基于自适应学习的Rootkit检测模型

针对目前基于异常行为的Rootkit检测方法依赖于行为的选取和行为模式库的完备性,提出了一种基于自适应学习的Rootkit检测系统模型。该模型对通过模糊行为识别检测出的Rootkit的行为进行分析,利用学习机制提取新的行为特征,不断完善行为模式库,并动态计算各行为特征对Rootkit的支持度自适应地更新各行为特征的检测权重,实现对未知Rootkit的检测。实验结果表明,该模型能较好地检测Rootkit,且不会明显影响系统性能。     

基于机器学习的入侵检测方法实验与分析

入侵检测系统(IDS)是保障信息安全的重要手段。分析了机器学习应用于网络连接级的异常检测模型的过程，然后建立了异常检测系统原型，以验证此方法用于IDS的可能性及所能达到的性能。实验以DARPA网络数据为例，对数据的特征进行了分析、选取及构造，并针对多种情况进行了测试。实验结果表明，该IDS系统具有很好的检测性能。最后对结果进行了分析，并得出了几个有用的结论。     

基于加权信息增益的恶意代码检测方法

采用数据挖掘技术检测恶意代码,提出一种基于加权信息增益的特征选择方法。该方法综合考虑特征频率和信息增益的作用,能够更加准确地选取有效特征,从而提高检测性能。实现一个恶意代码检测系统,采用二进制代码的N-gram和变长N-gram作为特征提取方法,加权信息增益作为特征选择方法,使用多种分类器进行恶意代码检测。实验结果证明,该方法能有效提高恶意代码的检测率和准确率。     

基于快速级联分类的行人检测系统

行人检测系统难以同时具有高检测率、低误报率和较快的检测速度。为解决该问题,提出一种基于快速级联分类的行人检测系统。该系统包括预处理和分类检测2个部分,在分类检测阶段,利用AdaBoost算法选取部分最优的特征,通过固定训练样本的误报率,并结合串联分类器的优点,设计快速级联分类器(FastCascade),其中,单特征分类器使用快速排序策略,以提高系统的整体性能。仿真结果表明,该FastCascade的接收者操作特征曲线下面积、F-measure和G-mean结果均高于传统的AdaBoost算法、UnderSampling算法和EasyEnsemble算法。     

一种Windows主机入侵检测实验系统

针对广泛使用的Windows平台，建立了一个基于主机的入侵检测实验系统。在深入分析Windows主机的安全特性的基础上，利用安全日志、系统日志、性能日志及文件完整性校验、注册表等多种信息，提出了18项入侵检测特征，并利用支持向量机建立入侵检测器，实现了对多种攻击的检测。实验结果表明，特征选取合理、检测方法有效。     

一种基于鲁棒Hash的拷贝检测方案

提出一种基于鲁棒Hash的视频拷贝检测方案.通过对特征点进行分类,选取在时空域上持久存在的稳定点,对邻域点进行微分计算构造局部特征.将多维特征数据进行Hilbert编码,并选取有效位作为检测Hash码.为了准确的在目标视频中定位可疑内容,提出了Hash匹配方案,将序列相似度作为匹配的依据,提高匹配精度.实验结果表明本方案拥有较好检测性能,适用于视频内容的拷贝检测.     

汽车牌照定位技术研究

在车牌自动识别系统中,车牌定位的准确度是决定系统性能的关键因素之一。该文提出了一种将彩色图像边缘检测技术与BP神经网络相结合的车牌定位方法。通过选取合适的预处理算法和抽取适当的特征使算法具有很好的准确性、适应性和实时性。     

SVM文本分类中一种新的特征提取方法

随着互联网的迅速发展,面向重要网络媒体海量发布信息实现智能分类,对于网络信息监管、舆论引导工作有着深远的意义。文中针对在文本分类中的特征选取问题,描述了一种基于法矢量权重的特征评价和选取方法。将此方法与SVM学习算法进行结合,在路透社标准文本测试集上进行了对比评估。实验结果显示,此特征选取方法相对于传统的特征选取方法可以产生更优的分类性能。此特征提取方法提供一种有效的途径,在基本保持分类器性能的前提下显著地减少特征空间的维数,进而提升系统的资源利用效率。     

SVM文本分类中一种新的特征提取方法

随着互联网的迅速发展,面向重要网络媒体海量发布信息实现智能分类,对于网络信息监管、舆论引导工作有着深远的意义。文中针对在文本分类中的特征选取问题,描述了一种基于法矢量权重的特征评价和选取方法。将此方法与SVM学习算法进行结合,在路透社标准文本测试集上进行了对比评估。实验结果显示,此特征选取方法相对于传统的特征选取方法可以产生更优的分类性能。此特征提取方法提供一种有效的途径,在基本保持分类器性能的前提下显著地减少特征空间的维数,进而提升系统的资源利用效率。     

基于肤色和类Harr特征的人脸图像的人眼检测

人眼检测在表情识别和计算机视觉领域得到了广泛的关注和研究,但是在多数的人眼检测方法中,对于背景较复杂的图像,识别率急速下降,误检率急剧上升。经过研究,使用椭圆肤色模型预处理图像,分割出肤色区域和非肤色区域,检测算法只对肤色区域进行人眼检测,有效降低了复杂背景造成的高误检率。同时特征选取是决定检测算法识别率和误检率等性能标准的关键因素,选取类Harr特征训练Adaboost级联分类器,实验表明了类Harr特征的有效性。     

基于特征选择的轻量级入侵检测系统

基于特征选择的入侵检测系统处理的数据含有大量的冗余与噪音特征,使得系统耗用的计算资源很大,导致系统训练时间长、实时性差,检测效果不好.特征选择算法能够很好地消除冗余和噪音特征,为了提高入侵检测系统的检测速度和效果,对基于特征选择的入侵检测系统进行研究是必要的.综述了这一领域的研究进展,从过滤器、封装器、混合器3种模式对基于特征选择的轻量级入侵检测系统进行分类比较,分析和总结各种系统的优缺点以及它们各自适用的条件,最后指出入侵检测领域特征选择的发展趋势.特征选择不仅可以提升入侵检测系统的性能,而且使得对入侵检测的研究向特征提取算法的方向转移.     

基于混合CatfishPSO-LSSVM 特征选择的入侵检测

入侵检测系统面临的主要问题是计算量大,特征选择被引入解决这一问题。针对现有方法的缺点,利用改进的粒子群算法来搜索最优特征子集,提出了一种基于混合CatfishPSO和最小二乘支持向量机的特征选择方法,利用混合的CatfishBPSO和CatfishPSO选择特征子集并同步对LSSVM的参数进行优化,最后建立了一个基于该特征选择方法的入侵检测模型。在KDD Cup 99数据集上进行的实验结果表明该模型的检测性能较高。     

Building lightweight intrusion detection system using wrapper-based feature selection mechanisms

Intrusion Detection System (IDS) is an important and necessary component in ensuring network security and protecting network resources and network infrastructures. How to build a lightweight IDS is a hot topic in network security. Moreover, feature selection is a classic research topic in data mining and it has attracted much interest from researchers in many fields such as network security, pattern recognition and data mining. In this paper, we effectively introduced feature selection methods to intrusion detection domain. We propose a wrapper-based feature selection algorithm aiming at building lightweight intrusion detection system by using modified random mutation hill climbing (RMHC) as search strategy to specify a candidate subset for evaluation, as well as using modified linear Support Vector Machines (SVMs) iterative procedure as wrapper approach to obtain the optimum feature subset. We verify the effectiveness and the feasibility of our feature selection algorithm by several experiments on KDD Cup 1999 intrusion detection dataset. The experimental results strongly show that our approach is not only able to speed up the process of selecting important features but also to yield high detection rates. Furthermore, our experimental results indicate that intrusion detection system with feature selection algorithm has better performance than that without feature selection algorithm both in detection performance and computational cost.     

Feature selection for fault detection systems: application to the Tennessee Eastman process

In fault detection systems, a massive amount of data gathered from the life-cycle of equipment is often used to learn models or classifiers that aims at diagnosing different kinds of errors or failures. Among this huge quantity of information, some features (or sets of features) are more correlated with a kind of failure than another. The presence of irrelevant features might affect the performance of the classifier. To improve the performance of a detection system, feature selection is hence a key step. We propose in this paper an algorithm named STRASS, which aims at detecting relevant features for classification purposes. In certain cases, when there exists a strong correlation between some features and the associated class, conventional feature selection algorithms fail at selecting the most relevant features. In order to cope with this problem, STRASS algorithm uses k-way correlation between features and the class to select relevant features. To assess the performance of STRASS, we apply it on simulated data collected from the Tennessee Eastman chemical plant simulator. The Tennessee Eastman process (TEP) has been used in many fault detection studies and three specific faults are not well discriminated with conventional algorithms. The results obtained by STRASS are compared to those obtained with reference feature selection algorithms. We show that the features selected by STRASS always improve the performance of a classifier compared to the whole set of original features and that the obtained classification is better than with most of the other feature selection algorithms.     

基于量子进化算法的网络入侵检测特征选择

针对当前网络入侵检测中普遍存在检测速度较慢的缺陷,提出了一种新的网络入侵检测特征选择方法。该方法将量子进化算法应用于网络入侵检测的特征选择,从网络连接的原始特征属性中选出一组有效的特征用于入侵检测,以提高检测效率。首先以增强寻优性能为目标改进了量子进化算法,基于特征属性的Fisher比构造了特征子集的评价函数,然后按照量子进化算法的流程设计了网络入侵检测特征选择算法。通过KDD99样本数据集的实验,表明算法是有效的,既保证了入侵检测的分类性能,也提高了入侵检测的效率。     

Genetic-fuzzy rule mining approach and evaluation of feature selection techniques for anomaly intrusion detection

Classification of intrusion attacks and normal network traffic is a challenging and critical problem in pattern recognition and network security. In this paper, we present a novel intrusion detection approach to extract both accurate and interpretable fuzzy IF-THEN rules from network traffic data for classification. The proposed fuzzy rule-based system is evolved from an agent-based evolutionary framework and multi-objective optimization. In addition, the proposed system can also act as a genetic feature selection wrapper to search for an optimal feature subset for dimensionality reduction. To evaluate the classification and feature selection performance of our approach, it is compared with some well-known classifiers as well as feature selection filters and wrappers. The extensive experimental results on the KDD-Cup99 intrusion detection benchmark data set demonstrate that the proposed approach produces interpretable fuzzy systems, and outperforms other classifiers and wrappers by providing the highest detection accuracy for intrusion attacks and low false alarm rate for normal network traffic with minimized number of features.     

基于数据挖掘的入侵特征选择与构造的新方法

入侵检测问题实际上是一个分类问题, 特征选择的好坏直接决定了分类模型的性能。针对计算机安全问题是事后于计算机系统设计、没有标准的审计机制和专门的数据格式用于入侵检测分析用途的现状, 讨论了通过扩展数据挖掘基本算法来对分析数据源进行特征选择, 同时比较挖掘出来的正常模式和异常模式, 构造新的特征, 以加强入侵检测准确率和实时性。     

A novel intrusion detection system based on hierarchical clustering and support vector machines

This study proposed an SVM-based intrusion detection system, which combines a hierarchical clustering algorithm, a simple feature selection procedure, and the SVM technique. The hierarchical clustering algorithm provided the SVM with fewer, abstracted, and higher-qualified training instances that are derived from the KDD Cup 1999 training set. It was able to greatly shorten the training time, but also improve the performance of resultant SVM. The simple feature selection procedure was applied to eliminate unimportant features from the training set so the obtained SVM model could classify the network traffic data more accurately. The famous KDD Cup 1999 dataset was used to evaluate the proposed system. Compared with other intrusion detection systems that are based on the same dataset, this system showed better performance in the detection of DoS and Probe attacks, and the beset performance in overall accuracy.     

Predicting high-risk program modules by selecting the right software measurements

A timely detection of high-risk program modules in high-assurance software is critical for avoiding the high consequences of operational failures. While software risk can initiate from external sources, such as management or outsourcing, software quality is adversely affected when internal software risks are realized, such as improper practice of standard software processes or lack of a defined software quality infrastructure. Practitioners employ various techniques to identify and rectify high-risk or low-quality program modules. Effectiveness of detecting such modules is affected by the software measurements used, making feature selection an important step during software quality prediction. We use a wrapper-based feature ranking technique to select the optimal set of software metrics to build defect prediction models. We also address the adverse effects of class imbalance (very few low-quality modules compared to high-quality modules), a practical problem observed in high-assurance systems. Applying a data sampling technique followed by feature selection is a relatively unique contribution of our work. We present a comprehensive investigation on the impact of data sampling followed by attribute selection on the defect predictors built with imbalanced data. The case study data are obtained from several real-world high-assurance software projects. The key results are that attribute selection is more efficient when applied after data sampling, and defect prediction performance generally improves after applying data sampling and feature selection.     

Intrusion Detection System for Big Data Analytics in IoT Environment

In the digital area, Internet of Things (IoT) and connected objects generate a huge quantity of data traffic which feeds big data analytic models to discover hidden patterns and detect abnormal traffic. Though IoT networks are popular and widely employed in real world applications, security in IoT networks remains a challenging problem. Conventional intrusion detection systems (IDS) cannot be employed in IoT networks owing to the limitations in resources and complexity. Therefore, this paper concentrates on the design of intelligent metaheuristic optimization based feature selection with deep learning (IMFSDL) based classification model, called IMFSDL-IDS for IoT networks. The proposed IMFSDL-IDS model involves data collection as the primary process utilizing the IoT devices and is preprocessed in two stages: data transformation and data normalization. To manage big data, Hadoop ecosystem is employed. Besides, the IMFSDL-IDS model includes a hill climbing with moth flame optimization (HCMFO) for feature subset selection to reduce the complexity and increase the overall detection efficiency. Moreover, the beetle antenna search (BAS) with variational autoencoder (VAE), called BAS-VAE technique is applied for the detection of intrusions in the feature reduced data. The BAS algorithm is integrated into the VAE to properly tune the parameters involved in it and thereby raises the classification performance. To validate the intrusion detection performance of the IMFSDL-IDS system, a set of experimentations were carried out on the standard IDS dataset and the results are investigated under distinct aspects. The resultant experimental values pointed out the betterment of the IMFSDL-IDS model over the compared models with the maximum accuracy 95.25% and 97.39% on the applied NSL-KDD and UNSW-NB15 dataset correspondingly.