一种基于模型的特征交互检测方法

为了适应业务的不断更新,许多软件系统通过向公共的基础系统插入新的扩展来实现演化.这种演化策略虽然有利于并行开发和部署,但也面临着扩展间可能发生非预期特征交互的问题.目前,形式化方法在检测特征交互问题方面仍然是最有效的方法之一.这类方法着眼于检测扩展之间是否会发生冲突.虽然在小规模实验上较为成功,但是它们也面临着一些挑战.例如:扩展的非单调性、扩展组合的激增以及扩展模型可能无法获知的问题.实际上,许多特征交互都源于新扩展对基系统和已有扩展造成的不恰当影响.基于这种认识,集中关注由于扩展的不恰当影响所导致的交互冲突问题,提出了如何从已知的特征交互实例来分析产生冲突的原因的具体方法,并说明了如何制定约束以限制扩展中易导致冲突的行为,从而预防同一类行为可能导致的各种冲突.该方法被应用到电信系统特征交互的分析上,实验结果表明,大部分特征交互中导致冲突的行为都可以被检测出来.该方法不仅能够保证原有基系统或扩展模型的稳定、有效,避免扩展组合带来的问题,而且它无须公布扩展的模型细节.     

一种模型重构冲突消解算法

冲突是研究模型重构中的一个重要问题,多数研究将该问题的重点放在冲突检测上,通过对已知冲突的分析,找出冲突消解的手工实现方式.为实现模型重构的自动过程而寻找自动消解冲突的方法是主要研究内容.根据冲突发生的条件将冲突分为3种类型:同一规则的并行使用产生的冲突、对称冲突、非对称冲突.该方法建立在手工分析这3类重构冲突消解的基础上,将重构规则预设为一个规则矩阵,对图转换系统中出现的重构规则进行扫描.扫描结果对照规则矩阵,判断冲突是同一规则还是不同规则的并行使用所产生;分别对这两种情况下的冲突所操作的对象进行分析,根据已有手工消解方法有针对性地进行消解操作.这一算法可以初步实现并行执行的3类冲突的自动消解.     

交互博弈引导的网络流量异常检测建模方法研究

基于网络流量的系统入侵会带来严重破坏,因此寻找能够准确识别和分类异常流量的方法具有重要的研究价值。数据作为基于机器学习模型的检测算法的唯一依据,训练过程对于外界是一个黑盒过程,整个模型在训练和使用过程中缺乏用户交互。这导致在网络运维场景中,专业运维人员不能根据当前模型检测结果,实时将指导信息反馈到系统中,进而削弱了系统的场景适应能力和检测纠错能力。本文基于强化学习过程,设计了一种基于动态贝叶斯博弈的交互引导式的网络流量异常检测方法。通过检测模型和运维人员交互的方式,在训练过程中让运维人员提供专业反馈使得模型获得外界针对当前检测效果的奖惩信号,从而对自身特征聚焦方向和收敛过程起到引导的作用。将运维人员和检测模型视为博弈的双方,建立博弈模型,使双方之间的交互引导行为达到动态平衡状态。通过博弈对于模型交互频次和内容反馈给出指导,从而使得模型具有动态适应当前场景的能力,有效控制了人机交互反馈所带来的系统开销。实验部分验证了交互式博弈的流量检测方法中,双方博弈指导交互行为的可行性与有效性,证明了该方法在动态场景中具有良好的适应能力。相较于传统的机器学习方法,交互引导式模型提高了模型整体的检测性能。性能对比测试结果表明交互频次每增加0.02%,系统整体检测性能随之提升0.01%。     

一个基于UML顺序图的场景测试用例生成方法

UML顺序图是基于UML开发的软件设计模型的重要组成部分，它描述了软件系统的动态行为，是软件集成测试过程中的一个重要的信息来源。本文提出了一个基于UML顺序图的场景测试方法，它以UML顺序图为主要测试模型，结合UML状态图和类图生成所有的测试场景，最后使用范畴一划分方法找到与每一场景相关的环境条件并将它与方法序列、输入、输出合理组合作为覆盖该场景的测试用例，用于测试该场景中对象之间的交互。由于UML已广泛用于软件分析和设计阶段，通过UML模型生成测试用例可充分利用已有的设计结果，减少测试阶段所需的费用，对于已使用UML的工业界有着重要的意义。     

基于视觉的手势界面关键技术研究

针对视觉手势界面存在的问题,提出了一套行之有效的解决方案.首先,为了解决视觉手势交互中的MidasTouch问题,以人类注意的信息加工模型为理论依据提出了一个可扩展的视觉手势交互模型,该模型将手势交互过程分为选择性处理、分配性处理和集中处理3个不同阶段;然后,基于该模型提出了一个视觉手势识别框架,并结合认知心理学从手势检测、跟踪和识别3个方面对该框架的各个组成模块的关键技术进行了阐述,其中手势检测模块和识别管理模块能够辅助系统在复杂的背景中滤除掉不相关信息而选择性地搜索人手并根据上下文信息对手势识别任务重定向,从而避免了系统时刻都处于激活状态并对所有的手势动作都进行识别分析,有效解决了Midas Touch问题.文中介绍了使用该方法实现的IEToolkit手势界面工具平台,并基于一个视觉手势交互系统进行了实验测试与评估,结果验证了文中方法的可用性.     

使用特征空间归一化主类距离的智能零售场景开放集分类方法

智能零售场景中往往会使用到图像分类技术来识别商品,然而实际场景中并不是所有出现的物体都是已知的,未知的物体会干扰场景中的模型正常运行.针对智能零售场景中的图像分类问题,从已知类别封闭数据集的分类特征出发,通过对已知类别的分类特征进行计算和修正得到对未知类别物体的分类预测.通过构造已知类别的特征空间,并结合针对图像分类特征空间的特性优化的特征距离——归一化主类距离,可以更好地拟合特征空间在已知类别数据集中的边界概率模型.最终用边界概率模型对原分类特征做出修正计算,得到对物体的未知类别的分类预测,并通过设计实验验证该方法的可行性.此外,在智能零售场景的数据集支持下,与已有方法进行了对比实验.使用特征空间归一化主类距离的开放集分类算法在有着更高的已知类别分类准确率的同时,开放集拒绝率有14.20%的提升,达到了44.85%.     

基于场景模型的DDS架构一体化舰船任务系统测试

以数据分发服务(data-distribution service, DDS)为基础架构的新型一体化舰船任务系统在研发模式、结构和应用方面具有特殊特点,使得其测试相当具有挑战.基于模型的测试(model-based testing, MBT)是工业系统测试的一种有效方法.然而,对于类舰船任务系统,由于其自身的高度复杂性和协同开发方式,传统需要建立完整模型以表达系统内部行为的MBT技术极难应用.为此,提出了一种基于场景模型的类舰船任务系统MBT方法.方法从外部角度构建模型来表达DDS架构系统中的交互场景.模型使用扩展正则表达式来建模交互序列,使用基本数据元素限制、约束公式和计算函数来建模交互数据,能够在保留抽象性的同时便捷并相对完整地表达交互过程.基于场景模型,进一步提出算法生成直接可执行的测试用例.在某真实舰船任务系统上的实验表明,方法能够测试从一族舰船任务系统历史失效中总结出的21种常见风险场景,对类舰船任务系统的DDS架构工业系统测试具有潜在应用价值.     

基于几何位置的标记特征恢复方法研究

在场景中设置标记足增强现实中跟踪摄像机空间姿态的一种常用方法.针对复杂场景中标记被局部遮挡、或光线变化影响标记特征检测的问题,提出了一种基于几何位置的标记特征恢复方法.该方法利用空间向量的几何特征,通过延长与合并被截断的空间线段,并根据标记线段的邻域存在像素灰度值突变的特征,恢复被遮挡标记的特征线段.为验证方法的有效性,将该方法应用于基于增强现实的虚实交互系统,实验结果表明,在标记被局部遮挡或光线多变条件下,该方法能够恢复标记特征,较好地实现了标记的跟踪与注册.     

基于接口变迁的交互流程模型挖掘方法

流程模型挖掘是基于系统运行记录下的事件日志来还原特征对应流程模型的技术。目前已有的挖掘方法多是基于由系统分解出的不同模块之间交互频繁且模块包含特征较少的场景。在挖掘包含较多特征、交互不频繁的流程模型方面,目前的方法存在一定的局限性。鉴于此,文中提出了基于接口变迁的交互流程模型挖掘方法。首先,利用现有的挖掘方法来挖掘模块内部的特征序,确定初始模块网;其次,遍历事件日志以查找疑似接口变迁;然后,通过挖掘特征网来确定接口变迁,并对接口变迁增加接口库所;最后,基于开放Petri网,利用合成网的观点将交互模块合成为一个完善的流程模型Petri网。通过实例分析,验证了该挖掘方法的有效性。     

语义特征建模系统中布尔算法的研究

为了提高语义特征建模系统中布尔操作的运行效率,提出了一种基于语义表示法的布尔操作算法.该算法用语义表示法表示特征模型,用细胞元模型组织和管理特征元素,用语义面替代几何面来提高特征的交互检测效率,通过细胞分裂和语义面分解来生成新实体.该算法不仅可以快速准确地生成布尔实体,还可以避免几何面的丢失及“孔洞”等错误的发生.实验证明,该算法具有广泛的使用前景和实用价值.     

Synthesis of test scenarios using UML activity diagrams

Often system developers follow Unified Modeling Language (UML) activity diagrams to depict all possible flows of controls commonly known as scenarios of use cases. Hence, an activity diagram is treated as a useful design artifact to identify all possible scenarios and then check faults in scenarios of a use case. However, identification of all possible scenarios and then testing with activity diagrams is a challenging task because several control flow constructs and their nested combinations make path identification difficult. In this paper, we address this problem and propose an approach to identify all scenarios from activity diagrams and use them to test use cases. The proposed approach is based on the classification of control constructs followed by a transformation approach which takes into account any combination of nested structures and transforms an activity diagram into a model called Intermediate Testable Model (ITM). We use ITM to generate test scenarios. With our approach it is possible to generate more scenarios than the existing work. Further, the proposed approach can be directly carried out using design models without any addition of testability information unlike the existing approaches.     

A methodology for feature interaction detection in the AIN 0.1framework

We propose an integrated methodology for specifying AIN (advanced intelligent networks) and switch based features and analyzing their interactions in the AIN 0.1 framework. The specification of each individual feature is tied to the AIN call model and requires only a minimum amount of information in terms of control and data for interaction analysis. Once a feature is specified, its specification is then validated for consistency with respect to control and data. Interaction analysis is conducted for a set of features based on the sharing of call variables between the SSP and the SCP. With this approach, one can detect the following interactions involving AIN features: (1) side effects, where a call variable modified by one feature is used by another feature and (2) disabling, where one feature disconnects a call, preventing another feature from execution. We also develop a theory that is based on the computation of sequences of messages exchanged between the SSP and the SCP and their call variable usage. This theory is shown to dramatically reduce the number of cases considered during the analysis. A brief overview of a tool that makes use of this methodology to aid in the task of feature interaction detection is also given     

Automatic control of workflow processes using ECA rules

Changes in recent business environments have created the necessity for a more efficient and effective business process management. The workflow management system is software that assists in defining business processes as well as automatically controlling the execution of the processes. We propose a new approach to the automatic execution of business processes using event-condition-action (ECA) rules that can be automatically triggered by an active database. First of all, we propose the concept of blocks that can classify process flows into several patterns. A block is a minimal unit that can specify the behaviors represented in a process model. An algorithm is developed to detect blocks from a process definition network and transform it into a hierarchical tree model. The behaviors in each block type are modeled using ACTA formalism. This provides a theoretical basis from which ECA rules are identified. The proposed ECA rule-based approach shows that it is possible to execute the workflow using the active capability of database without users' intervention. The operation of the proposed methods is illustrated through an example process.     

基于异常和特征的入侵检测系统模型

目前大多数入侵检测系统(Intrusion Detection System，IDS)没有兼备检测已知和未知入侵的能力，甚至不能检测已知入侵的微小变异，效率较低。本文提出了一种结合异常和特征检测技术的IDS。使用单一技术的IDS存在严重的缺点，为提高其效率，唯一的解决方案是两者的结合，即基于异常和特征的入侵检测。异常检测能发现未知入侵，而基于特征的检测能发现已知入侵，结合两者而成的基于异常和特征的入侵检测系统不但能检测已知和未知的入侵，而且能更新基于特征检测的数据库，因而具有很高的效率。     

基于特征命令交换的在线协同设计方法

在线协同设计中特征命令的并发执行将导致文档状态的不确定,其直接后果是造成拓扑对象编码/命名冲突。为此,将状态向量作为特征命令执行文档状态的简化描述形式以方便参与者间的通信,结合各个参与者本地的特征命令队列以及几何模型对特征命令的执行文档状态进行精确描述。基于该精确描述方法对特征命令的本地和远端执行文档状态进行分析,提出特征命令执行文档状态确定化算法以保证拓扑对象编码/命名的正确有效性。     

基于约束的协同设计冲突检测模型

针对协同设计冲突无法准确全面检测的问题,提出了一种基于约束的冲突检测模型。在分析了协同设计中约束分层和约束满足问题的基础上,该检测模型将约束划分为已知约束关系集合和未知约束关系集合两部分,分别对其进行冲突检测。采用区间传播算法验证已知约束关系集合;提出用免疫算法优化反向传播(BP)神经网络来模拟未知约束关系集合进行冲突检测,并与遗传算法优化BP神经网络进行对比,收敛速度提高了62.96%,证明了算法具有较快的收敛速度和较强的全局收敛能力。为实现计算机支持的冲突检测,研究了基于可扩展标记语言(XML)文档的约束关系集合表达方法,设计了基于约束满足的冲突检测系统的架构体系,并以C#和Matlab为平台开发了行星齿轮箱协同设计冲突检测系统。最后,通过实例验证了冲突检测模型的可行性和有效性。     

A graph mining approach for detecting unknown malwares

Nowadays malware is one of the serious problems in the modern societies. Although the signature based malicious code detection is the standard technique in all commercial antivirus softwares, it can only achieve detection once the virus has already caused damage and it is registered. Therefore, it fails to detect new malwares (unknown malwares). Since most of malwares have similar behavior, a behavior based method can detect unknown malwares. The behavior of a program can be represented by a set of called API's (application programming interface). Therefore, a classifier can be employed to construct a learning model with a set of programs' API calls. Finally, an intelligent malware detection system is developed to detect unknown malwares automatically. On the other hand, we have an appealing representation model to visualize the executable files structure which is control flow graph (CFG). This model represents another semantic aspect of programs. This paper presents a robust semantic based method to detect unknown malwares based on combination of a visualize model (CFG) and called API's. The main contribution of this paper is extracting CFG from programs and combining it with extracted API calls to have more information about executable files. This new representation model is called API-CFG. In addition, to have fast learning and classification process, the control flow graphs are converted to a set of feature vectors by a nice trick. Our approach is capable of classifying unseen benign and malicious code with high accuracy. The results show a statistically significant improvement over n-grams based detection method.     

Intelligent data structures selection using neural networks

It is well known that abstract data types represent the core for any software application, and a proper use of them is an essential requirement for developing a robust and efficient system. Data structures are essential in obtaining efficient algorithms, having a major importance in the software development process. Selecting and creating the appropriate data structure for implementing an abstract data type can greatly impact the performance and the efficiency of the software systems. It is not a trivial problem for a software developer, as it is hard to anticipate all the use scenarios of the deployed application, and a static selection before the system’s execution is, generally, not accurate. In this paper, we are focusing on the problem of dynamic selection of efficient data structures for abstract data types implementation using a supervised learning approach. In order to dynamically select the most suitable representation for an aggregate according to the software system’s current execution context, a neural network will be used. We experimentally evaluate the proposed technique on a case study, emphasizing the advantages of the proposed model in comparison with existing similar approaches.     

Evolutionary approaches to signal decomposition in an application service management system

The increased demand for autonomous control in enterprise information systems has generated interest on efficient global search methods for multivariate datasets in order to search for original elements in time-series patterns, and build causal models of systems interactions, utilization dependencies, and performance characteristics. In this context, activity signals deconvolution is a necessary step to achieve effective adaptive control in Application Service Management. The paper investigates the potential of population-based metaheuristic algorithms, particularly variants of particle swarm, genetic algorithms and differential evolution methods, for activity signals deconvolution when the application performance model is unknown a priori. In our approach, the Application Service Management System is treated as a black- or grey-box, and the activity signals deconvolution is formulated as a search problem, decomposing time-series that outline relations between action signals and utilization-execution time of resources. Experiments are conducted using a queue-based computing system model as a test-bed under different load conditions and search configurations. Special attention was put on high-dimensional scenarios, testing effectiveness for large-scale multivariate data analyses that can obtain a near-optimal signal decomposition solution in a short time. The experimental results reveal benefits, qualities and drawbacks of the various metaheuristic strategies selected for a given signal deconvolution problem, and confirm the potential of evolutionary-type search to effectively explore the search space even in high-dimensional cases. The approach and the algorithms investigated can be useful in support of human administrators, or in enhancing the effectiveness of feature extraction schemes that feed decision blocks of autonomous controllers.     

A declarative framework for stateful analysis of execution traces

With newer complex multi-core systems, it is important to understand an application’s runtime behavior to be able to debug its execution, detect possible problems and bottlenecks and finally identify potential root causes. Execution traces usually contain precise data about an application execution. Their analysis and abstraction at multiple levels can provide valuable information and insights about an application’s runtime behavior. However, with multiple abstraction levels, it becomes increasingly difficult to find the exact location of detected performance or security problems. Tracing tools provide various analysis views to help users to understand their application problems. However, these pre-defined views are often not sufficient to reveal all analysis aspects of the underlying application. A declarative approach that enables users to specify and build their own custom analysis and views based on their knowledge, requirements and problems can be more useful and effective. In this paper, we propose a generic declarative trace analysis framework to analyze, comprehend and visualize execution traces. This enhanced framework builds custom analyses based on a specified modeled state, extracted from a system execution trace and stored in a special purpose database. The proposed solution enables users to first define their different analysis models based on their application and requirements, then visualize these models in many alternate representations (Gantt chart, XY chart, etc.), and finally filter the data to get some highlights or detect some potential patterns. Several sample applications with different operating systems are shown, using trace events gathered from Linux and Windows, at the kernel and user-space levels.