Holonic job shop scheduling using a multiagent system

Manufacturing job shop scheduling is a notoriously difficult problem that lends itself to various approaches - from optimal algorithms to suboptimal heuristics. We combined popular heuristic job shop-scheduling approaches with emerging AI techniques to create a dynamic and responsive scheduler. We fashioned our job shop scheduler's architecture around recent holonic manufacturing systems architectures and implemented our system using multiagent systems. Our scheduling approach is based on evolutionary algorithms but differs from common approaches by evolving the scheduler rather than the schedule. A holonic, multiagent systems approach to manufacturing job shop scheduling evolves the schedule creation rules rather than the schedule itself. The authors test their approach using a benchmark agent-based scheduling problem and compare performance results with other heuristic-scheduling approaches.     

高校办公网入侵检测系统研究

随着计算机和网络技术的发展,网络入侵事件的日益增加,人们发现只从防御的角度构造安全系统是不够的,入侵检测成为继“防火墙”、“数据加密”等传统安全保护措施后新一代的网络安全保障技术。本文首先介绍入侵检测原理和分布式入侵检测方面的相关工作,在分析已有分布式入侵检测系统模型的基础上,提出了一个基于代理的校园网入侵检测系统模型框架。该模型采用分布式的体系结构,由一个代理控制中心和若干代理组成,结合了基于网络和基于主机的入侵检测方法。使用代理技术在分布式环境下对入侵进行检测,可以有效地检测各种入侵,并具有很好的可扩充性。     

分布式入侵检测系统中自保护代理的系统设计

采用分布式结构的基于网络的入侵检测系统(NIDS)自身的安全性已经成为一个重要问题。在分析了已有NIDS的技术特点的基础上，根据其特性引入了报文过滤、进程控制、报文确认和安全通信的思想，提出了面向NIDS的向保护代理(Sclf-protcction Agent)的模型，并给出了SPA的体系结构与详细设计。在与已有的基于代理的入侵检测系统结合后，SPA可以提高NIDS的安全性。     

基于移动代理的分布式入侵检测系统的研究

分析了现行的移动代理入侵检测系统的缺点,在此基础上,针对性地提出了一种基于移动Agent的分布式入侵检测系统模型MADIDS(mobile agent-based distributed intrusion detection system).该模型为每一个移动代理添加了独立的ID,并加入身份验证、完整性鉴定和加密机制.通过多Agent技术来实现检测自治化和多主机间检测信息的协调,提高了入侵检测系统自身的安全性,有效地检测了分布式的攻击行为.实验测试结果表明了其良好的性能.     

一种基于多Agent的分布式入侵检测系统设计

在分析现有基于Agent的入侵检测系统的基础上,提出了一种基于多Agent分布式入侵检测系统模型。该模型采用了分布检测、分布响应的模式,各Agent之间具有良好的相对独立性。通过多Agent技术的思想建立系统总体结构,给出了模型的各个组成部分,并对结构中各种Agent与中心控制台的功能设计进行了分析。同时对涉及到特征匹配算法、动态选举算法、协同算法进行了初步的设计与分析。系统可充分利用各Agent的协同完成入侵检测任务,实时响应,可有效地改进传统IDS。     

Infrastructures and tools for multiagent systems for the new generation of distributed systems

In order for multiagent systems to be included in real domains (media and Internet, logistics, e-commerce, and health care), infrastructures and tools for multiagent systems should provide efficiency, scalability, security, management, monitoring, and other features related to building real applications. Thus, infrastructures and tools that support multiagent systems are needed, especially those that promote the adoption of agent-based systems by designers and programmers in both academia and industry. This special issue is a selection of contributions whose preliminary versions were presented at the ITMAS 2010 workshop, which was held in conjunction with the International Conference on Autonomous Agents and Multi-agent Systems.     

Multiagent framework for lean manufacturing

We have developed the manufacturing agent-based emulation system as an open framework for design and analysis of discrete manufacturing systems. MABES currently supports the transition from traditional to lean manufacturing in two major functions: analysis of alternative agent-based scheduling and control approaches that can be implemented across the extended enterprise; and real-time collaboration of design teams during manufacturing line design and analysis stages. MABES bases its support for these functions on two system paradigms: distributed agents and synchronous collaboration     

A hybrid artificial immune system and Self Organising Map for network intrusion detection

Network intrusion detection is the problem of detecting unauthorised use of, or access to, computer systems over a network. Two broad approaches exist to tackle this problem: anomaly detection and misuse detection. An anomaly detection system is trained only on examples of normal connections, and thus has the potential to detect novel attacks. However, many anomaly detection systems simply report the anomalous activity, rather than analysing it further in order to report higher-level information that is of more use to a security officer. On the other hand, misuse detection systems recognise known attack patterns, thereby allowing them to provide more detailed information about an intrusion. However, such systems cannot detect novel attacks.A hybrid system is presented in this paper with the aim of combining the advantages of both approaches. Specifically, anomalous network connections are initially detected using an artificial immune system. Connections that are flagged as anomalous are then categorised using a Kohonen Self Organising Map, allowing higher-level information, in the form of cluster membership, to be extracted. Experimental results on the KDD 1999 Cup dataset show a low false positive rate and a detection and classification rate for Denial-of-Service and User-to-Root attacks that is higher than those in a sample of other works.     

An artificial immune system architecture for computer securityapplications

With increased global interconnectivity and reliance on e-commerce, network services and Internet communication, computer security has become a necessity. Organizations must protect their systems from intrusion and computer virus attacks. Such protection must detect anomalous patterns by exploiting known signatures while monitoring normal computer programs and network usage for abnormalities. Current anti-virus and network intrusion detection (ID) solutions can become overwhelmed by the burden of capturing and classifying new viral strains and intrusion patterns. To overcome this problem, a self-adaptive distributed agent-based defense immune system based on biological strategies is developed within a hierarchical layered architecture. A prototype interactive system is designed, implemented in Java and tested. The results validate the use of a distributed-agent biological system approach toward the computer security problems of virus elimination and ID     

Secure cooperation in a distributed robot system using active RFIDs

In this article, we develop a distributed robotic system that can provide various services in a real environment using ad-hoc networked active radio frequency identifications (RFIDs). These services are derived from a large amount of data acquired from sensors connected to active RFIDs. The primary advantage of this method is that it facilitates the construction of a real-environment monitoring system. Furthermore, a human's status and position can easily be identified by fitting active RFIDs to subjects. However, a security system is required for a radio ad-hoc network and a cooperation system between active RFIDs. In our research, we developed a multirobot cooperating system as a multiagent system and applied it to an active RFID, which has limited resources. We also developed a security system for active RFID communication that can be executed using limited resources. We then integrated the multiagent system and security system. We also constructed a robotic environment that can provide various services using active RFIDs and then evaluated it. This work was presented in part at the 10th International Symposium on Artificial Life and Robotics, Oita, Japan, February 4–6, 2005     

分布式网络入侵检测系统NetNumen的设计与实现

详细介绍了在Linux环境下基于规则的分布式网络入侵检测系统NetNumen.同现有的网络入侵检测系统相比,NetNumen将异常检测(检测包到达频度的异常)和特征检测(检测特定攻击和攻击工具的固有特征)有机地结合起来,对DoS(denial of service),DdoS(distributed denial of service)攻击的检测效果较现有方法有明显的改善.     

Trust management and trust theory revision

A theory of trust for a given system consists of a set of rules that describe trust of agents in the system. In a certain logical framework, the theory is generally established based on the initial trust of agents in the security mechanisms of the system. Such a theory provides a foundation for reasoning about agent beliefs as well as security properties that the system may satisfy. However, trust changes dynamically. When agents lose their trust or gain new trust in a dynamic environment, the theory established based on the initial trust of agents in the system must be revised, otherwise it can no longer be used for any security purpose. This paper investigates the factors influencing trust of agents and discusses how to revise theories of trust in dynamic environments. A methodology for revising and managing theories of trust for multiagent systems is proposed. This methodology includes a method for modeling trust changes, a method for expressing theory changes, and a technique for obtaining a new theory based on a given trust change. The proposed approach is very general and can be applied to obtain an evolving theory of trust for agent-based systems.     

Supporting communication and cooperation in distributed representation for adaptive design

Different types of graphs has been successfully used to represent designs at different stages of the design process. Changes to a model representing a design during the process can be modelled by applying graph transformations. In many real life design tasks the changes/updates can be carried out simultaneously on different parts of the design. Hence a model based on graph transformations is coupled with a multiagent paradigm to enable the parallelisation of these transformations to mimic the real life approach. In this paper a hypergraph representation and transformation model is used as a basis for building a multiagent system supporting distribution and adaptation in computer aided design. This representation can be applicable throughout the lifecycle of the design. It is based on research in formal language theory, like graph grammars, and distributed models including multiagent systems. The motivation for the work presented here is given and possible applications are described. The application of the theoretical results in a graph distribution toolkit proposed as a multiagent framework is also considered. To assure the efficiency of the system it should be implemented as a parallel multiagent system. The hypergraph distribution and partial replication, allowing for its parts to be managed by agents, is also presented. The approach is illustrated by a case study from the domain of building design, where it is used to represent, modify and maintain building information.     

基于深度学习的系统日志异常检测研究

系统日志反映了系统运行状态,记录着系统中特定事件的活动信息,快速准确地检测出系统异常日志,对维护系统安全稳定具有重要意义。提出了一种基于GRU神经网络的日志异常检测算法,基于log key技术实现日志解析,利用执行路径的异常检测模型和参数值的异常检测模型实现日志异常检测,具有参数少、训练快的优点,在取得较高检测精度的同时提升了运行速度,适用于大型信息系统的日志分析。     

基于Linux系统调用的主机入侵检测系统的设计

现代计算机系统在稳定性和安全方面存在许多问题,大部分是由于异常的程序行为所导致,主机入侵检测系统能有效的检测程序异常活动.通过对Linux2.4内核的研究,以内核补丁的形式设计与实现了一个原型系统NUMEN,该系统采用前向序列对方法对系统调用序列进行分析,当检测到进程行为异常时,它将延迟该进程发起的系统调用请求,如果异常的出现是由于安全违规活动而引起的,NUMEN在破坏发生之前阻止攻击活动,确保系统的安全性.     

Fuzzy agents for product configuration in collaborative and distributed design process

Design for product configuration is an inherent collaborative and distributed process. It is characterised by fuzziness of information, fuzziness of knowledge and fuzziness of interactions. Designs for configuration organisations are heterogeneous, dynamic and fuzzy evolving systems. This paper proposes a fuzzy agent-based approach to assist the product configuration. Four heterogeneous and distributed domains: (a) requirement, (b) functional, (c) solution and (d) constraint, are considered. Based on the distributed fuzzy models, fuzziness of interactions, a fuzzy computational approach for product configuration is developed. Agentification of the configuration approach, modelling and the implementation of a multiagent system, are presented. The fuzzy consensual solution agents emerge from fuzzy interactions of fuzzy distributed agents. The optimal product configuration emerges from affinities of the fuzzy consensual solution agents. A case study is presented to demonstrate the potential of this approach.     

基于Agent的分布式防火墙系统的设计与实现

分析了传统防火墙和防火墙安全系统及其局限性。在此基础上引入移动代理技术,利用自治代理的特性对分布式防火墙系统及个体防火墙进行了规范和设计,通过对基于Agent部件的设计阐明了设计和实现一个基于多Agent的分布式防火墙系统的方法和过程。     

基于代理的分级MANET入侵检测系统

针对分级移动自组织网络（MANET）中的安全检测问题,拓展分布式协作IDS,提出一种基于代理的分级MANET入侵检测系统。该系统采用分簇检测和簇间联合检测的方法,为分级MANET防护提供一种新的入侵检测方案。实例分析和实验仿真结果证明,该检测系统有效。     

集成学习分布式异常检测方法

研究了基于模型共享的集成学习分布式异常检测模型,采用多数投票、边界扩展、平均叠加和距离加权4种不同的集成学习方法得到全部的局部模型;采用交换本地数据挖掘模型的方式来实现数据共享,从而构造出一个总体的集成学习模型。从全局的观点检测异常,减少了集中式检测所需数据的传输量,有效保护了数据提供者的隐私性。仿真实验结果表明,该方法的检测性能与集中式检测的性能相当,甚至更好。     

Distributed system anomaly detection using deep learning-based log analysis

Anomaly detection is a key step in ensuring the security and reliability of large-scale distributed systems. Analyzing system logs through artificial intelligence methods can quickly detect anomalies and thus help maintenance personnel to maintain system security. Most of the current works only focus on the temporal or spatial features of distributed system logs, and they cannot sufficiently extract the global features of distributed system logs to achieve a good correct rate of anomaly detection. To further address the shortcomings of existing methods, this paper proposes a deep learning model with global spatiotemporal features to detect the presence of anomalies in distributed system logs. First, we extract semi-structured log events from log templates and model them as natural language. In addition, we focus on the temporal characteristics of logs using the bidirectional long short-term memory network and the spatial invocation characteristics of logs using the Transformer. Extensive experimental evaluations show the advantages of our proposed model for distributed system log anomaly detection tasks. The optimal F1-Score on three open-source datasets and our own collected distributed system datasets reach 98.04%, 94.34%, 88.16%, and 97.40%, respectively.