. There are five most severe challenges. The first is the energy efficiency. The mobile device battery level decreases very rapidly when most of the sensors all the time are turned on. The usability of the system and ecological aspects have impacted regarding energy saving. The second is the data privacy. The reasoning of context should have performed by the mobile device itself. Because sending information like location, activities, and other private data to external servers, do not want by users. The third challenge is the resource limitations. The context-aware system should be transparent to the user and other applications, so it has to consume as low CPU and memory resources as possible, although mobile phones and tablets are becoming computationally powerful. Fourth, system responsiveness is considered as a challenge for the context-awareness. In processing contextual data, no delays are admissible because of changes very fast – in mobile environment context. Finally, context data distribution is the fifth challenge. The quality measures should be developed, and distribution methods designed for pervasive mobile environments to fit unstable and dynamic characteristics of the network, because a huge amount of contextual information has produced by many devices [1, 14]. To be aware of the context and assess situations is the ability of the core of the surrounding intelligent system. To assessing situations by being context-aware, we assume that CBR supported by a rich knowledge model is a favourable approach. A number of challenges are posed in an inherently dynamic environment for using CBR in an online fashion. There are four main challenges [15]. Frist, the initial cases should acquire. Second, the initial cases are coping with the enormous number of case being constructed during run-time. Third, is to know when to initiate a cycle of CBR. Finally, knowing cases whether if correctly classified of the case or not.

300

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org 1.1 Life-cycle of Context The context information delivers to a context-aware system by a context information provider. As show in Figure 2 the main steps of context information are in life-cycle of Context. • Discovery of context information: In this step, available context information providers are discovered by a context-aware system. There are two modes of the discovery either in a push or a pull mode can be performed. • Acquisition of context information: context information is collected by a context-aware system in this step from the discovered context information providers and a context information repository is used to store context information for further reasoning. • Reasoning about context information: in this step, applications are enabled by reasoning mechanisms to take the available context information advantage. Based on a single piece of context information or on a collection of such information they can perform the reasoning.

Figure. 2 Context life cycle 1.2 Healthcare context information model 1.2.1 Context information classification By using a ubiquitous network (USN) and radiofrequency identification (RFID) system the healthcare context data obtained that is classified into seven different groups, and then the context data are arranged by group. The seven groups that healthcare context data is classified as the following: a) Individual data •

Like name, age, sex, injection history, disease, disease history, family disease history etc.

b) Medical data • • • •

Disease Data: hypertension, diabetes, cancer etc. Symptom Data: physical, emotional etc. Examination Data: hemoglobin reading, AST etc. Health Data: blood pressure, pulse rate etc.

c) Auxiliary data • •

Biological data analysis, biological data management etc. management services

d) Location data •

Indoor, outdoor

e) Device data •

PC, IPTV, smart phone, biological signal detector

f) Activity data • Sedentary, running, walking g) Environmental data • Indoor temperature, outdoor temperature, indoor humidity etc. [16].

301

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org 1.3 Analysis framework of context in health care applications They proposed a simple framework to analyze the use of context in health care applications, choosing three main axes to characterize context. • Purpose of use of context According to Dey et al. context is used in three main purpose cases. The first purpose is the presentation of information and services to a user. The second purpose is the execution of a service. Finally, tagging of context to use information for later retrieval. • Items for context representation It is possible to describe the items of context used through of the health care context-awareness projects. They identified three main classes to split items of context into: people, environment and activities. • Organization of context features The features of context complexity are highlighted in recent literature. The organization of the context should be in more sophisticated ways because Context representation is not only splitted [17]. This chapter is organized into five sections as follows. Section 2 introduces the Context-aware Architecture system. Section 3 presents the current retreaters work of some different applications of context-aware systems. In Section 4, we present the discussion and analysis. In Section 5, Challenges and futures trends of a context-aware system for health care. Finally, we present the conclusion and the future work in Section 6. 2. CONTEXT-AWARE ARCHITECTURE As showing in Fig. 3, a layered framework is represented for context-aware systems. It is composed of the bottom to top by sensors, raw data retrieval, pre-processing, storage or management, and an application layer. The responsibility of a context management system is abstracting and combining the sensed data or raw data from sensors into high-level context, and then for the context-aware applications making it available [18]. Sensors are the first layer that responsible for retrieving raw data from the user environment (e.g., user device, social network, or user access network) by a group of sensors. The second layer is the raw data retrieval, which is responsible for requesting data from the sensor layer by using specific application programming interfaces or protocols. These queries must implement in a general way as far as possible, making it possible to exchange sensors (e.g., exchanging a radio-frequency identification system with a geographical positioning system (GPS)). Reasoning and interpreting contextual information is the responsibility of the third layer that is known as preprocessing layer. Also, it is responsible for transforming the information from the underlying layer to a higher.

Figure. 3 A layered framework for context-aware systems

302

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org Abstraction level is responsible for transforming a GPS position to one such as at home or work. Not only sensed or deduced data have to be modeled, but also data describing them (e.g., accuracy and recall, or lifecycle information). Storage and management is the fourth layer that responsible for making the gathered data in an organized way that comes in two modes synchronously or asynchronously. It makes them obtainable to third parties’ applications. In the first mode, remote method calls are used by the third-party applications to poll the server for changes. In the second mode, a specific event of interest and are notified by subscribing them to when the event occurs (e.g., by a call back). The fifth layer is the application that is responsible for implementation when the reactions to context changes (e.g., if illumination is bad showing text in a higher color contrast) [18]. 2.1 The architecture of context awareness system Furthermore, when designing context-aware systems, it is critical to determine the method of context-data acquisition because the architectural style of the system should be predefined at least to some extent. Baldauf and Chen [19, 20] presented how to acquire contextual information in three different approaches. •

Direct sensor access In the devices, the sensors locally built in. Thus, this approach is often used in this way. The desired information gathered and there is no need to add an additional layer for obtaining and processing sensor data because the client software directly gathered from these sensors. Due to its direct access nature, it cannot use for distributed systems because it is not suited, and it cannot manage multiple concurrent sensor accesses, which is considered as a lack of component capability.

•

Middleware infrastructure Methods of encapsulation is used by Modern software design to separate business logic and graphical user interfaces. A layered architecture is introduced for context-aware systems by the middleware-based approach with the aim of hiding low-level sensing details. In this technique, the code of the client has not been modified anymore. So, it eases extensibility as compared to direct sensor access. Also, the reusability of hardware dependent sensing code it is simplified due to the strict encapsulation.

•

Context server In this approach, remote data sources are permitted to multiple clients to access. An access managing remote component is presented as a distributed approach to extends the middleware-based architecture. To facilitate various concurrent access, data gathering by the sensor is moved to this so-called context server. Besides the reuse of sensors, the usage of a context server has the advantage of relieving clients of resource intensive operations [20].

During the last years, many layers have evolved for context-aware systems and frameworks. Most of them differ in functional range, location, layer naming’s, the use of optional agents or other architectural concerns. Besides these adaptations and modifications, when analyzing the various design approaches a common architecture is identifiable in the modern context-aware applications. The low-level context is accepted as sensors context that is directly referred to raw data. The sensor is not only described as a physical device in context-aware applications, but also a data source for context representation that could be beneficial for it. Contextual information that collected may range in a broad sense regarding specification and representation of a phenomenon in real-world onto an entity in the cyber world. So, sensors can be categorized into three different types [21]. The first type is the physical sensors, which can capture physical activities, such as GPS to capture location and accelerometer for capture activity. The second type is the virtual sensors that imply a source from software applications and/or services. In addition, semantic data are obtained through cognitive inference (e.g., location info by manually entered place pinpoint through social network services or computation power of devices, etc.). The third type is logical sensors are defined as a hyped of physical and virtual sensors in addition to varied sources by user interactions (e.g., databases, log files, etc.) that we can obtain information. The context has many forms we can deal with it. The context can be divided into the following: • • •

Device context: including net connectivity, communication cost, and resources, etc. User context: including profile, GP, neighbors, and social situation, etc. Physical context: including temperature, noise level, light intensity, traffic conditions, etc.

303

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org •

Temporal context: including day, week, month, season, year, etc. [21].

2.2 Context-aware concept and case based reasoning CBR is a technique that used to solve a new problem from user’s past experiences. The cases are considered as those problems. The new case and older cases are performing similarities between them by the system which have happened or existed are defined as CBR completes a case. Four stages of CBR which are as shown in Figure 4 [22]: • Retrieve The newer case is matched or similarities with an older case that taking in order. • Reuse In the older case the reuse of information that is already existed to solve problems. Reuse will happen when the newer case has high similarity value to an older case. By that means, the similarity value calculation is needed to check which case has higher similarity with a new case. • Revise If the older case does not have high similarity rate to the newer case Revise the suggested solution. • Retain In another problem we keep the revised solution to be used [22]. The filtering the Enormous amount of contextual information that is available is the problem in most of the contextaware systems research, in such a way that the identification of important constellations of the contextual information is feasible, has not been thoroughly addressed. CBR is a favourable method for this. Adapting to new situations is performed by Case Based Reasoning [21-23] that remembering similar earlier experienced situations (cases). In large monolithic systems, CBR has historically been used. CBR has the capability of running on a small mobile device because it is a lightweight reasoning mechanism [21]. Two different parts of reasoning mechanism. Resides on the user’s mobile device this is the online part and resides on the user’s backbone system this is the off-line reasoning. a) Online reasoning In the context agent, The CBR mechanism is encapsulated. The dynamic structure of the contextual information available is maintained by the agent. There are much different and a very diffuse fashion from contextual information that can arrive, e.g., time is continually flowing into the system, whereas location might be pseudo-static. The values flowing into the system must be converted to discreet since CBR works on discreet cases. This is handled by the context agent, following the suggestion of Zimmermann [21, 22]. At certain time intervals, the contextual information is snapshot by the agent that takes, i.e., the state of the context structure, and stores them as cases. b) Offline reasoning The storage, indexing and searching for identifying situations are considered as the two main problems with the use of CBR. First and foremost is the problem of storing them, potentially vast, some cases constructed during runtime. The user will have personal persistence storage to solve this problem that available on the user’s home network. For storing the cases, the storage will be used and will be synchronized when the user has an up-link. The large amount of data not only the problem it found another problem that is the indexing and matching algorithm used that arise from large amount of data

304


Figure. 4 The CBR cycle [22] 3. LITERATURE REVIEW Two different categories of Context-aware sensing applications that classified as the following: personal/humancentric and urban including participatory/community/group or opportunistic. Device user is the point of interest in personal sensing applications. For instance, personal fitness log or healthcare reasons are considered an active research topic in this field for monitoring and recognition of user-related posture and patterns movement. On the other hand, multiple deployments of mobile devices are depended on participatory sensing to interactively and intentionally share, collect, and analyze of each local knowledge that is not solely based on human activity but also based on surrounding environment. The active participation is required by participatory sensing of each user into a gathering of sensory data to result in large-scale phenomena, which can be difficulty measured by a single participation. In this paper, we concentrate on personal/human-centric. 3.1 Application of context-aware of healthcare Buttussi et al. [24] proposed for fitness training A context-aware and user-adaptive wearable system In the last years, with the aim of improving user’s health for fitness applications, wearable devices have been increasingly investigating by researchers as well as companies, regarding cardiovascular benefits, loss of weight or muscle strength. User interaction and artificial intelligence capabilities are usually very restricted regarding some devices that are already commercially available such as dedicated GPS devices, accelerometers, step counters and heart rate monitors. They propose the mobile personal trainer (MOPET) system to better train and motivate users. In outdoor environments, MOPET is a wearable system that based on alternating jogging and fitness exercises to that monitors a physical fitness activity. Knowledge elicited from a sports physiologist and a professional trainer by using real-time data obtained from sensors, and a user model that is built and periodically updated through a guided autotest. MOPET also displays a 3D embodied agent that speaks to better interact with the user, suggests stretching or strengthening exercises according to user’s current condition, and demonstrates how to practice exercises with interactive 3D animations correctly. Lo et al. [25] proposed Ubiquitous Context-aware Healthcare Service System (UCHS) based on a decision support systems, to sense user’s life vital signal they use micro sensors integrate RFID , such as electrocardiogram (ECG/EKG), heart rate (HR), respiratory rate (RR), blood pressure (BP), and blood sugar (BS). As shown in Figure 5, User’s requirements inference and relevant services search are provided by UCHS which made semantic inference engine and found the most adaptive Nature Medicine Services (NMS). By combining Medical Stemming Mechanism (MSM), Medical Ontology (MO), Term Frequency–Inversed Document Frequency (TF–IDF), Latent Semantic

305

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org Analysis (LSA), and k-Nearest Neighbor (kNN) the higher accuracy for NMS inference is discovered. Customized NMS and decision obtained by mobile users that are conveniently and use those services reaching the target ‘‘Eat, Drink, and Be Merry with Health” in advance by UCHS. MEAD is combined with UCHS, where MEAD is based on Linux. Also, it is a system that known as a public domain portable multi-document summarization. MEAD consists of multiple processes, and it is implemented by Perl programming language [26]. As the following the main procedures of MEAD is presented: 1. Preprocess: The contents of the Blog is retrieved d by the intelligent agent, to facilitate follow-up to the weight computing in original document it is used HTML format to segment the sentences [27, 28]. 2. Feature Selection: MDS is designed in this paper to consider several features of each sentence by words and phrases to compute the weight. Centrality, sentence length, and position are considered as the main three features [29]. 3. Classifier: For every sentence, the weight with each feature is mainly computed to obtain the scores of every sentence [30]. 4. Reranker: Especially in multi-document summarization, there is a problem that arises from the high similarity between sentences because the score of sentence similarity calculation and sorting is only carried out by the classifier. So, the recalculate the sentence with the syntactic similarity is made by MEAD designs Reranker mechanism and to filter out important sentences to reduce the redundancy ratio the threshold is set. Finally, extracting the sentences is made for a summary that obtains from an original document by the compression ratio [31]. 5. Summarization: In the original document, it can retrieve and recombine words and phrases by Summarization according to the Reranker sorting that made the order of the sentences. 6. Evaluation: Text summarization system performance is measured by HMGS system including the output effect of results as well as users’ satisfaction [32]. Kim et al. [16] established real u-healthcare environments to implement a ubiquitous climate that based on Ontology-based healthcare context information model; it is vital to receive from various platforms the context information at the suitable time in portable devices where the communication operate in two ways using both wired and wireless. Moreover, to reflect the information and characteristics needed a knowledge model is required for such services while remaining appropriate for medical reference. The context information model is used for extracting and classifying contextual information to implement the healthcare services. The ontology is used for defined the healthcare context information model, and a common model was developed for healthcare by taking into a consideration medical references and service environments. The sensed information in various environments can use by application and healthcare service developers by authoring device- and space-specific ontologies based on this common ontology. Yuan et al. [33] proposed Fuzzy CARA – a Fuzzy-Based Context Reasoning System for Pervasive Healthcare. Healthcare is moved from care by professionals in the hospital to self-care, mobile care, and at-home care by using pervasive computing. The pervasive healthcare system, CARA (Context-Aware Real-time Assistant), is designed to provide personalized healthcare services for chronic patients in a timely and in a proper manner by adapting the healthcare technology to fit in with normal activities of the elderly and working practices of the caregivers. A personalized, flexible and extensible reasoning framework is presented by this paper for CARA by using a fuzzy-logic and a related context-aware reasoning middleware. Remote patient monitoring is supported by this paper also caregiver notification where based on data fusion and representation as well as inference mechanisms context-aware. The imperfections of the data are noteworthy about the work for dealing with it, also to control the application of rules in the context reasoning system they use of both structure and hierarchy based on fuzzy-logic. Results are presented for the evaluation of the fuzzy-logic-based context reasoning middleware under simulated but realistic scenarios of patient monitoring. The results point at-home monitoring is more feasible and effective. Hadjioannou et al. [34] proposed application for people that are in need of services such the tracking purpose this application for smartphone present the steps that were taken for the development of a location-based Android application which can be used for this purpose. In case the owned device is located in an area where it is not expected to be in, it will be able to inform a number of the users chosen peers about their whereabouts. Sensing a few simplified movements is the capability of the application which the user performs with the device and fire particular events based on the user's gesture, giving this way a context awareness aspect to the application. The drawbacks of this application

306

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org are the use of a few simplified movements the user performs with the device. We can replace with taking a photo by mobile camera and make on this photo pattern recognition.

Figure. 5 The architecture of ubiquitous context-aware healthcare service system (UCHS) [25] 3.2 Application of context-aware of learning technology and general application of context-aware Selviandro et al. [35] presented a paper for learners in a learning technology to build or develop a system that has the capability of giving a proper context that based on CBR and Nearest Neighbor algorithms by discussing the designing and testing plans of the context awareness system that is developed. The drawback of the proposed system is not implemented to verify that Nearest Neighbor Algorithm is an efficient way for making the similarity between new cases and old cases or is not proven whether the proposed system can give a proper or suitable context to the user based on user's situational conditions.

307

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org Alrammal et al. [36] presented a novel approach for Context Awareness in Mobile Commerce approach based on Regression Model, so-called RBCM, in modeling a domain to construct a context-aware model for mobile computing. RBCM is used to construct a probability density function for action schema in a domain by basing on a multivariate regression method. The mapping of the action schema with a context is applied by a machine learning algorithm. A benchmark dataset is used to evaluate RBCM. The start-of-the-art rivals of RBCM are used for comparing the results. Nayes bias, MOCART and Decision Tree with the latest variations where the main candidate rivals of RBCM are based on. Their model is compared with the rival techniques, and the results show that it is outperformed in accuracy and precision. Also, the rivals cannot predict the preferences of the users like RBCM that predicts with a higher accuracy. When the sample size greater than 50 perform of RBCM is better. Fanelli [37] presented for efficient context data distribution their original solution, by stressing their principal design guidelines, and highlighting how the use of different wireless modes and distributed context caching can deeply improve the Context Data Management (CDM) efficiency. Their novel algorithm Adaptive Context-aware Data Caching (ACDC) have been proposed, replacement policy, specifically tailored for fast adaptation of cached context data in mobile environments, where context data access patterns can quickly change due to mobility. To assess performance improvements and total overhead introduced by their approach they extensively compared ACDC against traditional caching techniques (FIFO, LFU, and LRU). On their ACDC caching obtained results are stimulating further research activities. On the one side, according to mobility indicators, they are currently working on the dynamic sizing of H length to improve ACDC promptness further while roaming. On the other hand, since reactive replication does not properly work if all close MNs have their caches full, we are working on additional coordination protocols to decongest caches of highly replicated data, so to keep relevant ones that the neighborhood may completely remove them. Bobek et al. [1] Building systems that gaining, process, and reason with context data are a major challenge. The mobile context-aware systems are required model updates and modifications. Additionally, the data required for the reasoning depended on the nature of the sensor-based systems that implies the data is not always available nor it is certain. Finally, context data can be significant and can grow quickly in the amount, constantly being processed and interpreted under soft real-time constraints. Such characteristics make it a case for a challenging big data application. In this paper, they require specific methods for mobile context-aware systems to process big data related to context. Also, they need to deal with uncertainty and dynamics of this data at the same time. For developing such systems they identify and define main requirements and challenges. Then they discuss how these challenges were addressed efficiently in the Know Me project. In their solution, the AWARE platform is used for the acquisition of context data. They extended the AWARE platform with techniques that can minimize the power consumption as well as conserve storage on a mobile device. To build rule models they use data that can express user preferences and habits. Some uncertainty management techniques they used to handle the missing or ambiguous data. A rule engine developed for mobile platforms provided for reasoning with rule models. Finally, they demonstrate how our tools can be used to visualize the stored data and simulate the operation of the system in a testing environment. Railkar et al. [38] proposed for Smartphones a Profile Translation based Proactive Adaptation using Context Management (PTPACM)to manage information and applications on Smartphone, for the service provider with their details filled the user must supply with credentials or profiles by logging onto different websites. To this purpose, user’s profile resides in control of multiple service providers. A data inconsistency is due to duplication of data occurs that obtained from different websites. In Smartphones to overcome these issues according to the scenarios, this paper proposes PTPACM which automatically generates user’s profile. The proposed system let keeping user's full profile in user domain resulting into centralizing or exchanging the profile information with an increase in the consistency of profile information. For PTPACM with Context Awareness Layer, Proactive Analyzer Layer and Profile Translation in a system this paper present the layered architecture. A probabilistic representation also presented in this paper of PTPACM as well as pseudo codes for different operations in the functional blocks of presented architecture. Miraoui et al. [39] proposed for context-aware services adaptation by using two machine learning methods approach for a smart living room. In learning/prediction process two algorithms are used the standard probabilistic Naïve Bayes classifiers and the multilayer perceptions neural network that considered as most famous and interesting algorithm. Their approach gave encouraging results, but the main drawback of this approach that it suffers from being a static adaptation. The dynamic aspect by anticipating the adaptation during the operation of the system put into consideration as the future work by making the learning incremental.

308

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org Kabir et al. [40] presented a system for context-aware based on machine learning which can provide service according to the trained model. Backpropagation Neural Network and Temporal Differential (TD) are the two effective learning algorithms that used for prediction and adaptation respectively as a class of reinforcement learning. For context-aware service, this approach indicates better adaptation due to the low error rate. In this paper, they focused on using machine learning technique and context-aware application layer for making an adaptable context-aware system. Several modules consist of the context-aware application layer for a particular task as shown in Figure 6. Different types of services are supplied by the context-aware application layer such as Morning call service, Dining service, Entertainment service, Sleeping service and Guarding service according to the current contexts. The main disadvantage of the use of rule-based not using CBR for solving new case not stated in the system.

Figure. 6 The block diagram of machine learning based adaptive context-aware system [40] Kumar [41] proposed for the management of context data an ontology-based model for mange m-Health application. In developing a context-aware m Health application, there are the most One of the major challenges is to store and process raw context data. The novice users can use this application so it should be simple and easy. For example, if there is someone X want to know the nearest medical clinic, public hospital, pharmacies from these current locations. Based on the user context any person can obtain the required result. Furthermore, details of the preliminary design are also provided for proposed m Health application. The drawback of this system that it does not carry out to implement the system using Android development toolkit for the mobile applications. Furthermore, the system does not evaluate and upgraded based on the feedback from the users. Broens et al. [42] proposed for m-health an application framework for context-aware. For mobile healthcare (e.g., telemonitoring) there are several social issues, like aging, stimulate the use of mobile ICT applications. The consequences of developing these applications to support novel m-health applications should be considered in the scope of a comprehensive architecture. For such a framework this paper gives initial requirements, and it gives the first attempt at a functional decomposition. This work is based on the architecture proposed by the Freeband AWARENESS project, as shown in Figure 7 [42]. AWARENESS architecture is considered as a three-layered architecture. The network infrastructure layer is the bottom layer of the architecture, which offering seamless mobile connectivity (e.g., GPRS, UMTS, WiFi). The service infrastructure is the middle layer that provides an execution environment for nomadic mobile services. The application layer is the top layer where they position their application framework. An application container offered by a top layer that provides an execution environment for application components and additionally provides access to generic container functions, domain-specific functions and the service infrastructure in general. Generic functions like context management are offered by the generic container functions, which apply to all application domains. Furthermore, a domain-specific function also is applied.

309


Figure. 7 The positioning of the application framework in the awareness architecture [42] Mcheick et al. [43] proposed for health care systems context-aware mobile application architecture (CAMAA). From a wide range of sensors, data will be collected continuously. An Agent is responsible for the good organization of data, formatted, and structured before forwarding it to an upper layer, where in a later stage it should be processed. As shown in Figure 8, their new architecture is decomposed to three layers from bottom to top as follows: sensors, agents, and application layers.

Figure. 8 The context architecture layers [43]

310

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org In the first Sensors Layer that available in the user context, it can be physical sensors like (GPS, temperature, etc...) or virtual sensors this means that the user's application it is not only the source to the sensors. Agents Layer is the second layer, where an agent associated with each sensor. The data collected from the sensor by the agent's role, data from the sensor are stored in XML format, and according to a certain threshold, it decides whether to forward it or not to upper layer. The difference between the last sent value and the new value is known as threshold measures. In case of a Pull request coming or scheduled from the upper layer Also, agents forward sensor data. Application Layer is the third layer where requests subscription by the client from the Agents layer, and when a notification is received the data is pulled, or by initiating a pull request, also he can discover the available. 4. ANALYSIS AND DISCUSSION Sullivan et al. [44] for providing nomadic practitioners proposed Context-Aware Mobile Medical Devices (CAMMD) with efficient access to patient records at the point of care. Examines the storage is the first test that required by a CAMMD enabled handhelddevice. Storage costs for the Remote Method Invocation (RMI) implementation also obtained. At each ward the data storage on the PDA is constant due to the retrieval of every patient record for the medical practitioner by using the RMI implementation. In comparison, by retrieving patient records the CAMMD implementation requires on average 80% less storage only associated with the practitioner’s active context. the network bandwidth usage is examined as the second test of a CAMMD enabled handheld device. RMI enabled device also obtained bandwidth usage. The results of this test case are shown in Figure 9b. The network usage of the RMI enabled device is again constant and is calculated by determining the cost of invoking a remote retrieval of patient records. In comparison, the bandwidth usage of a CAMMD device fluctuates according to number of patient records transmitted and the frequency of location updates. To evaluate the performance of CAMMD four individual tests were executed and these are outlined in Table 1. Both the CAMMD framework and a Remote Method Invocation (RMI) medical-based implementation was used to conducted each test. Table. 1 Overview of performance evaluation tests Type

Test Name Handheld Device

Physical Constraint Test

Storage

Network Bandwidth Usage

Data Transmission Time Usability and Interaction Test User Navigation

Description CAMMD On the handheld device Determine the storage cost resulting from the propagation of patient records. The storage cost is determined by Remote Method Invocation on the handheld device resulting from a retrieval of patient records. CAMMD The network bandwidth consumed is determined by a CAMMD handheld device. By the RMI implementation the network bandwidth consumed is determined. CAMMD To perform a data management operation the time taken is determined. The time required is determined by Remote Method Invocation for a retrieval of patient records from a provisioning server. CAMMD The average user time to navigate is determined to a patient medical record. The average user time to navigate is determined by Remote Method Invocation to a patient medical record.

311


Liu et al. [45] proposed mobile-health applications for iOS devices. In this section, top two hundred apps in related categories from Apple’s App Store were examined to find out features shared by these most popular applications. To demonstrate the current status of m-health applications several representative apps were analyzed on iOS and to identify implications from a developer’s perspective. Apple’s App Store classified the applications into twenty categories for example: Healthcare & Fitness, Lifestyle, Medical, Navigation etc. M-Health applications were distributed in the categories of Medical or Healthcare & Fitness. Apps in these two categories were chosen for detailed analysis based on three criteria: • Popularity. The sort of the applications is by “Most Popular” instead of “Release Data. • Rating. Applications with higher customer ratings (three or more stars out of five) were selected. • Relevance. The goal was to identify the current status of the m-health applications. So only those applications relevant to healthcare were selected. By popularity out of the top 100 apps, In the Medical category eighteen had two or fewer stars in customer ratings as showing in table 2 also in Fig. 10. The subtotals of the numbers of applications in these classes are shown in Table 2. Table 2 shows the largest class is the Medical information reference was followed by Educational tools and others. It was obvious that medical information reference apps dramatically decreased in the percentage, and the percentage of track tools dramatically increased.

312

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org Table. 2 Distribution of apps among different classes of the 80 relevant apps in the medical category No. 1 2 3 4 5 6 7

Class Drug or medical information database Medical information reference Decision support Educational tools Tracking tools Medical calculator Others

Number of apps 8

Percentage 10

27 3 19 7 3 13

33.75 3.75 23.75 8.75 3.75 16.25

Figure. 10 Class percentage comparison between 80 relevant apps and 14 five-star apps. As discussed above, for mobile electronic-health applications sufficient computing power and offer media-rich and context-aware features that are suitable that is provided by modern smart mobile devices. For m- health applications these devices have gained acceptance as target devices. First, the majority of developers chose to port existing web based or standalone desktop apps to mobile devices. Second, for m-health apps typically have multitouch interfaces and include context-aware hardware sensors so mobile devices are suitable for this purpose. It is critical for m-health developers to innovate and integrate support for these features in m-health apps. 5. CHALLENGES AND FUTURES TRENDS Mobile devices are becoming increasingly popular such as smartphones, IPAD and tablets, and price it is becoming affordable to many because there is a massive reduction in price. Also currently mobile applications have a huge demand that can meet people daily needs in providing services, such as finding shops, medical facilities, and restaurants. One of the most widely researched areas currently in mobile computing is that of context awareness. There are many limitations in context awareness that we need deal with in the current future direction. For example, Bobek et al. [1] several directions for future work are considered, like uncertain context data management included in more applications epically in dynamic mobile environments. One of them is the scope of contextual data that usually in extension they process with effective context acquired from physiological devices [46, 47]. So, our approach can be applied in the affective computing paradigm. Big social data is considered as another direction concerns. In these applications, event detection with the combination of user localization can be applied based on their rule-based descriptions. In such a case they are planning to use AWARE to acquire context data from social networks, but also possibly for social applications on mobile devices. The secure context awareness and context-aware security are currently a field of active research in both academic and industrial community [48]. Security challenges in contextaware systems include integrity, confidentiality, and availability of context information, as well as end user’s privacy. Another important issue is trustworthiness of context information.

313

JOURNAL OF SOFTWARE ENGINEERING & INTELLIGENT SYSTEMS ISSN 2518-8739 31st December 2017, Volume 2, Issue 3, JSEIS, CAOMEI Copyright © 2016-2017 www.jseis.org In designing of context-awareness also there are many awaiting challenges in mobile Sensing. Dynamic sensor selection, adaptive sampling, opportunistic workload division, and optimal sensing are the first challenge all of them known as Sensing Management. Second challenge Data Acquisition like data calibration, orientation change in device, distortion, noise, and device placement. Learning paradigm, computational complexity, online processing, and redundancy check are considered as the third all of them under name context Inference. Fourth Framework Design like a generalization, inhomogeneous physical world, adaptability, tradeoff handling estimation/prediction,timevariant sensing, robust processing, optimization in sensor senses. Finally, limited power, bandwidth, and storage, richness in context sources, complex device architectures, security, privacy and trust issues are considered as a general challenge[21]. 6. CONCLUSION New opportunities for application developers and end users are offered entirely by context-aware systems that gathering context data and adapting systems behavior accordingly. To increase usability tremendously especially in combination with mobile devices these mechanisms are of high value and are used. In this paper, we described different design principles and context awareness models for the mobile application. Context-Aware has many fields that can apply to it such as communication engineering, computer science, information technology. In addition to aid, the user for many purposes the context-aware computing has important uses in human-computer interaction, wearable computing, augmented reality, data management, feature extraction, artificial intelligence, and decision making. Especially, Smart devices are ideal assistants that provide accurate solutions for the critical aspects of healthcare, and medical staff works as well as the closer up-to-date state of the patient. Also, hospital's staff members can communicate with the patients reliably and suitably by using smart devices offers. In the future work, to improve the user experience, the advantage of contextual data is aimed to take by context-aware applications. A useful tool to reason about context is proved by using case-based reasoning (CBR) and fuzzy techniques to deal with lack standardization in handling the context and uncertainty of data. On the other side, it could be interesting to analyze how context reasoning relates to CBR. To assess how CBR can be integrated with contextual information is the primary concern of our research study. REFERENCES 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12.

Bobek, S. and G.J. Nalepa, Uncertain context data management in dynamic mobile environments. Future Generation Computer Systems, 2017. 66: p. 110-124. Hakkila, J. and J. Mantyjarvi. Collaboration in context-aware mobile phone applications. in System Sciences, 2005. HICSS'05. Proceedings of the 38th Annual Hawaii International Conference on. 2005: IEEE. Bellavista, P., et al., A survey of context data distribution for mobile ubiquitous systems. ACM Computing Surveys (CSUR), 2012. 44(4): p. 24. TalebiFard, P. and V.C. Leung, Context-Aware Mobility Management in Heterogeneous Network Environments. JoWUA, 2011. 2(2): p. 19-32. Gad-ElRab, A.A. and A.S. Alsharkawy, Adaptive Context-Aware Data Management Scheme for Mobile Environments. Schilit, B., N. Adams, and R. Want. Context-aware computing applications. in Mobile Computing Systems and Applications, 1994. WMCSA 1994. First Workshop on. 1994: IEEE. Dix, A., et al., Exploiting space and location as a design framework for interactive mobile systems. ACM Transactions on Computer-Human Interaction (TOCHI), 2000. 7(3): p. 285-321. Pascoe, J. The stick-e note architecture: extending the interface beyond the user. in Proceedings of the 2nd international conference on Intelligent user interfaces. 1997: ACM. Chen, G. and D. Kotz, A survey of context-aware mobile computing research. 2000, Technical Report TR2000-381, Dept. of Computer Science, Dartmouth College. Abowd, G., et al. Towards a better understanding of context and context-awareness. in Handheld and ubiquitous computing. 1999: Springer. Feng, L., P.M. Apers, and W. Jonker. Towards context-aware data management for ambient intelligence. in International conference on database and expert systems applications. 2004: Springer. Henricksen, K. and J. Indulska. Modelling and using imperfect context information. in Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second IEEE Annual Conference on. 2004: IEEE.

314


15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30. 31. 32. 33. 34.

35.

36. 37.

Van Bunningen, A.H., L. Feng, and P.M. Apers. Context for ubiquitous data management. in Ubiquitous Data Management, 2005. UDM 2005. International Workshop on. 2005: IEEE. Bobek, S. and G.J. Nalepa. Incomplete and uncertain data handling in context-aware rule-based systems with modified certainty factors algebra. in International Workshop on Rules and Rule Markup Languages for the Semantic Web. 2014: Springer. Kofod-Petersen, A. Challenges in case-based reasoning for context awareness in ambient intelligent systems. in 8th European Conference on Case-Based Reasoning, Workshop Proceedings. 2006. Kim, J. and K.-Y. Chung, Ontology-based healthcare context information model to implement ubiquitous environment. Multimedia Tools and Applications, 2014. 71(2): p. 873-888. Bricon-Souf, N. and C.R. Newman, Context awareness in health care: A review. international journal of medical informatics, 2007. 76(1): p. 2-12. Musumba, G.W. and H.O. Nyongesa, Context awareness in mobile computing: A review. International Journal of Machine Learning and Applications, 2013. 2(1): p. 5 pages. Baldauf, M., S. Dustdar, and F. Rosenberg, A survey on context-aware systems. International Journal of Ad Hoc and Ubiquitous Computing, 2007. 2(4): p. 263-277. Chen, H., T. Finin, and A. Joshi, An ontology for context-aware pervasive computing environments. The knowledge engineering review, 2003. 18(3): p. 197-207. Yürür, Ö., et al., Context-awareness for mobile sensing: A survey and future directions. IEEE Communications Surveys & Tutorials, 2016. 18(1): p. 68-93. Kofod-Petersen, A. and A. Aamodt. Case-based situation assessment in a mobile context-aware system. in Proceedings of AIMS2003, Workshop on Artificial Intgelligence for Mobil Systems, Seattle. 2003. El-Sappagh, S.H. and M. Elmogy, Case Based Reasoning: Case Representation Methodologies. International Journal of Advanced Computer Science and Applications,(IJACSA), 2015. 6(11): p. 192-208. Buttussi, F. and L. Chittaro, MOPET: A context-aware and user-adaptive wearable system for fitness training. Artificial Intelligence in Medicine, 2008. 42(2): p. 153-163. Lo, C.-C., et al., Ubiquitous healthcare service system with context-awareness capability: Design and implementation. Expert Systems with Applications, 2011. 38(4): p. 4416-4436. Radev, D.R., V. Hatzivassiloglou, and K.R. McKeown. A description of the CIDR system as used for TDT2. in Broadcast News Workshop'99 Proceedings. 1999: Morgan Kaufmann Pub. Huang, C. and Y. Wu. Automatic Web structuring and summarization for chinese text. in Proceedings of the Taiwan network conference. 1999. Huang, C., C. Yang, and L. Chu, A study of a Chinese-English web document summarization. Proceedings of the 7th information management practice, Taipei, Taiwan, 2001. Yeh, J.-Y., et al., Text summarization using a trainable summarizer and latent semantic analysis. Information processing & management, 2005. 41(1): p. 75-95. Kaikhah, K., Text summarization using neural networks. 2004. Erkan, G. and D.R. Radev. LexPageRank: Prestige in Multi-Document Text Summarization. in Proceedings of the 2004 Conference on Empirical Methods in Natural Language Processing. 2004. Myaeng, S.H. and D.-H. Jang, Development and evaluation of a statistically-based document summarization system. Advances in automatic text summarization, 1999: p. 61-70. Yuan, B. and J. Herbert, Fuzzy cara-a fuzzy-based context reasoning system for pervasive healthcare. Procedia Computer Science, 2012. 10: p. 357-365. Hadjioannou, V., et al. Context awareness location-based android application for tracking purposes in assisted living. in Telecommunications and Multimedia (TEMU), 2016 International Conference on. 2016: IEEE. Selviandro, N., M.K. Sabariah, and S. Saputra. Context awareness system on ubiquitous learning with case based reasoning and nearest neighbor algorithm. in Information and Communication Technology (ICoICT), 2016 4th International Conference on. 2016: IEEE. Alrammal, M., et al. Regression Model for Context Awareness in Mobile Commerce. in Developments of ESystems Engineering (DeSE), 2015 International Conference on. 2015: IEEE. Fanelli, M., et al., Self-adaptive context data management in large-scale mobile systems. IEEE Transactions on Computers, 2014. 63(10): p. 2549-2562.

315


39. 40. 41. 42. 43. 44. 45. 46.

47. 48.

Railkar, P.N. and P.N. Mahalle. Proposed Profile Translation based Proactive Adaptation using Context Management (PTPACM) in Smartphones. in Advance Computing Conference (IACC), 2013 IEEE 3rd International. 2013: IEEE. Miraoui, M., et al. Context-aware services adaptation for a smart living room. in Computer Applications & Research (WSCAR), 2014 World Symposium on. 2014: IEEE. Kabir, M.H., et al., Machine learning based adaptive context-aware system for smart home environment. International Journal of Smart Home, 2015. 9(11): p. 55-62. Kumar, B.A. Ontology based data model for context aware mHealth application. in Next Generation Computing Technologies (NGCT), 2015 1st International Conference on. 2015: IEEE. Broens, T., et al., Towards an application framework for context-aware m-health applications. International Journal of Internet Protocol Technology, 2007. 2(2): p. 109-116. Mcheick, H., et al. Context aware mobile application architecture (CAMAA) for health care systems. in Humanitarian Technology Conference-(IHTC), 2014 IEEE Canada International. 2014: IEEE. O'Sullivan, T., et al., CAMMD: Context-Aware Mobile Medical Devices. J. UCS, 2006. 12(1): p. 45-58. Liu, C., et al., Status and trends of mobile-health applications for iOS devices: A developer's perspective. Journal of Systems and Software, 2011. 84(11): p. 2022-2033. Zhou, C., et al. User interest acquisition by adding home and work related contexts on mobile big data analysis. in Computer Communications Workshops (INFOCOM WKSHPS), 2016 IEEE Conference on. 2016: IEEE. Stisen, A., et al. Task phase recognition for highly mobile workers in large building complexes. in Pervasive Computing and Communications (PerCom), 2016 IEEE International Conference on. 2016: IEEE. Wrona, K. and L. Gomez, ontext-aware security and secure context-awareness in ubiquitous computing environments. Annales Universitatis Mariae Curie-Sklodowska, sectio AI–Informatica, 2006. 4(1): p. 332348.

AUTHORS PROFILE

316