基于可编程协议无关报文处理的分布式拒绝服务攻击检测

传统软件定义网络（SDN）中的分布式拒绝服务（DDoS）攻击检测方法需要控制平面与数据平面进行频繁通信,这会导致显著的开销和延迟,而目前可编程数据平面由于语法无法实现复杂检测算法,难以保证较高检测效率。针对上述问题,提出了一种基于可编程协议无关报文处理（P4）可编程数据平面的DDoS攻击检测方法。首先,利用基于P4改进的信息熵进行初检,判断是否有可疑流量发生;然后再利用P4提取特征只需微秒级时长的优势,提取可疑流量的六元组特征导入数据标准化—深度神经网络（data standardization-deep neural network,DS-DNN）复检模块,判断其是否为DDoS攻击流量;最后,模拟真实环境对该方法的各项评估指标进行测试。实验结果表明,该方法能够较好地检测SDN环境下的DDoS攻击,在保证较高检测率与准确率的同时,有效降低了误报率,并将检测时长缩短至毫秒级别。     

基于词袋模型的分布式拒绝服务攻击检测

针对分布式拒绝服务（DDoS）攻击有效荷载快速变化,人工干预需要依赖经验设定预警阈值以及异常流量特征码更新不及时等问题,提出一种基于二进制流量关键点词袋（BSP-BoW）模型的DDoS攻击检测算法。该算法可以自动从当前网络的流量数据中训练得到流量关键点（SP）,针对不同拓扑网络进行自适应异常检测,减少频繁更新特征集带来的人工成本。首先,对已有的攻击流量和正常流量进行均值聚类,寻找网络流量中的SP;然后,将原有的流量转化映射到相应SP上使用直方图进行形式化表达;最后,通过欧氏距离进行DDoS攻击的分类检测。在公开数据库DARPA LLDOS1.0上的实验结果表明,所提算法的异常网络流量识别率优于现有的局部加权学习（LWL）、支持向量机（SVM）、随机树（Random Tree）、logistic回归分析（logistic）、贝叶斯（NB）等方法。所提的基于词袋聚类模型算法在拒绝服务攻击的异常流量识别中有很好的识别效果和泛化能力,适合部署在中小企业（SME）网络流量设备上。     

基于软件定义物联网的分布式拒绝服务攻击检测方法

由于物联网（IoT）设备众多、分布广泛且所处环境复杂,相较于传统网络更容易遭受分布式拒绝服务（DDoS）攻击,针对这一问题提出了一种在软件定义物联网（SD-IoT）架构下基于均分取值区间长度-K均值（ELVR-Kmeans）算法的DDoS攻击检测方法。首先,利用SD-IoT控制器的集中控制特性通过获取OpenFlow交换机的流表,分析SD-IoT环境下DDoS攻击流量的特性,提取出与DDoS攻击相关的七元组特征;然后,使用ELVR-Kmeans算法对所获取的流表进行分类,以检测是否有DDoS攻击发生;最后,搭建仿真实验环境,对该方法的检测率、准确率和错误率进行测试。实验结果表明,该方法能够较好地检测SD-IoT环境中的DDoS攻击,检测率和准确率分别达到96.43%和98.71%,错误率为1.29%。     

Security challenges in internet of things: Distributed denial of service attack detection using support vector machine-based expert systems

The rapid development of internet of things (IoT) is to be the next generation of the IoT devices are a simple target for attackers due to the lack of security. Attackers can easily hack the IoT devices that can be used to form botnets, which can be used to launch distributed denial of service (DDoS) attack against networks. Botnets are the most dangerous threat to the security systems. Software-defined networking (SDN) is one of the developing filed, which introduce the capacity of dynamic program to the network. Use the flexibility and multidimensional characteristics of SDN used to prevent DDoS attacks. The DDoS attack is the major attack to the network, which makes the entire network down, so that normal users might not avail the services from the server. In this article, we proposed the DDoS attack detection model based on SDN environment by combining support vector machine classification algorithm is used to collect flow table values in sampling time periods. From the flow table values, the five-tuple characteristic values extracted and based on it the DDoS attack can be detected. Based on the experimental results, we found the average accuracy rate is 96.23% with a normal amount of traffic flow. Proposed research offers a better DDoS detection rate on SDN.     

Solving multi-instance problems with classifier ensemble based on constructive clustering

In multi-instance learning, the training set is composed of labeled bags each consists of many unlabeled instances, that is, an object is represented by a set of feature vectors instead of only one feature vector. Most current multi-instance learning algorithms work through adapting single-instance learning algorithms to the multi-instance representation, while this paper proposes a new solution which goes at an opposite way, that is, adapting the multi-instance representation to single-instance learning algorithms. In detail, the instances of all the bags are collected together and clustered into d groups first. Each bag is then re-represented by d binary features, where the value of the ith feature is set to one if the concerned bag has instances falling into the ith group and zero otherwise. Thus, each bag is represented by one feature vector so that single-instance classifiers can be used to distinguish different classes of bags. Through repeating the above process with different values of d, many classifiers can be generated and then they can be combined into an ensemble for prediction. Experiments show that the proposed method works well on standard as well as generalized multi-instance problems. Zhi-Hua Zhou is currently Professor in the Department of Computer Science & Technology and head of the LAMDA group at Nanjing University. His main research interests include machine learning, data mining, information retrieval, and pattern recognition. He is associate editor of Knowledge and Information Systems and on the editorial boards of Artificial Intelligence in Medicine, International Journal of Data Warehousing and Mining, Journal of Computer Science & Technology, and Journal of Software. He has also been involved in various conferences. Min-Ling Zhang received his B.Sc. and M.Sc. degrees in computer science from Nanjing University, China, in 2001 and 2004, respectively. Currently he is a Ph.D. candidate in the Department of Computer Science & Technology at Nanjing University and a member of the LAMDA group. His main research interests include machine learning and data mining, especially in multi-instance learning and multi-label learning.     

Secure design for cloud control system against distributed denial of service attack

Nowadays, the development of cloud computing has given power to the resource constrained network control system (NCS) to out source heavy computations to the cloud server. However, the development of Cloud Computing produced many security challenges regarding the cyber physical connection between the cloud and control system. The connection between the control system and cloud server can be subjected to distributed denial of service (DDoS) attack by an attacker to destabilize the NCS. In this paper, we will address this issue by building a secure mechanism for such systems. We will design a detection approach and a mitigation approach for better stable performance of NCS. To ensure the stability of NCS at the time of DDoS attack, we will also design a switching mechanism (SM) for cloud control system (CCS) when there are no more real time solutions available from the cloud. Finally, we will apply the proposed mechanism to an unmanned arial vehicle (UAV). Our simulation results show that the mechanism works well in stability and protection of NCS under DDoS attack.     

基于集成神经网络入侵检测系统的研究与实现

为解决传统入侵检测模型所存在的检测效率低,对未知的入侵行为检测困难等问题,对集成学习进行了研究与探讨,提出一种采用遗传算法的集成神经网络入侵检测模型,阐述了模型的工作原理和各模块的主要功能.模型通过遗传算法寻找那些经过训练后差异较大的神经网络进行集成.实验表明,集成神经网络与检测率最好的单个神经网络相比检测率有所提高.同时,该模型采用机器学习方法,可使系统能动态地适应环境,不仅对已知的入侵具有较好的识别能力,而且能识别未知的入侵行为,从而实现入侵检测的智能化.     

On-line transfer learning for multi-fidelity data fusion with ensemble of deep neural networks

Deep Neural Network (DNN) is widely used in engineering applications for its ability to handle problems with almost any nonlinearities. However, it is generally difficult to obtain sufficient high-fidelity (HF) sample points for expensive optimization tasks, which may affect the generalization performance of DNN and result in inaccurate predictions. To solve this problem and improve the prediction accuracy of DNN, this paper proposes an on-line transfer learning based multi-fidelity data fusion (OTL-MFDF) method including two parts. In the first part, the ensemble of DNNs is established. Firstly, a large number of low-fidelity sample points and a few HF sample points are generated, which are used as the source dataset and target dataset, respectively. Then, the Bayesian Optimization (BO) is utilized to obtain several groups of hyperparameters, based on which DNNs are pre-trained using the source dataset. Next, these pre-trained DNNs are re-trained by fine-tuning on the target dataset, and the ensemble of DNNs is established by assigning different weights to each pre-trained DNN. In the second part, the on-line learning system is developed for adaptive updating of the ensemble of DNNs. To evaluate the uncertainty error of the predicted values of DNN and determine the location of the updated HF sample point, the query-by-committee strategy based on the ensemble of DNNs is developed. The Covariance Matrix Adaptation Evolutionary Strategies is employed as the optimizer to find out the location where the maximal disagreement is achieved by the ensemble of DNNs. The design space is partitioned by the Voronoi diagram method, and then the selected point is moved to its nearest Voronoi cell boundary to avoid clustering between the updated point and the existing sample points. Three different types of test problems and an engineering example are adopted to illustrate the effectiveness of the OTL-MFDF method. Results verify the outstanding efficiency, global prediction accuracy and applicability of the OTL-MFDF method.     

Spatio-temporal adaptive indoor positioning using an ensemble approach

We present a fingerprinting-based Wi-Fi indoor positioning method robust against temporal fluctuations and spatial instability in Wi-Fi signals. An ensemble is created using randomized weak position estimators, with the estimators specialized to different areas in the target environment and designed so that each area has estimators that rely on different subsets of stable APs. When conducting positioning, we cope with spatial instability by dynamically adjusting the weights of the weak estimators depending on the user’s estimated location and cope with temporal fluctuations by dynamically adjusting the weights based on a periodic assessment of their performance using a particle filter tracker.     

Design of ensemble neural network using entropy theory

Ensemble neural networks (ENNs) are commonly used neural networks in many engineering applications due to their better generalization properties. An ENN usually includes several component networks in its structure, and each component network commonly uses a single feed-forward network trained with the back-propagation learning rule. As the neural network architecture has a significant influence on its generalization ability, it is crucial to develop a proper algorithm to determine the ENN architecture. In this paper, an ENN, which combines the component networks using the entropy theory, is proposed. The entropy-based ENN searches the best structure of each component network first, and employs entropy as an automating design tool to determine the best combining weights. Two analytical functions - the peak function and the Friedman function are used to assess the accuracy of the proposed ensemble approach. Then, the entropy-based ENN is applied to the modeling of peak particle velocity (PPV) damage criterion for rock mass. These computational experiments have verified that the proposed entropy-based ENN outperforms the simple averaging ENN and the single NN.     

介质访问控制层拒绝服务攻击的入侵检测系统

针对无线局域网安全防护手段的不足,结合无线局域网介质访问控制层拒绝服务攻击的特点,设计了基于支持向量机算法的入侵检测系统。该系统利用支持向量机分类准确性高的特点,构建支持向量机最优分类超平面和分类判决函数,对网络流量进行分类识别,完成对异常流量的检测。在OPNET平台下进行无线局域网环境入侵检测仿真,仿真结果表明,该系统能有效地检测出针对无线局域网介质访问控制层的拒绝服务攻击。     

用改进的遗传算法训练神经网络构造分类器

针对基本遗传算法存在容易早熟和局部搜索能力弱等缺陷,提出了改进的遗传算法,引入交叉概率和变异概率与个体的适度值相联系,改进了操作算子,而且在交叉操作后又引入模拟退火机制,提高遗传算法的局部搜索能力。同时,用改进的遗传算法和基本的遗传算法训练神经网络构造分类器,实验结果表明,改进的遗传算法在最好个体适度值和最好分类准确性等方面性能更好。     

An ensemble of support vector machines for predicting virulent proteins

It is important to develop a reliable system for predicting bacterial virulent proteins for finding novel drug/vaccine and for understanding virulence mechanisms in pathogens.In this work we have proposed a bacterial virulent protein prediction method based on an ensemble of classifiers where the features are extracted directly from the amino acid sequence of a given protein. It is well known in the literature that the features extracted from the evolutionary information of a given protein are better than the features extracted from the amino acid sequence. Our method tries to fill the gap between the amino acid sequence based approaches and the evolutionary information based approaches.An extensive evaluation according to a blind testing protocol, where the parameters of the system are calculated using the training set and the system is validated in three different independent datasets, has demonstrated the validity of the proposed method.     

Evolutionary ensemble of diverse artificial neural networks using speciation

Recently, many researchers have designed neural network architectures with evolutionary algorithms but most of them have used only the fittest solution of the last generation. To better exploit information, an ensemble of individuals is a more promising choice because information that is derived from combining a set of classifiers might produce higher accuracy than merely using the information from the best classifier among them. One of the major factors for optimum accuracy is the diversity of the classifier set. In this paper, we present a method of generating diverse evolutionary neural networks through fitness sharing and then combining these networks by the behavior knowledge space method. Fitness sharing that shares resources if the distance between the individuals is smaller than the sharing radius is a representative speciation method, which produces diverse results than standard evolutionary algorithms that converge to only one solution. Especially, the proposed method calculates the distance between the individuals using average output, Pearson correlation and modified Kullback–Leibler entropy to enhance fitness sharing performance. In experiments with Australian credit card assessment, breast cancer, and diabetes in the UCI database, the proposed method performed better than not only the non-speciation method but also better than previously published methods.     

Effective recognition of MCCs in mammograms using an improved neural classifier

Computer-aided diagnosis is one of the most important engineering applications of artificial intelligence. In this paper, early detection of breast cancer through classification of microcalcification clusters from mammograms is emphasized. Although artificial neural network (ANN) has been widely applied in this area, the average accuracy achieved is only around 80% in terms of the area under the receiver operating characteristic curve A_z. This performance may become much worse when the training samples are imbalanced. As a result, an improved neural classifier is proposed, in which balanced learning with optimized decision making are introduced to enable effective learning from imbalanced samples. When the proposed learning strategy is applied to individual classifiers, the results on the DDSM database have demonstrated that the performance from has been significantly improved. An average improvement of more than 10% in the measurements of F₁ score and A_z has fully validated the effectiveness of our proposed method for the successful classification of clustered microcalcifications.     

基于IPv6拒绝服务攻击和改进确定包算法研究

对IPv6下拒绝服务攻击进行了研究,并根据IPv6协议的特点,提出一种基于IPv6的MAC认证改进确定包标记(ADPM-v6)算法。ADPM-v6利用IPv6新特性,即逐跳选项和改进的MAC认证方法,有效解决了受控路由器修改标记的问题,能直接快速地追踪攻击源。同时分析验证了IPv6真实攻击环境的数据包大小分布,使得算法有效且更具有较强的实用性。理论分析和仿真实验结果表明,该算法在IPv6下大大缩短了重构时间,减少了重构计算量和误报率。     

拒绝服务攻击方式分析及防御策略部署

网络安全中,拒绝服务攻击以其门槛低、危害巨大、难以抵御等特点成为黑客越来越常用的攻击手段。本文对各种拒绝服务攻击方式按照使用数据包类型进行了分类、总结、归纳和深入地分析,并阐述了相应的防御策略。     

The cluster assessment of facial attractiveness using fuzzy neural network classifier based on 3D Moiré features

Facial attractiveness has long been argued upon varied emphases by philosophers, artists, psychologists and biologists. A number of studies empirically investigated how facial attractiveness was influenced by 2D facial characteristics, such as symmetry, averageness and golden ratio. However, few implementations of facial beauty assessment were based on 3D facial features. The purpose of this paper is to propose a novel cluster assessment system for facial attractiveness that is characterized by the incorporation of 3D geometric Moiré features with an adjusted fuzzy neural network (FNN). We first extract 3D facial features from images acquired by a 3dMD scanner. Seven Moiré features are employed to represent a 3D facial image. The FNN classifier, taking the Moiré features as the parameters, is then trained and validated against independently conducted attractiveness ratings. A number of diverse referees were invited and offered their attractiveness ratings over a five-item Likert scale for 100 female facial images. The proposed assessment presents a high accuracy rate of 90%, and the area under curve (AUC) computed from the receiver operating characteristic (ROC) curve is 0.95. The results show that the perceptions of facial attractiveness are essentially consensus among raters, and can be mathematically modeled through supervised learning techniques. The high accuracy achieved proves that the proposed FNN classifier can serve as a general, automated and human-like judgment tool for objective classification of female facial attractiveness, and thus has potential applications to the entertainment industry, cosmetic industry, virtual media, and plastic surgery.     

Multi-class pattern classification using neural networks

Multi-class pattern classification has many applications including text document classification, speech recognition, object recognition, etc. Multi-class pattern classification using neural networks is not a trivial extension from two-class neural networks. This paper presents a comprehensive and competitive study in multi-class neural learning with focuses on issues including neural network architecture, encoding schemes, training methodology and training time complexity. Our study includes multi-class pattern classification using either a system of multiple neural networks or a single neural network, and modeling pattern classes using one-against-all, one-against-one, one-against-higher-order, and P-against-Q. We also discuss implementations of these approaches and analyze training time complexity associated with each approach. We evaluate six different neural network system architectures for multi-class pattern classification along the dimensions of imbalanced data, large number of pattern classes, large vs. small training data through experiments conducted on well-known benchmark data.