混合二次网络流量异常状态模型研究

提出了一种网络流量异常状态统计模型——混合二次网络状态模型MQNSM-G（DKS，DKKS，DAKS）。该模型从动态性原则以及降低误检率和漏检率思想出发．改进原有统计模型，建立了可以动态设定描述网络流量状态参数的加权统计模型。基于混合二次网络状态模型MQNSM～G（DKS，DKKS，DAKS）的入侵检测系统进一步证明了该模型可以更大程度上提高异常检测性能，降低其误检率和漏检率。     

一种动态的入侵检测系统负载均衡算法

目前的入侵检测不仅需要模式匹配,而且需要协议异常检测,提出了一种新动态的负载均衡算法,采用两层结构,对网络流量按照服务类型进行初步划分之后分别对每部分流量进行二次分配,并对每种类型的流量进行相应的协议异常检测。该算法能在不牺牲系统性能的前提下有效提高网络入侵检测系统的检测效率,降低误检率,并可有效地适应网络流量的变化,降低漏检率。     

基于小波的网络流量异常协同相变检测

针对网络流量表现出的非线性和非平稳性等复杂的动力学特征,提出一种基于小波的网络流量异常协同相变检测方法。该方法从网络流量时间序列的离散小波域出发,利用序参量的非线性动力学方程描述网络流量系统的复杂行为,采用势函数来刻画网络流量系统的非平稳相变过程,进一步分析了网络流量状态与各种攻击模式之间的变化关系,并通过协同学模型对网络流量序参量进行演化,当相应序参量收敛时,即可检测到相应的攻击模式或是正常流量模式。最后,采用了DARPA 1999数据集进行了实验测试,网络流量异常的平均检测率达到了90.00%,而平均误检率只有15.03%。实验结果表明,基于小波的协同相变方法可以用于网络流量异常检测。     

大尺度IP网络流量异常特征的多时间序列数据挖掘方法*

降低漏报率和误检率是网络流量异常检测的难点问题之一。本文提出了一种大规模通信网络流量异常特征分析的多时间序列数据挖掘方法,把多个网络流量特征参数构成的时间序列作为一个整体进行分析研究,进行多时间序列数据挖掘产生网络流量异常相关的有效关联规则,对整个通信网络的安全威胁进行准确地描述。Abilene网络数据验证了本文的方法。     

基于颜色和纹理特征的伪装色矿工目标检测

针对矿井下某些地段低光照低对比度导致矿工目标与环境颜色相似,呈现伪装色特点,一般场景目标检测方法易产生矿工漏检、误检的问题,提出了采用高斯混合模型(GMM)和局部二值模式(LBP)纹理模型线性融合的方法对目标矿工进行检测。首先利用高斯混合模型拟合背景颜色信息,然后通过局部二值模式纹理模型提取图像纹理信息,最后将颜色信息和纹理信息线性融合对矿工进行检测。实验结果表明,在满足实时性的同时,减少了矿工目标出现漏检、误检的问题,该方法可对具有伪装色特征的矿工目标进行实时检测,准确性高。     

基于模糊D-S证据论的入侵检测

根据操作系统的工作原理,对计算机执行程序的行为特征进行严密地入侵剖析。运用马尔可夫模型对计算机受到入侵时的状态建立合适粒度的状态知识源,采用模糊D-S证据论方法来融合所建立的状态知识源进行综合评判,解决了入侵检测过程多源数据融合常涉及到非排斥性假设和操作不确定性的数据所造成的误检和漏检率。经过实验分析,该方法有效地降低了误检和漏检率,提高了入侵检测的全面性和准确性。     

结合波段相关性的FY-3C MERSI异常条带检测方法

针对风云三号C星(FY-3C)搭载的中分辨率光谱成像仪(medium resolution spectral imager,MERSI)数据存在异常条带的问题,提出了一种结合波段相关性的异常条带检测方法。算法结合了FY-3C MERSI数据波段相关性和异常条带分布规律,通过构建波段差矩阵,快速准确地得到影像数据中存在的异常条带。定量实验分析结果表明,由于阈值选取和确定分割界线起止顺序等原因,基于数学形态法的检测结果会出现异常行条带定位不准确、存在大量误检和漏检的现象(行检测率64.5%,误检率45.2%,漏检率35.5%);而本文算法可以准确定位异常条带的行列号,能够有效地检测出FY-3C MERSI数据的异常行列条带(行检测率98.1%,误检率0.0%,漏检率1.9%),更适用于对大数据量的FY-3C MERSI影像数据异常行列条带进行批量检测处理。     

改进SSD算法的多目标检测

目标检测作为计算机视觉的核心,在人脸识别、人脸跟踪、大规模场景识别等方面具有广泛应用,其中One-stage领域的SSD算法检测速度和检测性能较为突出,但在环境较为复杂的多目标检测情况下仍会出现误检和漏检。针对这一问题,提出一种改进SSD算法的多目标检测方法,通过优化SSD内部网络和提高样本适用性的方式改善检测性能;其中,采用修改网络输出和添加抗旋转层ARConv来统一网络结构,降低模型训练时间,减少漏检;并提出P-NMS算法和限制函数优化训练样本,减少误检;在测试阶段,提出单张图片批量测试方法,有效提高模型召回率。实验结果表明,改进后算法具有更强的鲁棒性,并且能有效降低误检、漏检率提升网络性能。     

应用于高速网络的基于报文采样和应用签名的BitTorrent流量识别算法

在高速网络上进行P2P流量识别具有极大的困难,因为基于端口号的方法已经不再准确,而基于应用签名的方法没有足够高的处理效率.提出了应用于高速网络的基于报文采样和应用签名的BitTorrent流量识别算法.建立了误检率和漏检率模型来分析报文采样率和签名率对识别准确度的作用,并指导应用签名和采样率的选择.通过开发流状态判别预处理器,在Snort平台上实现了该流量识别算法.实验结果表明该流量识别算法处理效率和准确度都是令人满意的,能应用于高速网络环境.在普通个人计算机上,对采样报文的处理效率在800Mbps以上.将该方法应用于报文处理,当采样率为0.5时漏检率为0.6%,当采样率为0.1时漏检率为5.9%,当采样率为0.05时漏检率为10.5%.将该方法应用于流数据分析,当采样率为0.5时漏检率为0.06%,当采样率为0.1时漏检率为0.33%,当采样率为0.05时漏检率为1.1%.该方法展现了优秀的误检性能,没有任何报文被误检.实验结果也表明误检率和漏检率模型是非常准确的.     

一种网络流量异常检测模型

网络流量异常影响网络性能,严重时造成网络中断,在基于统计的网络流量异常检测模型基础上,本文提出一种改进的方法。首先对采样数据进行预处理,去除坏值;然后采用统计学方法对网络流量稳态模型进行建模和更新,选择表现流量特征明显、属性相关性小的指标反映网络流量;最后利用同比和环比相结合的方法对网络流量进行异常判断。实验结果表明,该方法能对网络流量异常有较好的监控,并减小异常检测的误判率。     

基于改进的滑动平均滤波器的DDoS攻击检测

本文通过对网络流量统计的分析,提出了一种基于滑动平均滤波器的DDoS攻击检测方法。该方法不同于以往单一根据网络流量的突变或根据攻击对流量分布的影响来分析DDOS攻击的方法,而是通过运用滑动平均滤波技术将两者综合考虑。该方法即适合引起网络流量突变的攻击,又适合发现大流量背景下攻击流量并没有引起整个网络流量显著变化的攻击。因此适合于各种规模的网络流量的异常检测。另外,详细给出了对检测成功率和误报率起着至关重要作用的阀值范围。     

Flexible configuration for seamless supply chains: Directions towards decision knowledge sharing

Supply chain excellence has a real huge impact on business strategy. Building supply chains (SC_s) as flexible system represents one of the most exciting opportunities to create value (e.g., seamless SC_s). This requires integrated decision making amongst autonomous chain partners with effective decision knowledge sharing among them. The key to success lies in knowing which decision has more impact on the supply chains performance. Knowledge sharing has immense potential to create expedient opportunities and thus retain greater value for supply chains. In this context, knowledge management (KM) can be used as an effective approach to achieve knowledge sharing and decision synchronization among supply chain partners. To maximize competitive advantage, concept of seamless supply chains is emerging with KM as key enabler. Thus, there is a need to develop demo models that can encourage chain members towards collaborative-knowledge sharing in the SC_s. This paper depicts the application of one such model based on decision knowledge sharing (DKS) for improved supply chains management. We study the impact of DKS (both partial and full DKS configuration in SC) and then compare the performance with information sharing (IS) and forecasting. By exploiting DKS and flexibility in supply chains structures better performance can be achieved. The paper develops the demo models on various supply chains scenario like (1st, 2nd and 3rd stage SC_s, forecasting, IS and DKS (full and partial). The partial and full DKS based flexibility configurations of SC_s are considered for simulation experimentation. A simulation model of a supply chains based on flexible framework is developed for demo purposes. The key results are highlighted along with the respective industry implications. Our research is continuing in this direction.     

基于网络处理器的多模式串匹配研究

深度数据包检查是网络入侵检测系统的性能瓶颈。该文分析入侵规则集中模式串的分布特点,对多模式匹配算法FNP进行改进,研究在多核多线程体系结构的网络处理器上高效实现模式串匹配的方法。在Intel IXP2800网络处理器上的仿真实验结果表明,改进算法在规模为10 K的模式串集合上能达到6 Gb/s的吞吐量,具有几乎线性的加速比。     

基于FPP的网络安全风险量化评估研究

针对风险评估过程的不确定性,本文提出了一种基于模糊偏好规划法的网络安全风险综合评估模型。利用层次分析法确定各种风险因素相对重要性的评价区间,应用模糊偏好规划法处理风险因素的相对有效性量化评估,增强了评估准确性。通过评估实例分析可知,该模型可以方便地应用于网络安全风险评估,实验结果符合实际。     

The meta-defect-detection system for gear pitting based on digital twin

Gear pitting is a typical surface defect, and its accurate three-dimensional (3D) detection is significant for the operation and maintenance of equipment. Therefore, this paper develops a 3D gear pitting detection method based on digital twin. Firstly, a geometric model of gear pitting is built to expand the samples which are helpful improving the detection accuracy. Secondly, based on the gear pitting model and Unity, a virtual fringe projection profilometry (FPP) system is established in the metaverse for generating the deformation fringe patterns and retrieving their phases. To improve the accuracy of pitting detection, a gear pitting detection network (GPD-Net) is proposed. It can not only extract local and global characteristics from different spaces and scales but also fuse these features via the proposed attention-based conditional random field modules. Thus GPD-Net can retrieve the high-precision wrapped phase by a single fringe pattern. Meanwhile, an FPP system is built in the physical world, and the reconstructed actual point cloud images are imported into the virtual FPP system for the precise measurement of gear pitting. The developed measurement system can be regarded as a meta-defect-detection system. The experimental results show the superiority of GPD-Net over the state-of-the-art phase retrieval algorithms and the effectiveness of the proposed three-dimensional gear pitting detection method. The proposed 3D detection method based on FPP is not limited by the fault type, and it can be effectively applied to the 3D measurement of various surface defects.     

基于攻击图节点概率的网络安全度量方法

为了保护网络中关键信息资产, 评估分析网络的整体安全性, 提出了一种基于攻击图节点概率的网络安全度量方法。该方法改进了原子攻击节点自身概率的计算模型, 引入累积可达概率, 在此基础上, 研究了网络安全风险评估模型。实验结果表明, 所提评估方法能够准确地评估目标状态的安全级别和网络的整体风险。     

Adaptive dynamic programming for linear impulse systems

We investigate the optimization of linear impulse systems with the reinforcement learning based adaptive dynamic programming （ADP） method. For linear impulse systems, the optimal objective function is shown to be a quadric form of the pre-impulse states. The ADP method provides solutions that iteratively converge to the optimal objective function. If an initial guess of the pre-impulse objective function is selected as a quadratic form of the pre-impulse states, the objective function iteratively converges to the optimal one through ADP. Though direct use of the quadratic objective function of the states within the ADP method is theoretically possible, the numerical singularity problem may occur due to the matrix inversion therein when the system dimensionality increases. A neural network based ADP method can circumvent this problem. A neural network with polynomial activation functions is selected to approximate the pr~impulse objective function and trained iteratively using the ADP method to achieve optimal control. After a successful training, optimal impulse control can be derived. Simulations are presented for illustrative purposes.     

基于HMM-BP-DS的雷达装备BIT虚警抑制方法

针对雷达装备BIT虚警“假报”、“错报”的两类表现,提出一种基于HMM-BP-DS的虚警抑制方法.首先将雷达系统状态划分为正常、虚警和故障3个状态,利用HMM区分系统是否产生故障,消除“假报”现象;再对故障状态下采集到的雷达数据采用BP神经网络和D-S证据理论处理,对故障进行定位,以消除“错报”现象.实验分析结果表明,该方法能有效降低雷达装备BIT虚警率.     

Reset law design based on robust model predictive strategy for uncertain systems

In a continuous time control system, if some of the controller states are reset, certain limitations on the system response can be removed. Moreover, the stability and performance of such a reset control system may be improved. Resetting action has two main characteristics which should be determined: (a) when the controller states are reset and (b) how the after reset values of the controller states are determined. By defining a reset set, when the system states enter this set, the instants for the controller states reset, can be determined. This paper addresses the second question on how to determine the after reset values. In order to design a reset law for real time applications, a model predictive strategy is proposed that specifies the after reset values by minimizing a quadratic performance index. The quadratic minimization problem is converted to a LMI formulation and the reset law is determined by solving this LMI optimization problem at certain reset times. This approach is applied to a typical CSTR system to demonstrate the effectiveness of the proposed method for industrial process control application.     

一种基于概率的路径预测与查询算法

研究了路网空间内的路径预测与查询技术,设计了基于统计信息和概率论的最优路径预测算法。实际应用中,路网错综复杂。提出可能路径集合的概念,并设计算法来提取当前路径预测涉及到的路网子网,减小路网规模和路径预测的复杂度。在空间网络环境下,现有移动对象位置预测技术主要针对短期预测,不能预测下一路口的交通情况。为了弥补这一缺陷,降低用户端的位置更新率,设计了路网移动模型来简洁描述提取自大量历史移动路径的移动统计特征,捕捉路口处转向模式。基于移动模型,提出了具有较高精度的交通预测模型来预测对象的运动路径。