Robustness quantification method for network intrusion detection models

Deep learning techniques have been successfully applied to network intrusion detection tasks, but as in the case of autonomous driving and face recognition, the reliability of the system itself has become a pressing issue. Robustness is a key attribute to determine whether a deep learning system is secure and reliable, and we also choose to explore the security of intrusion detection models from a new perspective of robustness quantification. In this paper, we focus on the intrusion detection model based on long and short-term memory, and use a fine-grained linear approximation method to derive a more accurate robustness bound on the nonlinear activation function with tighter linear constraints. We can use this bound to quantitatively measure the robustness of the detection model and determine whether the model is susceptible to the influence of adversarial samples. In our experiments, we test networks with various structures on the MNIST dataset, and the results show that our proposed method can effectively deduce the robustness bounds of output elements, and has good scalability and applicability.     

An interpretable intrusion detection method based on few-shot learning in cloud-ground interconnection

An enterprise’s private cloud may be attacked by attackers when communicating with the public cloud. Although traffic detection methods based on deep learning have been widely used, these methods rely on a large amount of sample data and cannot quickly detect new attacks such as Zero-day Attacks. Moreover, deep learning has a black-box nature and cannot interpret the detection results, which has certain security risks. This paper proposes an interpretable abnormal traffic detection method, which can complete the detection task with only a few malicious traffic samples. Specifically, it uses the covariance matrix to characterize each traffic category and then calculates the similarity between the query traffic and each category according to the covariance metric function to realize the traffic detection based on few-shot learning. After that, the traffic images processed by the random masks are input into the model to obtain the predicted probability of the corresponding traffic category. Finally, the predicted probability is linearly summed with each mask to generate the final saliency map to interpret and analyze the model decision. In this paper, experiments are carried out by simulating only 15 and 25 malicious traffic samples. The results show that the proposed method can obtain good accuracy and recall, and the interpretation analysis shows that the model is reliable and interpretable.     

Injection attack detection using machine learning for smart IoT applications

Smart cities are a rapidly growing IoT application. These smart cities mainly rely on wireless sensors to connect their different components (smart devices) together. Smart cities rely on the integration of IoT and 5G technologies, and this has created a demand for a massive IoT network of connected devices. The data traffic coming from indoor wireless networks (e.g., smart homes, smart hospitals, smart factories , or smart school buildings) contributes to over 80% of the total data traffic of the current IoT network. As smart cities and their applications grow, security and privacy challenges have become a major concern for billions of IoT smart devices. One reason for this could be the oversight of handling security issues of IoT devices by their manufacturers, which enables attackers to exploit the vulnerabilities in these devices by performing different types of attacks, e.g., DDoS and injection attacks. Intrusion detection is one way to detect and mitigate the risk of such attacks. In this paper, an intrusion detection method was proposed to detect injection attacks in IoT applications (e.g. smart cities). In this method, two types of feature selection techniques (constant removal and recursive feature elimination) were used and tested by a number of machine learning classifiers (i.e., SVM, Random Forest, and Decision Tree). The T-Test was conducted to evaluate the quality of this proposed feature selection method. Using the public dataset, AWID, the evaluation results showed that the decision tree classifier can be used to detect injection attacks with an accuracy of 99% using only 8 features, which were selected using the proposed feature selection method. Also, the comparison with the most related work showed the advantages of the proposed intrusion detection method.     

Research in mechanical model of bionic foot intruding into sands with different physical characteristics

In this study, a bionic foot with sand fixation and fluidization limitation functions was designed. Also a rectangular foot with the same sizes, named the common foot, was designed for comparison. Three kinds of quartz sands were selected to study how particle size, shape and compactness affected the intrusion performances of mechanical feet. The intrusion resistive forces and pressures of the bionic foot on these three kinds of quartz sands were all smaller compared with the common foot. Discrete element simulations showed particle disturbance areas were smaller and particle motion trends were more consistent under the bionic foot versus the common foot. The intrusion resistive forces of these two kinds of mechanical feet firstly increased and then decreased with the increasing particle sizes of quartz sands. Moreover, the intrusion resistive force on spherical particles was less than that of irregular particles for both the bionic foot and the common foot. The corresponding resistive forces of mechanical feet were characterized based on quartz sand compactness. The classic pressure-sinkage model was modified based on the intrusion tests, and the relationships between intrusion resistive force and mechanical foot depth were obtained.     

一种基于光纤布喇格光栅振动传感器的光纤围栏入侵监测系统及其模式识别

基于高灵敏度光纤布喇格光栅振动传感器,提出了一种光纤围栏入侵监测系统及其模式识别方法.该方法通过具有自适应动态阈值的时域统计特征提取算法对异常事件信号进行特征提取,将特征矢量输入到一个基于三层BP神经网络而设计的分类器中对目标事件进行识别和分类.通过仿真目标信号和实际采样数据进行测试,对系统的报警识别率进行了验证,结果表明:对于仿真信号,系统的平均正确识别率达到了100%;对于实际采样数据,系统的平均正确识别率可以达到96.83%.     

多点扰动对光纤分布式扰动传感器定位准确度的影响

基于激光干涉原理,建立了基于Mach-Zehnder干涉仪的光纤分布式扰动传感器多点同时扰动的信号模型.在此基础上,通过数值模拟研究了多点同时扰动对传感器定位准确度的影响,明确了多个扰动信号同时作用时扰动的幅值比和位置差不同情况下传感器的定位准确度.仿真结果表明:当多点同时扰动的信号幅度差别大于等于20倍时,可以给出较强扰动的定位信息;当多点同时扰动的空间距离小于等于100m时,可以近似看成单点扰动.在光路中增加偏振分束器来抑制偏振衰落的影响,并采用信号发生器对实验光路中的两个压电换能器同时施加正弦信号来模拟扰动进行实验.实验结果表明:在5km和10km的位置同时施加扰动,当两个扰动的幅值比大于等于20时,距离较强扰动点的最大定位误差的最大值为200m;在5km和5.05km位置同时施加幅值比为1的扰动,距离5km位置的最大定位误差为200m,验证了仿真结果的正确性.该研究为多点同时扰动条件下光纤分布式扰动传感器定位准确度的提高和误报率的降低提供了理论指导.     

相位敏感光时域反射计识别入侵事件算法

在相位敏感光时域反射计识别入侵事件中,基于传统算法研究了时间域单点振动判断、空间域相邻点振动判断、特征量峰值比例判断相互结合的算法,并从算法的识别准确率、实时性、复杂性、定位稳定性等角度,衡量算法的优劣.实验验证发现,时间域单点振动判断、空间域相邻点振动判断结合的算法识别入侵事件准确率最高,达100%,且实时性满足性能要求,算法简单,定位稳定性好.该算法在不同频率下振动事件中适用性较强,可为相位敏感光时域反射计应用于安防监测领域的信号处理部分提供参考.     

Molecular simulation of adsorption and intrusion in nanopores

This paper reports Monte Carlo simulations of the adsorption or intrusion in cylindrical silica nanopores. All the pores are opened at both ends towards an external bulk reservoir, so that they mimic real materials for which the confined fluid is always in contact with the external phase. This realistic model allows us to discuss the nature of the filling and emptying mechanisms. The adsorption corresponds to the metastable nucleation of the liquid phase, starting from a partially filled pore (a molecular thick film adsorbed at the pore surface). On the other hand, the desorption occurs through the displacement at equilibrium of a gas/liquid hemispherical interface (concave meniscus) along the pore axis. The intrusion of the non-wetting fluid proceeds through the invasion in the pore of the liquid/gas interface (convex meniscus), while the extrusion consists of the nucleation of the gas phase within the pore. In the case of adsorption, our simulation data are used to discuss the validity of the modified Kelvin equation (which is corrected for both the film adsorbed at the pore surface and the curvature effect on the gas/liquid surface tension).