入侵检测系统发展简述

入侵检测系统是目前信息安全系统中的一个重要组成部分,该文简述了其二十多年的主要发展历程,对其使用的技术以及未来的发展方向进行了简要介绍。     

基于Sobel算子的图像边缘检测及其实现

Sobel算子是图像边缘检测中常用的方法之一,利用像素的左、右、上、下邻域的灰度加权算法,根据在边缘点处达到极值这一原理进行边缘检测。该方法不但产生较好的检测效果,而且对噪声具有平滑作用,可以提供较为精确的边缘方向信息。本文提供了利用Sobel算子实现灰度图像边缘检测的C 源程序。     

基于人工免疫原理的入侵检测模型研究

本文在研究入侵检测技术和免疫学原理的基础上,分析了免疫系统的工作机理,将其和入侵检测系统的工作原理进行了详细比较,并在研究当前各种人工免疫算法的基础上,建立了一个新的基于人工免疫的入侵检测模型框架,实现了当前智能化入侵检测系统所要求的自学习、自适应、分布式和可扩展功能,具有一定的现实意义。     

入侵检测系统研究分析

入侵检测是保障现代网络安全的关键技术之一。对于像军队这样对安全要求很高的网络,入侵检测技术以及系统将会起到至关重要的作用。本文对入侵检测的基本概念、方法以及发展趋势进行了分析与研究。     

Minimizing False Positives of a Decision Tree Classifier for Intrusion Detection on the Internet

Machine learning or data mining technologies are often used in network intrusion detection systems. An intrusion detection system based on machine learning utilizes a classifier to infer the current state from the observed traffic attributes. The problem with learning-based intrusion detection is that it leads to false positives and so incurs unnecessary additional operation costs. This paper investigates a method to decrease the false positives generated by an intrusion detection system that employs a decision tree as its classifier. The paper first points out that the information-gain criterion used in previous studies to select the attributes in the tree-constructing algorithm is not effective in achieving low false positive rates. Instead of the information-gain criterion, this paper proposes a new function that evaluates the goodness of an attribute by considering the significance of error types. The proposed function can successfully choose an attribute that suppresses false positives from the given attribute set and the effectiveness of using it is confirmed experimentally. This paper also examines the more trivial leaf rewriting approach to benchmark the proposed method. The comparison shows that the proposed attribute evaluation function yields better solutions than the leaf rewriting approach.

不确定短时延网络控制系统的故障检测

针对远程被控对象为线性模型,且网络诱导时延小于一个采样周期的一类网络控制系统(NCS),假设可能发生执行器故障,对系统进行故障检测。将随机时延对系统的影响转化为未知有界条件下的不确定项,建立了系统的离散数学模型。按照时延补偿策略设计了系统的故障观测器,并基于Lyapunov稳定性定理和线性矩阵不等式理论,推导出了整个观测器系统全局渐近稳定的充分条件。仿真例子验证了方法的有效性。     

Correlating burst events on streaming stock market data

We address the problem of monitoring and identification of correlated burst patterns in multi-stream time series databases. We follow a two-step methodology: first we identify the burst sections in our data and subsequently we store them for easy retrieval in an efficient in-memory index. The burst detection scheme imposes a variable threshold on the examined data and takes advantage of the skewed distribution that is typically encountered in many applications. The detected bursts are compacted into burst intervals and stored in an interval index. The index facilitates the identification of correlated bursts by performing very efficient overlap operations on the stored burst regions. We present the merits of the proposed indexing scheme through a thorough analysis of its complexity. We also manifest the real-time response of our burst indexing technique, and demonstrate the usefulness of the approach for correlating surprising volume trading events using historical stock data of the NY stock exchange. While the focus of this work is on financial data, the proposed methods and data-structures can find applications for anomaly or novelty detection in telecommunication, network traffic and medical data.     

Collusion set detection using graph clustering

Many mal-practices in stock market trading—e.g., circular trading and price manipulation—use the modus operandi of collusion. Informally, a set of traders is a candidate collusion set when they have “heavy trading” among themselves, as compared to their trading with others. We formalize the problem of detection of collusion sets, if any, in the given trading database. We show that naïve approaches are inefficient for real-life situations. We adapt and apply two well-known graph clustering algorithms for this problem. We also propose a new graph clustering algorithm, specifically tailored for detecting collusion sets. A novel feature of our approach is the use of Dempster–Schafer theory of evidence to combine the candidate collusion sets detected by individual algorithms. Treating individual experiments as evidence, this approach allows us to quantify the confidence (or belief) in the candidate collusion sets. We present detailed simulation experiments to demonstrate effectiveness of the proposed algorithms.     

Research on immune algorithm for mobile phone viruses detection

In responds to the problem that mobile phone viruses is much more serious but the detection technology for them is not maturity, there is a new way for mobile phone viruses detection. Which is based on the viruses＇ work principle and infection ways, introduced immune algorithm into computer viruses defense detection and set up mobile phone viruses detection model based on minus select immune algorithm. At the same time, it also made analysis on immune algorithm viruses detection and found an approach to probing to mobile phone viruses.