F-BIDS: Federated-Blending based Intrusion Detection System

The rapid development of network communication along with the drastic increase in the number of smart devices has triggered a surge in network traffic, which can contain private data and in turn affect user privacy. Recently, Federated Learning (FL) has been proposed in Intrusion Detection Systems (IDS) to ensure attack detection, privacy preservation, and cost reduction, which are crucial issues in traditional centralized machine-learning-based IDS. However, FL-based approaches still exhibit vulnerabilities that can be exploited by adversaries to compromise user data. At the same time, meta-models (including the blending models) have been recognized as one of the solutions to improve generalization for attack detection and classification since they enhance generalization and predictive performances by combining multiple base models. Therefore, in this paper, we propose a Federated Blending model-driven IDS framework for the Internet of Things (IoT) and Industrial IoT (IIoT), called F-BIDS, in order to further protect the privacy of existing ML-based IDS. The proposition consists of a Decision Tree (DT) and Random Forest (RF) as base classifiers to first produce the meta-data. Then, the meta-classifier, which is a Neural Networks (NN) model, uses the meta-data during the federated training step, and finally, it makes the final classification on the test set. Specifically, in contrast to the classical FL approaches, the federated meta-classifier is trained on the meta-data (composite data) instead of user-sensitive data to further enhance privacy. To evaluate the performance of F-BIDS, we used the most recent and open cyber-security datasets, called Edge-IIoTset (published in 2022) and InSDN (in 2020). We chose these datasets because they are recent datasets and contain a large amount of network traffic including both malicious and benign traffic.     

Spatial-temporal analysis of safety risks in trajectories of construction workers based on complex network theory

Understanding the traffic patterns of construction workers on high-risk construction sites is important for implementing behaviour-based safety management. However, safety risks in worker trajectories are a complex system with high uncertainty. This resulted in few studies focusing on analysing the spatial–temporal risk in workers' trajectories from a systematic perspective. This study designs a new framework to explore the spatial–temporal patterns of safety risks in the trajectories of construction workers based on complex network theory. First, an integrated site safety risk classification method by combining hazard sources and group trajectory distribution is developed to accurately describe the spatial distribution of site risks. Second, a new complex network chronnet is used to construct complex networks containing risk information for spatial–temporal analysis. Finally, key risk areas and risk transition patterns are identified through the analysis of network measures. The study also developed a computational program that allows the network to be constructed and analysed in real-time. The feasibility and effectiveness of the method are verified through a case study. The results show that the method can reveal the risk distribution at the micro level, and explore the risk clustering and transition features in worker trajectories at the macro level. The study allows for an accurate analysis of dynamic risk patterns in construction workers' trajectories from a systematic perspective. It can also provide theoretical and practical support for personalized and adaptive behaviour-based safety management for construction workers.     

Critical factors and paths influencing construction workers’ safety risk tolerances

While workers’ safety risk tolerances have been regarded as a main reason for their unsafe behaviors, little is known about why different people have different risk tolerances even when confronting the same situation. The aim of this research is to identify the critical factors and paths that influence workers’ safety risk tolerance and to explore how they contribute to accident causal model from a system thinking perceptive. A number of methods were carried out to analyze the data collected through interviews and questionnaire surveys. In the first and second steps of the research, factor identification, factor ranking and factor analysis were carried out, and the results show that workers’ safety risk tolerance can be influenced by four groups of factors, namely: (1) personal subjective perception; (2) work knowledge and experiences; (3) work characteristics; and (4) safety management. In the third step of the research, hypothetical influencing path model was developed and tested by using structural equation modeling (SEM). It is found that the effects of external factors (safety management and work characteristics) on risk tolerance are larger than that of internal factors (personal subjective perception and work knowledge & experiences). Specifically, safety management contributes the most to workers’ safety risk tolerance through its direct effect and indirect effect; while personal subjective perception comes the second and can act as an intermedia for work characteristics. This research provides an in-depth insight of workers’ unsafe behaviors by depicting the contributing factors as shown in the accident causal model developed in this research.     

Effects of parallelogram-shaped pavement markings on vehicle speed and safety of pedestrian crosswalks on urban roads in China

The primary objective of this study was to evaluate the effects of parallelogram-shaped pavement markings on vehicle speed and crashes in the vicinity of urban pedestrian crosswalks. The research team measured speed data at twelve sites, and crash data at eleven sites. Observational cross-sectional studies were conducted to identify if the effects of parallelogram-shaped pavement markings on vehicle speeds and speed violations were statistically significant. The results showed that parallelogram-shaped pavement markings significantly reduced vehicle speeds and speed violations in the vicinity of pedestrian crosswalks. More specifically, the speed reduction effects varied from 1.89 km/h to 4.41 km/h with an average of 3.79 km/h. The reduction in the 85th percentile speed varied from 0.81 km/h to 5.34 km/h with an average of 4.19 km/h. Odds ratios (OR) showed that the parallelogram-shaped pavement markings had effects of a 7.1% reduction in the mean speed and a 6.9% reduction in the 85th percentile speed at the pedestrian crosswalks. The reduction of proportion of drivers exceeding the speed limit varied from 8.64% to 14.15% with an average of 11.03%. The results of the crash data analysis suggested that the use of parallelogram-shaped pavement markings reduced both the frequency and severity of crashes at pedestrian crosswalks. The parallelogram-shaped pavement markings had a significant effect on reducing the vehicle–pedestrian crashes. Two crash prediction models were developed for vehicle–pedestrian crashes and rear-end crashes. According to the crash models, the presence of parallelogram-shaped pavement markings reduced vehicle–pedestrian crashes at pedestrian crosswalks by 24.87% with a 95% confidence interval of [10.06–30.78%]. However, the model results also showed that the presence of parallelogram-shaped pavement markings increased rear-end crashes at pedestrian crosswalks by 5.4% with a 95% confidence interval of [0–11.2%].     

基于贝叶斯树的主机异常检测

主要研究Windows平台下异常检测方法,提出了一种利用Windows Native API调用序列和基于贝叶斯树算法的主机服务进程规则和对应概率分布的生成算法,并建立正常模型.根据长为N-1的Windows Native APIs调用序列预测第N个调用的概率分布,对生成的概率序列用U检验方法作为异常检测算法.实验结果...     

Results of Finnish national survey on EU legislation concerning computer work

The European Directive on computer work (VDU 90/270/EEC) is implemented in the Finnish Government Decree. The aim of the present study was to evaluate the effects of the legislation and its applications in practice. The quantitative method used an online questionnaire. The respondents were employers (N = 934), employees (N = 1872) and occupational health care (OHC) units (N = 289). The majority of all these three groups considered the provisions clear and easy to understand, comprehensive, and easy to comply with. The provisions had a great impact on preventing mental overloading, arranging sight tests at the employer's cost, and on the refunding of eyeglasses for computer work. Most employers felt they did not need any more specific provisions, whereas half of the employees and OHC professionals would have liked the provisions to be more detailed. More explicit and specific regulations were also needed for practice applications in particular, as well as for the refunding of the costs of special eyeglasses for computer work. A total of 59% of the employers reported that costs of glasses are refunded, whereas the figure for employees was clearly lower (37%). OHC professionals reported that the costs of glasses were refunded in 82% of their customer workplaces. The practical conclusion is that employees' sight examinations and compensation for eyeglasses should be promoted in computer work. Moreover, ergonomic applications are best carried out in co-operation with OHC personnel.     

Multi-spectral fusion for surveillance systems

Surveillance systems such as object tracking and abandoned object detection systems typically rely on a single modality of colour video for their input. These systems work well in controlled conditions but often fail when low lighting, shadowing, smoke, dust or unstable backgrounds are present, or when the objects of interest are a similar colour to the background. Thermal images are not affected by lighting changes or shadowing, and are not overtly affected by smoke, dust or unstable backgrounds. However, thermal images lack colour information which makes distinguishing between different people or objects of interest within the same scene difficult.By using modalities from both the visible and thermal infrared spectra, we are able to obtain more information from a scene and overcome the problems associated with using either modality individually. We evaluate four approaches for fusing visual and thermal images for use in a person tracking system (two early fusion methods, one mid fusion and one late fusion method), in order to determine the most appropriate method for fusing multiple modalities. We also evaluate two of these approaches for use in abandoned object detection, and propose an abandoned object detection routine that utilises multiple modalities. To aid in the tracking and fusion of the modalities we propose a modified condensation filter that can dynamically change the particle count and features used according to the needs of the system.We compare tracking and abandoned object detection performance for the proposed fusion schemes and the visual and thermal domains on their own. Testing is conducted using the OTCBVS database to evaluate object tracking, and data captured in-house to evaluate the abandoned object detection. Our results show that significant improvement can be achieved, and that a middle fusion scheme is most effective.     

基于Snort的IPv6入侵检测技术

针对开源入侵检测系统Snort没有提供对IPv6协议的AH和ESP扩展首部支持的问题,提出利用Snort检测ESP加密报文的解决方案。构造ESP检测规则,在Snort协议分析模块加入DecodeESP()函数并添加密钥管理模块,实现Snort对IPv6报文中ESP扩展报头的解析,管理其产生的密钥。给出一种面向ESP的入侵检测系统模型,以验证IPv6加密通信入侵检测的可行性,并给出实验验证过程。     

一种新的型可变r的动态匹配算法r可变动态匹配算法

鉴于动态r匹配算法对为了提高入侵检测系统的性能的重要性,通过研究内分泌系统对生物体内环境的调节机制,提出一个内分泌激素浓度的动态平衡模型及一种基于激素浓度调节的动态r匹配算法。仿真实验结果表明,该匹配算法能根据网络状态的变化,自适应地调整匹配参数,具有较好的匹配效果。     

浅议网站的安全及应对策略

网站发展的迅猛,虽然方便了很多行业,但同时安全隐患也随之而生。病毒、黑客程序、邮件炸弹、远程侦听等日益猖獗,由此引起网站安全问题日益严重。如何保护计算机信息安全,也即信息内容的保密问题显得越来越重要。本文介绍了目前网站中主要存在的不安全因素,并在提出了相应有利于保护网站的安全应对策略。