基于HMM的应用层DoS攻击检测方法

为了能快速有效地识别出应用层DoS攻击, 提出一种基于HMM的应用层DoS攻击检测方法。该方法以应用层协议关键词和关键词之间的时间间隔作为输入, 采用隐马尔可夫模型来快速检测应用层DoS攻击。实验结果表明, 该方法对应用层上的多种DoS攻击都具有很高的检测率和较低的误报率。     

基于网络流量的应用层DDoS攻击检测方法研究

根据应用层DDoS攻击和正常网络流量在特征上的不同,提出一种基于流量分析的应用层DDoS攻击检测方法,通过对源IP地址进行分析,能够有效地识别应用层DDoS攻击.同时,针对DDoS攻击流量和突发流量的相似性,在识别DDoS攻击的同时,能够正确区分突发流量,减少误报和漏报.     

基于时间序列分析的应用层DDoS攻击检测

根据正常用户和攻击者在访问行为上的差异,提出一种基于IP请求熵(SRE)时间序列分析的应用层分布式拒绝服务(DDoS)攻击检测方法。该方法通过拟合SRE时间序列的自适应自回归(AAR)模型,获得描述当前用户访问行为特征的多维参数向量,并使用支持向量机(SVM)对参数向量进行分类来识别攻击。仿真实验表明,该方法能够准确区分正常流量和DDoS攻击流量,适用于大流量背景下攻击流量没有引起整个网络流量显著变化的DDoS攻击的检测。     

应用层DDOS攻击检测技术研究

随着检测底层DDoS攻击的技术不断成熟和完善,应用层DDoS攻击越来越多。由于应用层协议的复杂性,应用层DDoS攻击更具隐蔽性和破坏性,检测难度更大。通过研究正常用户访问的网络流量特征和应用层DDoS攻击的流量特征,采用固定时间窗口内的请求时间间隔以及页面作为特征。通过正常用户和僵尸程序访问表现出不同的特点,对会话进行聚类分析,从而检测出攻击,经过实验,表明本检测算法具有较好的检测性能。     

勘误启事

本刊2014年9月,第30卷第9期第17页上的代昆玉、胡滨、雷浩的论文——《基于网络流量的应用层DDoS攻击检测方法研究》一文中的关键词有两行,现更正为:“关键词:攻击检测;应用层DDoS;网络流量;突发流量”,特此勘误。     

云环境下基于SOAP的Web服务应用层DoS攻击检测系统

针对云计算环境中的Web服务应用层容易遭受攻击的问题,提出一种用于Web服务应用层的基于SOAP的检测XML和HTTP层分布式拒绝服务(DDoS)攻击的防御系统。首先,从属于特定简单对象访问协议(SOAP)正常操作中提取数据集的特征值,构建相应的高斯请求模型;然后,对Web服务的网络服务描述语言(WSDL)中的一些属性进行设置,实现对攻击的初步过滤;再后,对服务请求的HTTP头部和XML内容进行检查,并与模型数据比较,进一步实现攻击检测。实验结果表明,该系统能够有效的预防多种DDoS攻击,且消耗较少的响应时间。     

基于会话异常度模型的应用层分布式拒绝服务攻击过滤

大量的网络攻击手段和可利用的网络资源大大增加了抵御分布式拒绝服务(Distributed Denial-of-Service,DDoS)攻击的难度.应用层DDoS建立在正常的网络层行为之上,当前网络层安全设备无法有效抵御攻击.文章提出了一种应用层DDoS攻击过滤模型.基于攻击请求的生成方式,文中将应用层DDoS攻击分为5类,分析了应用层DDoS攻击与正常访问行为的不同,提出了访问行为异常属性和session异常度模型.利用此模型,可以有效区分正常访问session和应用层DDoS攻击session.将First-Come First-Serve (FCFS)、Low Suspicion First (LSF)和Round Robin 3种转发策略与session异常度模型结合,采用真实网络日志,模拟分析合法请求返回时延随时间的变化关系.结果表明,转发速率为合法请求最大速率就可获得较好的转发性能,此外,FCFS和Round Robin比LSF具有更低的合法请求返回时延.     

应用层洪泛攻击的异常检测

从近年的发展趋势看, 分布式拒绝服务攻击已经从原来的低层逐渐向应用层发展, 它比传统的攻击更加有效且更具隐蔽性. 为检测利用合法应用层HTTP请求发动的洪泛攻击, 本文把应用层洪泛攻击视为一种异常的用户访问行为, 从用户浏览行为的角度实现攻击检测. 基于实际网络流的试验表明,该模型可以有效测量Web用户的访问行为正常度并实现应用层的DDoS洪泛攻击检测.     

一种基于Web 群体外联行为的应用层DDoS 检测方法

由于攻击者采用各种技术手段隐藏攻击行为,DDoS攻击变得越发难以发现,应用层DDoS成为Web服务器所面临的最主要威胁之一。从通信群体的层面分析 Web 通信的外联行为特征的稳定性,并提出了一种应用层DDoS检测方法。该方法用CUSUM算法检测Web群体外联行为参数的偏移,据此来判断DDoS攻击行为的发生。由于外联行为模型刻画的是Web通信群体与外界的交互,并非用户个体行为,所以攻击者难以通过模仿正常访问行为规避检测。该方法不仅能够发现用户群体访问行为的异常,而且能够有效区分突发访问和应用层DDoS攻击。模拟实验结果表明,该方法能够有效检测针对Web 服务器的不同类型的DDoS攻击。     

基于隐半马尔可夫模型的SWIM应用层DDoS攻击的检测方法

针对广域信息管理（SWIM）系统受到应用层分布式拒绝服务（DDoS）攻击的问题，提出了一种基于隐半马尔可夫模型（HSMM）的SWIM应用层DDoS攻击的检测方法。首先采用改进后的前向后向算法，利用HSMM建立动态异常检测模型动态地追踪正常SWIM用户的浏览行为；然后通过学习和预测正常SWIM用户行为得出正常检测区间；最后选取访问包的大小和请求时间间隔为特征进行建模，并训练模型进行异常检测。实验结果表明，所提方法在攻击1和攻击2情况下检测率分别为99.95%和91.89%，与快速前向后向算法构建的HSMM相比，检测率提升了0.9%。测试结果表明所提方法可以有效地检测SWIM系统应用层DDoS攻击。     

Only connect: teaching, technology and telesis

Abstract This paper describes an approach to the design of interactive multimedia materials being developed in a European Community project. The developmental process is seen as a dialogue between technologists and teachers. This dialogue is often problematic because of the differences in training, experience and culture between them. Conditions needed for fruitful dialogue are described and the generic model for learning design used in the project is explained.     

European Community policy and the market

Abstract This paper starts with some reflections on the policy considerations and priorities which are shaping European Commission (EC) research programmes. Then it attempts to position the current projects which seek to capitalise on information and communications technologies for learning in relation to these priorities and the apparent realities of the marketplace. It concludes that while there are grounds to be optimistic about the contribution EC programmes can make to the efficiency and standard of education and training, they are still too technology driven.     

一种自适应子融合集成多分类器方法

融合集成方法已经广泛应用在模式识别领域,然而一些基分类器实时性能稳定性较差,导致多分类器融合性能差,针对上述问题本文提出了一种新的基于多分类器的子融合集成分类器系统。该方法考虑在度量层融合层次之上通过对各类基多分类器进行动态选择,票数最多的类别作为融合系统中对特征向量识别的类别,构成一种新的自适应子融合集成分类器方法。实验表明,该方法比传统的分类器以及分类融合方法识别准确率明显更高,具有更好的鲁棒性。     

煤矿井下安全监控分站的设计及其仿真实现

为了设计一种具有低成本、低功耗、易操作、功能强且可靠性高的煤矿井下安全分站,针对煤矿安全生产实际,文章提出了采用MCS-51系列单片机为核心、具有CAN总线通信接口的煤矿井下安全监控分站的设计方案;首先给出煤矿井下安全监控分站的整体构架设计,然后着重阐述模拟量输入信号处理系统的设计过程,最后说明单片机最小系统及其键盘、显示、报警、通信等各个组成部分的设计;为验证设计方案的可行性与有效性,使用Proteus软件对设计内容进行仿真验证,设计的煤矿井下安全监控分站具有瓦斯、温度等模拟量参数超标报警功能和电机开停、风门开闭等开关量指示功能;仿真结果表明:设计的煤矿井下安全监控分站具有一定的实际应用价值.     

Avoiding semantic and temporal gaps in developing software intensive systems

Development of software intensive systems (systems) in practice involves a series of self-contained phases for the lifecycle of a system. Semantic and temporal gaps, which occur among phases and among developer disciplines within and across phases, hinder the ongoing development of a system because of the interdependencies among phases and among disciplines. Such gaps are magnified among systems that are developed at different times by different development teams, which may limit reuse of artifacts of systems development and interoperability among the systems. This article discusses such gaps and a systems development process for avoiding them.     

基于QTE的蒙古文显示机制研究与实现

蒙古语言是中国蒙古族使用的通用语言,由于蒙古文区别于其他文字的书写方式和其自身变形机制等特点,在很多通用的文字处理引擎中都不被支持。在嵌入式产品开发与应用领域中Linux加QTE已经成为流行方式。该文给出了一种在QTE环境上实现基于标准Unicode的蒙古文点阵显示和变形算法, 并自定义了支持蒙古文的QTE组件,扩展了QTE功能,为在Linux加QTE方式的嵌入式体系结构中处理蒙古文提供了一种解决方法。     

Designing economic np control charts: A programmed simulation approach

This paper presents control charts models and the necessary simulation software for the location of economic values of the control parameters. The simulation program is written in FORTRAN, requires only 10K of main storage, and can run on most mini and micro computers. Two models are presented - one describes the process when it is operating at full capacity and the other when the process is operating under capacity. The models allow the product quality to deteriorate to a further level before an existing out-of-control state is detected, and they can also be used in situations where no prior knowledge exists of the out-of-control causes and the resulting proportion defectives.     

基于AD9626的模拟信号采集存储卡设计

自然界的绝大部分信号都是以模拟的形式存在,因此模拟信号的采集转换存储在数字时代十分关键。文章讨论了在雷达信号处理领域基于AD9626的AD采集存储卡的设计原理、硬件结构和程序设计与芯片配置等问题,为今后相关领域的研究提供了可参考的方案。     

The development of robot art

Going through a few examples of robot artists who are recognized worldwide, we try to analyze the deepest meaning of what is called “robot art” and the related art field definition. We also try to highlight its well-marked borders, such as kinetic sculptures, kinetic art, cyber art, and cyberpunk. A brief excursion into the importance of the context, the message, and its semiotics is also provided, case by case, together with a few hints on the history of this discipline in the light of an artistic perspective. Therefore, the aim of this article is to try to summarize the main characteristics that might classify robot art as a unique and innovative discipline, and to track down some of the principles by which a robotic artifact can or cannot be considered an art piece in terms of social, cultural, and strictly artistic interest. This work was presented in part at the 13th International Symposium on Artificial Life and Robotics, Oita, Japan, January 31–February 2, 2008     

A human-computer interface for non-computer specialists

The COM teleconferencing system was designed to be easy to use for both beginners and people with much computer experience. A number of design choices in organizing the human-computer interface were considered very carefully. These design problems are not unique for teleconferencing applications, but will appear in many other developments of human-computer interfaces for non-computer specialists. This report discusses naming conventions, menu format, user commands, help facility and the treatment of ‘type ahead’ from the users.