针对应用层未知攻击的蜜罐系统框架的研究与实现

随着网络攻击事件越来越多，特别是新的漏洞以及其攻击的不断发布，网络安全受到严重的威胁。传统的安全技术如防火墙、入侵检测等都不能很好地对新的漏洞和攻击进行检测，所以未知攻击的检测问题已成为难点。利用蜜罐技术来解决未知攻击的检测问题，简要概述了现有的蜜罐技术，提出并实现了一种针对应用层未知攻击的蜜罐系统框架。最后进行了测试并给出了结论。     

Web防火墙仿真在网络安全实验中的应用

在目前的网络安全实验中,只有对防火墙的仿真,缺乏对Web防火墙的仿真。EVE-NG是下一代的网络模拟器,支持多厂家、多类型的网络设备和网络安全设备仿真。本文基于EVE-NG平台,介绍了网络安全设备在EVE-NG上的仿真使用,设计构建了包含web防火墙的网络安全实验环境,并对于防护效果进行了测试验证。结果表明,这种方法可以有效解决目前高校在网络安全实验中缺乏web防火墙的问题。     

基于防火墙技术的网络安全

本文介绍了网络安全中的防火墙技术，对防火墙的三种基本类型（包过滤路由器、应用层中继和安全隧道）分别作了描述，并总结了它们各自的优缺点，最后对防火墙技术的发展方向作了展望。     

依托防火墙技术的网络安全架构与系统设计分析

防火墙是网络安全的基础保障技术,也是网络安全的首道防护。介绍依托防火墙技术的网络安全架构,论述了依托防火墙技术的网络安全系统设计需求和内容,并对依托防火墙技术的网络安全系统实现与测试进行了探究,以期为基于防火墙技术的网络安全系统设计提供一些参考。     

基于协议解析的工控网络安全仿真平台设计

工业控制网络的安全防护通常采用防火墙技术和多种复杂的应用层协议协同完成,但是未涉及应用层协议的深入分析。为了更好地保障工控网络数据访问的安全,结合工控网络报文定制性的特点,详细分析了基于应用层协议解析的安全防护策略。该方案在工业防火墙的基础上,通过对工控网络通信协议的报文深入解析,直接在报文层面解析过滤,从而拦截与功能实现无关的报文,并发现隐藏较深的威胁。以OPC协议为例,搭建了基于应用层协议深度解析的工控网络安全仿真测试平台,并利用石化企业现场设备的通信数据对该平台进行了验证。所提出的安防策略为工控网络安全设备的设计和制造提供了一种基于应用层协议解析的方案,具备较高级别的安全性能。     

下一代防火墙 舍我其谁

东华下一代防火墙（DISG）是一款基于专业硬件架构设计,全面监控应用层网络,能够精准识别用户、应用和内容,具备完整的安全防护能力和强劲处理能力的专业网络安全设备。     

让安全渗透进网络

网络安全形势分析 自从1995年开始在网络中引进防火墙以来，网络安全解决方案已经定型成为以防火墙为主的解决方案。这个解决方案的特点就是：将网络划分成不同安全等级的网段，在网段边界放置防火墙，进行网段隔离和访问控制。即使后来出现了针对应用层威胁的IDS产品，也无法动摇防火墙在网络安全解决方案的核心地位。     

最新分布式防火墙技术研究

防火墙是网络安全保护中最常采用的技术,而随着网络技术和应用的发展,传统的防火墙面临巨大的挑战,其缺陷也日益显现,分布式防火墙技术正是应运而生的下一代防火墙技术。本文探讨了分布式防火墙的工作机制和体系结构,分布式防火墙的主要特点和功能,以及分布式防火墙之于网络安全的主要优势。     

山石网科发布T系列下一代智能防火墙

日前,知名网络安全厂商山石网科在京召开了下一代智能防火墙——Intelligent Next-Generation Firewall产品发布会,标志着下一代防火墙已经走进"智能时代"。此次发布会亮相的T系列下一代智能防火墙将改变安全技术传统的被动防御方式,用智能的     

多层防火墙技术的研究与应用

分析了在多层网络应用中设计防火墙的技术。集中讨论了把资源严格划分给特定子网的条件。解释了如何通过防火墙加强各应用层的访问控制，满足多层网络应用的技术需求。并给出在甘肃工业大学网络安全设计中的应用实例。     

工程监理人员绩效智能评价方法研究综述

工程监理制度是建造领域保障工程质量的重要抓手。监理人员是工程监理重要实施主体，对其 绩效的考核评价在保障监理工作及工程建设质量上具有重要意义。当前，有关研究仍以绩效考核的目标、内容 与流程为主，具体考核仍高度依赖人工手段，存在方法固化、单一，以及评价指标设定不合理、不明确等问题。 本研究旨在系统综述绩效评价方法与支撑性智能技术，提出智能绩效评价的新方向与新趋势。首先，从技术层 面和应用层面对于国内外的智慧监理技术下监理人员评价方法理论的研究和应用现状进行综述，介绍了涉及的 关键考核方法和评价指标理论的应用现状，并提炼了基于智慧化环境下的监理人员考评方法理论的应用情况。 在总结现况的基础上，对领域现存的问题和挑战做了讨论分析，针对监理人员绩效考核方法的简单化和更灵活、 客观的评价指标，结合现代综合指标评价方法结合人工智能、区块链技术等新型信息技术，提出了智慧化进程 下监理人员绩效考评方法理论的未来发展方向。     

基于本体的文本分类研究综述

对近年来文本分类的研究现状及新进展进行归纳总结,基于前人的研究基础,提出一个了基于本体的文本分类通用框架,将本体融入传统的基于统计和机器学习的文本分类中,分别从特征处理,分类模型和性能评测等方面进行阐述,分析了现有基于本体的分类研究所面临的挑战,并指出其今后发展趋势。     

基于期望与K次方差的信息检索质量评估模型的研究

查全率和查准率是评估信息检索系统检索质量的两个基本标准，长期以来，基于这两个标准，存在着多种评价方法，但是，这些方法基本上是对查全率和查准率做简单的处理，仅反映检索的平均, 对检索稳定性没有分析，并且缺乏一套科学的，系统的评估体系，针对这种情况，借鉴概率学中的期望和方差的思想，用数学语言严格定义了查全期望，查准期望，K次查全方差和K次查准方差等概念，在这些概念的基础上，给出了信息检索质量评估准则，与其它模型相比，该模型能从检索的平均质量和检索的稳定性两方面反映检索系统的性能，因此，对检索质量的评估更加完善和全面。     

A comprehensive framework for the evaluation of ontology modularization

The Semantic Web and ontologies have received increased attention in recent years. The delivery of well-designed ontologies enhances the effect of Semantic Web services, but building ontologies from scratch requires considerable time and effort. Modularizing ontologies and integrating ontology modules to a given context help users effectively develop ontologies and revitalize ontology dissemination. Therefore, various tools for modularizing ontologies have been developed. However, selecting an appropriate tool to fit a given context is difficult because the assumptions for the approaches greatly vary. Therefore, a suitable framework is required to compare and help screen the most suitable modularization tool.In this research, we propose a new evaluation framework for selecting an appropriate ontology modularization tool. We present three aspects of tool evaluation as the main dimensions for the assessment of modularization tools: tool performance, data performance, and usability.This study provides an implicit evaluation and an empirical analysis of three modularization tools. It also provides an evaluation method for ontology modularization, enabling ontology engineers to compare different modularization tools and easily choose an appropriate one for the production of qualifying ontology modules.The experimental results indicate that the proposed evaluation criteria for ontology modularization tools are valid and effective. This research provides a useful method for assessing and selecting ontology modularization tools. Modularization performance, data performance, and usability are the three modularization aspects designed and applied to the context of ontology. We provide a new focus on the comprehensive framework to evaluate the performance and usability of ontology modularization tools. The proposed framework should be of value to both ontology engineers, who are interested in ontology modularization, and to practitioners, who need information on how to evaluate and select a specific type of ontology tool in accordance with the requirements of the individual environment.     

Experience with using the Parallel Workloads Archive

Science is based upon observation. The scientific study of complex computer systems should therefore be based on observation of how they are used in practice, as opposed to how they are assumed to be used or how they were designed to be used. In particular, detailed workload logs from real computer systems are invaluable for research on performance evaluation and for designing new systems.     

From generative fit to generative capacity: exploring an emerging dimension of information systems design and task performance

Information systems (IS) research has been long concerned with improving task-related performance. The concept of fit is often used to explain how system design can improve performance and overall value. So far, the literature has focused mainly on performance evaluation criteria that are based on measures of task efficiency, accuracy, or productivity. However, nowadays, productivity gain is no longer the single evaluation criterion. In many instances, computer systems are expected to enhance our creativity, reveal opportunities and open new vistas of uncharted frontiers.
To address this void, we introduce the concept of generativity in the context of IS design and develop two corresponding design considerations –'generative capacity' that refers to one's ability to produce something ingenious or at least new in a particular context, and 'generative fit' that refers to the extent to which an IT artefact is conducive to evoking and enhancing that generative capacity. We offer an extended view of the concept of fit and realign the prevailing approaches to human–computer interaction design with current leading-edge applications and users' expectations. Our findings guide systems designers who aim to enhance creative work, unstructured syntheses, serendipitous discoveries, and any other form of computer-aided tasks that involve unexplored outcomes or aim to enhance our ability to go boldly where no one has gone before.
In this paper, we explore the underpinnings of 'generative capacity' and argue that it should be included in the evaluation of task-related performance. Then, we briefly explore the role of fit in IS research, position 'generative fit' in that context, explain its role and impact on performance, and provide key design considerations that enhance generative fit. Finally, we demonstrate our thesis with an illustrative vignette of good generative fit, and conclude with ideas for further research.     

基于客观权重确定的数据中心网络性能评估方法

针对大规模数据中心网络如何有效监控网络、发现网络性能瓶颈和潜在故障点,为网络性能优化提供支持成为新的研究课题.然而影响网络性能的因素众多,性能因素的影响程度存在差异,如何给出一个准确的性能评估一直是比较困难的问题.针对上述问题,提出了网络性能评估指标体系,在此基础上进一步提出了一种基于客观权重确定的数据中心网络性能评估方法(PE-OWD).该方法通过采用基于客观权值确定方法动态计算性能权值,利用基于历史参数分布的数据归一化方法,建立了完善的网络性能健康度评估模型.针对天河2真实的网络环境,对网络设备的性能指标进行评估,验证了网络性能评估方法的有效性.     

A Taxonomy and Evaluation of Dense Two-Frame Stereo Correspondence Algorithms

Stereo matching is one of the most active research areas in computer vision. While a large number of algorithms for stereo correspondence have been developed, relatively little work has been done on characterizing their performance. In this paper, we present a taxonomy of dense, two-frame stereo methods. Our taxonomy is designed to assess the different components and design decisions made in individual stereo algorithms. Using this taxonomy, we compare existing stereo methods and present experiments evaluating the performance of many different variants. In order to establish a common software platform and a collection of data sets for easy evaluation, we have designed a stand-alone, flexible C++ implementation that enables the evaluation of individual components and that can easily be extended to include new algorithms. We have also produced several new multi-frame stereo data sets with ground truth and are making both the code and data sets available on the Web. Finally, we include a comparative evaluation of a large set of today's best-performing stereo algorithms.     

网络可靠性评估方法综述

网络可靠性评估随着网络技术的发展已成为一个广受关注的焦点问题,但网络的复杂性、动态性、多态性等特点使得传统可靠性评估方法很难适用于网络。就网络可靠性评估方法这一问题,对近10年的相关文献按连通可靠性、容量可靠性和性能可靠性3个方面进行了综述,并介绍了在这3类研究的基础上综合考虑网络业务支持能力的业务可靠性,总结了近10年网络可靠性评估方法的研究进展、存在的问题及未来的研究方向。     

一种面向大规模系统域网络性能管理系统

当前系统域网络规模日益庞大,如何监控系统域网络复杂的流量行为、发现性能瓶颈以及可能的网络故障点,为系统域网络性能优化提供有效支持的需求已经日益迫切。首先提出了一种系统域网络的性能管理体系结构SNPMA,SNPMA采用了松耦合的分层结构,通过各层之间的协同实现性能管理的自动化和可操作性。在此基础上提出了一种网络性能评估模型NPEM,解决大规模网络中对现有网络设备性能状况无法正确评估、对网络运行状态无法进行有效预测的问题,进而提出了自适应并发策略性能监控方法STM,能动态调整采集数据的策略,较好地提高了采集数据的效率。在"天河二号"真实的网络环境下,对网络设备的性能进行分级评估和分析,验证了网络性能评估和分析模型。