船用导航雷达恒虚警检测的研究与实现

恒虚警(CFAR)处理技术是雷达自动检测系统中控制虚警率最重要的手段。文章首先对恒虚警检测原理进行论述,并给出三种适用于船用导航雷达信号检测的恒虚警处理技术,然后进行模型建立和算法仿真分析。最后在此基础上,针对于杂波边缘环境下,选取处理效果较好的恒虚警处理算法,利用现场可编程门阵列(FPGA)进行硬件实现,并给出系统的实际测试效果图。结果表明,整个系统具有较好的检测性能。     

机电设备BIT系统中虚警的传感层影响机理分析

BIT系统中存在较高的虚警率是制约其发展的关键问题之一,降低BIT系统中虚警率的研究是BIT研究中的主要内容之一.传感数据变化影响诊断输出,从而产生虚警的机理分析,它是后续的降虚警技术研究的基础.首先对传感层测试变化影响诊断输出,进而产生虚警进行了模型分析,然后分析了不同的测试变化类型对基于模型的诊断方法的影响机理.研究结果证明传感层因素对BIT系统中虚警的影响,能有效地指导降虚警技术的研究.     

Weibull杂波背景下的GO—CFAR处理

恒虚警处理技术（CFAR）,是用来在杂波环境变化的时候维持雷达虚警概率基本不变。当高分辨率雷达在低视角观察的海杂波或者地杂波背景中进行检测时,目标就是包含在非瑞利杂波中。最常用的描述非瑞利包络杂波的统计模型是Weibull分布模型。通过matlab仿真平台,分别对有无目标的Weibull分布杂波环境进行最大选择恒虚警（G0—CFAR）处理,依此研究其有效性。     

IDS虚警处理技术研究

虚假警报问题是挑战IDS实用性的主要问题之一,如果不能得到很好的解决,IDS的性能和可用性将会受到严重影响.在分析虚警成因的基础上,对现有的虚警处理技术进行了总结,重点分析了各类自动处理技术,指出了其优点和不足,并提出了解决IDS虚警问题的新思路.     

机场跑道异物监测雷达的杂波图恒虚警率检测

随天线扫描平稳变化的强地杂波是实现机场跑道异物(FOD)检测的主要干扰,传统的空域恒虚警率(CFAR)处理不能有效地检测到目标,针对上述问题,提出了一种单元平均杂波图恒虚警率检测算法。首先基于系统特性和跑道环境建立了回波信号模型;然后通过杂波图划分、单元平均、递归滤波等处理技术,实现了距离—方位二维恒虚警率检测;最后进一步分析影响检测性能的主要参数。仿真结果表明,所提算法在低信杂比背景下能有效检测到弱目标,并获得较高的检测概率。     

基于FPGA的雷达恒虚警模块的设计

恒虚警处理技术可以使雷达在保持较高发现概率的同时,降低虚警概率。为了提高机载雷达在杂波与噪声背景条件下发现目标的能力,针对复杂统计模型应用的局限性,提出了一种基于FPGA的恒虚警模块的设计思想,并在软件平台环境下,对设计方法的可行性进行了仿真验证。     

雷达恒虚警检测系统仿真

恒虚警(CFAR)处理技术对常采用机载下视或类似工作条件的PD雷达进行目标检测非常重要,文章首先对恒虚警检测原理进行论述,重点讨论单元平均CA-CFAR,最大选择GO(greatest of)-CFAR和最小选择SO(smallest of)-CFAR这三种均值类恒虚警处理方法,建立其数学模型.接下来对接收机噪声信号进行模拟,同时建立目标信号模型,并将所产生的噪声信号与目标信号相叠加仿真雷达系统的接收信号,注入所建立的恒虚警模型中进行检测仿真,给出仿真结果的分析,试验证明了仿真系统的有效性.     

一种参量恒虚警处理的神经网络模型

本文提出一种参量恒虚警处理的神经网络模型,并讨论用于非瑞利杂波的雷达信号恒虚警处理的神经网络模型的实现。     

恒虚警性能分析及在DSP芯片上的实现

强杂波背景中的雷达目标恒虚警检测是雷达信号处理的重要组成部分;在机场等特殊环境下的应用成为相关课题的研究对象;为了提供适于机场环境下的恒虚警处理算法,首先讨论了高斯杂波背景中雷达目标恒虚警检测的原理,然后对比分析了四种处理方案,并且介绍了数字信号处理芯片ADSP TS201的主要特点,针对机场环境阐述了基于数字信号处理芯片ADSP-TS201实现高斯杂波背景中雷达目标恒虚警检测的方法,最后采取机场实测信号实验结果验证,结果目标准确显示达到预期目标.     

基于ADSP21160的目标检测算法实现

强杂波背景中的雷达目标恒虚警检测是雷达信号处理的重要组成部分。本文首先介绍了数字信号处理芯片ADSP21160的主要特点，然后讨论了瑞利分布杂波背景中雷达目标恒虚警检测的原理，最后着重阐述了基于数字信号处理芯片ADSP21160实现杂波背景中雷达目标恒虚警检测的方法和仿真实验结果。     

Trainable blotch detection on high resolution archive films minimizing the human interaction

Film archives are continuously in need of automatic restoration tools to accelerate the correction of film artifacts and to decrease the costs. Blotches are a common type of film degradation and their correction needs a lot of manual interaction in traditional systems due to high false detection rates and the huge amount of data of high resolution images. Blotch detectors need reliable motion estimation to avoid the false detection of uncorrupted regions. In case of erroneous detection, usually an operator has to remove the false alarms manually, which significantly decreases the efficiency of the restoration process. To reduce manual intervention, we developed a two-step false alarm reduction technique including pixel- and object-based methods as post-processing. The proposed pixel-based algorithm compensates motion, decreasing false alarms at low computational cost, while the following object based method further reduces the residual false alarms by machine learning techniques. We introduced a new quality metric for detection methods by measuring the required amount of manual work after the automatic detection. In our novel evaluation technique, the ground truth is collected from digitized archive sequences where defective pixel positions are detected in an interactive process.     

编译支持的多变体融合执行设计与实现

多变体执行是由异构冗余变体并行执行来检测攻击的一种技术。作为一种主动防御技术,多变体执行(multi-variant execution,MVX)通过并行运行的异构执行体之间一致性检查发现攻击行为。相较于补丁式的被动防御,MVX可在不依赖攻击特征信息的情况下防御已知漏洞乃至未知漏洞威胁,在网络安全领域具有广泛的应用前景。然而该技术在实际部署中,由于多变体执行架构的边界不清晰,将随机数、进程PID号等被动地纳入到了表决范围,从而产生误报,导致多变体执行无法兼容更多的软件系统。本文分析了多变体执行假阳问题产生的原因,提出I-MVX,一种编译支持的多变体融合执行架构,包括多变体同步编程框架和运行时同步模块。I-MVX通过添加少量编译指示,在编译阶段对程序内部引起假阳性问题的代码和变量进行插桩标识,在运行时由监视器对变体进程内部和外部的变量及资源进行同步处理,消除多变体执行中的误报。本文基于LLVM/Clang编译器和Linux内核加载模块设计实现了I-MVX的编译器和同步监视器。性能实验评估显示,I-MVX在SPEC 2006基准测试集和tinyhttpd测试程序下引入的平均开销分别为2.13%和13.2%。多变体融合执行架构能够以少量的性能损耗为代价有效解决多变体执行中的假阳问题,提升多变体执行的可用性。基于真实CVE漏洞的安全性测试表明,I-MVX在保证多变体执行安全防御有效性基础上提升了多变体执行的兼容性。     

The influence of alarm timing on driver response to collision warning systems following system failure

This driving simulator study focuses on false and missing alarms produced by a forward collision warning system and estimates the effect of alarm timing on driver response to alarm malfunction from the perspective of driver trust in alarms. The results show that drivers who experience late alarms are reluctant to respond to a false alarm and are not influenced by a missed alarm; however, drivers who experience early alarms tend to respond to a false alarm and suffer a delayed response to critical situations when a missing alarm happens. Furthermore, drivers whose judgement of trust is relatively high, tend to exhibit delayed braking, compared with drivers that have lower levels of trust. Driver behaviour towards false and missed alarms may vary according to alarm timing and its influence on trust in alarms; moreover, impaired system effectiveness caused by alarm malfunction may be mitigated by manipulating alarm timing.     

The influence of alarm timing on driver response to collision warning systems following system failure

This driving simulator study focuses on false and missing alarms produced by a forward collision warning system and estimates the effect of alarm timing on driver response to alarm malfunction from the perspective of driver trust in alarms. The results show that drivers who experience late alarms are reluctant to respond to a false alarm and are not influenced by a missed alarm; however, drivers who experience early alarms tend to respond to a false alarm and suffer a delayed response to critical situations when a missing alarm happens. Furthermore, drivers whose judgement of trust is relatively high, tend to exhibit delayed braking, compared with drivers that have lower levels of trust. Driver behaviour towards false and missed alarms may vary according to alarm timing and its influence on trust in alarms; moreover, impaired system effectiveness caused by alarm malfunction may be mitigated by manipulating alarm timing.     

基于最弱前置条件的静态分析误报消除技术

针对程序静态分析技术误报过多的问题,提出一种基于最弱前置条件的静态分析误报消除方法。根据不同的软件安全性质,从目标状态出发,以需求驱动的方式得到过程起始位置的最弱前置条件,判断该条件公式的可满足性来消除误报。将该方法实例化来消除静态分析工具检测数组访问越界和空指针解引用的误报,实验结果表明该方法是有效且实用的。     

Filtering false alarms of buffer overflow analysis using SMT solvers

Buffer overflow detection using static analysis can provide a powerful tool for software programmers to find difficult bugs in C programs. Sound static analysis based on abstract interpretation, however, often suffers from false alarm problem. Although more precise abstraction can reduce the number of the false alarms in general, the cost to perform such analysis is often too high to be practical for large software. On the other hand, less precise abstraction is likely to be scalable in exchange for the increased false alarms. In order to attain both precision and scalability, we present a method that first applies less precise abstraction to find buffer overflow alarms fast, and selectively applies a more precise analysis only to the limited areas of code around the potential false alarms. In an attempt to develop the precise analysis of alarm filtering for large C programs, we perform a symbolic execution over the potential alarms found in the previous analysis, which is based on the abstract interpretation. Taking advantage of a state-of-art SMT solver, our precise analysis efficiently filters out a substantial number of false alarms. Our experiment with the test cases from three open source programs shows that our filtering method can reduce about 68% of false alarms on average.     

Intrusion detection alarms reduction using root cause analysis and clustering

As soon as the Intrusion Detection System (IDS) detects any suspicious activity, it will generate several alarms referring to as security breaches. Unfortunately, the triggered alarms usually are accompanied with huge number of false positives. In this paper, we use root cause analysis to discover the root causes making the IDS triggers these false alarms; most of these root causes are not attacks. Removing the root causes enhances alarms quality in the future. The root cause instigates the IDS to trigger alarms that almost always have similar features. These similar alarms can be clustered together; consequently, we have designed a new clustering technique to group IDS alarms and to produce clusters. Then, each cluster is modeled by a generalized alarm. The generalized alarms related to root causes are converted (by the security analyst) to filters in order to reduce future alarms’ load. The suggested system is a semi-automated system helping the security analyst in specifying the root causes behind these false alarms and in writing accurate filtering rules. The proposed clustering method was verified with three different datasets, and the averaged reduction ratio was about 74% of the total alarms. Application of the new technique to alarms log greatly helps the security analyst in identifying the root causes; and then reduces the alarm load in the future.     

一种基于关联规则的分布式入侵检测模型

高虚警率和漏警率是当前入侵检测系统(IDS)的主要问题。采用基于CBW关联规则的数据挖掘算法,提出了一种新的分布式入侵检测模型,并分析了各模块的具体功能与实现。经实验分析,本模型可以有效降低虚警率和漏警率,同时在一定程度上实现各分节点间的快速协作检测能力。     

Improved principal component monitoring of large-scale processes

In this work, the integration of ARMA filters into the multivariate statistical process control (MSPC) framework is presented to improve the monitoring of large-scale industrial processes. As demonstrated in the paper, such filters can remove auto-correlation from the monitored variables to avoid the production of false alarms. This is exemplified by application studies to a synthetic example from the literature and to the Tennessee Eastman benchmark process.     

编译支持的多线程程序多变体执行方法

多变体执行（multi-variant execution,MVX）是目前最流行的主动防御技术之一。理想情况下,当未受到攻击时,多变体执行架构提供正常的程序功能。但不幸的是,当多线程程序在多变体执行架构下运行时,由于各个程序变体中共享资源操作的线程执行顺序不一致,不同变体将会产生状态不一致,从而产生攻击误报,该问题导致了多线程程序难以以多变体执行方式运行。基于多变体执行环境,提出了一种编译支持的多线程程序对共享资源操作的同步编译模型,该模型以共享资源操作为同步点,分析确定多线程程序中对共享资源的操作时机和操作方式,保证各程序变体在运行时多线程对共享资源操作的一致性,从而消除了由此而引起的攻击误报。以LLVM 12.0编译框架为基础,设计实现了基于该同步编译模型的原型系统,并对该原型系统进行了仿真实验测试。实验结果显示,经过原型系统处理的多线程程序在多变体执行架构中的误报率显著降低,表明该同步编译模型作为一种通用性的方法,可有效消除多线程程序在多变体执行架构下运行时的攻击误报,提高了多变体执行的可用性。