网络协议帧切分优化过程研究与仿真

为保障信息网络的安全,对网络协议帧进行合理的切分是准确掌握未知网络协议信息,挖掘协议特征,保证通信安全的重要步骤.在未知协议的识别与分析过程中,无法掌握所有网络通信协议规范,也难以准确获得数据特征,导致传统的网络协议帧切分方法面对大数据量时,在可行性与有效性方面存在较大的局限性.提出一种面向比特流的协议帧切分算法.详细分析了协议下比特流数据的特性;通过树结构存储统计比特流数据,并进行预挖掘以预测支持度和确定次数权值,进而判定获得频繁序列;运用位置差关联规则推断可能的帧头位置及帧长,从而实现协议帧的切分.通过对真实数据的仿真对提出的方法进行了验证,结果表明上述方法能够对未知协议进行准确帧长分段切分,使效率和准确度都有提高.     

基于序列统计的未知无线协议特征提取方法

在未知无线网络环境下,比特流形式的协议数据帧特征不明显,且缺乏先验知识对其进行分析,造成特征提取困难。提出一种利用序列统计提取未知无线协议特征的方法。统计数据中定长序列出现的频次和位置,根据概率和相似性筛选满足频繁条件的固定序列和交互序列,得到频繁项集,并借鉴关联规则连接频繁项集中的频繁序列,去除冗余的序列信息,得到协议特征集。仿真结果表明,该方法能够有效提高未知无线协议特征提取效果,准确率稳定在90%以上。     

面向比特流的未知短波协议识别技术

协议识别技术在信息对抗中发挥着极其重要的作用,它是对信号进行解码的前提条件,是通信对抗由信号层对抗,转变为信号层与信息层对抗互相结合,以信息层对抗为主的关键一步.从海量比特流数据中识别未知协议的基本方法是对比特流数据进行挖掘,寻找其中的特征序列,在没有先验知识的情况下,则需要对其中的频繁序列进行提取.为适应比特流环境,本文在BNDM算法的基础上做出改进,进行前置编码,极大地提高了二进制环境下搜寻频繁序列的效率.实验表明,上述方法能够实现海量比特流数据中对未知短波协议的识别以及对协议数据帧的定界和切分.     

面向比特流的未知协议识别与分析技术综述

在日益严峻的网络安全形势下,为确保信息的安全性,大量的网络应用开始采用未知的私有协议进行数据传输,尤其是在军事对抗中的战场无线通信网络下,通信所采用的协议不仅未知,还有可能被加密。要从截获的通信比特流中提取可用信息并加以利用,推断出以比特流形式存在的未知协议的报文格式是首要前提。首先从整体上介绍了现有面向比特流的协议识别研究领域所涉及的主要内容,重点分析了现有未知协议格式推断方法,包括频繁模式挖掘、关联规则挖掘、比特流帧切分以及协议格式推断,最后总结其优缺点及下一步研究方向。     

基于游程检测与快速傅里叶变换的加密比特流识别

为获得链路层中的加密与未加密比特流样本,首先提出了基于游程检测方法的链路层加密比特流识别方案,解决了未知网络环境下的加密与未加密比特流样本获取问题.同时,采用快速傅里叶变换分别对加密与未加密比特流样本进行处理,根据最大差异原则确定了快速傅里叶变换结果的特征点位置,并基于正态分布原理确定了特征点的取值,建立了特征模板.最后,以某无线网络链路层加密比特流为识别对象,对提出的方案的有效性进行了验证.结果表明,该方案对链路层加密与未加密比特流的识别率均可达到95％以上.     

自适应聚类的未知应用层协议识别方法

应用层协议识别是指从承载应用层协议数据的网络流量中提取出可以标识应用层协议的关键特征,并以这些关键特征为基础,将同种类型的应用层协议数据划分在一起。针对现有网络流量识别方法对未知应用层协议识别率低的问题,提出了一种自适应聚类的未知应用层协议识别方法。该方法以传统的AGNES层次聚类算法为基础,依据网络流应用层协议数据的负载特征,基于相似度对应用层协议进行聚类。方法将聚类算法中相似度计算划分为聚类前应用层协议数据间的相似度计算和聚类中簇间的相似度计算两部分,避免了重复性地计算应用层协议数据间的相似度,提升了算法的聚类效率。实验结果表明所提出的方法能够高效准确地对未知协议的网络流量进行识别。     

基于关键字的单协议分类

网络协议是网络通信中一系列标准的集合,未知协议的识别和分析对网络监管、保障网络安全具有重大意义。协议识别技术多种多样,但大都不适用于二进制的协议识别。在此针对现有的协议识别技术的局限性,提出了一种在双方单协议通信环境下的多种类型二进制数据帧的协议识别方法。该方法首先利用n-gram技术对数据帧进行分割,然后利用无监督的特征选择算法提取特征串集合,从而利用聚类算法实现协议消息的识别。最后在ICMP上对该方法进行评估,消息识别的准确率和召回率均可达到90%以上。     

基于改进凝聚层次聚类的协议分类算法

在比特流未知协议识别过程中,针对如何将得到的多协议数据帧分为单协议数据帧这一问题,提出了一种改进的凝聚型层次聚类算法。该算法以传统的凝聚型层次聚类算法思想为基础,结合比特流数据帧的特征,定义了数据帧之间及类簇之间的相似度,采用边聚类边提取符合要求类簇的方式,能快速有效地对数据帧进行聚类;并且该算法能自动地确定聚类的个数,所得的类簇含有相似度评价指标。利用林肯实验室公布的数据集进行测试,说明该算法能以较高的正确率对协议数据帧进行聚类。     

未知单协议数据帧的地址分析与研究

网 络协议是网络通信中一系列标准的集合,未知协议的识别和分析对网络监管、保障网络安全具有重大意义。协议识别技术多种多样,但在协议的分析识别过程中,为了实现协议的简单高效识别,通常需要将未知混合多协议分离为单协议,然后再进行进一步的识别。在将未知混合数据帧分离为单协议的基础上,提出了一种高效的确定单协议位置信息的方法,即进一步将单协议的数据帧按地址分为点对点数据帧,从而实现未知协议的最终识别。最后通过分析ARP、TCP数据对该方法进行评估,结果表明采用该方法可以找到2/3以上的地址信息。     

基于自适应权值的数据报指纹特征识别与发现

面对未知协议下的报文数据,由于不能通过协议规范获得相关特征,导致传统的模式匹配方法在报文提取和协议识别过程中存在着难题;提出了以数据挖掘理论为基础的数据报指纹特征提取方案;在特征序列挖掘过程中引入自适应权值,对源数据中的序列模式进行加权统计得到判决结果;再利用提升率对特征序列进行关联规则验证,输出数据报的指纹特征;最后,采用ARP广播帧和ICMP数据包作为原始数据,测试提取数据报指纹特征;实验结果表明,自适应权值的引入能够有效减小报文中冗余数据段的干扰,提高指纹特征提取的正确率,并对报文的长度变化有一定的鲁棒性。     

Only connect: teaching, technology and telesis

Abstract This paper describes an approach to the design of interactive multimedia materials being developed in a European Community project. The developmental process is seen as a dialogue between technologists and teachers. This dialogue is often problematic because of the differences in training, experience and culture between them. Conditions needed for fruitful dialogue are described and the generic model for learning design used in the project is explained.     

European Community policy and the market

Abstract This paper starts with some reflections on the policy considerations and priorities which are shaping European Commission (EC) research programmes. Then it attempts to position the current projects which seek to capitalise on information and communications technologies for learning in relation to these priorities and the apparent realities of the marketplace. It concludes that while there are grounds to be optimistic about the contribution EC programmes can make to the efficiency and standard of education and training, they are still too technology driven.     

一种自适应子融合集成多分类器方法

融合集成方法已经广泛应用在模式识别领域,然而一些基分类器实时性能稳定性较差,导致多分类器融合性能差,针对上述问题本文提出了一种新的基于多分类器的子融合集成分类器系统。该方法考虑在度量层融合层次之上通过对各类基多分类器进行动态选择,票数最多的类别作为融合系统中对特征向量识别的类别,构成一种新的自适应子融合集成分类器方法。实验表明,该方法比传统的分类器以及分类融合方法识别准确率明显更高,具有更好的鲁棒性。     

Avoiding semantic and temporal gaps in developing software intensive systems

Development of software intensive systems (systems) in practice involves a series of self-contained phases for the lifecycle of a system. Semantic and temporal gaps, which occur among phases and among developer disciplines within and across phases, hinder the ongoing development of a system because of the interdependencies among phases and among disciplines. Such gaps are magnified among systems that are developed at different times by different development teams, which may limit reuse of artifacts of systems development and interoperability among the systems. This article discusses such gaps and a systems development process for avoiding them.     

Designing economic np control charts: A programmed simulation approach

This paper presents control charts models and the necessary simulation software for the location of economic values of the control parameters. The simulation program is written in FORTRAN, requires only 10K of main storage, and can run on most mini and micro computers. Two models are presented - one describes the process when it is operating at full capacity and the other when the process is operating under capacity. The models allow the product quality to deteriorate to a further level before an existing out-of-control state is detected, and they can also be used in situations where no prior knowledge exists of the out-of-control causes and the resulting proportion defectives.     

The development of robot art

Going through a few examples of robot artists who are recognized worldwide, we try to analyze the deepest meaning of what is called “robot art” and the related art field definition. We also try to highlight its well-marked borders, such as kinetic sculptures, kinetic art, cyber art, and cyberpunk. A brief excursion into the importance of the context, the message, and its semiotics is also provided, case by case, together with a few hints on the history of this discipline in the light of an artistic perspective. Therefore, the aim of this article is to try to summarize the main characteristics that might classify robot art as a unique and innovative discipline, and to track down some of the principles by which a robotic artifact can or cannot be considered an art piece in terms of social, cultural, and strictly artistic interest. This work was presented in part at the 13th International Symposium on Artificial Life and Robotics, Oita, Japan, January 31–February 2, 2008     

Explanation and prediction: an architecture for default and abductive reasoning

Although there are many arguments that logic is an appropriate tool for artificial intelligence, there has been a perceived problem with the monotonicity of classical logic. This paper elaborates on the idea that reasoning should be viewed as theory formation where logic tells us the consequences of our assumptions. The two activities of predicting what is expected to be true and explaining observations are considered in a simple theory formation framework. Properties of each activity are discussed, along with a number of proposals as to what should be predicted or accepted as reasonable explanations. An architecture is proposed to combine explanation and prediction into one coherent framework. Algorithms used to implement the system as well as examples from a running implementation are given.     

Three Process Perspectives: Organizations, Teams, and People

This paper provides the author's personal views and perspectives on software process improvement. Starting with his first work on technology assessment in IBM over 20 years ago, Watts Humphrey describes the process improvement work he has been directly involved in. This includes the development of the early process assessment methods, the original design of the CMM, and the introduction of the Personal Software Process (PSP)^SM and Team Software Process (TSP){^SM}. In addition to describing the original motivation for this work, the author also reviews many of the problems he and his associates encountered and why they solved them the way they did. He also comments on the outstanding issues and likely directions for future work. Finally, this work has built on the experiences and contributions of many people. Mr. Humphrey only describes work that he was personally involved in and he names many of the key contributors. However, so many people have been involved in this work that a full list of the important participants would be impractical.     

基于复小波噪声方差显著修正的SAR图像去噪

提出了一种基于复小波域统计建模与噪声方差估计显著性修正相结合的合成孔径雷达(Synthetic Aperture Radar,SAR)图像斑点噪声滤波方法。该方法首先通过对数变换将乘性噪声模型转化为加性噪声模型,然后对变换后的图像进行双树复小波变换(Dualtree Complex Wavelet Transform,DCWT),并对复数小波系数的统计分布进行建模。在此先验分布的基础上,通过运用贝叶斯估计方法从含噪系数中恢复原始系数,达到滤除噪声的目的。实验结果表明该方法在去除噪声的同时保留了图像的细节信息,取得了很好的降噪效果。     

How do children do mathematics with LOGO?

Abstract  This paper considers some results of a study designed to investigate the kinds of mathematical activity undertaken by children (aged between 8 and 11) as they learned to program in LOGO. A model of learning modes is proposed, which attempts to describe the ways in which children used and acquired understanding of the programming/mathematical concepts involved. The remainder of the paper is concerned with discussing the validity and limitations of the model, and its implications for further research and curriculum development.