采用规划识别理论预测系统调用序列中的入侵企图

规划识别是一种根据观察数据识别和推断被观察对象目的或意图的预测理论．在计算机系统入侵检测研究中，为了提前预测出异常事件的发生，提出了一种基于规划识别理论的入侵企图预测方法．通过对主机上的系统调用序列为观察对象建立预测模型，提出了一种带参数补偿的贝叶斯网络动态更新算法，对观察对象的目的进行预测．实验结果表明动态贝叶斯网络对预测系统调用序列中的异常入侵企图有较高的精度．     

工业信息物理系统安全风险动态表现分析量化评估模型

针对当前工业信息物理系统的安全风险评估模型极少考虑系统的动态进程对评估准确性的影响,给出一种工业信息物理系统安全风险动态表现分析量化评估模型.首先,运用贝叶斯网络对攻击在网络层的入侵过程建模,计算网络攻击成功入侵的概率;然后,在攻击成功入侵的前提下,采用卡尔曼状态观测器实时观测被控对象的状态,研究系统的动态表现,定量分析系统的表现损失,从经济损失的角度量化攻击对系统造成的影响,并结合攻击成功入侵的概率,实现对系统安全风险的动态评估.最后,通过Matlab对攻击下沸水发电厂模型的运行状态进行仿真,结果表明所提模型能有效地评估工业信息物理系统的风险.     

基于LZW算法和贝叶斯MARS的入侵检测研究

提出了一种基于LZW算法的入侵检测算法。使用系统调用序列作为特征数据,采用LZW算法对系统调用序列数据进行变长短序列划分,同时对短序列进行压缩,并在应用的过程中对LZW算法进行适当调整以适应序列的划分。通过贝叶斯多元自适应回归样条(贝叶斯MARS)模型,对正常和异常序列进行分类并标识入侵。实验结果表明,基于LZW变长序列划分方法符合系统调用序列的内在规律,在较高压缩比的情况下,获得了很好的检测性能。LZW算法与贝叶斯MARS相结合的入侵检测算法,对各种数据表现稳定,具有一定可行性和实用性。     

基于贝叶斯攻击图的网络入侵意图识别方法

现有入侵意图识别方法对报警证据的有效性缺乏考虑,影响了入侵意图识别的准确性。为此提出基于贝叶斯攻击图的入侵意图识别方法。首先建立贝叶斯攻击图模型,然后通过定义报警的置信度及报警间的关联强度,去除低置信水平的孤立报警;根据提取到的有效报警证据进行贝叶斯后验推理,动态更新攻击图中各状态节点遭受攻击的概率,识别网络中已发生和潜在的攻击行为。实验结果表明,该方法能有效提取报警证据,提高网络入侵预测的准确性。     

基于粗糙集贝叶斯网络的电子产品设计缺陷评估模型

为了对电子产品设计缺陷进行评估与预测,需要构建电子产品设计缺陷粗糙集数学描述模型。由于电子产品设计缺陷影响因素关系复杂,直接构造贝叶斯网络预测模型困难大、精度差,因此提出一种贝叶斯网络与粗糙集相结合的方法。采用粗糙集来生成贝叶斯网络预测模型的网络结构和各节点的条件概率表,再通过贝叶斯网络的参数估计建立电子产品设计缺陷的预测模型。实际应用证明,该方法简洁有效,可以预测项目可能存在的设计缺陷。     

基于高斯和近似的扩展切片高斯混合滤波器及其在多径估计中的应用

全球卫星导航系统(Global navigation satellite system, GNSS)信号的多径估计问题实际上是条件线性状态空间模型下的状态估计问题. 根据高斯和理论提出了适用于非高斯噪声环境的扩展切片高斯混合滤波(Extension of sliced Gaussian mixture filter, ESGMF)算法. 该算法将非高斯噪声的状态概率密度函数(Probability density function, PDF)表示为高斯和的形式,将ESGMF通过一组并行的切片高斯混合滤波器(Sliced Gaussian mixture filter, SGMF)来实现.同时, 在ESGMF算法中利用粒子滤波(Particle filter, PF)中重采样的思想对成指数增加的状态预测PDF的高斯混合个体进行约简, 以提高贝叶斯推理的效率.该算法可以获得非高斯噪声下状态PDF的迭代解析表达式. 最后, 将ESGMF应用于GPS多径参数估计, 仿真结果表明, ESGMF算法的估计精度优于基于PF和扩展卡尔曼滤波(Extended Kalman filter, EKF)的算法.     

Systemic banking crisis early warning systems using dynamic Bayesian networks

For decades, the literature on banking crisis early-warning systems has been dominated by two methods, namely, the signal extraction and the logit model methods. However, these methods, do not model the dynamics of the systemic banking system. In this study, dynamic Bayesian networks are applied as systemic banking crisis early-warning systems. In particular, the hidden Markov model, the switching linear dynamic system and the naïve Bayes switching linear dynamic system models are considered. These dynamic Bayesian networks provide the means to model system dynamics using the Markovian framework. Given the dynamics, the probability of an impending crisis can be calculated. A unique approach to measuring the ability of a model to predict a crisis is utilised. The results indicate that the dynamic Bayesian network models can provide precise early-warnings compared with the signal extraction and the logit methods.     

Event-triggered state estimation for nonlinear systems aid by machine learning

The event-triggered state estimation problem with the aid of machine learning for nonlinear systems is considered in this paper. First, we develop a recurrent neural network (RNN) model to predict the nonlinear systems. Second, we design a discrete-time dynamic event-triggered mechanism (ETM) and a state observer based on this ETM for the prediction model. This discrete-time dynamic event-triggered state observer significantly reduces the utilization of communication resources. Third, we establish a sufficient condition to ensure that the state observer can robustly estimate the state vector of the RNN model. Finally, we provide an illustrative example to verify the merit of the obtained results.     

Context-prediction performance by a dynamic Bayesian network: Emphasis on location prediction in ubiquitous decision support environment

Ubiquitous decision support systems require more intelligent mechanism in which more timely and accurate decision support is available. However, conventional context-aware systems, which have been popular in the ubiquitous decision support systems field, cannot provide such agile and proactive decision support. To fill this research void, this paper proposes a new concept of context prediction mechanism by which the ubiquitous decision support devices are able to predict users’ future contexts in advance, and provide more timely and proactive decision support that users would be satisfied much more. Especially, location prediction is useful because ubiquitous decision support systems could dynamically adapt their decision support contents for a user based on a user’s future location. In this sense, as an alternative for the inference engine mechanism to be used in the ubiquitous decision support systems capable of context-prediction, we propose an inductive approach to recognizing a user’s location by learning a dynamic Bayesian network model. The dynamic Bayesian network model has been evaluated with a set of contextual data from undergraduate students. The evaluation result suggests that a dynamic Bayesian network model offers significant predictive power in the location prediction. Besides, we found that the dynamic Bayesian network model has a great potential for the future types of ubiquitous decision support systems.     

基于贝叶斯网络的内部威胁预测研究

在内部网络带给企业办公便利的同时, 内部网络所带来的威胁也日渐突出, 由于企业中内部威胁具有危害性大、难以检测等特点, 内部威胁亟需解决。因此, 提出了基于贝叶斯网络攻击图的内部威胁预测模型。以内部用户实际操作过程中的行为为研究对象, 以内部用户攻击过程中所占有的资源状态和所进行的操作序列攻击证据为节点, 构建贝叶斯网络攻击图; 以网络攻击图来描述攻击者在攻击过程中的不同攻击路径和攻击状态, 并且利用贝叶斯网络推理算法计算内部威胁的危险概率。在贝叶斯网络攻击图中定义了元操作、原子攻击、攻击证据等概念, 量化了节点变量、节点变量取值和条件概率分布。以改进的似然加权算法为基础, 使贝叶斯网络的参数计算更加简便, 内部威胁的预测更加精确。最后, 通过仿真实验证明了该方法建模速度快、计算过程简单、计算结果精确, 在预测内部威胁时的有效性和适用性。     

基于模糊小波神经网络的主机入侵预测

综合利用模糊技术、神经网络与小波技术,提出一种主机入侵预测模型FWNN-IP。将系统调用按危险度进行分类,并为高危险度的系统调用赋予较高的值,利用模糊化后的系统调用短序列分析程序(进程)的踪迹,达到入侵预测的目的。实验结果表明,FWNN-IP模型能够及时预测程序(进程)中的异常,采取更加积极主动的预防措施抵制入侵行为。     

基于进程行为的入侵检测系统的设计

在基于多层感知器的神经网络分类器和基于概率预测的贝叶斯分类器的基础上,给出针对描述系统进程行为的系统调用短序列进行分类的方法,用以识别被监控系统关键程序的执行过程中的系统调用是否正常。并研究系统中多个系统关键程序的运行监控问题,提出了一个基于进程行为分类的入侵检测系统原型。该系统原型能够根据系统配置,同时对系统中的多个系统关键程序的执行进行监控。     

Traffic signal control based on a predicted traffic jam distribution

In this article, we propose a new method of traffic signal control based on the predicted distribution of traffic jams. First, we built a forecasting model to predict the probability distribution of vehicles being in a traffic jam during each period of the traffic signals. A dynamic Bayesian network was used as the forecasting model, and this predicted the probability distribution of the number of standing vehicles in a traffic jam. According to calculations by the dynamic Bayesian network, a prediction of the probability distribution of the number of standing vehicles at each time will be obtained, and a control rule to adjust the split and cycle of the signals to maintain the probability of a lower limit and a ceiling of standing vehicles is deduced. Through a simulation using the actual traffic data of a city, the effectiveness of our method is shown.     

基于语言库调用的应用入侵检测技术

传统的入侵检测系统方法是在操作系统级检测入侵。本文主要讨论使用应用级语言库调用序列作为特征在应用级检测入侵。语言库调用特征比系统调用特征更能直接地反映应用级的代码。使用语言库调用特征可以发现引起应用代码混乱的攻击。     

基于主动风险防御机制的多机器人强化学习协同对抗策略

深度强化学习因其在多机器人系统中的高效表现,已经成为多机器人领域的研究热点.然而,当遭遇连续时变、风险未知的非结构场景时,传统方法暴露出风险防御能力差、系统安全性能脆弱的问题,未知风险将以对抗攻击的形式给多机器人的状态空间带来非线性入侵.针对这一问题,提出一种基于主动风险防御机制的多机器人强化学习方法(APMARL).首先,基于局部可观察马尔可夫博弈模型,建立多机记忆池共享的风险判别机制,通过构建风险状态指数提前预测当前行为的安全性,并根据风险预测结果自适应执行与之匹配的风险处理模式;特别地,针对有风险侵入的非安全状态,提出基于增强型注意力机制的Actor-Critic主动防御网络架构,实现对重点信息的分级增强和危险信息的有效防御.最后,通过广泛的多机协作对抗任务实验表明,具有主动风险防御机制的强化学习策略可以有效降低敌对信息的入侵风险,提高多机器人协同对抗任务的执行效率,增强策略的稳定性和安全性.     

An ecological risk assessment for managing and predicting trophic shifts in estuarine ecosystems using a Bayesian network

Estuaries are dynamic systems at the transition between freshwater and marine ecosystems. In this study, a spatially and temporally explicit Bayesian network (BN) was developed for a tidally connected estuary in southeastern Australia. The BN provides an environmental risk assessment (ERA) for the probability of a shift to a eutrophied state based on markers of pelagic and benthic primary production. The model was created to provide an initial framework of system knowledge based on empirical data, with the intention that the model and its linkages be iteratively developed as more information becomes available. The BN was investigated for its potential to predict trophic shifts and provide a framework for evidence-based decision making. Model assessment was conducted through both sensitivity analysis and scenario tests. Through evaluation and updating, the BN can provide information on the key nutrients and bio-physical mechanisms regulating changes in trophic state in estuarine ecosystems.     

基于概率推理的入侵意图识别研究

攻击者的入侵行为背后往往蕴含着攻击者的目标和意图,据此提出了入侵意图识别的层次化模型。为了处理网络环境中的不确定性信息,提出了基于概率推理的入侵意图识别算法,并在此基础上预测攻击者的后续攻击规划和目标,从而起到提前预警的作用。根据网络安全事件、目标和意图之间的因果关系建立的贝叶斯网络能够描述和处理并发意图识别问题。试验证明了该方法的可行性和有效性。     

电子对抗系统网络入侵检测技术优化研究

近年来,随着互联网技术的飞速发展,网络入侵防御技术成为互联网安全研究领域中的重要课题。针对现有电子对抗系统存在的网络后台安全逻辑欠缺,导致系统安全度降低、外端数据监测机制断裂的问题,提出电子对抗系统网络入侵检测技术优化研究方法。采用网络电子数据动态交互流特征定向技术、数据溢出监测算法与数据完整度监测机制三大模组对现有问题进行针对性解决。从问题产生根源对电子对抗系统网络入侵检测技术进行优化,通过仿真实验测试表明,提出电子对抗系统网络入侵检测技术优化研究方法具有入侵源监测响应速度快、准确度高、扩展性强、应用性好的特点。     

开放式动态网络中可渗透路径预测方法仿真

针对机器学习、生物免疫以及条件概率算法下的三种可渗透路径预测方法存在的空间复杂度高、预测覆盖面小问题,提出基于贝叶斯算法的开放式动态网络可渗透路径预测方法。方法对贝叶斯算法进行描述,并基于贝叶斯算法设计可渗透路径预测方法,分析开放式动态网络可渗透过程,然后对可渗透数据进行采集并处理,提取可渗透特征,建立基于贝叶斯算法的预测模型,实现可渗透路径预测。结果表明,与机器学习、生物免疫以及条件概率算法下的三种可渗透路径预测方法相比,所提方法空间复杂度最低,预测覆盖面最大,最高可达98%。     

An application of Bayesian network for predicting object-oriented software maintainability

As the number of object-oriented software systems increases, it becomes more important for organizations to maintain those systems effectively. However, currently only a small number of maintainability prediction models are available for object-oriented systems. This paper presents a Bayesian network maintainability prediction model for an object-oriented software system. The model is constructed using object-oriented metric data in Li and Henry's datasets, which were collected from two different object-oriented systems. Prediction accuracy of the model is evaluated and compared with commonly used regression-based models. The results suggest that the Bayesian network model can predict maintainability more accurately than the regression-based models for one system, and almost as accurately as the best regression-based model for the other system.