数据关联性分析辅助漏洞挖掘

为了提高对缓冲区溢出漏洞的挖掘效率, 提出了使用数据关联性分析辅助漏洞挖掘的方法。该方法首先对目标文件进行反编译, 在反编译的基础上构建函数的抽象语法树 (AST), 设计算法提取关键变量的反向关联信息, 之后将提取的信息应用到漏洞挖掘中。该方法在无源码漏洞挖掘方面有明显优势, 能有效发掘软件中存在的缓冲区溢出漏洞可疑点, 提高漏洞挖掘的效率和自动化程度。     

基于关联规则的Web日志数据分析系统

本文旨在研究基于Web环境下利用关联规则对Web日志挖掘的数据分析系统。把关联规则的概念引入到web日志挖掘中,将用户的访问路径以关联规则的形式表现出来,其目的在于从用户访问超文本系统的行为中发现用户的访问模式。然后在砷riori挖掘算法思想的基础上,对其改造,给出了适合挖掘用户访问频繁路径的类Apriori算法。最后设计开发了一个Web日志数据分析系统。此系统主要包含三个功能模块：数据预处理模块、智能分析模块和基本分析模块     

基于关联规则的Web日志数据分析系统

本文旨在研究基于Web环境下利用关联规则对Web日志挖掘的数据分析系统。把关联规则的概念引入到Web日志挖掘中,将用户的访问路径以关联规则的形式表现出来,其目的在于从用户访问超文本系统的行为中发现用户的访问模式。然后在Apriori挖掘算法思想的基础上,对其改造,给出了适合挖掘用户访问频繁路径的类Apriori算法。最后设计开发了一个Web日志数据分析系统。此系统主要包含三个功能模块:数据预处理模块、智能分析模块和基本分析模块     

基于关联规则挖掘的个性化智能推荐服务

为了解决WWW上的“信息过载”和“资源迷向”问题,该文提出了基于关联规则挖掘的个性化智能推荐服务。个性化智能推荐服务系统包括两个主要部分:离线部分和在线部分,在离线方式下,执行对WEB服务器的访问log文件的分析挖掘,获取用户事务模式,再采用支持度过滤方法获取频繁的用户事务模式,然后,生成聚集树。在在线方式下,针对当前滑窗的用户访问操作路径,采用基于聚集树的关联规则挖掘,获取匹配当前滑窗的用户访问操作路径的关联规则集,生成推荐的候选集。实现在线个性化智能推荐服务。试验结果显示,该文提出的方法是有效的和可行的。     

有序概念格与WWW用户访问模式的增量挖掘

访问模式是用户沿URL超链寻找和浏览网页规律的总结 ,发现用户访问模式对于帮助用户快速到达目标页面 ,进而实现搜索引擎的个性化导航具有重要意义 目前虽有一些挖掘用户访问模式的工作 ,但尚未发现能够处理增量数据的系统化挖掘算法 用户访问模式挖掘可由如下 3个步骤完成 :①由日志库提取最大向前关联路径 ,②由最大向前关联路径发现频繁关联路径序列 ,③由频繁关联路径序列得到最大频繁关联路径序列 ,其中②是问题的核心 为得到系统化算法 ,对概念格模型加以顺序约束 ,提出了有序概念格 ,并将其用于Web访问模式的增量发掘 给出了增量式高效挖掘算法 ,并与相关工作进行了比较 ,对合成数据和实际数据的实验结果验证了算法的有效性     

有序概念格与WWW用户访问模式的增量控掘

访问模式是用户沿URL超链寻找和浏览网页规律的总结，发现用户访问模式对于帮助用户快速到达目标页面，进而实现搜索引擎的个性化导航具有重要意义．目前虽有一些挖掘用户访问模式的工作，但尚未发现能够处理增量数据的系统化挖掘算法．用户访问模式挖掘可由如下3个步骤完成：①由日志库提取最大向前关联路径，②由最大向前关联路径发现频繁关联路径序列，③由频繁关联路径序列得到最大频繁关联路径序列，其中②是问题的核心．为得到系统化算法，对概念格模型加以顺序约束，提出了有序概念格，并将其用于Web访问模式的增量发掘．给出了增量式高效挖掘算法，并与相关工作进行了比较，对合成数据和实际数据的实验结果验证了算法的有效性．     

网络访问行为关联规则提取的研究与设计

首先介绍了用户网络访问行为分析系统的框架,然后针对系统需要解决的提取用户访问模式信息中的多维多值关联规则的问题,对传统的关联规则挖掘方法进行了扩充和改进.改进后的方法能够结合系统设计的属性参数及概念划分要求,提取有价值的关联规则,有效反映用户的访问行为模式.     

Web行为下的正向关联规则挖掘研究

Web关联规则挖掘研究用户对Web站点上不同页面之间的访问规律,为智能Web站点的个性化服务提供知识依据。文中讨论在Web使用挖掘中如何实现关联规则挖掘与访问序列相结合,挖掘切实有效的关联规则;具体阐述如何构造最大向前路径,并将关联规则与最大向前路径匹配、过虑的过程。试验证明得到的关联规则可作为智能Web站点的有效知识依据。     

Web行为下的正向关联规则挖掘研究

Web关联规则挖掘研究用户对Web站点上不同页面之间的访问规律,为智能Web站点的个性化服务提供知识依据。文中讨论在Web使用挖掘中如何实现关联规则挖掘与访问序列相结合,挖掘切实有效的关联规则;具体阐述如何构造最大向前路径,并将关联规则与最大向前路径匹配、过虑的过程。试验证明得到的关联规则可作为智能Web站点的有效知识依据。     

Android系统服务信息分层获取方法

获取Android系统服务关键信息有利于实现对Android系统的漏洞挖掘和安全评估。为解决当前系统服务关键信息获取方法存在系统源码依赖度高、兼容性差导致的信息获取不全面的问题,提出一种Android系统服务信息分层获取方法。该方法通过在Android系统的应用层、框架层和内核层分别建立完整的Binder通信行为监控视图,解析服务依赖关系、服务进程信息与接口参数规范,在不依赖源码的前提下实现系统服务关键信息的自动化获取。在多个Android设备中进行系统服务关键信息获取实验,结果表明该方法能全面地获取多项系统服务关键信息,具备更强的实用性。     

Integrating conceptual and logical couplings for change impact analysis in software

The paper presents an approach that combines conceptual and evolutionary techniques to support change impact analysis in source code. Conceptual couplings capture the extent to which domain concepts and software artifacts are related to each other. This information is derived using Information Retrieval based analysis of textual software artifacts that are found in a single version of software (e.g., comments and identifiers in a single snapshot of source code). Evolutionary couplings capture the extent to which software artifacts were co-changed. This information is derived from analyzing patterns, relationships, and relevant information of source code changes mined from multiple versions in software repositories. The premise is that such combined methods provide improvements to the accuracy of impact sets compared to the two individual approaches. A rigorous empirical assessment on the changes of the open source systems Apache httpd, ArgoUML, iBatis, KOffice, and jEdit is also reported. The impact sets are evaluated at the file and method levels of granularity for all the software systems considered in the empirical evaluation. The results show that a combination of conceptual and evolutionary techniques, across several cut-off points and periods of history, provides statistically significant improvements in accuracy over either of the two techniques used independently. Improvements in F-measure values of up to 14% (from 3% to 17%) over the conceptual technique in ArgoUML at the method granularity, and up to 21% over the evolutionary technique in iBatis (from 9% to 30%) at the file granularity were reported.     

Automatic mining of source code repositories to improve bug finding techniques

We describe a method to use the source code change history of a software project to drive and help to refine the search for bugs. Based on the data retrieved from the source code repository, we implement a static source code checker that searches for a commonly fixed bug and uses information automatically mined from the source code repository to refine its results. By applying our tool, we have identified a total of 178 warnings that are likely bugs in the Apache Web server source code and a total of 546 warnings that are likely bugs in Wine, an open-source implementation of the Windows API. We show that our technique is more effective than the same static analysis that does not use historical data from the source code repository.     

一个可以准确反映Web 浏览兴趣的度量值——偏爱度

在分析如何准确反映Web浏览兴趣的基础上提出偏爱度的概念，并依据这个概念设计了基于用户浏览偏爱树的偏爱路径挖掘算法，首先用Web日志构筑用户浏览偏爱树(PNT)；然后利用PNT树进行用户浏览兴趣模式的挖掘，发现用户浏览偏爱路径，该算法可广泛应用于电子商务领域。     

雷达和QAR数据的融合处理

基于数据融合技术,在研究雷达数据与快速访问记录器(QAR,quick access recorder)数据构成的基础上,提出了一种将雷达数据与QAR数据进行航迹融合的处理方法。通过坐标变换,能在平面内绘出飞行航迹;利用卡尔曼滤波算法对接收的数据进行处理,能有效地减少了报文丢失及乱码对跟踪精度的影响;同时,采用时间对准算法实现不同航迹数据的同时性。结果表明,雷达数据与QAR数据进行加权融合的处理方法,实现了两类数据的融合以及对有效信息的综合利用,从而降低雷达测量误差对系统监视精度的影响。     

基于筛选压缩的类Apriori算法的研究

该文根据用户的Web访问路径应用关联规则和类Apriori算法挖掘出该用户的频繁访问路径,通过对Apriori算法和目前针对提高该算法效率的各种优化技术的详细分析和研究,对类Apriori算法进行了改进,提出了基于筛选压缩的类Apriori挖掘算法,并进行了模拟实验,比较结果显示基于筛选压缩的类Apriori挖掘算法挖掘用户频繁遍历路径的效率高于类Apriori算法,最终可获取用户的频繁遍历路径。     

On the identification of covert storage channels in secure systems

A practical method for the identification of covert storage channels is presented and its application to the source code of the Secure Xenix kernel is illustrated. The method is based on the identification of all visible/alterable kernel variables by using information-flow analysis of language code. The method also requires that, after the sharing relationships among the kernel primitives and the visible/alterable variables are determined, the nondiscretionary access rules implemented by each primitive be applied to identify the potential storage channels. The method can be generalized to other implementation languages, and has the following advantages: it helps discover all potential storage channels is kernel code, thereby helping determine whether the nondiscretionary access rules are implemented correctly; it helps avoid discovery of false flow violations and their unnecessary analysis; and it helps identify the kernel locations where audit code and time-delay variables need to be placed for covert-channel handling     

Software assessment using metrics: A comparison across large C++ and Java systems

This paper presents an assessment method to evaluate the quality of object oriented software systems. The assessment method is based on source code abstraction, object–oriented metrics and graphical representation. The metrics used and the underlying model representing the software are presented. The assessment method experiment is part of an industrial research effort with the Bell Canada Quality Engineering and Research Group. It helps evaluators assess the quality and risks associated with software by identifying code fragments presenting unusual characteristics. The assessment method evaluates object–oriented software systems at three levels of granularity: system level, class level and method level. One large C++ and eight Java software systems, for a total of over one million lines of code, are presented as case studies. A critical analysis of the results is presented comparing the systems and the two languages.     

源码处理场景下人工智能系统鲁棒性验证方法

人工智能(artificial intelligence, AI)技术的发展为源码处理场景下AI系统提供了强有力的支撑.相较于自然语言处理,源码在语义空间上具有特殊性,源码处理相关的机器学习任务通常采用抽象语法树、数据依赖图、控制流图等方式获取代码的结构化信息并进行特征抽取.现有研究通过对源码结构的深入分析以及对分类器的灵活应用已经能够在实验场景下获得优秀的结果.然而,对于源码结构更为复杂的真实应用场景,多数源码处理相关的AI系统出现性能滑坡,难以在工业界落地,这引发了从业者对于AI系统鲁棒性的思考.由于基于AI技术开发的系统普遍是数据驱动的黑盒系统,直接衡量该类软件系统的鲁棒性存在困难.随着对抗攻击技术的兴起,在自然语言处理领域已有学者针对不同任务设计对抗攻击来验证模型的鲁棒性并进行大规模的实证研究.为了解决源码处理场景下AI系统在复杂代码场景下的不稳定性问题,提出一种鲁棒性验证方法 (robustness verification by Metropolis-Hastings attack method, RVMHM),首先使用基于抽象语法树的代码预处理工具提取模型的变量池,然后利...     

Software assessment using metrics: A comparison across large C++ and Java systems

This paper presents an assessment method to evaluate the quality of object oriented software systems. The assessment method is based on source code abstraction, object–oriented metrics and graphical representation. The metrics used and the underlying model representing the software are presented. The assessment method experiment is part of an industrial research effort with the Bell Canada Quality Engineering and Research Group. It helps evaluators assess the quality and risks associated with software by identifying code fragments presenting unusual characteristics. The assessment method evaluates object–oriented software systems at three levels of granularity: system level, class level and method level. One large C++ and eight Java software systems, for a total of over one million lines of code, are presented as case studies. A critical analysis of the results is presented comparing the systems and the two languages. This revised version was published online in June 2006 with corrections to the Cover Date.     

An extended transaction to maintain consistency and recovery in multidatabase systems

A complete practical solution to transaction management preserving multidatabase consistency in the presence of multidatabase updates and failures is presented. The approach developed does not require support for the two-phase commit (2PC) protocol in the participating local database management systems (LDBMSs). Furthermore, it does not violate local autonomy; the source code of the LDBMSs is not modified in any way and the multidatabase system (MDBS) does not access or modify any control information of the LDBMS. The principles of the 2PC protocol in the process of global transaction commitment are adopted. The presented method does not rely on any specific concurrency control mechanism for LDBMSs. Consideration is given to global transaction failures due to subtransaction aborts by the LDBMSs and local site crashes. The recovery process is based on undo operations. While a global transaction is in progress, the tables accessed by subtransactions of this transaction at each local site are locked using specially initiated table locks. These locks are stored and maintained in the local database itself as control tables. The approach taken is easy to implement, and its limitations are discussed.