基于隐马尔可夫模型的用户行为异常检测新方法

提出一种基于隐马尔可夫模型的用户行为异常检测方法,主要用于以shell命令为审计数据的主机型入侵检测系统。与Lane T提出的检测方法相比,所提出的方法改进了对用户行为模式和行为轮廓的表示方式,在HMM的训练中采用了运算量较小的序列匹配方法,并基于状态序列出现概率对被监测用户的行为进行判决。实验表明,此方法具有很高的检测准确度和较强的可操作性。     

基于shell命令和Markov链模型的用户行为异常检测

异常检测是目前入侵检测系统(IDS)研究的主要方向。该文提出一种基于shell命令和Markov链模型的用户行为异常检测方法,该方法利用一阶齐次Markov链对网络系统中合法用户的正常行为进行建模,将Markov链的状态与用户执行的shell命令联系在一起,并引入一个附加状态;Markov链参数的计算中采用了运算量较小的命令匹配方法;在检测阶段,基于状态序列的出现概率对被监测用户当前行为的异常程度进行分析,并提供了两种可选的判决方案。文中提出的方法已在实际入侵检测系统中得到应用,并表现出良好的检测性能。     

基于shen命令和Markov链模型的用户行为异常检测

异常检测是目前入侵检测系统（IDS）研究的主要方向。该文提出一种基于shell命令和Markov链模型的用户行为异常检测方法，该方法利用-阶齐次Markov链对网络系统中合法用户的正常行为进行建模，将Markov链的状态与用户执行的shell命令联系在一起，并引入一个附加状态；Markov链参数的计算中采用了运算量较小的命令匹配方法；在检测阶段，基于状态序列的出现概率对被监测用户当前行为的异常程度进行分析，并提供了两种可选的判决方案。文中提出的方法已在实际入侵检测系统中得到应用，并表现出良好的检测性能。     

一种基于隐马尔可夫模型的IDS异常检测新方法

提出一种新的基于隐马尔可夫模型的异常检测方法,主要用于以shell命令或系统调用为原始数据的IDS。此方法对用户(或程序)行为建立特殊的隐马尔可夫模型,根据行为模式所对应的序列长度对其进行分类,将行为模式类型同隐马尔可夫模型的状态联系在一起,并引入一个附加状态。由于模型中各状态对应的观测值集合互不相交,模型训练中采用了运算量较小的的序列匹配方法,与传统的Baum-Welch算法相比,大大减小了训练时间。根据模型中状态的实际含义,采用了基于状态序列出现概率的判决准则。利用UNIX平台上用户shell命令数据进行的实验表明,此方法具有很高的检测准确性,其可操作性也优于同类方法。     

基于数据挖掘和变长序列模式匹配的程序行为异常检测

异常检测是目前入侵检测领域研究的热点内容.提出一种基于数据挖掘和变长序列模式匹配的程序行为异常检测方法,主要用于Unix或Linux平台上以系统调用为审计数据的主机型入侵检测系统.该方法利用数据挖掘技术中的序列模式对特权程序的正常行为进行建模,根据系统调用序列的支持度在训练数据中提取正常模式,并建立多种模式库来表示一个特权程序的行为轮廓.在检测阶段,考虑到审计数据和特权程序的特点,采用了变长序列模式匹配算法对程序历史行为和当前行为进行比较,并提供了两种判决方案,能够联合使用多个窗长度和判决门限对程序行为进行判决,提高了检测的准确率和灵活性.文中提出的方法已应用于实际入侵检测系统,并表现出良好的检测性能.     

一种新的基于Markov链模型的用户行为异常检测方法

提出一种新的基于Markov链模型的用户行为异常检测方法。该方法利用一阶齐次Markov链对网络系统中合法用户的正常行为进行建模,将Markov链的状态同用户执行的shell命令序列联系在一起,并引入一个附加状态;在检测阶段,基于状态序列的出现概率对用户当前行为的异常程度进行分析,并根据Markov链状态的实际含义和用户行为的特点, 采用了较为特殊的判决准则。与Lane T提出的基于隐Markov模型的检测方法相比,该方法的计算复杂度较低,更适用于在线检测。而同基于实例学习的检测方法相比,该方法则在检测准确率方面具有较大优势。文中提出的方法已在实际入侵检测系统中得到应用,并表现出良好的检测性能。     

基于shell命令和Markov链模型的用户伪装攻击检测

提出一种新的基于shell命令的用户伪装攻击检测方法。该方法在训练阶段充分考虑了用户行为的多变性和伪装攻击的特点,采用平稳的齐次Markov链对合法用户的正常行为进行建模,根据shell命令的出现频率进行阶梯式数据归并来划分状态,同现有的Markov链方法相比大幅度减少了状态个数和转移概率矩阵的存储量,提高了泛化能力。针对检测实时性需求和shell命令操作的短时相关性,采用了基于频率优先的状态匹配方法,并通过对状态短序列的出现概率进行加窗平滑滤噪处理来计算判决值,能够有效减少系统计算开销,降低误报率。实验表明,该方法具有很高的检测准确率和较强的可操作性,特别适用于在线检测。     

基于命令紧密度的用户伪装入侵检测方法

根据Unix系统中用户的历史命令序列,提出一种基于命令紧密度模型的用户伪装入侵检测方法.该方法从命令组合的角度抽取用户的行为模式.用户经常组合使用的命令,表现出关系紧密;不常被一起使用的命令,表现出关系疏远.通过滑动窗口方法从用户的历史命令序列中生成紧密度矩阵.如果待检测的命令块对于该用户来说表现出紧密度过低,则判断为异常.实验表明该方法计算量小,检测效果好,而且具有很高的实时性.     

认知无线电中基于阵列天线和协方差矩阵的频谱感知算法

该文提出一种基于阵列天线和协方差矩阵的频谱感知算法,该算法能够在噪声不确定性的条件下进行盲频谱感知。该算法在协方差矩阵的基础上,构建新的检测统计量,推导判决门限,对检测统计量与判决门限进行比较进而做出最终判决;在主用户信号到达方向与认知用户接收天线法线方向不一致的情况下,为使认知用户能完全接收主用户信号,利用了阵列天线技术。仿真结果表明,与Zeng等人(2009)提出的绝对值协方差矩阵频谱感知算法(Covariance Absolute Value Spectrum Sensing, CAVSS)相比,该算法判决门限的计算方法更加准确;在相同条件下,该算法的检测概率高于CAVSS。     

基于Shell命令和多阶Markov链模型的用户伪装攻击检测

伪装攻击是指非授权用户通过伪装成合法用户来获得访问关键数据或更高层访问权限的行为.提出一种新的用户伪装攻击检测方法.该方法针对伪装攻击用户行为的多变性和审计数据shell命令的相关性,利用特殊的多阶齐次narkov链模型对合法用户的正常行为进行建模,并通过双重阶梯式归并shell命令来确定状态,提高了用户行为轮廓描述的...     

Preparation and Characterization of TaN ALD Precursors

High purity organic-tantalum precursors for thin film ALD TaN were synthesized and characterized.Vapor pressure and thermal stability of these precursors were studied.From the vapor pressure analysis,it was found that TBTEMT has a higher vapor pressure than any other published liquid TaN precursor,including TBTDET,TAITMATA,and IPTDET.Thermal stability of the alkyl groups on the precursors was investigated using a 1H NMR technique.The results indicated that the tertbutylimino group is the most stable group on TBTDET and TBTEMT as compared to the dialkylamido groups.Thermal stability of TaN precursors decreased in the following order:TBTDET ＞ PDMAT ＞ TBTEMT.In conclusion,precursor vapor pressure and thermal stability were tuned by making slight variations in the ligand sphere around the metal center.     

Curved crystal spectrometer for the measurement of X-ray lines from laser-produced plasmas

In order to diagnose the laser-produced plasmas, a focusing curved crystal spectrometer has been developed for measuring the X-ray lines radiated from a laser-produced plasmas. The design is based on the fact that the ray emitted from a source located at one focus of an ellipse will converge on the other focus by the reflection of the elliptical surface. The focal length and the eccentricity of the ellipse are 1350 mm and 0.9586, respectively. The spectrometer can be used to measure the X- ray lines in the wavelength range of 0.2-0.37 nm, and a LiF crystal （200） （2d = 0.4027 nm） is used as dispersive element covering Bragg angle from 30° to 67.5°. The spectrometer was tested on Shengnang- Ⅱ which can deliver laser energy of 60-80 J/pulse and the laser wavelength is 0.35 μm. Photographs of spectra including the 1 s2p ^1P1-1s^2 ^1S0 resonance line（w）, the 1s2p ^3P2-1s^2 1S0 magnetic quadrupole line（x）, the 1s2p ^3P1-1 s^2 ^1S0 intercombination lines（y）, the 1 s2p ^3S~1-1 s^2 ^1S0 forbidden line（z） in helium-like Ti Ⅹ Ⅺ and the 1 s2s2p ^2P3/2-1 s622s ^2S1/2 line（q） in lithium-like Ti Ⅹ Ⅹhave been recorded with a X-ray CCD camera. The experimental result shows that the wavelength resolution（λ/△ 2） is above 1000 and the elliptical crystal spectrometer is suitable for X-ray spectroscopy.     

Electronic Structure of Semiconductor Nanocrystals

This paper reviews our recent development of the use of the large-scale pseudopotential method to calculate the electronic structure of semiconductor nanocrystals, such as quantum dots and wires, which often contain tens of thousands of atoms. The calculated size-dependent exciton energies and absorption spectra of quantum dots and wires are in good agreement with experiments. We show that the electronic structure of a nanocrystal can be tuned not only by its size,but also by its shape. Finally,we show that defect properties in quantum dots can be significantly different from those in bulk semiconductors.     

Critical Stage Rule-Based Real Time Dispatch（RTD）System in Highly-Mixed-Products （HMP） FAB

An improving utilization and efficiency of critical equipments in semiconductor wafer fabrication facilities are concerned. Semiconductor manufacturing FAB is one of the most complicated and cost sensitive environments. A good dispatching tool will make big difference in equipment utilization and FAB output as a whole. The equipment in this paper is In-Line DUV Scanner. There are many factors impacting utilization and output on this equipment group. In HMP environment one of the issues is changing of reticule in this area and idle counts due to load unbalance between equipments. Here we'll introduce a rule-based RTD system which aiming at decreasing the number of recipe change and idle counts among a group of scanner equipment in a high-mixed-products FAB.     

GaAsSb/InAlAs PA DHBTs Grown by Production MBE

The epi material growth of GaAsSb based DHBTs with InAlAs emitters are investigated using a 4 × 100mm multi-wafer production Riber 49 MBE reactor fully equipped with real-time in-situ sensors including an absorption band edge spectroscope and an optical-based flux monitor. The state-of-the-art hole mobilities are obtained from 100nm thick carbon-doped GaAsSb. A Sb composition variation of less than ± 0.1 atomic percent across a 4 × 100mm platen configuration has been achieved. The large area InAlAs/GaAsSb/InP DHBT device demonstrates excellent DC characteristics,such as BVCEO＞6V and a DC current gain of 45 at 1kA/cm2 for an emitter size of 50μm × 50μm. The devices have a 40nm thick GaAsSb base with p-doping of 4. 5 × 1019cm-3 . Devices with an emitter size of 4μm × 30μm have a current gain variation less than 2% across the fully processed 100mm wafer. ft and fmax are over 50GHz,with a power efficiency of 50% ,which are comparable to standard power GaAs HBT results. These results demonstrate the potential application of GaAsSb/InP DHBT for power amplifiers and the feasibility of multi-wafer MBE for mass production of GaAsSb-based HBTs.     

Noise character analysis and the restraint of self-pulsation laser diodes

We calculate the Langevin noise sources of self-pulsation laser diodes, analyze the effects of active region noise and saturable-absorption region noise on the power fluctuation as well as period fluctuation, and propose a novel method to restrain the noise effects. A visible SIMULINK model is established to simulate the system, The results indicate that the effects of noise in absorption region can be ignored; that with the increase of DC injecting current, the noise effects enhance power jitter, and nevertheless, the period jitter is decreased; and that with external sinusoidal current modulating the self-pulsation laser diode, the noise-induced power jitter and period jitter can be suppressed greatly. This work is valuable for clock recovery in all-optical network.     

High-quality single-crystal CdSe nanoribbons and their optical properties

Large-scale synthesis of single-crystal CdSe nanoribbons is achieved by a modified thermal evaporation method, in which two-step-thermal-evaporation is used to control CdSe sources＇ evaporation. The synthesized CdSe nanoribbons are usually several micrometers in width, 50 nm in thickness, and tens to several hundred micrometers in length. Studies have shown that high-quality CdSe nanoribbons with regular shapes can be obtained by this method. Room-temperature photolumines-cence indicates that the lasing emission at 710 nm has been observed under optical pumping （266 nm） at power densities of 25-153 kW/cm^2. The full width half maximum （FWHM） of the lasing mode is 0.67 nm     

Propagation of hermite-cosh-gaussian beams passing through ABCD optical system with an annular aperture

By using the expansion of the aperture function into a finte sum of complex Gaussian functions, the corresponding analytical expressions of Hermite-cosh-Gaussian beams passing through annular apertured paraxially and symmetrically optical systems written in terms of ABCD matrix were derived, and they could reduce to the cases with squared aperture. In a similar way, the corresponding analytical expressions of cosh-Gaussian beams through annular apertured ABCD matrix were also given. The method could save more calculation time than that by using the diffraction integral formula directly.     

Influence of polarization extinction ratio on distributed polarization coupling detection

Distributed polarization coupling in polarization-maintaining fibers can be detected by using a white light Michelson interferometer. This technique usually requires that only one polarization mode is excited. However, in practical measurement, the injection polarization direction could not be exactly aligned to one of the principal axes of the PMF, so the influence of the polarization extinction ratio should be considered. Based on the polarization coupling theory, the influence of the incident polarization extinction on the measurement result is evaluated and analyzed, and a method for distributed polarization coupling detection is developed when both two orthogonal eigenmodes are excited.     

Call for Papers

正Communications—VLSI Researches and industries of telecommunications have been growing rapidly in the last 20 years and will keep their high growing pace in the next decade.The involved researches and developments cover mobile communications,highway and last-mile broadband communication,domain specific communications,and emerging D2D M2M communications.Radio communication steps into its