基于云模型的入侵检测研究

由于网络行为的不确定性,使现有入侵检测系统几乎都存在高误报率和高漏报率的缺点。云模型是将模糊性和随机性有机结合进行不确定性推理的有效工具。本文利用云模型来处理网络实体行为的不确定性,提出了一种新的云入侵检测方法。该方法通过基于云知识库的云推理引擎进行不确定性推理,以对网络实体行为进行智能判断。模拟结果表明该方法能有效提高入侵检测效率。     

模糊Petri网知识表示方法在入侵检测中的应用

根据网络攻击具有并发性,攻击特征的提取具有不确定性等特点,给出了采用模糊Pelri网实现攻击知识的表达和入侵检测的推理模型。该模型解决了误用入侵检测系统中现有知识表示方法不能并行推理的问题,以及传统的基于Pelri网可达图搜索求解导致模型描述复杂、推理缺少智能的问题。最后通过入侵实例验证了该模型的正确性和有效性。     

基于案例推理的入侵检测关联分析研究

针对基于规则和模型的入侵检测专家系统中难以建立和表达入侵检测规则的问题,利用基于案例推理(CBR)方法对知识要求的低依赖性,将它引入入侵检测(ID)领域,提出了基于案例推理的入侵检测关联分析(CBRIDRA)模型的框架,研究了系统各功能模块,并对其中攻击案例定义、攻击案例检索、攻击案例管理、专家知识系统等关键技术的解决思路和实现方法进行了讨论。     

基于规则推理的FPN误用入侵检测方法

针对网络入侵攻击活动的模糊性，提出了一种基于模糊推理的模糊Petri网（FPN）误用入侵检测方法。该方法定义了一个六元组FPN，并将模糊产生式规则精化为两种基本类型。在此基础上给出了FPN表示模糊规则的模型、推理过程和基于FPN的推理算法。最后通过入侵检测的实例对该方法的正确性和有效性进行了验证，结果表明该方法推理过程简单直观、容易实现，而且具有并行推理能力，可适用于大规模的FPN模型，是误用入侵检测技术的一种非常有效的解决方案。     

基于多维多重Fuzzy推理的入侵检测模型

目前网络入侵检测系统中存在大量的Fuzzy性问题,通过对三I算法的分析,提出一个基于RM蕴涵算子的三I算法,并就FMP（fuzzy modus pronens）问题,运用该算法,研究基于多维多重以及多维多重规则时的解。该算法在研究入侵检测系统中结合特征知识库,提取入侵行为规则,抽象出入侵行为检测Fuzzy推理的一般性模型,给出了基于该模型算法的描述,并分析了算法的性能,在该算法中,应用的Fuzzy推理是基于RM算子的三I算法。     

基于神经网络的入侵检测方法

论文针对Windows下信息获取的特点,探讨了一种将Windows入侵检测信息向黑客特征映射的归一化方法,并利用神经网络进行推理,解决Windows入侵检测信息来自不同层面不好关联的问题,同时实现入侵检测的并行推理和不确定性推理。     

基于组合智能的网络入侵检测模型

提出了一种基于组合智能的入侵检测模型,入侵检测中存在的主要问题是数据特征属性多,以及存在不完整数据问题。如果一个实际的入侵检测系统不对数据进行处理,则无法准确地检测到入侵行为。为解决这个问题,本文利用组合智能方法,通过对数据特征属性的约简,将输入信息模糊化和数据本身的训练和学习,能够解决入侵检测中存在的问题,该模型有较好的数据处理能力,实验结果表明引入组合智能后的入侵检测效率大大提高。     

一种基于Agent技术的入侵检测系统模型

本文首先指出了将Agent技术应用于入侵检测系统的优势,依据入侵检测系统的特点给出了主机的状态转换图,并提出了一个入侵检测模型,该模型的主机中有数据异常检测Agent、特征提取Agent、数据一致性检测Agent、完整性检测Agent以及日志处理,Agent通过学习机制建立行为库,对行为库里的信息进行推理获得入侵规则信息并将其加入到入侵规则库.最后用Aglet技术对该模型进行了仿真和实现,得出基于Agent的入侵检测技术具有较高的检测率及较低的误报率。     

基于粗糙集和证据推理的网络入侵检测模型

证据推理依赖于专家知识提供证据,要求各证据体相互独立,因此难以应用于实际。针对上述问题,提出基于粗糙集理论的证据获取和基本概率赋值客观确定方法,利用粗糙集中的属性约简算法剔除冗余属性,形成最简属性集,以提高证据合成效率,缩短证据合成时间,减少证据合成的冲突现象。在此基础上建立一个基于粗糙集和证据推理的网络入侵检测模型,通过算例验证该模型检测精度较高、误检率较低。     

数据挖掘在网络入侵检测中的应用研究

本文提出一种基于数据挖掘的入侵检测模型,其主要思想是利用数据挖掘的方法,从经预处理的包含网络连接信息的审计数据中提取能够区分正常和入侵的规则,并用来检测入侵行为.对Apriori算法中求频繁集时扫描数据库I/O负载惊人的问题提出了一种改进办法.为验证该算法的可行性,文章最后实现了该入侵检测模型的知识库中正常连接规则的挖掘.实验表明该模型能提取特征生成新规则,并证明了方法的可行性和有效性.     

A Hopfield network learning method for bipartite subgraph problem

We present a gradient ascent learning method of the Hopfield neural network for bipartite subgraph problem. The method is intended to provide a near-optimum parallel algorithm for solving the bipartite subgraph problem. To do this we use the Hopfield neural network to get a near-maximum bipartite subgraph, and increase the energy by modifying weights in a gradient ascent direction of the energy to help the network escape from the state of the near-maximum bipartite subgraph to the state of the maximum bipartite subgraph or better one. A large number of instances are simulated to verify the proposed method with the simulation results showing that the solution quality is superior to that of best existing parallel algorithm. We also test the learning method on total coloring problem. The simulation results show that our method finds optimal solution in every test graph.     

IDENTIFIABILITY IN CAUSAL BAYESIAN NETWORKS: A GENTLE INTRODUCTION

In this article we describe an important structure used to model causal theories and a related problem of great interest to semi-empirical scientists. A causal Bayesian network is a pair consisting of a directed acyclic graph (called a causal graph) that represents causal relationships and a set of probability tables, that together with the graph specify the joint probability of the variables represented as nodes in the graph. We briefly describe the probabilistic semantics of causality proposed by Pearl for this graphical probabilistic model, and how unobservable variables greatly complicate models and their application. A common question about causal Bayesian networks is the problem of identifying causal effects from nonexperimental data, which is called the identifability problem. In the basic version of this problem, a semi-empirical scientist postulates a set of causal mechanisms and uses them, together with a probability distribution on the observable set of variables in a domain of interest, to predict the effect of a manipulation on some variable of interest. We explain this problem, provide several examples, and direct the readers to recent work that provides a solution to the problem and some of its extensions. We assume that the Bayesian network structure is given to us and do not address the problem of learning it from data and the related statistical inference and testing issues.     

基于有向图分割的推荐算法

利用资源分配的原理提出一个基于有向图分割的推荐算法.通过二部图网络结构与资源分配方法的结合,建立了物品间关系的有向图,再利用非对称非负矩阵分解(Asymmetric Nonnegative Matrix Factorization, ANMF)分割此有向图,并将物品根据分割结果得出的物品间关联关系进行分类,并以此设置物品间的关联权重,最终实现对用户的Top-N物品推荐方案.实验结果表明,提出的算法提高了推荐准确率,并且能在一定程度上提高推荐多样性,降低推荐物品的流行性.     

构建贝叶斯网络本质图的新方法

等价类学习是贝叶斯网络结构学习的一个重要分支,而本质图是贝叶斯网络等价类的图形表示,是进行等价类学习的有力工具。针对求解贝叶斯网络结构本质图存在的繁琐问题,提出了一种构建贝叶斯网络本质图的组合算法。该算法从初始非循环有向图开始,对所有有向边进行排序,保持V-结构中的边不变,将不参与V-结构的有向边转化为无向边,依次根据三条规则判定各条无向边在本质图中的方向。给出了算法的理论证明,通过具体案例分析验证了算法的有效性。     

基于偏好的二分图网络模型Top-N推荐

针对推断网络(NBI)的二分图方法中只是考虑用户是否评价过项目,却没有利用用户评分高低这一局限性,提出基于偏好的推断网络(PNBI)推荐方法。该方法在推断网络的基础上,考虑单个用户对项目评分高低体现了该用户对项目的喜好程度,在“用户-项目”的资源分配过程中,将资源分配给评分值较大的评分项,该方法能克服NBI算法中无法使用低评分值数据的缺陷。考虑到数据的稀疏性问题,采用倒排表的方法来节省相似度的运算次数,加速算法。在MovieLens数据集上的实验表明, PNBI二分图推荐算法在准确率、覆盖率和召回率三个方面均优于NBI二分图推荐算法。     

融合知识表示和深度强化学习的知识推理方法

知识推理是解决知识图谱中知识缺失问题的重要方法,针对大规模知识图谱中知识推理方法仍存在可解释性差、推理准确率和效率偏低的问题,提出了一种将知识表示和深度强化学习相结合的方法RLPTransE。利用知识表示学习方法,将知识图谱映射到含有三元组语义信息的向量空间中,并在该空间中建立强化学习环境。通过单步择优策略网络和多步推理策略网络的训练,使强化学习智能体在与环境交互过程中,高效挖掘推理规则进而完成推理。在公开数据集上的实验结果表明,相比于其他先进方法,该方法在大规模数据集推理任务中取得更好的表现。     

Web robot detection: A probabilistic reasoning approach

In this paper, we introduce a probabilistic modeling approach for addressing the problem of Web robot detection from Web-server access logs. More specifically, we construct a Bayesian network that classifies automatically access log sessions as being crawler- or human-induced, by combining various pieces of evidence proven to characterize crawler and human behavior. Our approach uses an adaptive-threshold technique to extract Web sessions from access logs. Then, we apply machine learning techniques to determine the parameters of the probabilistic model. The resulting classification is based on the maximum posterior probability of all classes given the available evidence. We apply our method to real Web-server logs and obtain results that demonstrate the robustness and effectiveness of probabilistic reasoning for crawler detection.     

BIC-based node order learning for improving Bayesian network structure learning

Node order is one of the most important factors in learning the structure of a Bayesian network (BN) for probabilistic reasoning. To improve the BN structure learning, we propose a node order learning algorithmbased on the frequently used Bayesian information criterion (BIC) score function. The algorithm dramatically reduces the space of node order and makes the results of BN learning more stable and effective. Specifically, we first find the most dependent node for each individual node, prove analytically that the dependencies are undirected, and then construct undirected subgraphs U_G. Secondly, the U_G- is examined and connected into a single undirected graph U_GC. The relation between the subgraph number and the node number is analyzed. Thirdly, we provide the rules of orienting directions for all edges in UGC, which converts it into a directed acyclic graph (DAG). Further, we rank the DAG’s topology order and describe the BIC-based node order learning algorithm. Its complexity analysis shows that the algorithm can be conducted in linear time with respect to the number of samples, and in polynomial time with respect to the number of variables. Finally, experimental results demonstrate significant performance improvement by comparing with other methods.     

A parallel improvement algorithm for the bipartite subgraph problem

The authors propose the first parallel improvement algorithm using the maximum neural network model for the bipartite subgraph problem. The goal of this NP-complete problem is to remove the minimum number of edges in a given graph such that the remaining graph is a bipartite graph. A large number of instances have been simulated to verify the proposed algorithm, with the simulation result showing that the algorithm finds a solution within 200 iteration steps and the solution quality is superior to that of the best existing algorithm. The algorithm is extended for the K-partite subgraph problem where no algorithm has been proposed.     

Bipartite tracking of homogeneous and heterogeneous linear multi-agent systems

In this paper, we consider bipartite tracking of linear multi-agent systems with a leader. Both homogeneous and heterogeneous systems are investigated. The communication between agents is modelled by a directed signed graph, where the negative (positive) edges represent the antagonistic (cooperative) interactions among agents. Linear Quadratic Regulator (LQR)-based approach is used to derive the distributed protocol for the follower agent to achieve bipartite tracking of the leader. It is shown that solving the bipartite tracking problem over the structurally balanced signed graph is equivalent to solving the cooperative tracking problem over a corresponding graph with nonnegative edge weights. This bridges the gap between the newly raised bipartite tracking problem and the well-studied cooperative tracking problem. Three novel control protocols are proposed for both cooperative and bipartite output tracking of heterogeneous linear multi-agent systems. Numerical examples are given to show the effectiveness of our control protocols.