基于ViBe与机器学习的早期火灾检测算法

针对现有视频图像火灾检测算法前景信息丢失严重、误报率高、泛化能力弱等问题,提出一种新的火灾检测算法。其主要由前景提取和分类决策两大模块组成。在前景提取模块中改进ViBe算法,实现对运动区域的选择性更新;同时使用随机森林和支持向量机组成的两级分类器对运动区域颜色进行分类,以获取精确的前景区域。在分类决策模块中,提出两种新的早期火焰特征用于描述帧间火焰区域重叠率和火焰区域不同部分运动剧烈程度比率,再结合Hu矩特征训练出决策分类器。实验结果表明,该算法具有准确率高、误报率低、泛化能力强、响应时间短等优点,并能很好地应用于实际环境中。     

一种多目标QR码图像快速校正方法

随着信息物联网的发展,快速响应(QR)码的应用越来越多样化。传统单个QR码的识别和应用已不能满足现有需求,因此提出一种多目标QR码的校正方法。对图像进行二值化,利用QR码自身符号特征进行定位,结合连通区域标记算法对图中的多个QR码进行分割。接着利用轮廓跟踪获得QR码探测图形边界,并利用几何关系获得探测图形上的3个顶点。根据探测点和3个顶点的关系,获得第4个顶点,最后用逆投影变换依次对每个QR码进行校正处理。使用C++语言实现算法,并用Zbar对校正后的QR码进行识别测试。实验结果表明,所提算法能够实现对多目标QR码的快速校正,识别率高,且能克服不同光照、背景干扰影响,具有较好的稳健性。     

基于密集连接时延神经网络的说话人识别算法*

说话人识别技术是一项重要的生物特征识别技术。近年来,使用深度神经网络提取发声特征的说话人识别算法取得了突出成果。时延神经网络作为其中的典型代表之一已被证明具有出色的特征提取能力。为进一步提升识别准确率并节约计算资源,通过对现有的说话人识别算法进行研究,提出一种带有注意力机制的密集连接时延神经网络用于说话人识别。密集连接的网络结构在增强不同网络层之间的信息复用的同时能有效控制模型体积。通道注意力机制和帧注意力机制帮助网络聚焦于更关键的细节特征,使得通过统计池化提取出的说话人特征更具有代表性。实验结果表明,在VoxCeleb1测试数据集上取得了1.40%的等错误率（EER）和0.15的最小检测代价标准（DCF）,证明了在说话人识别任务上的有效性。     

用于星点检测的自适应变邻域背景预测算法

针对现有星点检测中背景预测算法存在的星点模糊、对噪声抑制能力差等问题,提出了一种用于星点检测的自适应变邻域背景预测算法。该方法根据待预测像素点所在位置不同采用不同的权值矩阵进行背景预测,当待预测像素点在星点边缘处时,仅用待预测像素点邻域内灰度小于邻域灰度中值的像素点组成预测权值矩阵进行预测计算,而在其他区域时,直接使用固定权值进行预测。同时,该算法还可以根据待预测像素点噪声属性,自适应调整待预测像素点自身灰度值在背景预测计算中的权值。最后通过对现有背景预测算法和本文所提算法的仿真和比较,改进算法较现有算法对星点的处理更清晰,对噪声的抑制能力更强。     

基于改进梯度幅值的包装缺陷检测算法研究及应用

针对包装质量检测精度易受外界光照影响的问题，在已有基于梯度幅值相似性的缺陷检测算法基础上，将局部二值模式算子引入到该算法中，提出了一种基于改进梯度幅值相似性的缺陷检测算法。该算法利用局部二值模式算子的旋转不变性和灰度不变性的特点，并将其与图像的梯度幅值特征进行融合后用于包装的缺陷检测中，提升了缺陷检测算法对光照的鲁棒性。实验结果表明，相比传统梯度幅值缺陷检测算法，该算法具有更好的抗光照影响能力，并且对于不同光照情况下的包装缺陷，该算法的检测准确率可达96.57%。因而，该算法能够被广泛地用于包装缺陷检测中，提高缺陷检测的精度。     

基于Android系统的手机恶意软件检测模型

为提高手机应用软件的安全性,提出一种基于Android系统的手机恶意软件检测模型。模型利用数据挖掘的方法对恶意软件中的敏感API调用进行数据挖掘,进而得到恶意软件检测规则;针对检测规则在检测非恶意软件时,产生较高误报率的问题,设计了加权FP-growth关联规则挖掘算法,算法在数据挖掘的两个步骤中,对敏感API调用加权,利用支持度阈值去除一些出现次数频繁而权重小的规则,降低了非恶意软件的误报率。实验结果表明,模型对恶意软件检测率达到81.7%,非恶意软件的检错率降低到11.3%。     

基于改进谱聚类的重叠绿苹果识别方法

水果的可见光谱目标识别是实现农业自动化采摘至关重要的一步。在水果识别的过程中,由于重叠和遮挡的影响使得目标识别困难,识别率不高。本文针对自然环境中果实重叠的识别问题,利用谱聚类算法对图像进行分割,然后使用随机霍夫变换实现果实的识别和定位。针对传统算法运算复杂度高,运算速度慢的问题,本文提出了基于均值漂移和稀疏矩阵原理的改进谱聚类算法。首先使用均值漂移算法对图像进行预分割,均值漂移是一种用于密度梯度的无参估计法。该算法实质是一种迭代,先计算出偏移量,根据偏移量移动点,如此反复,直到偏移量为零即收敛到一点为止。利用均值漂移算法除去大多数的背景像素,为减少谱聚类算法的计算量做准备。然后提取预分割图像的有用信息即图像中像素对之间相似度的描述,将提取的图像特征信息映射到稀疏矩阵中,并使用K-means算法将其分类。得到最终的分类结果,实现对预处理图像的再次分割。然后恢复图像分割区域的颜色,使用彩色向量梯度提取边缘轮廓,对得到的轮廓图像使用随机霍夫变换,并在检测过程中设置半径参数的范围从而进一步加快算法的运行速度。经过检测可以得到目标的圆心坐标和半径,从而实现重叠绿苹果的识别。降低了谱聚类的数据处理量,提高了算法的运行速度。经过试验分析和算法对比,该算法得到较高的重合度95.41%,较低的误差率4.59%和误检率3.05%。     

基于改进谱聚类的重叠绿苹果识别方法（英文）

水果的可见光谱目标识别是实现农业自动化采摘至关重要的一步。在水果识别的过程中,由于重叠和遮挡的影响使得目标识别困难,识别率不高。本文针对自然环境中果实重叠的识别问题,利用谱聚类算法对图像进行分割,然后使用随机霍夫变换实现果实的识别和定位。针对传统算法运算复杂度高,运算速度慢的问题,本文提出了基于均值漂移和稀疏矩阵原理的改进谱聚类算法。首先使用均值漂移算法对图像进行预分割,均值漂移是一种用于密度梯度的无参估计法。该算法实质是一种迭代,先计算出偏移量,根据偏移量移动点,如此反复,直到偏移量为零即收敛到一点为止。利用均值漂移算法除去大多数的背景像素,为减少谱聚类算法的计算量做准备。然后提取预分割图像的有用信息即图像中像素对之间相似度的描述,将提取的图像特征信息映射到稀疏矩阵中,并使用K-means算法将其分类。得到最终的分类结果,实现对预处理图像的再次分割。然后恢复图像分割区域的颜色,使用彩色向量梯度提取边缘轮廓,对得到的轮廓图像使用随机霍夫变换,并在检测过程中设置半径参数的范围从而进一步加快算法的运行速度。经过检测可以得到目标的圆心坐标和半径,从而实现重叠绿苹果的识别。降低了谱聚类的数据处理量,提高了算法的运行速度。经过试验分析和算法对比,该算法得到较高的重合度95.41%,较低的误差率4.59%和误检率3.05%。     

基于空-时域特征决策级融合的人体行为识别算法

提出一种基于空-时域特征决策级融合的人体行为识别算法。在空间域提取人体的形状上下文特征,用于同一时刻模板图像与测试图像的轮廓匹配;在时间域用变化的空间特征序列表征运动特征,联合稳健的空间特征进行有效的行为识别。识别阶段采用动态时间规划算法分别计算两种特征对于每种类别的后验概率,在决策级采用加权平均法对两种特征的后验概率进行融合,将最大概率对应的类别记为最终分类结果。针对动态时间规划算法提出一种基于椭圆边界约束的改进搜索策略,有效缩减最优路径的搜索空间,同时剔除视频中的噪声干扰。从计算复杂度和识别精度两方面对椭圆边界的约束性能进行分析,实验表明,椭圆边界约束性能优于平行四边形及菱形约束,并给出最佳边界尺寸范围。算法分别在Weizmann、KTH和UCF101行为数据集上进行测试,平均识别率分别优于93.2%、92.7%和81.2%,有效实现了室内智能监控系统的高效性及稳定性。     

MPEG-4视频中运动背景下的目标检测算法

针对由运动摄像机捕获的MPEG-4视频流中的运动目标检测问题,提出了一种直接利用压缩视频码流进行全局运动估计的新算法.算法从全局运动估计的基础出发,利用背景宏块运动相似性的特点快速建立背景宏块集合并采用常用的四参数全局运动估计模型估计运动参数.最后,计算运动矢量残差,通过对运动矢量残差的筛选检测运动日标.算法利用MPEG-4码流中蕴含的运动信息.不需要对压缩流完全解码,较大地提高了检测效率;进一步改善了检测效果.实验验证了提出的全局运动估计算法的检测效率和检测效果.     

Malicious URL Detection Based on Associative Classification

Cybercriminals use malicious URLs as distribution channels to propagate malware over the web. Attackers exploit vulnerabilities in browsers to install malware to have access to the victim’s computer remotely. The purpose of most malware is to gain access to a network, ex-filtrate sensitive information, and secretly monitor targeted computer systems. In this paper, a data mining approach known as classification based on association (CBA) to detect malicious URLs using URL and webpage content features is presented. The CBA algorithm uses a training dataset of URLs as historical data to discover association rules to build an accurate classifier. The experimental results show that CBA gives comparable performance against benchmark classification algorithms, achieving 95.8% accuracy with low false positive and negative rates.     

A Hybrid Analysis-Based Approach to Android Malware Family Classification

With the popularity of Android, malware detection and family classification have also become a research focus. Many excellent methods have been proposed by previous authors, but static and dynamic analyses inevitably require complex processes. A hybrid analysis method for detecting Android malware and classifying malware families is presented in this paper, and is partially optimized for multiple-feature data. For static analysis, we use permissions and intent as static features and use three feature selection methods to form a subset of three candidate features. Compared with various models, including k-nearest neighbors and random forest, random forest is the best, with a detection rate of 95.04%, while the chi-square test is the best feature selection method. After using feature selection to explore the critical static features contained in this dataset, we analyzed a subset of important features to gain more insight into the malware. In a dynamic analysis based on network traffic, unlike those that focus on a one-way flow of traffic and work on HTTP protocols and transport layer protocols, we focused on sessions and retained protocol layers. The Res7LSTM model is then used to further classify the malicious and partially benign samples detected in the static detection. The experimental results show that our approach can not only work with fewer static features and guarantee sufficient accuracy, but also improve the detection rate of Android malware family classification from 71.48% in previous work to 99% when cutting the traffic in terms of the sessions and protocols of all layers.     

Acoustic detection and classification of river boats

We present a robust algorithm to detect the arrival of a boat of a certain type when other background noises are present. It is done via the analysis of its acoustic signature against an existing database of recorded and processed acoustic signals. We characterize the signals by the distribution of their energies among blocks of wavelet packet coefficients. To derive the acoustic signature of the boat of interest, we use the Best Discriminant Basis method. The decision is made by combining the answers from the Linear Discriminant Analysis (LDA) classifier and from the Classification and Regression Trees (CART) that is also accompanied with an additional unit, called Aisles, that reduces false alarms rate. The proposed algorithm is a generic solution for process control that is based on a learning phase (training) followed by an automatic real time detection while minimizing the false alarms rate.     

Distance-Based Knowledge Measure for Intuitionistic Fuzzy Sets with Its Application in Decision Making

Much attention has been paid to construct an applicable knowledge measure or uncertainty measure for Atanassov’s intuitionistic fuzzy set (AIFS). However, many of these measures were developed from intuitionistic fuzzy entropy, which cannot really reflect the knowledge amount associated with an AIFS well. Some knowledge measures were constructed based on the distinction between an AIFS and its complementary set, which may lead to information loss in decision making. In this paper, knowledge amount of an AIFS is quantified by calculating the distance from an AIFS to the AIFS with maximum uncertainty. Axiomatic properties for the definition of knowledge measure are extended to a more general level. Then the new knowledge measure is developed based on an intuitionistic fuzzy distance measure. The properties of the proposed distance-based knowledge measure are investigated based on mathematical analysis and numerical examples. The proposed knowledge measure is finally applied to solve the multi-attribute group decision-making (MAGDM) problem with intuitionistic fuzzy information. The new MAGDM method is used to evaluate the threat level of malicious code. Experimental results in malicious code threat evaluation demonstrate the effectiveness and validity of proposed method.     

An interpretable intrusion detection method based on few-shot learning in cloud-ground interconnection

An enterprise’s private cloud may be attacked by attackers when communicating with the public cloud. Although traffic detection methods based on deep learning have been widely used, these methods rely on a large amount of sample data and cannot quickly detect new attacks such as Zero-day Attacks. Moreover, deep learning has a black-box nature and cannot interpret the detection results, which has certain security risks. This paper proposes an interpretable abnormal traffic detection method, which can complete the detection task with only a few malicious traffic samples. Specifically, it uses the covariance matrix to characterize each traffic category and then calculates the similarity between the query traffic and each category according to the covariance metric function to realize the traffic detection based on few-shot learning. After that, the traffic images processed by the random masks are input into the model to obtain the predicted probability of the corresponding traffic category. Finally, the predicted probability is linearly summed with each mask to generate the final saliency map to interpret and analyze the model decision. In this paper, experiments are carried out by simulating only 15 and 25 malicious traffic samples. The results show that the proposed method can obtain good accuracy and recall, and the interpretation analysis shows that the model is reliable and interpretable.     

Getting Ahead of the Arms Race: Hothousing the Coevolution of VirusTotal with a Packer

Malware detection is in a coevolutionary arms race where the attackers and defenders are constantly seeking advantage. This arms race is asymmetric: detection is harder and more expensive than evasion. White hats must be conservative to avoid false positives when searching for malicious behaviour. We seek to redress this imbalance. Most of the time, black hats need only make incremental changes to evade them. On occasion, white hats make a disruptive move and find a new technique that forces black hats to work harder. Examples include system calls, signatures and machine learning. We present a method, called Hothouse, that combines simulation and search to accelerate the white hat’s ability to counter the black hat’s incremental moves, thereby forcing black hats to perform disruptive moves more often. To realise Hothouse, we evolve EEE, an entropy-based polymorphic packer for Windows executables. Playing the role of a black hat, EEE uses evolutionary computation to disrupt the creation of malware signatures. We enter EEE into the detection arms race with VirusTotal, the most prominent cloud service for running anti-virus tools on software. During our 6 month study, we continually improved EEE in response to VirusTotal, eventually learning a packer that produces packed malware whose evasiveness goes from an initial 51.8% median to 19.6%. We report both how well VirusTotal learns to detect EEE-packed binaries and how well VirusTotal forgets in order to reduce false positives. VirusTotal’s tools learn and forget fast, actually in about 3 days. We also show where VirusTotal focuses its detection efforts, by analysing EEE’s variants.     

TNT: An Interpretable Tree-Network-Tree Learning Framework using Knowledge Distillation

Deep Neural Networks (DNNs) usually work in an end-to-end manner. This makes the trained DNNs easy to use, but they remain an ambiguous decision process for every test case. Unfortunately, the interpretability of decisions is crucial in some scenarios, such as medical or financial data mining and decision-making. In this paper, we propose a Tree-Network-Tree (TNT) learning framework for explainable decision-making, where the knowledge is alternately transferred between the tree model and DNNs. Specifically, the proposed TNT learning framework exerts the advantages of different models at different stages: (1) a novel James–Stein Decision Tree (JSDT) is proposed to generate better knowledge representations for DNNs, especially when the input data are in low-frequency or low-quality; (2) the DNNs output high-performing prediction result from the knowledge embedding inputs and behave as a teacher model for the following tree model; and (3) a novel distillable Gradient Boosted Decision Tree (dGBDT) is proposed to learn interpretable trees from the soft labels and make a comparable prediction as DNNs do. Extensive experiments on various machine learning tasks demonstrated the effectiveness of the proposed method.     

Hfinger: Malware HTTP Request Fingerprinting

Malicious software utilizes HTTP protocol for communication purposes, creating network traffic that is hard to identify as it blends into the traffic generated by benign applications. To this aim, fingerprinting tools have been developed to help track and identify such traffic by providing a short representation of malicious HTTP requests. However, currently existing tools do not analyze all information included in the HTTP message or analyze it insufficiently. To address these issues, we propose Hfinger, a novel malware HTTP request fingerprinting tool. It extracts information from the parts of the request such as URI, protocol information, headers, and payload, providing a concise request representation that preserves the extracted information in a form interpretable by a human analyst. For the developed solution, we have performed an extensive experimental evaluation using real-world data sets and we also compared Hfinger with the most related and popular existing tools such as FATT, Mercury, and p0f. The conducted effectiveness analysis reveals that on average only 1.85% of requests fingerprinted by Hfinger collide between malware families, what is 8–34 times lower than existing tools. Moreover, unlike these tools, in default mode, Hfinger does not introduce collisions between malware and benign applications and achieves it by increasing the number of fingerprints by at most 3 times. As a result, Hfinger can effectively track and hunt malware by providing more unique fingerprints than other standard tools.     

数字图像相关技术的综合算法及其在断裂力学中的应用

鉴于散斑图的随机噪声和相关搜索运算过程仍是当今影响相关图像技术所获结果精度与计算速度两大有待研究解决的主要问题,提出一种基于小波变换、序惯相似度检测和统计相关算法三者相结合的新算法。其基本原理是应用小波变换对变形前后的散斑图进行滤波平滑处理;利用序惯相似度检测算法进行粗搜索,找到可能的匹配点;在可能的匹配点应用统计相关法进行细搜索,最终找到匹配点的位置。基本实验、计算和应用表明,这种算法在消除噪声和提高运算速度等方面,取得了良好的效果。     

An Efficient DenseNet-Based Deep Learning Model for Malware Detection

Recently, there has been a huge rise in malware growth, which creates a significant security threat to organizations and individuals. Despite the incessant efforts of cybersecurity research to defend against malware threats, malware developers discover new ways to evade these defense techniques. Traditional static and dynamic analysis methods are ineffective in identifying new malware and pose high overhead in terms of memory and time. Typical machine learning approaches that train a classifier based on handcrafted features are also not sufficiently potent against these evasive techniques and require more efforts due to feature-engineering. Recent malware detectors indicate performance degradation due to class imbalance in malware datasets. To resolve these challenges, this work adopts a visualization-based method, where malware binaries are depicted as two-dimensional images and classified by a deep learning model. We propose an efficient malware detection system based on deep learning. The system uses a reweighted class-balanced loss function in the final classification layer of the DenseNet model to achieve significant performance improvements in classifying malware by handling imbalanced data issues. Comprehensive experiments performed on four benchmark malware datasets show that the proposed approach can detect new malware samples with higher accuracy (98.23% for the Malimg dataset, 98.46% for the BIG 2015 dataset, 98.21% for the MaleVis dataset, and 89.48% for the unseen Malicia dataset) and reduced false-positive rates when compared with conventional malware mitigation techniques while maintaining low computational time. The proposed malware detection solution is also reliable and effective against obfuscation attacks.