一种基于移动代理的自组网跨层入侵检测系统

分析了Ad Hoc网络对入侵检测系统的要求,设计了一种适合移动Ad Hoc网络的基于移动代理的跨层入侵检测系统.在该系统中,检测节点监听其邻居节点网络层和MAC层的通信行为,将跨层信息作为审核数据的来源,在袭击的早期阶段就能够收集足够的袭击证据进行本地入侵检测.当本地监测信息不足以作出判断时,则引入移动代理技术进行协作检测,节约了网络资源,避免了联合检测对网络节点密度的要求,从而降低了误判率,提高了检测效率,增强了系统的分布性、灵活性和适应性.用仿真软件NS-2搭建网络仿真平台进行了仿真实验,结果表明,该检测系统能更好地保障网络安全.     

游戏设计中基于DBN的用户体验评估模型研究

目的为了更直观、有效地评估游戏产品的用户体验(User Experience,UX),消除单一评估标准的不确定性。方法从传统的MDA游戏设计的角度出发,引入用户的生理特征测量,构建基于动态贝叶斯网络(Dynamic Bayesian Network,DBN)的用户体验评估模型。该模型通过MDAUX框架提取用户体验影响因子,作为贝叶斯网络的输入层节点,通过生理特征测量方法提取用户的脑电和眼动状态,作为贝叶斯网络输出层节点,以一阶隐马尔可夫模型(Hidden Markov Model,HMM)表示两个相邻时间片上用户体验元素的影响关系,从而动态地展示用户体验状态。结果通过生理特征测量实验验证该模型的可行性,通过建立知识平台实践了模型的应用。结论结合生理特征测量的用户体验评估模型可有效反映用户体验状态。     

基于模糊概率赋值的新型贝叶斯异常检测模型

提出了一种结合模糊决策与贝叶斯方法的异常检测模型，该模型将系统中与安全相关的事件进行分类，并以模糊隶属度函数的形式给出各类事件发生异常的实时置信度。异常检测系统综合某时刻所有实时概率取值，做出贝叶斯决策。同简单使用阈值方法的贝叶斯入侵检测模型相比，采用了模糊概率赋值的贝叶斯异常检测模型，在提高对问题描述的精确性同时，由于它对多种类型安全相关事件提供支持而具有更好的适应性，可以更全面地对更复杂的系统行为进行建模。     

模糊支撑半径变量贝叶斯网络多态系统故障概率分析

针对现有隶属函数描述系统及部件故障状态的不足,构建了一种含模糊支撑半径变量的隶属函数来描述部件故障状态,提出了一种基于模糊支撑半径变量的贝叶斯网络多态系统故障概率计算方法。在隶属函数的构造中,用变量代替精确值描述隶属函数模糊支撑半径,建立了含模糊支撑半径变量的隶属函数;并将其引入贝叶斯网络,利用桶消元法对多态系统叶节点故障概率进行分析,得到叶节点故障概率变化曲线。将所提出的方法与文献中基于模糊支撑半径为定值的隶属函数贝叶斯网络方法相比较,验证了方法的有效性。最后,将该方法应用到数控机床主轴系统故障分析实例中,对叶节点故障概率进行计算。结果表明,该方法能够有效解决多态系统故障状态隶属函数选择中的主观性问题。     

基于隐马尔科夫模型的电信网络入侵检测方法

针对电信网络中常用异常检测算法都是用单一的方法,即分布式防火墙通过硬判决来进行检测的所带来的缺点,本文提出了一种结合隐马尔科夫模型和神经网络（HMM—BP）的入侵检测技术。该模型是一种双层的随机过程,通过两层的随机过程,可以提炼出一些比较重要的特征和特性。然后对这些特征和特性,病使用神经网络来进行软判决,实验表明该方法可以提高电信网络入侵检测的性能。     

基于贝叶斯网络的项目组合风险度量

项目组合的交互效应特性使得项目组合风险不能通过单个项目风险的线性叠加获得。基于贝叶斯网络建模提出了一种项目组合风险度量的新方法。该方法通过将专家知识与K2算法相结合,求得项目组合风险的贝叶斯网络结构,并通过度量交互效应对项目风险的影响计算网络中每个节点的条件概率表,实现项目组合风险的贝叶斯网络推理。为了得到K2算法所需的有序节点输入,计算项目风险间的互信息,并基于互信息与条件独立检验求得项目节点的顺序。最后通过一个高新技术企业项目组合的应用实例说明该方法的实用性和有效性。     

基于有限自动机的网络入侵检测技术

入侵检测是对计算机网络和计算机系统的关键节点的信息进行收集和分祈。由于高速网络和交换式网络的普遍应用,以分布式拒绝服务攻击为代表的新型攻击方式的出现和发展,以及现有入侵检测系统效率低下、误报率和漏报率较高的问题无法得到有效解决等问题,目前入侵检测技术正处于发展的关键时期。协议分析是网络入侵检测技术中的一种关键技术,但不能解决对于包含在多个数据包中的攻击。针对这一问题,本文提出了基于状态协议分析的检测技术,构建一个有限自动机（Finite Automata,简称FA）来约束网络,并用由正则表达式产生的语言来描述一系列的正常的状态转化,充分利用协议的状态信息检测入侵。     

网络入侵检测模型的分析与设计

本文分析了网络环境中入侵行为的特点,对入侵检测模型能进行需求分析,根据网格环境的特殊性详细设计了入侵检测系统主要功能模块,在此基础上提出了基于虚拟组织的网格入侵检测模型。     

一个提高基于网络入侵检测系统规则匹配速度算法的研究

在分析现有基于网络入侵检测系统的规则匹配算法的基础上,提出一种基于哈希函数的规则匹配方法.通过与现有网络入侵检测系统Snort[1]进行比较,证明该系统匹配速度要高于Snort.     

利用SNMP代理实现基于状态机的入侵检测

在分析现有入侵检测方法及其缺陷的基础上，提出了一种基于状态机的入侵检测的SNMP代理方案。该方案利用基于有限状态自动机的协议轨迹规范语言PISL描述入侵和攻击特征，利用Script MIB实现代理的配置，利用扩展的RMON2 MIB存储入侵检测的统计信息。最后通过试验表明，这个方案规范了攻击特征的精确描述，有效的减少了误报，实现了入侵检测系统和网络管理系统的有机结合。     

粒子群算法和时间序列分析在入侵检测系统中的应用

入侵检测系统是一种被动的安全防御方法。它是通过分析各种收集到的数据来发现可能的入侵行为。常用的入侵检测分类方法不仅算法复杂而且效率还偏低。本文提出一种基于粒子群算法和时间序列相结合的半监督入侵检测方法来提高入侵检测的分类效率。实验结果表明,该方法用于入侵检测系统具有较高的检测率。     

A Fused Machine Learning Approach for Intrusion Detection System

The rapid growth in data generation and increased use of computer network devices has amplified the infrastructures of internet. The interconnectivity of networks has brought various complexities in maintaining network availability, consistency, and discretion. Machine learning based intrusion detection systems have become essential to monitor network traffic for malicious and illicit activities. An intrusion detection system controls the flow of network traffic with the help of computer systems. Various deep learning algorithms in intrusion detection systems have played a prominent role in identifying and analyzing intrusions in network traffic. For this purpose, when the network traffic encounters known or unknown intrusions in the network, a machine-learning framework is needed to identify and/or verify network intrusion. The Intrusion detection scheme empowered with a fused machine learning technique (IDS-FMLT) is proposed to detect intrusion in a heterogeneous network that consists of different source networks and to protect the network from malicious attacks. The proposed IDS-FMLT system model obtained 95.18% validation accuracy and a 4.82% miss rate in intrusion detection.     

主成分分析的入侵检测方法研究

直接将入侵检测算法应用在粗糙数据上,其入侵检测分析的效率非常低.为解决该问题,提出了一种基于主成分分析的入侵检测方法.该方法通过提取网络连接中的相关信息,对它进行解码,并将解码的网络连接记录与已知的网络连接记录数据进行比较,发现记录中的变化和连接记录分布的主成分,最后将机器学习方法和主成分分析方法结合实现入侵检测.实验结果表明该方法应用到各种不同KDD99入侵检测数据集中可以有效减少学习时间、降低各种数据集的表示空间,提高入侵检测效率.     

MalDetect: A Structure of Encrypted Malware Traffic Detection

Recently, TLS protocol has been widely used to secure the application data carried in network traffic. It becomes more difficult for attackers to decipher messages through capturing the traffic generated from communications of hosts. On the other hand, malwares adopt TLS protocol when accessing to internet, which makes most malware traffic detection methods, such as DPI (Deep Packet Inspection), ineffective. Some literatures use statistical method with extracting the observable data fields exposed in TLS connections to train machine learning classifiers so as to infer whether a traffic flow is malware or not. However, most of them adopt the features based on the complete flow, such as flow duration, but seldom consider that the detection result should be given out as soon as possible. In this paper, we propose MalDetect, a structure of encrypted malware traffic detection. MalDetect only extracts features from approximately 8 packets (the number varies in different flows) at the beginning of traffic flows, which makes it capable of detecting malware traffic before the malware behaviors take practical impacts. In addition, observing that it is inefficient and time-consuming to re-train the offline classifier when new flow samples arrive, we deploy Online Random Forest in MalDetect. This enables the classifier to update its parameters in online mode and gets rid of the re-training process. MalDetect is coded in C++ language and open in Github. Furthermore, MalDetect is thoroughly evaluated from three aspects: effectiveness, timeliness and performance.     

Multi-Zone-Wise Blockchain Based Intrusion Detection and Prevention System for IoT Environment

Blockchain merges technology with the Internet of Things (IoT) for addressing security and privacy-related issues. However, conventional blockchain suffers from scalability issues due to its linear structure, which increases the storage overhead, and Intrusion detection performed was limited with attack severity, leading to performance degradation. To overcome these issues, we proposed MZWB (Multi-Zone-Wise Blockchain) model. Initially, all the authenticated IoT nodes in the network ensure their legitimacy by using the Enhanced Blowfish Algorithm (EBA), considering several metrics. Then, the legitimately considered nodes for network construction for managing the network using Bayesian-Direct Acyclic Graph (B-DAG), which considers several metrics. The intrusion detection is performed based on two tiers. In the first tier, a Deep Convolution Neural Network (DCNN) analyzes the data packets by extracting packet flow features to classify the packets as normal, malicious, and suspicious. In the second tier, the suspicious packets are classified as normal or malicious using the Generative Adversarial Network (GAN). Finally, intrusion scenario performed reconstruction to reduce the severity of attacks in which Improved Monkey Optimization (IMO) is used for attack path discovery by considering several metrics, and the Graph cut utilized algorithm for attack scenario reconstruction (ASR). UNSW-NB15 and BoT-IoT utilized datasets for the MZWB method simulated using a Network simulator (NS-3.26). Compared with previous performance metrics such as energy consumption, storage overhead accuracy, response time, attack detection rate, precision, recall, and F-measure. The simulation result shows that the proposed MZWB method achieves high performance than existing works     

A Real-Time Sequential Deep Extreme Learning Machine Cybersecurity Intrusion Detection System

In recent years, cybersecurity has attracted significant interest due to the rapid growth of the Internet of Things (IoT) and the widespread development of computer infrastructure and systems. It is thus becoming particularly necessary to identify cyber-attacks or irregularities in the system and develop an efficient intrusion detection framework that is integral to security. Researchers have worked on developing intrusion detection models that depend on machine learning (ML) methods to address these security problems. An intelligent intrusion detection device powered by data can exploit artificial intelligence (AI), and especially ML, techniques. Accordingly, we propose in this article an intrusion detection model based on a Real-Time Sequential Deep Extreme Learning Machine Cybersecurity Intrusion Detection System (RTS-DELM-CSIDS) security model. The proposed model initially determines the rating of security aspects contributing to their significance and then develops a comprehensive intrusion detection framework focused on the essential characteristics. Furthermore, we investigated the feasibility of our proposed RTS-DELM-CSIDS framework by performing dataset evaluations and calculating accuracy parameters to validate. The experimental findings demonstrate that the RTS-DELM-CSIDS framework outperforms conventional algorithms. Furthermore, the proposed approach has not only research significance but also practical significance.     

改进型SVM多类分类算法在无线传感器网络中的应用

为了在有限算法复杂度的基础上提高无线传感器网络的攻击检测率,提出了一种改进的支持向量机多类分类算法.该算法综合了稀疏型随机编码和Hadamard编码的特点,以汉明距离为评判依据,对节点采集的流量数据进行分类.结果表明,与单独的一对一、一对多及Hadamard算法相比,此改进型分类算法在五种攻击的正确率检测方面有较明显的优势,运算时间上比Hadamard算法减少了22%.     

Intrusion Detection Based on Bidirectional Long Short-Term Memory with Attention Mechanism

With the recent developments in the Internet of Things (IoT), the amount of data collected has expanded tremendously, resulting in a higher demand for data storage, computational capacity, and real-time processing capabilities. Cloud computing has traditionally played an important role in establishing IoT. However, fog computing has recently emerged as a new field complementing cloud computing due to its enhanced mobility, location awareness, heterogeneity, scalability, low latency, and geographic distribution. However, IoT networks are vulnerable to unwanted assaults because of their open and shared nature. As a result, various fog computing-based security models that protect IoT networks have been developed. A distributed architecture based on an intrusion detection system (IDS) ensures that a dynamic, scalable IoT environment with the ability to disperse centralized tasks to local fog nodes and which successfully detects advanced malicious threats is available. In this study, we examined the time-related aspects of network traffic data. We presented an intrusion detection model based on a two-layered bidirectional long short-term memory (Bi-LSTM) with an attention mechanism for traffic data classification verified on the UNSW-NB15 benchmark dataset. We showed that the suggested model outperformed numerous leading-edge Network IDS that used machine learning models in terms of accuracy, precision, recall and F1 score.     

Mortality and injury patterns associated with roof crush in rollover crashes

Background

In the United States, a significant number of spine injuries, traumatic brain injuries (TBI), and deaths result from motor vehicle rollover crashes each year though they make up a small percentage of total crashes. We sought to explore the relationship between these injuries and the degree of roof crush.

Methods

We searched the NASS CDS database for belted, adult (≥16), non-middle seat passengers involved in rollover crashes from 1993 to 2006. We also searched the CIREN database for illustrative cases. Logistic regression was used to evaluate the relationship between different levels of roof crush and mortality, severe injury (AIS ≥3) to the spine, spinal cord, and head injury.

Results

The risk of mortality, TBI, and spine injury all increased as the degree of roof crush increased. For mortality increased risk occurred at >15 cm [15-30 cm: OR 2.089 (95% CI: 1.461-2.987); >30 cm: OR 6.301 (95% CI: 4.369-9.087)]. For TBI, increased risk was seen above 15 cm crush [15-30 cm: OR 1.52 (95% CI: 1.045-2.21); >30 cm: OR 3.672 (95% CI: 2.456-5.490)]. For spine injury increased risk was seen above 8 cm crush [8-15 cm: OR 1.968 (95% CI 1.273-3.043); 15-30 cm: OR 2.530 (95% CI 1.634-3.917); ≥30 cm OR 2.682 (95% CI 1.474, 4.877). Results were similar across the different statistical models.

Conclusion

There is an association between the degree of roof crush and mortality, spine injury, and head injury in rollover crashes.