基于免疫Agent入侵检测模型研究

网络安全问题的日益突出对入侵检测技术提出了更高的要求,然而现有的入侵检测技术仍然存在着一些缺陷,入侵检测系统在很多地方还有待改进,如灵活性、效率等方面。该文通过将移动代理技术和免疫原理技术应用到入侵检测系统中,提出了基于免疫Agent的入侵检测模型,并进行了模型整体设计。     

免疫原理在入侵检测技术中的应用研究

文章介绍了生物免疫的免疫原理及入侵检测系统的原理,论述了免疫原理在入侵检测技术中的应用,着重讨论了阴性选择模型与危险理论及有关算法在入侵检测系统中的应用。最后在分析入侵检测方法存在问题的基础上,探讨了基于免疫原理的入侵检测系统的研究方向。     

免疫原理在入侵检测技术中的应用研究

文章介绍了生物免疫的免疫原理及入侵检测系统的原理,论述了免疫原理在入侵检测技术中的应用,着重讨论了阴性选择模型与危险理论及有关算法在入侵检测系统中的应用最后在分析入侵捡测方法存在问题的基础上,探讨了基于免疫原理的入侵检测系统的研究方向。     

基于生物免疫原理的网络入侵检测研究

针对目前网络入侵检测系统普遍存在的误报、漏报及自适应差等问题,将生物免疫原理应用于网络入侵检测系统中,构建了一个新的基于生物免疫原理的网络入侵检测模型。介绍了生物免疫系统的原理,论述了生物免疫原理在网络入侵检测中的应用,详细阐述了该模型的工作原理及流程,并对该模型使用的否定选择算法和克隆选择算法进行了描述和分析。实验结果表明,该模型系统提高了入侵检测率,降低了虚警率,整体检测性能较好。     

基于生物免疫原理的网络入侵检测研究

针对目前网络入侵检测系统普遍存在的误报、漏报及自适应差等问题,将生物免疫原理应用于网络入侵检测系统中,构建了一个新的基于生物免疫原理的网络入侵检测模型.介绍了生物免疫系统的原理,论述了生物免疫原理在网络入侵检测中的应用,详细阐述了该模型的工作原理及流程,并对该模型使用的否定选择算法和克隆选择算法进行了描述和分析.实验结果表明,该模型系统提高了入侵检测率,降低了虚警率,整体检测性能较好.     

免疫原理及其在入侵检测中的应用

通过对免疫系统的免疫原理的研究，介绍了基于免疫原理的入侵检测方法。着重说明了肯定检测和否定检测分别在基于主机的入侵检测系统和基于网络的入侵检测系统中的应用。     

基于生物免疫原理的网络入侵检测系统

给出了一种基于生物免疫原理的新型入侵系统模型，该模型将生物免疫中的自我有效地划分为4类：用户类，网络类，系统类，并结合遗传算法和模拟退火算法对基因库形成算法进行了改进。分布性、灵活性、伸缩性、多样性、健壮性、适应性以及存储记忆和不规则检测能力是入侵检测模型系统的主要特点。     

应用于入侵检测系统的免疫算法研究

目前大多数入侵检测系统的核心算法大多采取简单的匹配技术,只能检漏出已知攻击并且误报漏报率较高。在研究了基于免疫学的入侵检测系统的运行机制和原理的基础上,对免疫算法进行深入的分析,对典型免疫算法进行比较,并将其应用到入侵检测系统。     

基于snort与免疫原理混合入侵检测系统模型设计

该文对snort入侵检测系统及基于免疫原理的入侵检测技术进行了探讨和研究,利用snort系统作为误用检测系统,把人工免疫的算法应用到异常检测,用于检测未知攻击。在此基础上设计了混合模式入侵检测系统。     

基于snort与免疫原理混合入侵检测系统模型设计

该文对snort入侵检测系统及基于免疫原理的入侵检测技术进行了探讨和研究,利用snort系统作为误用检测系统,把人工免疫的算法应用到异常检测,用于检测未知攻击。在此基础上设计了混合模式入侵检测系统。     

A machine learning evaluation of an artificial immune system

ARTIS is an artificial immune system framework which contains several adaptive mechanisms. LISYS is a version of ARTIS specialized for the problem of network intrusion detection. The adaptive mechanisms of LISYS are characterized in terms of their machine-learning counterparts, and a series of experiments is described, each of which isolates a different mechanism of LISYS and studies its contribution to the system's overall performance. The experiments were conducted on a new data set, which is more recent and realistic than earlier data sets. The network intrusion detection problem is challenging because it requires one-class learning in an on-line setting with concept drift. The experiments confirm earlier experimental results with LISYS, and they study in detail how LISYS achieves success on the new data set.     

Architecture for an artificial immune system

An artificial immune system (ARTIS) is described which incorporates many properties of natural immune systems, including diversity, distributed computation, error tolerance, dynamic learning and adaptation, and self-monitoring. ARTIS is a general framework for a distributed adaptive system and could, in principle, be applied to many domains. In this paper, ARTIS is applied to computer security in the form of a network intrusion detection system called LISYS. LISYS is described and shown to be effective at detecting intrusions, while maintaining low false positive rates. Finally, similarities and differences between ARTIS and Holland's classifier systems are discussed.     

一种基于人工免疫技术的入侵防御系统原型

介绍了人工免疫方法入侵检测技术中的应用和入侵防御技术。提出了一个基于LISYS的分布式防御系统原型,并详细分析了原型的结构。     

Ergonomics evaluation of modified industrial helmets for use in tropical environments

Hotness, weight, fitting problems etc., have been found to be the chief causes of the unpopularity of industrial safety helmets in tropical environments in developing countries (DC). Some selected safety helmets manufactured in industrialized countries (IC) were modified to provide extra head ventilation and to reduce weight, in order to make them more acceptable to users in hot environments. The modified helmets were subjected to ergonomics evaluation both objectively and subjectively in the laboratory (in simulated tropical conditions) as well as in the field situation. There was evidence that white helmets had some advantages in comfort, viz. reduction of hotness, compared to the other colours, e.g. red, green etc., when worn in the presence of radiant heat in the laboratory. Ventilation holes provided at the top of the shell seemed to reduce the greenhouse effect within the helmet shell which therefore felt less uncomfortable than a fully covered helmet. Even with a small reduction of weight, such as 45 g in helmets weighing about 350g, the difference in weight was perceived by the wearers. In adapting helmets made in IC for use in tropical climates, head ventilation and low weight perception are important aspects in comfort which need to be considered. In addition to low cost, a harness material suitable for sweat absorption is required. Adjustability and sizing to fit 90% of the user population also needs to be considered in the design and manufacture of safety helmets for people in DC.     

数据集成中XML数据查询语义重写

查询重写是数据库研究的一个基本问题，它和查询优化，数据仓库，数据集成，语义缓存等数据库问题密切相关，为提高集成系统的查询效率，系统选择提交频率较高的XML查询物化为中间层视图，用户提交查询后，系统尽可能利用中间视图层中视图，而不是访问数据源来回答查询，这个问题实际可以归结为半结构化查询重写问题，考虑到中间视图层空间的有限性，已有视图应当尽可能回答更多的查询，传统查询重写方法有考虑半结构化数据之间的约束，而根据约束可以等价变换查询，从而提高中间视图层中的表达能力，提出了一种新的半结构化查询重写的方法，该方法在保证算法正确性和完备性的基础上，利用上半结构化数据中的约束，尤其是XML文件中的路径依赖，来增强中间层物化视图的表达能力，理论分析和初步原型实验证明方法的有效性。     

Affinity-Based Network Interfaces for Efficient Communication on Multicore Architectures

Improving the network interface performance is needed by the demand of applications with high communication requirements (for example, some multimedia, real-time, and high-performance computing applications), and the availability of network links providing multiple gigabits per second bandwidths that could require many processor cycles for communication tasks. Multicore architectures, the current trend in the microprocessor development to cope with the difficulties to further increase clock frequencies and microarchitecture efficiencies, provide new opportunities to exploit the parallelism available in the nodes for designing efficient communication architectures. Nevertheless, although present OS network stacks include multiple threads that make it possible to execute network tasks concurrently in the kernel, the implementations of packet-based or connection-based parallelism are not trivial as they have to take into account issues related with the cost of synchronization in the access to shared resources and the efficient use of caches. Therefore, a common trend in many recent researches on this topic is to assign network interrupts and the corresponding protocol and network application processing to the same core, as with this affinity scheduling it would be possible to reduce the contention for shared resources and the cache misses. In this paper we propose and analyze several configurations to distribute the network interface among the different cores available in the server. These alternatives have been devised according to the affinity of the corresponding communication tasks with the location (proximity to the memories where the different data structures are stored) and characteristics of the processing core. As this approach uses several cores to accelerate the communication path of a given connection, it can be seen as complementary to those that consider several cores to simultaneously process packets belonging to either the same or different connections. Message passing interface (MPI) workloads and dynamic web servers have been considered as applications to evaluate and compare the communication performance of these alternatives. In our experiments, performed by full-system simulation, improvements of up to 35% in the throughput and up to 23% in the latency have been observed in MPI workloads, and up to 100% in the throughput, up to 500% in the response time, and up to 82% in the requests attended per second have been measured in dynamic web servers.     

The Netherlands National Model: a Review of Seven Years of Application

Disaggregate modelling is now firmly established as a powerful and practical alternative to the traditional four-stage models originally developed in the sixties. The disaggregate methodology was originally pioneered in the United States, but much important development has taken place in Europe in the 1980s. The basis of the modelling and the scope of the models both broadened and developed. A substantial advance was made by establishing a link between the models and classical theories of micro-economics, allowing the development of ‘behavioural’ models consistent with rational decision-making. The competitive, or sometimes complementary, roles of other modes of travel have been recognised and brought into the modelling framework. In recent years, forecasts of travel demand have been generated in studies in a number of countries in Northern Europe. These studies have encountered a common problem, which is that the assumptions and capabilities of the standard methodology have not been appropriate to address the problems of planning facilities in the early twenty-first century. Amongst the principal difficulties are: 1. the population base is expected to change radically in terms of its age distribution — this the legacy of the Second World War, increased life expectancy and the aftermath of altered behaviour concerning family formation, linked to an increased participation of women in the work force; 2. the work force itself is expected to be radically different, also due to increased female participation; 3. there is an increasing pressure to suppress travel by private car, by any means politically feasible, in the anticipation of growing damage to the environment; 4. in consequence to the previous remark, there is the emergence of new types of travel (in particular, organised car-pooling) and new types of regulation of movement (‘demand management’ measures to control car commuters, and road-pricing policies to reduce peak-hour demand). Increasingly, the modellers are asked to look at very different futures to the present day, and the models themselves are required to perform a role very much more demanding than the mere extrapolation of present day trends. This paper reviews the performance of one particular disaggregate demand model system. the Netherlands National Model, used over a period of seven years to address the problem of producing forecasts appropriate to these new circumstances. The emphasis is on the results of the work, and the lessons that have been learned in the application of the system. Some discussion is given around the extension planned to the system in coming years.     

Promotion and prevention orientations in the choice to attend lectures or watch them online

When presented with the option to use a new instructional technology, students often face an approach–avoidance conflict. This study explored promotion and prevention orientations, concepts linked to approach and avoidance in Higgins's regulatory focus theory, in the choice to attend lectures or watch them online. Openness, a core disposition in the Big Five Model of personality, and positive attitudes towards the utility of the Internet, reflect promotion orientations that are potentially related to the choice to watch lectures online. By contrast, neuroticism, another core disposition in the Big Five Model, and anxiety about the Internet as a computer technology, reflect a prevention orientation that is potentially related to the choice of attending lectures in class. The results illustrate that both promotion and prevention are at work in the choice to attend lectures or to watch them online. Neuroticism and anxiety about the Internet as a computer technology were related to the choice to attend lectures in class, whereas the perceived utility of the Internet was related to the choice to watch lectures online. Instructional mode choice was not related to examination performance, suggesting that the choice to attend lectures or watch them online has more to do with individual differences in promotion and prevention orientations than with pedagogical characteristics that impact learning.     

Scientific research ontology to support systematic review in software engineering

The term systematic review is used to refer to a specific methodology of research, developed in order to gather and evaluate the available evidence pertaining to a focused topic. It represents a secondary study that depends on primary study results to be accomplished. Several primary studies have been conducted in the field of Software Engineering in the last years, determining an increasing improvement in methodology. However, in most cases software is built with technologies and processes for which developers have insufficient evidence to confirm their suitability, limits, qualities, costs, and inherent risks. Conducting systematic reviews in Software Engineering consists in a major methodological tool to scientifically improve the validity of assertions that can be made in the field and, as a consequence, the reliability degree of the methods that are employed for developing software technologies and supporting software processes. This paper aims at discussing the significance of experimental studies, particularly systematic reviews, and their use in supporting software processes. A template designed to support systematic reviews in Software Engineering is presented, and the development of ontologies to describe knowledge regarding such experimental studies is also introduced.     

防火墙在组建局域网中的应用

防火墙作为网络安全设备越来越多地应用于局域网络与公用网络的互联中,具有服务代理、包过滤、入侵检测等功能。防火墙作为一个网络互连设备,在组建网络中还有着局域网与Internet互联、隐藏防火墙外网IP地址、隐藏内部网络、IP地址重定向、安全访问控制以及构建VPN等应用。文中结合某单位的局域网规划设计就防火墙的应用作了重要的阐述。