Jin-Cherng Lin

Tatung University, T’ai-pei, Taipei, Taiwan

Are you Jin-Cherng Lin?

Claim your profile

Publications (33)1.48 Total impact

  • Jin-Cherng Lin · Yueh-Ting Lin · Han-Yuan Tzeng · Yan-Chin Wang

    No preview · Article · Jan 2013
  • Jin-Cherng Lin · Kuo-Chiang Wu · Ting-Yu Chen · Jiun-Ting Chen
    [Show abstract] [Hide abstract]
    ABSTRACT: Uzam and Zhou (Uzam, M. and Zhou, M., 2006. An improved iterative synthesis method for liveness enforcing supervisors of flexible manufacturing systems. International Journal of Production Research, 44 (10), 1987–2030) were able to obtain a near optimal controlled model for the net SPR with 21,562 good states. Chao's deadlock recovery scheme (Chao, D.Y., 2010. Technical Note – Reaching more states for control of FMS. International Journal of Production Research, 48 (4), 1217–1220) improves by reaching more states (21,585). However, this paper identifies a problem and proposes a solution.
    No preview · Article · Aug 2011 · International Journal of Production Research
  • Jin-Cherng Lin · Chu-Ting Chang · Sheng-Yu Huang
    [Show abstract] [Hide abstract]
    ABSTRACT: For software developers, accurately forecasting software effort is very important. In the field of software engineering, it is also a very challenging topic. Miscalculated software effort in the early phase might cause a serious consequence. It not only effects the schedule, but also increases the cost price. It might cause a huge deficit. Because all of the different software development team has it is own way to calculate the software effort, the factors affecting project development are also varies. In order to solve these problems, this paper proposes a model which combines genetic algorithm (GA) with support vector machines (SVM). We can find the best parameter of SVM regression by the proposed model, and make more accurate prediction. During the research, we test and verify our model by using the historical data in COCOMO, Desharnais, Kemerer, and Albrecht. We will show the results by prediction level (PRED) and mean magnitude of relative error (MMRE).
    No preview · Article · Jul 2011
  • Jin-Cherng Lin · Han-Yuan Tzeng
    [Show abstract] [Hide abstract]
    ABSTRACT: In the IT industry, precisely evaluate the effort of each software development project to develop cost and development schedule management to the software company in the software are count for much. Since a project, majority of development teams will feel time isn't enough to use or the project valuation be false to make the software project failed. However the cost of the software project is almost a manpower cost, manpower cost and then become a direct proportion with development schedule, so precise effort the valuation more seem to be getting more important. Consequently, this research will use Pearson product-moment correlation coefficient and one-way analyze to select several factors then used K-Means clustering algorithm to software project clustering. After project clustering, we use Particle Swarm Optimization that take mean of MRE (MMRE) as a fitness value and N-1 test method to optimization of COCOMO parameters. Finally, take parameters that finsh the optimization to calculate the software project effort that is want to estimation. This research use 63 history software projects data of COCOMO to test. The experiment really expresses using base on project clustering with multiple factors can make more effective base on effort of the estimate software of COCOMO's three project mode.
    No preview · Conference Paper · Jan 2011
  • Jan-Min Chen · Fan-Yu Kuan · Jin-Cherng Lin
    [Show abstract] [Hide abstract]
    ABSTRACT: This article introduced a model which applies game theory and cost to assess the security level of a web application. A system administrator may assess security level and the cost of defending upon this model. Afterward, he may apply game theory to find the optimized defending strategy. In a limited resources situation, the result of this model may provide suggestions to allocate resources to different defending strategies.
    No preview · Article · Dec 2010
  • Source
    Jin-Cherng Lin · Kuo-Chiang Wu
    [Show abstract] [Hide abstract]
    ABSTRACT: In e-learning, students must learn initiatively according to their own progress via computer and Internet. That is to say, students often handle contents transmitted from far side in front of computer by themselves. In the meanwhile students have to determine "what to learn" and "where to go" in each learning unit (or learning node), so, it relatively consumes mental and physical efforts during learning that results in cognitive overload, therefore, students are easy to feel anxious about e-learning content due to said cognitive overload. Purpose of this paper is to collect the learning behavior trace during e-learning activity, and then use decision tree ID 3 to discover strenuous place in the hyperlink of elearning in order to avoid anxiety of e-learning. Based on the analysis of ID 3, the curriculum designers of e-learning will be easy to visually understand students' behavior on e-learning by treelike graph, and then compose a well-organized and adaptive e-learning curriculum.
    Preview · Article · Aug 2010 · International Journal of Digital Content Technology and its Applications
  • Kai-Yung Lin · Jin-Cherng Lin · Jan-Min Chen · Tsung-Che Wu
    [Show abstract] [Hide abstract]
    ABSTRACT: Nowadays the trend of the Web application attack is using various vulnerability scanners to find flaws before launching attacks. Examples of such vulnerabilities are SQL injection and Cross-Site Scripting (XSS). Most of the web application security problems as use the CAPTCHA defend the system by identification if the traffic source is human or robots. In this paper, we describe our techniques for automatically identifying human-generated web action and separate it from Malicious Crawler action. The technology is similar with CAPTCHA and able to block Malicious Crawler readily, but it can precise identify the parameter to fill in by Malicious Crawler. The user can enter without any distorted images and prevent miscellaneous entering movements. Our experiments to distinguish ability show that 100% of human users and Malicious Crawler are with a maximum false positive rate of 0%. Such identification can help protect individual Web sites, reduce the abuse tools, or help identify compromised computers within an organization.
    No preview · Article · Feb 2010 · Journal of Discrete Mathematical Sciences and Cryptography
  • Jin-Cherng Lin · Pei-Wu Chou · Chu-Ting Chang
    [Show abstract] [Hide abstract]
    ABSTRACT: Friend keyword is a special syntax only in C++. Friend construct in C++ programming language is a violation of encapsulation, that will made default program become more and more difficult and complex. This paper will discuss how friend destroy the C++ programming language, and investigate this fault and the misunderstanding friend. This paper provides an estimate the polymorphism defects in design stage with friend. This metric can provide early information for developer on modify, redesign the system and find another way to fix these defect as well.
    No preview · Article · Jan 2010
  • Jin-Cherng Lin · Jan-Min Chen · Chou-Chuan Chen · Yu-Shu Chien
    [Show abstract] [Hide abstract]
    ABSTRACT: The interactive behavior between the hacker and the defender is similar to information warfare. The process of attack and defend can be abstracted as a tree diagram and analyzed based on game theory. When a hacker launches an attack, he must do his best to get expected payoff. Similarly the defender may hope to protect system against attacker successfully by minimizing security investment. The tradeoff between attack and defense is hard to keep accurately by means of traditional experience rule. In this paper, we try to solve the problem quickly with the help of game theory. A simple and effective way based on the minimax theorem in game theory is presented. In zero-sum games, the minimax solution is the same as the Nash equilibrium. Thus those strategies listed in probability spread can satisfy both involvers. The result accords with the real scenario in common network environment.
    No preview · Conference Paper · Jul 2009
  • Jin-Cherng Lin · Jan-Min Chen · Cheng-Hsiung Liu
    [Show abstract] [Hide abstract]
    ABSTRACT: According to OWASP Top 10 2007, top 1-5 critical Web application security vulnerabilities caused by unchecked input [1]. Unvalidated Input may lead hacker to inject code to bypass or modify the originally intended functionality of the program to gain information, privilege escalation or unauthorized access to a system. Examples of such vulnerabilities are SQL injection, Shell injection and Cross Site Scripting (XSS). Proper input validation is an effective countermeasure to act as a defense against input attacks but it may induce false negative or false positive. We develop a defense system consisting of a testing framework and a sanitizing mechanism on a security gateway. The security gateway is allocated in front of application server to mitigate malicious injection. To verify the efficiency of the sanitizing mechanism, we focus on whether the filter rules have better detection rate to sanitize input data. Among our experiments, different fields may be automatically injected proper validation rules made up of some sub-rules. By means of the mechanism, we reduce false rate and prove that the hybrid method is more ideal than any traditional input handling.
    No preview · Conference Paper · Nov 2008
  • Jin-Cherng Lin · Kuo-Chiang Wu
    [Show abstract] [Hide abstract]
    ABSTRACT: Grey forecasting theory is one of the important techniques in the grey systems theory, which is using an approximate differential equation to describe the tendency in future for a time series. Software defects are an explicit characteristic in the software developing process, which provides quality information of the software. Defect prediction is the process to record and track defects; it makes best use of the information provided by defects to set up organization process capability. This paper wants to apply the characteristics of grey forecasting theory in predicting defects at each period of the software developing process. In the future, given the total KLOC (Kilo Line Of Code) of a program, we can predict the value of the NOCs (Number Of Defects) by our method. On the other hand, prediction of defects can verify the debugging efficiency of the testing process of software in each period of time.
    No preview · Article · Jul 2008
  • Jin-Cherng Lin · Kuo-Chiang Wu
    [Show abstract] [Hide abstract]
    ABSTRACT: As programmers try to reuse codes written by other programmers, a chain of fatal faults shall be made due to misunderstanding of the original intention, this is because of poor understandability to the relevant documents in software engineering, we also call it as an adverse software understandability, however, software understandability is the mental activity of programmers, so, it is not easy to be quantized or measured. Since internal mental activity is hardly visible to us, we are obliged to determine software understandability by the external visible artifact. We reviewed factors suggested by literatures to affect software understandability. Furthermore, this paper brings forward an integrated view to determine good or bad of software understandability at that time.
    No preview · Conference Paper · Jul 2008
  • Jin-Cherng Lin · Jan-Min Chen · Cheng-Hsiung Liu
    [Show abstract] [Hide abstract]
    ABSTRACT: Injection attack is a technique to bypass or modify the originally intended functionality of the program. Many application's security vulnerabilities result from generic injection problems. Examples of such vulnerabilities are SQL injection, shell injection and script injection (cross site scripting). Proper input validation is an effective countermeasure to act as a defense against input attacks. However, it is challenging because there is no specific answer for what implies valid input across applications. As individual fields often require specific validation, input validation adopting only one filter rule may induce false negative or false positive. We develop a defense system consisting of an event driven security testing framework and an adjustable validation function on a security gateway. The security gateway is allocated in front of application server to eliminate malicious injection vulnerabilities. To verify the efficiency of the adjustable mechanism, we focus on whether the validation functions included in meta-programs have proper filter rules to sanitize input data. Among our experiments, different fields may have various validation rules made up of some sub-rules. By means of these rules, we reduce false rate and increase detection rate. That is to say, we prove that the diversified validation rules produced by our automatic mechanism are more efficient and elastic than only one rule.
    No preview · Conference Paper · Apr 2008
  • Jin-Cherng Lin · Chun-Lun Chou · Cheng-Hsiung Liu
    [Show abstract] [Hide abstract]
    ABSTRACT: In the last years, demand for high-speed Internet access and multimedia service has increased greatly. The IEEE 802.16 Working Group on broadband wireless access is developing the IEEE 802.16 standards for wireless metropolitan area networks. IEEE 802.16 aims at providing broadband wireless last-mile access in a Metropolitan Area Network, easy deployment, high speed data rate and large spanning area. WiMAX also support quality of service architecture include priority scheduling and queuing for bandwidth allocation to support our system more efficient. Therefore, we have an idea to implement some scheduling schemes on WiMAX system in NS2 to analysis in uplink and downlink direction to get better performance. By simulation results, it can show the performance of different scheduling schemes clearly, and which one suit for different specific environment. Finally, we can support an efficient Queuing scheduling theory on dynamic bandwidth allocation to get better performance for the IEEE 802.16 system.
    No preview · Conference Paper · Apr 2008
  • Source
    Jin-Cherng Lin · Jan-Min Chen
    [Show abstract] [Hide abstract]
    ABSTRACT: Injection attack is a technique to bypass or modify the originally intended functionality of the pro-gram by injecting codes into a computer program or system. It is popular in system hacking or cracking to gain information, Privilege escalation or unauthorized access to a system. Many application's security vulner-abilities result from generic injection problems. Examples of such vulnerabilities are SQL injection, Shell in-jection and Script injection (Cross Site Scripting). Some applications attempt to protect themselves by filter-ing malicious input data, but it may not be viable to modify the source of such components (either because the code was shipped in binary form or because the license agreement is prohibitive). We have tried to de-velop a defense mechanism that can automatically generate meta-programs on security gateway to filter mali-cious injection. The security gateway is allocated in front of application server to eliminate malicious injec-tion vulnerabilities. To verify the efficiency of the mechanism, we create the web sites made up of some Web applications that often contain third-party vulnerable components shipped in binary form. According to the result of these experiments, our defense mechanism has proved itself efficiency.
    Preview · Article · Jan 2008
  • Jin-Cherng Lin · Jan-Min Chen
    [Show abstract] [Hide abstract]
    ABSTRACT: Injection attack is a technique to inject codes into a computer program or system by taking advantage of the unchecked assumptions the system makes about its inputs. The purpose of the injected code is typically to bypass or modify the originally intended functionality of the program. It is popular in system hacking or cracking to gain information, Privilege escalation or unauthorized access to a system [13]. Many application's security vulnerabilities result from generic injection problems. Examples of such vulnerabilities are SQL injection, Shell injection and Script injection (Cross Site Scripting). Some applications attempt to protect themselves by filtering malicious input data, but it may not be viable to modify the source of such components (either because the code was shipped in binary form or because the license agreement is prohibitive). We have tried to develop a defense mechanism that can automatically produce a proper input validation function on security gateway to filter malicious injection. The security gateway is allocated in front of application server to eliminate malicious injection vulnerabilities. To verify the efficiency of the tool, we pick the websites made up of some Web applications that often contain third-party vulnerable components shipped in binary form. Among these experiments, our defense mechanism has proved their efficiency to avoid malicious injection attack. Keywords Black box testing, Malicious injection, Input validation, Security gateway.
    No preview · Conference Paper · Nov 2007
  • Jin-Cherng Lin · Kuo-Chiang Wu
    [Show abstract] [Hide abstract]
    ABSTRACT: At the time of designing embedded software, too many variables in the original requirement specifications may cause the design work very difficult. This paper tries to use the knowledge reduction in the rough set to simplify the design of embedded software. We first get raw data from requirement specifications or use cases and then turn raw data into rough set by the process of the discretization. Next, extract knowledge (or decision rules) from the rough set by the knowledge reduction. Finally, employing the neural network theory learned these decision rules from the embedded software. In brief, rough set theory is able to extract the decision rules from the raw data, and then the neural network is capable of learning these decision rules to help development team works out.
    No preview · Conference Paper · Sep 2007
  • Jin-Cherng Lin · Jan-Min Chen · Hsing-Kuo Wong
    [Show abstract] [Hide abstract]
    ABSTRACT: “Invalidated Input” is Top One Critical Web Application Security Vulnerabilities according to have been released by Open Web Applications Security Project (OWASP) on July 14, 2004. Many web application security vulnerabilities result from generic input validation problems. Some sites attempt to protect themselves by filtering malicious input, but it may not be viable to modify the source of such components. We have tried to develop an automatic defense mechanism that can produce a proper input validation function on security gateway to filter malicious injection. To verify the efficiency of the tool, we picked the websites made up of some Web applications often contain third-party vulnerable components which was shipped in binary form. Among our experiments, the defense mechanism can automatically organize validation functions to avoid malicious injection attack. abstract environment.
    No preview · Conference Paper · Sep 2007
  • Jin-Cherng Lin · Kuo-Chiang Wu
    [Show abstract] [Hide abstract]
    ABSTRACT: Although students can learn independently in the environment of e-learning or online-learning, they have to determine "what to learn" and "where to go" in each learning node, so, it relatively consumes mental and physical efforts during learning that results in cognitive overload, therefore, students are easy to feel anxious about information due to said cognitive overload. Such issues could be reduced and improved by proper guidance of teacher in the real world. However, in the virtual e-learning world, teacher couldn't get information from students and instruct them face-to-face like the real world, thus, edition of contents and tutoring system behind e-learning are the key actor. Object of this paper is to collect the learning history record of students during e- learning, and then use decision tree learning with ID 3 algorithm to discover strenuous place in the hyper-link of e-learning in order to avoid anxiety of e-learning.
    No preview · Conference Paper · Aug 2007
  • Jin-Cherng Lin · Yung-Hsin Li · Cheng-Hsiung Liu
    [Show abstract] [Hide abstract]
    ABSTRACT: Recently some scholars build time series forecasting model by independent component analysis mechanism. Within component ambiguity, time series approximation and mean difference problems, independent component analysis mechanism has intrinsic limitations for time series forecasting. Solutions for those limitations were purposed in this paper. Under the linear time complexity, those limitations were solved by our proposed methods to ensure the forecasting reward. The empirical data show that our model exactly reveals the flexibility and accuracy in time series forecasting domain.
    No preview · Conference Paper · May 2007