基于分布式数据流的网络处理器数据收集分类平台

自适应分布式数据流处理调整技术进行分布式数据收集与分类时,未构建精准的数据分类器,导致分类精度有所偏差,设计基于分布式数据流的网络处理器数据收集分类平台。所设计平台总体架构包括平台管理层、分布式数据收集层、分布式数据分类层;网络处理器通过网络交换机端口接收分布式数据流,采用变压器、PHY处理所获数据,与主控芯片FPGA交互将数据保存,实现分布式数据流收集;网络处理器实现分布式数据流分类过程包括训练阶段与测试阶段,训练阶段采用分布式数据流更新规则完成数据特征选择,测试阶段进行分布式数据流分类特征更新,对关联度较大的特征数据实施筛选,实现分布式数据流的分类。实验结果表明,所设计平台分类精确度均值高达99.5%,且用时短、使用内存小。     

基于用户信誉值防御DDoS攻击的协同模型

提出了一种基于用户信誉值防御DDoS攻击协同(CDDACR,cooperation defense DDoS attack based on client reputation)模型来检测和防御DDoS攻击.该模型在逻辑上由2个检测代理构成:路由器端的RDA(router detection agent)和服务器端的SDA(server detection agent).RDA对用户数据流进行粗粒度检测,旨在过滤具有明显DDoS攻击特征的恶意数据流;SDA对用户数据流进行细粒度检测,检测并过滤恶意的狡猾攻击和低流量攻击,RDA和SDA协同工作来实时监测网络状况.实验结果表明,CDDACR模型能实时地识别和防御DDoS攻击,并且在异常发生时有效地阻止服务器被攻击的可能性.     

基于半监督多视图特征协同训练的网络恶意流量识别方法

针对恶意流量样本特征变化较快,准确标记困难的问题,提出了一种基于半监督多视图特征协同训练的网络恶意流量识别方法.该方法能够使用大量的未标记数据协同训练分类模型,提升分类模型的泛化能力.使用原始字节流特征和网络流统计特征,构建两种特征视图,借助协同训练框架进行半监督的恶意流量识别.分别使用两个公开数据集对模型训练和测试,...     

智能电网中高维数据聚类方法研究

随着电网智能化程度的逐步深入,智能电网高维数据成为了“电网2.0”的重要价值资源.本文论述了智能电网大数据源、大数据流体系,讨论了传统电力数据聚类方法与特征,分析了智能电网高维数据所具有的稀疏性、空空间现象、维度效应、Hubness现象和离群点检测的特征,对智能电网高维数据从维数简化、索引技术、结果表征与评价方面论述了高维数据聚类分析方法和应用实践.     

基于强化学习的网络数据流异常检测数学建模

为避免网络环境遭到异常数据流的攻击,实现对常规信息参量的准确捕获,设计基于强化学习理论的网络数据流异常检测数学模型.分析PLVF-TD学习框架的组成形式,借助分段线性值函数,对局部节点的泛化能力展开研究,完成网络数据流信息的强化特性学习.在此基础上,搭建Storm流式处理平台,通过选取网络数据流特征的方式,确定异常数据...     

基于数据流方法的大规模网络异常发现

随着网络规模和速度的增加,大规模网络异常发现要求检测算法能够在无保留状态或者少保留状态下对G比特级的海量网络业务量数据进行实时在线分析。针对在高速骨干网上进行大规模网络异常发现的特点和要求,提出了一种基于数据流的大规模网络异常发现的方法,第一次将数据流模型用于大规模网络的异常发现。主要包括以下创新点:设计了一种面向异常发现的网络流量概要数据结构和突发高频事件检测算法;提出了一种基于安全监测策略定制的预查询方法来进行多数据流的关联监测并且对数据流查询进行了优化;在真实数据分析的基础上,对网络业务量进行了数据约减,使得监测部分特殊类型的数据流能最大程度地获得整体网络业务量的变化特征以提高异常发现的效率。通过真实网络环境下的实验和性能评价验证了数据流方法的有效性。     

一种支持稀疏卷积的深度神经网络加速器的设计

本论文针对深度升级网络中的卷积计算的循环特征,分析了当前已有的神经网络加速对于卷积计算的权重做二维并行和三维并行的实现方式,提出了一种新的神经网络加速器(DNNA)设计。本文DNNA合并二维并行和三维并行,并可根据卷积计算的参数特征灵活选择数据流,优化卷积计算的并行效率。本文DNNA对稀疏卷积可以既省略权重零值的计算,还可以均衡MAC算力。本文DNNA通过仿真和FPGA测试验证卷积计算正确性,在Xilinx ZYNQ-7000 FPGA板上,按256个MAC单元+256KByte Buffer实现,约需要27000 LUTs。     

基于模糊C均值的数据流入侵检测算法

针对数据在性态和类属方面存在不确定性的特点,提出一种基于模糊C均值聚类的数据流入侵检测算法,该算法首先利用增量聚类得到网络数据的概要信息和类数,然后利用模糊C均值聚类算法对获取的数据特征进行聚类。实验结果表明该算法可以有效检测数据流入侵。     

媒体多处理器系统芯片中的高效数据搬运机制

媒体处理是一种高宽带流量的数据流处理,系统不仅需要有很强的媒体数据运算能力,还需要高效的数据搬运机制.媒体多处理器系统芯片复杂的内部结构对数据搬运机制的设计提出了新的挑战.根据媒体数据的存储特点,阐述了面向媒体数据搬运、基于任务链表的二维DMA机制;设计了用于媒体多处理器系统芯片的集中式DMA控制器.实验数据表明,在进行MPEG视频解码时,使用二维DMA机制的执行周期比未使用DMA机制的执行周期减少了50 %左右.     

基于随机森林的无线通信网络入侵检测方法

由于传统网络入侵检测方法依赖特征知识库对恶意流量数据进行智能判别,导致检测结果的精度较低,本研究提出基于随机森林的无线通信网络入侵检测方法。根据入侵位置划分无线通信网络的入侵方式,提取并处理不同入侵方式下的无线通信网络流量数据,基于随机森林算法对提取数据中的恶意流量与正常流量进行分类,以此完成无线通信网络入侵检测。实验结果表明,文章设计的方法检测不同类型的无线通信网络入侵行为时误检率为2.83%,证实了该方法的有效性与精确性。     

基于Filter-ary-Sketch数据结构的骨干网异常检测研究

针对骨干网上异常检测的特殊要求,提出了一种基于Filter-ary-Sketch数据结构的异常检测方法。该方法通过Filter-ary-Sketch实时记录网络流量信息,然后每隔一定周期进行基于多维熵值的异常检测。如果出现异常则根据Filter-ary-Sketch记录的流量信息进行异常点定位,最后利用Bloom Filter中记录的源IP信息进行恶意流量阻断。该方法能够检测多种类型的网络攻击,且能有效地进行恶意流量阻断。利用实际骨干网流量数据,分别从效率和精度2个方法进行对比实验,取得了较好的效果。     

基于改进型循环神经网络的恶意代码分类检测

近年来,随着恶意代码检测技术的提升,网络攻击者开始倾向构建能自重写和重新排序的恶意代码,以避开安全软件的检测。传统的机器学习方法是基于安全人员自主设计的特征向量来判别恶意代码,对这种新型恶意代码缺乏检测能力。为此,文中提出了一种新的基于代码时序行为的检测模型,并采用回声状态网络、最大池化和半帧结构等方式对神经网络进行优化。与传统的检测模型相比,改进后的模型对恶意代码的检测率有大幅提升。     

基于卷积神经网络的网络隐写分析方法研究

针对现有网络隐写分析算法特征提取难度大、算法适用范围单一的问题,文章提出了一种基于卷积神经网络的网络隐写分析方法。对网络数据流进行预处理,将所有数据包处理成大小相同的矩阵,最大限度地保留数据特征完整性;使用异构卷积进行特征提取,减少模型计算量及参数数量,加快模型收敛速度;取消池化层,提高模型训练效率。与传统网络隐写分析方法相比,模型能够自动提取数据特征,识别多种网络隐写算法。     

支持数据隐私保护的恶意加密流量检测确认方法

为解决基于机器学习的恶意加密流量检测易产生大量误报的问题,利用安全两方计算,在不泄露具体数据内容的前提下实现网络流量内容和入侵检测特征间的字符段比对.基于字符段比对结果,设计入侵检测特征匹配方法,完成关键词的精准匹配.为保证所提方法的有效执行,提出用户终端输入随机验证策略,使恶意用户终端难以使用任意数据参与安全两方计算...     

HTTP malicious traffic detection method based on hybrid structure deep neural network

In response to the HTTP malicious traffic detection problem,a preprocessing method based on cutting mechanism and statistical association was proposed to perform statistical information correlation as well as normalization processing of traffic.Then,a hybrid neural network was proposed based on the combination of raw data and empirical feature engineering.It combined convolutional neural network (CNN) and multilayer perceptron (MLP) to process text and statistical information.The effect of the model was significantly improved compared with traditional machine learning algorithms (e.g.,SVM).The F₁value reached 99.38% and had a lower time complexity.At the same time,a data set consisting of more than 450 000 malicious traffic and more than 20 million non-malicious traffic was created.In addition,prototype system based on model was designed with detection precision of 98.1%~99.99% and recall rate of 97.2%~99.5%.The application is excellent in real network environment.     

Cooperative wideband sensing based on cyclostationary features with multiple malicious user elimination

Spectrum sensing is an essential concept in cognitive radio. To overcome the single node sensing issue that arises due to channel impediments, cooperative/multinode sensing is being used. Although cooperation among multiple cognitive users enhances the sensing performance, presence of few malicious cognitive users may severely degrade the efficiency of the system. In this paper, generalized extreme studentized deviate (GESD) and adjusted box-plot (ABP) methods are introduced to increase the sensing reliability of cooperative network by eliminating multiple malicious cognitive users. The performance of the cyclostationary feature detection method is compared with the energy detection method under different channel impediments. The simulation results are carried out with false alarm probability of 0.01 and a detection probability of 0.9. The simulation results reveal that there is a significant improvement in cooperative sensing performance by elimination of multiple malicious user in the network.     

Novel approach of distributed & adaptive trust metrics for MANET

It is known to all that mobile ad hoc network (MANET) is more vulnerable to all sorts of malicious attacks which affects the reliability of data transmission because the network has the characteristics of wireless, multi-hop, etc. We put forward novel approach of distributed & adaptive trust metrics for MANET in this paper. Firstly, the method calculates the communication trust by using the number of data packets between nodes, and predicts the trust based on the trend of this value, and calculates the comprehensive trust by considering the history trust with the predict value; then calculates the energy trust based on the residual energy of nodes and the direct trust based on the communication trust and energy trust. Secondly, the method calculates the recommendation trust based on the recommendation reliability and the recommendation familiarity; adopts the adaptive weighting, and calculates the integrate direct trust by considering the direct trust with recommendation trust. Thirdly, according to the integrate direct trust, considering the factor of trust propagation distance, the indirect trust between nodes is calculated. The feature of the proposed method is its ability to discover malicious nodes which can partition the network by falsely reporting other nodes as misbehaving and then proceeds to protect the network. Simulation experiments and tests of the practical applications of MANET show that the proposed approach can effectively avoid the attacks of malicious nodes, besides, the calculated direct trust and indirect trust about normal nodes are more conformable to the actual situation.

     

Security upgrade against RREQ flooding attack by using balance index on vehicular ad hoc network

VANET is an ad hoc network that formed between vehicles. Security in VANET plays vital role. AODV routing protocol is a reactive or on-demand routing protocol which means if there is data to be send then the path will create. AODV is the most commonly used topology based routing protocol for VANET. Using of broadcast packets in the AODV route discovery phase caused it is extremely vulnerable against DOS and DDOS flooding attacks. Flooding attack is type of a denial of service attack that causes loss of network bandwidth and imposes high overhead to the network. The method proposed in this paper called Balanced AODV (B-AODV) because it expects all network node behave normally. If network nodes are out of the normal behavior (too much route request) then they identified as malicious node. B-AODV is designed with following feature: (1) The use of adaptive threshold according to network conditions and nodes behavior (balance index) (2) Not using additional routing packets to detect malicious nodes (3) Perform detection and prevention operations independently on each node (4) Perform detection and prevention operations in real time (5) No need for promiscuous mode. This method for detection and prevention flooding attack uses average and standard deviation. In this method each node is employing balance index for acceptation or rejection RREQ packets. The results of the simulation in NS2 indicates B-AODV is resilience against flooding attack and prevent loss of network bandwidth. Comparing between AODV with B-AODV in normal state (non-attacker) shows B-AODV is exactly match with AODV in network performance, this means that the B-AODV algorithm does not impose any overhead and false positive to AODV.     

基于IQ图特征的小样本通信辐射源个体识别

在真实的战场环境中,我们很难采集到足够的带标签的敌方辐射源数据,因此,小样本学习变得越来越重要。通过不断地发展,CNN神经网络有着很强的处理图片分类的能力。在小样本条件下,为了充分利用发展最为成熟的CNN神经网络,本文提出了将一维IQ数据转化成二维的IQ图特征的方法,来进行针对小样本的分类任务。由于数据的IQ图具有重复性与个体的差异性,通过实验,这种方法在识别不同个体超短波电台上有着99.5%的正确率,对比双谱特征,IQ图特征具有更强的识别能力。这种特征变换方法简单,并且CNN网络处理图片分类的技术成熟,具有很强的实用性。