基于特征选择的网络入侵检测模型研究

为了有效从收集的恶意数据中选择特征去分析,保障网络系统的安全与稳定,需要进行网络入侵检测模型研究。但目前方法是采用遗传算法找出网络入侵的特征子集,再利用粒子群算法进行进一步选择,找出最优的特征子集,最后利用极限学习机对网络入侵进行分类,但该方法准确性较低。为此,提出一种基于特征选择的网络入侵检测模型研究方法。该方法首先以增强寻优性能为目标对网络入侵检测进行特征选择,结合分析出的特征选择利用特征属性的Fisher比构造出特征子集的评价函数,然后结合计算出的特征子集评价函数进行支持向量机完成对基于特征选择的网络入侵检测模型研究方法。仿真实验表明,利用支持向量机对网络入侵进行检测能有效地提高入侵检测的速度以及入侵检测的准确性。     

基于规则的入侵检测数据融合模型

入侵检测系统(IDS)是一种重要的网络入侵防御手段。IDS面临的主要问题包括误报、漏报、警报粒度过细和IDS自身脆弱性等。为解决前3个问题，在参考有关模型的基础上，提出了基于规则的入侵检测数据融合模型，其结构如图1所示。     

入侵检测系统的研究现状及发展趋势

入侵检测系统（IDS）是一种基于主动策略的网络安全系统。本文针对目前网络发展现状，分析了入侵检测系统的现状存在的问题及发展趋势。     

基于BAM网络的航空雷达在线入侵诊断方法研究

针对传统的航空雷达网络面临的入侵威胁,以及雷达网络存在的入侵诊断检测效率较低,数据匹配速度较慢等问题,提出了一种基于BAM网络的航空雷达在线入侵诊断方法,构建航空雷达在线入侵诊断模型,对航空雷达网络中的外部数据进行预处理,并获取数据特征以及数据特征的可辨识属性矩阵和决策辨识函数,计算测试参数集的所有特征向量,从而使入侵检测算子的匹配量减少,以此提升数据匹配效率,实现对外部入侵数据的过滤检测,从而对雷达数据网络进行在线监控,有效抵御外部异常数据的入侵,保证了航空雷达网络的安全性。仿真结果表明本文方法有效提高了航空雷达网络的在线数据检测匹配速度,诊断准确率达到93.3%,且对航空雷达的入侵诊断检测效率、误报率、漏报率等方面都有明显改善。     

基于双向联想记忆网络的航空雷达在线入侵诊断方法研究

针对传统的航空雷达网络面临的入侵威胁,以及雷达网络存在的入侵诊断检测效率较低,数据匹配速度较慢等问题,提出了一种基于双向联想记忆网络的航空雷达在线入侵诊断方法,构建航空雷达在线入侵诊断模型,对航空雷达网络中的外部数据进行预处理,并获取数据特征以及数据特征的可辨识属性矩阵和决策辨识函数,计算测试参数集的所有特征向量,从而使入侵检测算子的匹配量减少,以此提升数据匹配效率,实现对外部入侵数据的过滤检测,从而对雷达数据网络进行在线监控,有效抵御外部异常数据的入侵,保证了航空雷达网络的安全性;仿真结果表明文章方法有效提高了航空雷达网络的在线数据检测匹配速度,诊断准确率达到93.3%,且对航空雷达的入侵诊断检测效率、误报率、漏报率等方面都有明显改善。     

大数据环境下网络非法入侵检测系统设计

大数据环境下,非法入侵检测是保证计算机安全的重要手段。通过非法入侵检测,保证计算机免遭网络中木马病毒等的攻击,因此对大数据环境下网络非法入侵检测进行系统设计是必要的。目前大多数网络非法入侵检测系统是通过归纳当前网络非法入侵检测系统存在的优缺点,指出网络非法入侵检测系统存在的问题,确定其发展方向。但这种方法存在系统结构复杂,不利于维护和使用的问题。为此,提出一种基于PB神经网络的大数据环境下网络非法入侵检测系统设计方法,首先在分析大数据环境下网络非法入侵检测系统功能的基础上,对系统的模块进行设计,并分析各模块所实现的功能,在此基础上,对大数据环境下网络非法入侵检测系统的性能指标、采样芯片、USB接口控制芯片、FPGA、电源管理芯片等硬件进行设计选型,完成系统的硬件设计,并且通过PB神经网络算法提高大数据环境下网络非法入侵检测系统检测的准确性,并给出基于BP神经网络算法的入侵检测实现过程,从而实现大数据环境下网络非法入侵检测系统设计。实验证明,所提方法设计的大数据环境下网络非法入侵检测系统运行速度较快,能够及时准确对网络非法入侵行为进行检测,推动该领域的研究发展。     

基于节点生长马氏距离K均值和HMM的网络入侵检测方法设计

传统的网络入侵检测方法存在着检测率低和无法进行在线检测的问题, 为此设计了一种基于节点生长马氏距离K均值和HMM的网络入侵检测方法;首先,给出了入侵检测系统框图,然后,以马氏距离为评价准则,提出了一种节点根据距离阈值进行自适应生长的K均值算法以实现样本的聚类,得到样本属于各攻击类型的后验概率,并采用此后验概率来初始化HMM中的初始矢量分布、状态转移概率和观察值概率等参数,通过前向评估准则和后向评估准则对HMM模型进行训练,从而获得了HMM检测模型,将样本输入到各检测模型中并将概率最大的检测模型作为其攻击类型;仿真试验表明所提方法能有效地实现网络入侵检测,不仅具有较高的检测率,而且具有较低的误检率和漏检率,是一种有效的网络入侵检测方法。     

应用于嵌入式图形处理器的实时目标检测方法

提出了一种应用于嵌入式图形处理器(GPU)的实时目标检测算法。针对嵌入式平台计算单元较少、处理速度较慢的现状,提出了一种基于YOLO-V3(You Only Look Once-Version 3)架构的改进的轻量目标检测模型,对汽车目标进行了离线训练,在嵌入式平台上部署训练好的模型,实现了在线检测。实验结果表明,在嵌入式平台上,所提方法对分辨率为640 pixel×480 pixel的视频图像的检测速度大于23 frame/s。     

基于萤火虫群优化支持向量机的网络入侵检测方法

为了解决支持向量机(SVM)方法应用于网络入侵检测中存在的参数设置和由样本不均带来的分类面偏斜问题,文章提出了一种基于萤火虫群优化支持向量机(GSO-SVM)的解决方案;算法在进行参数寻优的同时增加了修正因子,实现对分类面的修正,并采用萤火虫群算法进行求解,提高算法跳出局部最优的能力;在DARPA数据集上的检测精度达到97.33%,优于SVM和SVDD方法;实验结果表明文章提出的方法能够有效提高入侵检测模型的泛化性,降低误报率和漏报率。     

基于非参数特征提取的早期林火烟雾检测

提出了一种基于非参数特征提取的早期森林火灾烟雾检测方法。采用双背景模型进行运动区域检测,得到可疑烟雾区域。再利用早期火灾烟雾颜色特征和运动特性对提取的可疑运动区域进行颜色判别,对增长区域以及上升区域进行检测,排除部分干扰目标。根据提出的非参数特征提取法,计算并科学地选取可疑区域的特征量,将其输入训练好的支持向量机(SVM)进行烟雾判别。对多段视频进行测试表明,该方法能适用于复杂多变的野外环境,排除干扰,有效地检测出早期林火烟雾。     

An interpretable intrusion detection method based on few-shot learning in cloud-ground interconnection

An enterprise’s private cloud may be attacked by attackers when communicating with the public cloud. Although traffic detection methods based on deep learning have been widely used, these methods rely on a large amount of sample data and cannot quickly detect new attacks such as Zero-day Attacks. Moreover, deep learning has a black-box nature and cannot interpret the detection results, which has certain security risks. This paper proposes an interpretable abnormal traffic detection method, which can complete the detection task with only a few malicious traffic samples. Specifically, it uses the covariance matrix to characterize each traffic category and then calculates the similarity between the query traffic and each category according to the covariance metric function to realize the traffic detection based on few-shot learning. After that, the traffic images processed by the random masks are input into the model to obtain the predicted probability of the corresponding traffic category. Finally, the predicted probability is linearly summed with each mask to generate the final saliency map to interpret and analyze the model decision. In this paper, experiments are carried out by simulating only 15 and 25 malicious traffic samples. The results show that the proposed method can obtain good accuracy and recall, and the interpretation analysis shows that the model is reliable and interpretable.     

基于OTSU分割和HOG特征的行人检测与跟踪方法

传统的HOG算法针对整幅图像进行行人特征提取,大量的非人窗口计算必然降低检测的准确率和效率。为此,提出一种基于OTSU分割和HOG特征的行人检测与跟踪方法。利用OTSU算法以最佳阈值分割图像,在分割区域的基础上进行Canny边缘检测,通过边缘的对称性计算确定行人候选区,继而采用经PCA方法降维后的HOG特征和隐马尔可夫模型对行人候选区进行检测验证。最后,以确定的行人区域为跟踪窗口,利用CamShift算法跟踪行人。多组实验结果证明,本文方法的行人检测效率和精度均有所提高,跟踪性能稳定、可靠。     

Top-hat by reconstruction operators based multi-scale multi-structuring element method for multiple linear feature detection with simple post-processing

To efficiently extract all the possible linear features in image, a multi-scale multi-structuring element top-hat by reconstruction operator based algorithm with simple post-processing is proposed in this paper. Multi-scale top-hat by reconstruction operator using multi-scale structuring elements is discussed, firstly. Also, through importing multi-structuring elements with linear shapes at different directions, multi-scale multi-structuring element top-hat by reconstruction operator for linear feature extraction is shown. By using the multi-scales of multi-structuring elements, the method of extracting all the possible linear feature regions in an image is proposed. After extracting the linear feature regions, the final detected linear features, which are expressed as lines with different shapes and lengths, are obtained through image binarisation and refinement. Experimental results on different types of images show that, the proposed algorithm is efficient for linear feature detection and could be widely used in different applications related to multiple linear feature detection.     

Robust object detection based on deformable part model and improved scale invariant feature transform

We propose an approach to improve the detection results of a generic offline trained detector on frames from a specific video. For two consecutive frames of a video with the object, deformable part model (DPM) detection is performed to get the original detections. Then the image patches corresponding to the detected root box and part boxes were respectively obtained. Thirdly, improved scale invariant feature transform features (SIFT) from those image patches were extracted and matched with the SIFT features by KD-Tree. K-means clustering the angle and scale of matched keypoints to filter out the uncorrected matches and further remove false matches by RANSAC algorithm. Finally, the SIFT_DPM detection result from the matches between image patches of continuous frames was obtained. We focus on methods with high precision detection results since it is necessitated in real application. Extensive experiments with state-of-the-art detector demonstrate the efficacy of our approach.     

基于IECM特征匹配的红外弱点目标快速检测算法

提出了一种新的复杂背景下低信噪比红外弱点目标检测算法。根据红外弱点目标在图像中的三维空间特征,从空间认知的角度出发,将三维的灰度分布特征转化为二维的等高线曲线特征,建立红外图像的等高线图(IECM)描述,利用图论中的树结构(等高线树)形式化地表达等高线的空间关系,在此基础上,给出弱点目标检测的等高线树检测准则,同时给出了等高线划分等级的选择方法。理论分析与实验结果表明,该算法具有良好的检测性能,且结构简单,利于硬件实时实现。在信噪比为1.4的情况下,对红外图像序列的检测概率为96.3%。     

Robustness quantification method for network intrusion detection models

Deep learning techniques have been successfully applied to network intrusion detection tasks, but as in the case of autonomous driving and face recognition, the reliability of the system itself has become a pressing issue. Robustness is a key attribute to determine whether a deep learning system is secure and reliable, and we also choose to explore the security of intrusion detection models from a new perspective of robustness quantification. In this paper, we focus on the intrusion detection model based on long and short-term memory, and use a fine-grained linear approximation method to derive a more accurate robustness bound on the nonlinear activation function with tighter linear constraints. We can use this bound to quantitatively measure the robustness of the detection model and determine whether the model is susceptible to the influence of adversarial samples. In our experiments, we test networks with various structures on the MNIST dataset, and the results show that our proposed method can effectively deduce the robustness bounds of output elements, and has good scalability and applicability.     

An efficient community detection method based on rank centrality

Community detection is a very important problem in social network analysis. Classical clustering approach, K$K$-means, has been shown to be very efficient to detect communities in networks. However, K$K$-means is quite sensitive to the initial centroids or seeds, especially when it is used to detect communities. To solve this problem, in this study, we propose an efficient algorithm K$K$-rank, which selects the top-K$K$ nodes with the highest rank centrality as the initial seeds, and updates these seeds by using an iterative technique like K$K$-means. Then we extend K$K$-rank to partition directed, weighted networks, and to detect overlapping communities. The empirical study on synthetic and real networks show that K$K$-rank is robust and better than the state-of-the-art algorithms including K$K$-means, BGLL, LPA, infomap and OSLOM.     

基于特征点最小距离拟合的文档图像倾斜检测

在文档扫描输入的过程中,文档图像不可避免地会发生倾斜,而布局分析及字符识别对页面倾斜十分敏感,因此倾斜检测和矫正是文档分析预处理中的重要环节。提出了一种基于最小距离拟合的文档图像倾斜检测方法。首先通过对文档图像进行二值化、分块、膨胀运算、连通标记等一系列图像处理操作,以此找到特征点;然后采用最小距离法对这些特征点进行直线拟合,便可获得文档的倾斜角。实验结果表明,该方法能够快速、精确地检测文档的倾斜角度。