Immune based computer virus detection approaches

The computer virus is considered one of the most horrifying threats to the security of computer systems worldwide.The rapid development of evasion techniques used in virus causes the signature based computer virus detection techniques to be ineffective.Many novel computer virus detection approaches have been proposed in the past to cope with the ineffectiveness,mainly classified into three categories: static,dynamic and heuristics techniques.As the natural similarities between the biological immune system(BIS),computer security system(CSS),and the artificial immune system(AIS) were all developed as a new prototype in the community of anti-virus research.The immune mechanisms in the BIS provide the opportunities to construct computer virus detection models that are robust and adaptive with the ability to detect unseen viruses.In this paper,a variety of classic computer virus detection approaches were introduced and reviewed based on the background knowledge of the computer virus history.Next,a variety of immune based computer virus detection approaches were also discussed in detail.Promising experimental results suggest that the immune based computer virus detection approaches were able to detect new variants and unseen viruses at lower false positive rates,which have paved a new way for the anti-virus research.     

对蠕虫计算机病毒的分析

随着计算机的快速发展,计算机的安全问题日益引起广大业界人士的高度关注。计算机作为一个行业,其安全是多方面的。计算机病毒作为一个重要的方面有必要加强认识。本文就蠕虫系列计算机病毒及作共性介绍,并就病毒的清除作技术性探讨。     

汽车电脑电路的分析与检测

以 Motmnic 1.5.4电脑为例,介绍了 ECU 内部电路的分析与检测方法。     

Bayes分类技术在计算机病毒检测中的研究

本文从恶意程序检测的问题入手,介绍了病毒检测技术中的问题和难点,通过对恶意程序的主要特征分析,结合当前迅速发展的模式识别与智能检测成果,提出了使用Bayes分类法对恶意程序进行判断的方案,并对该方案的优缺点进行了分析。     

基于轻量级深度网络的计算机病毒检测方法

为解决已有病毒检测机制无法很好地处理大量未知病毒及深度网络模型难以部署在嵌入式设备上应用的问题,提出一种基于轻量级深度网络的计算机病毒检测方法.采用B2M算法将病毒映射为灰度图像,提取灰度共生矩阵GLCM作为轻量级深度网络SqueezeNet的输入,将传统视觉特征与深度神经网络进行整合,实现病毒的高准确率判别.对Squ...     

一种未知病毒智能检测系统的研究与实现

设计了一种用于检测未知计算机病毒的查毒系统,其检测引擎基于模糊模式识别的算法实现,检测过程中选用的特征向量是被测试程序所引用的API函数调用序列.该系统既可以实现对已知病毒的查杀,又可以对可疑程序行为进行分析评判,最终实现对未知病毒的识别.最后,收集了423个Windows PE格式的正常程序和209个病毒程序组成样本空间进行实验以测试系统的性能.     

功能型计算机病毒运行技术分析与研究

本文提出了功能型计算机病毒的概念,给出了功能型计算机病毒的一般结构。对功能型计算机病毒的运行技术进行了分析。对功能型计算机病毒的研究有助于了解此类病毒的运行机理和特点,对防治此类病毒具有十分重要的意义。     

Design and analysis of genetic fuzzy systems for intrusion detection in computer networks

The capability of fuzzy systems to solve different kinds of problems has been demonstrated in several previous investigations. Genetic fuzzy systems (GFSs) hybridize the approximate reasoning method of fuzzy systems with the learning capability of evolutionary algorithms. The objective of this paper is to design and analysis of various kinds of genetic fuzzy systems to deal with intrusion detection problem as a new real-world application area which is not previously tackled with GFSs. The resulted intrusion detection system would be capable of detecting normal and abnormal behaviors in computer networks. We have presented three kinds of genetic fuzzy systems based on Michigan, Pittsburgh and iterative rule learning (IRL) approaches to deal with intrusion detection as a high-dimensional classification problem. Experiments were performed with DARPA data sets which have information on computer networks, during normal and intrusive behaviors. The paper presents some results and compares the performance of different generated fuzzy rule sets in detecting intrusion in a computer network according to three different types of genetic fuzzy systems.     

Static analysis for the detection of metamorphic computer viruses using repeated-instructions counting heuristics

Metamorphic viruses are particularly insidious as they change their form at each infection, thus making detection hard. Many techniques have been proposed to produce metamorphic malware, and many approaches have been explored to detect it. This paper introduces a detection technique that relies on the assumption that a side effect of the most common metamorphic engines is the dissemination of a high number of repeated instructions in the body of the virus program. We have evaluated our technique on a population of 1,000 programs and the experimentation outcomes indicate that it is accurate in classifying metamorphic viruses and viruses of other nature, too. Virus writers use to introduce code from benign files in order to evade antivirus; our technique is able to recognize virus even if benign code is added to it.     

A pipeline for computer aided polyp detection

We present a novel pipeline for computer-aided detection (CAD) of colonic polyps by integrating texture and shape analysis with volume rendering and conformal colon flattening. Using our automatic method, the 3D polyp detection problem is converted into a 2D pattern recognition problem. The colon surface is first segmented and extracted from the CT data set of the patient's abdomen, which is then mapped to a 2D rectangle using conformal mapping. This flattened image is rendered using a direct volume rendering technique with a translucent electronic biopsy transfer function. The polyps are detected by a 2D clustering method on the flattened image. The false positives are further reduced by analyzing the volumetric shape and texture features. Compared with shape based methods, our method is much more efficient without the need of computing curvature and other shape parameters for the whole colon surface. The final detection results are stored in the 2D image, which can be easily incorporated into a virtual colonoscopy (VC) system to highlight the polyp locations. The extracted colon surface mesh can be used to accelerate the volumetric ray casting algorithm used to generate the VC endoscopic view. The proposed automatic CAD pipeline is incorporated into an interactive VC system, with a goal of helping radiologists detect polyps faster and with higher accuracy.     

基于空间平行直线束的CCD摄像机内外参数标定

为提高计算机视觉检测中的摄像机标定算法的效率与稳定性,降低对标定设备的要求,提出了一种新的基于主动视觉的摄像机标定算法.在分析了空间平行直线束的中心投影规律的基础上标定摄像机内外参数.与以往方法不同,在标定过程中保持摄像机位置不动,通过控制标定模板沿具有直线边缘的物体作任意量值的平移运动来实现对摄像机内外参数的求解.利用焦线的直线约束对镜头畸变进行修正,有效地提高标定结果的精度.将内外参数标定分为3个独立的阶段分别进行,克服了整体求解过程中未知参数间的相关性影响.该方法原理简单,且不需要知道模板上的任何物理度量.模拟实验和真实图像实验结果表明了该方法的高精度和高稳定性.     

基于N元模型的维吾尔文文本分类技术研究

考虑到维吾尔文词干提取、词性标注等工具不够成熟和相关的开源资源很少的实际情况,提出了基于N元模型的维吾尔文文本分类技术.其特点是不需要任何自然语言处理工具,拼写错误率对分类结果的影响很低.在训练阶段分别提取字符级别的三元和四元模型构造不同规模的N元词典,在分类测试阶段分别用曼哈顿距离计算和骰子测量对文本进行分类.实验结果表明,当四元模型词典的规模为500时,使用骰子测量分类时性能最佳,平准准确率达到86.56％.     

A supervised clustering algorithm for computer intrusion detection

We previously developed a clustering and classification algorithm—supervised (CCAS) to learn patterns of normal and intrusive activities and to classify observed system activities. Here we further enhance the robustness of CCAS to the presentation order of training data and the noises in training data. This robust CCAS adds data redistribution, a supervised hierarchical grouping of clusters and removal of outliers as the postprocessing steps.     

维吾尔语的N-gram语言模型研究

针对基于维吾尔语的N-gram模型统计数据稀疏问题造成统计模型识别性能降低,研究针对政府文献和报告领域的语料进行了1到3元文法统计,采用加法、线性插值、Witten-Bell和Kneser-Ney平滑算法进行了约束。结果表明,本实验中Kneser-Ney平滑技术可以大大降低统计维吾尔语的N-gram模型的困惑度。     

新型否定选择算法计算机病毒检测技术的研究与实现

分析传统否定选择算法和计算机病毒检测技术所存在的问题,总结诸多学者在这方面的改进方案和实施方法。根据切割空间的否定选择算法,提出一种应用于二进制生成串检测器的新型切割否定选择算法。     

基于Ontology改进的N-Gram文本分类模型研究

文本自动分类技术为Internet上日益严重的"信息过载"问题提供了一种强有力的解决方法.面向中文文本分类领域,将ontology引入到N-Gram统计文本模型中,提出了一种基于"领域概念 有效词链"的多索引策略和相应的权重计算、参数平滑方法.通过在真实数据集上实验表明:应用领域本体的N-Gram中文文本分类模型不仅降低了索引项的数目,而且提高了文本分类的准确率.     

Performability analysis for degradable computer systems

Degradable performance of fault-tolerant computer systems has given rise to considerable interest in mathematical models for combined evaluation of performance and reliability. Most of these models are based upon Markov processes. Several methods have been proposed for the computation of the probability distribution of performability upon an interval of time [0, t]. In this paper, we present a new algorithm based on the uniformization technique to compute this distribution for block degradable models. The main advantage of this method is its low polynomial computational complexity and its numerical stability, since it only deals with a nonincreasing sequence of positive numbers bounded by 1. This important property allows us to determine new truncation steps which improve the execution time of the algorithm. We apply this method to a degradable computer system.     

An intelligent tutor for intrusion detection on computer systems

Intrusion detection is the process of identifying unauthorized usage of a computer system. It is an important skill for computer-system administrators. It is difficult to learn on the job because it is needed only occasionally but can be critical. We describe a tutor incorporating two programs. The first program uses artificial-intelligence planning methods to generate realistic audit files reporting actions of a variety of simulated users (including intruders) of a Unix computer system. The second program simulates the system afterwards, and asks the student to inspect the audit and fix the problems caused by the intruders. This program uses intrusion-recognition rules to itself infer the problems, planning methods to figure how best to fix them, plan-inference methods to track student actions, and tutoring rules to tutor intelligently. Experiments show that students using the tutor learn a significant amount in a short time.     

Unsupervised word sense disambiguation with N-gram features

The present paper concentrates on the issue of feature selection for unsupervised word sense disambiguation (WSD) performed with an underlying Naïve Bayes model. It introduces web N-gram features which, to our knowledge, are used for the first time in unsupervised WSD. While creating features from unlabeled data, we are “helping” a simple, basic knowledge-lean disambiguation algorithm to significantly increase its accuracy as a result of receiving easily obtainable knowledge. The performance of this method is compared to that of others that rely on completely different feature sets. Test results concerning nouns, adjectives and verbs show that web N-gram feature selection is a reliable alternative to previously existing approaches, provided that a “quality list” of features, adapted to the part of speech, is used.