基于超球体的一种探测器集构造算法

借鉴免疫细胞工作机理,提出了免疫体概念.利用该免疫体技术构造了一种探测器集构造算法,并把位图索引技术引进到免疫体的构造当中.理论分析和实验结果表明,该算法大大降低了探测器“异己”检测计算复杂度和探测器集存储空间复杂度.最后把该算法应用于恶性可执行体的检测中,并与穷尽式探测器生成算法进行了全面比较,结果表明该算法有明显的优势.     

基于阴性选择原则的Non-self探测器生成算法

基于免疫系统异己检测原理，深入进行了计算机免疫系统探测器生成算法的研究．首先，简要介绍了阴性选择算法，总结了相关的探测器生成算法；然后，基于阴性选择原则提出了两种探测器生成算法，即位变异算法(BMGDGA)和余数生长算法(AGDGA)．文中对两种算法在多种不同的数据集上进行了全面的验证和实验，并与穷尽式探测器生成算法进行了全面系统的比较．结果表明，两种探测器生成算法在综合性能上均优于穷尽式探测器生成算法．     

生物免疫在入侵检测分析引擎中的应用

分析了生物免疫系统在人工智能系统研究中优良的隐喻机理，针对免疫病理转移造成的入侵检测系统(IDS)的安全漏洞，将生物免疫优良的隐喻机理应用于入侵检测分析引擎的研究与开发，设计了一类测度参数优化算法，并在此基础上提出了一类混合入侵检测分析引擎。该方案避免了免疫病理机制转移进入IDS造成的安全隐患以及现有入侵检测引擎虚警与误警率高的缺陷，增强了IDS的实时性、健壮性、高效性、并行性和可适应性。     

基于人工免疫的网络入侵检测技术

目前,受生物免疫系统启发而产生用于网络安全的人工免疫系统(Artificial Immune System,AIS)的研究正在兴起.通过把人工免疫机理引入到网络入侵检测技术中,出现了一个新兴的研究方向:基于人工免疫的网络入侵检测.本文详细讨论了目前基于人工免疫的入侵检测技术的现状,对反病毒模型、非选择性算法、基于免疫自主体的入侵检测框架和分层模型等进行了分析,最后对研究中存在的问题给出了分析,并指出需要改进和注意的问题.     

基于免疫原理的主机静态系统资源异常检测算法

基于免疫系统抗体多样性和异己检测原理，深入进行了计算机静态资源异常检测算法的研究．首先，分析了探测器表达多样性与检测漏洞的关系；然后，在此基础之上提出了计算机静态资源异常检测算法（SRAnDA）．最后对算法在多种数据集上进行了全面的实验，并与MD5算法进行了比较．结果表明，该算法在计算复杂度和空间复杂度两方面均优于MD5算法．在计算机免疫系统静态资源的异常检测中具有很大应用前案．     

检测器实时生成算法及其应用

基于生物免疫系统中抗体的克隆机制与亲和度变异机制,提出一种可实时改变当前检测器集合的检测器生成算法用于入侵检测系统(IDS)。理论分析和应用结果表明,该算法通过较少的检测器即可检测出大量非自体空间中的异常变化,且能降低IDS系统的漏检率和误检率,提高报警的可信性。     

利用人工免疫系统防范网络入侵与攻击

人工免疫系统是一个相对年轻的研究领域,在不同领域得到了广泛应用。本文以人工免疫算法为线索,介绍人工免疫系统在信息安全中研究现状和应用。首先介绍基于传统算法的免疫安全系统,包括反病毒系统、多Agent入侵检测和网络入侵检测。然后总结否定算法及其特点和基于否定算法的网络免疫系统。随后对危险理论基本原理及其在信息安全领域的应用进行系统综述。最后分析了人工免疫系统方法存在的问题,并指出进一步研究方向。     

人工免疫系统超变异模式识别及应用

描述了人工免疫系统(Artificial Immune System,AIS)原理,在人工免疫系统算法的基础上,对免疫系统的超变异特性进行了算法设计,并针对四种简单信号模式对人工免疫系统普通模式识别算法和超变异模式识别算法进行了比较.结果表明:人工免疫系统普通模式识别算法和超变异算法皆可对四种信号模式进行识别,超变异算法可以快速得到最优抗体,且亲和力优于普通人工免疫系统模式识别算法,并给出了人工免疫系统超变异模式识别算法在碳纤维增强复合材料板疏松缺陷超声信号检测中的应用.     

AIS超变异模式识别技术及Matlab语言实现

在人工免疫系统(Artificial Immune System，AIS)算法的基础上，对免疫系统的超变异特性进行了算法设计，并针对四种简单信号模式给出了Matlab语言的实现程序和计算结果。     

一种k元n方网络中的全局自适应负载均衡路由算法

路由算法的设计是k元n方网络研究中的关键问题之一，全局自适应负载均衡路由算法对于各种业务模式都可以达到较高的吞吐率。提出了一种高效的，基于检测的避免路由死锁的新方案，并且给出了一种基于该方案的全局自适应负载均衡路由算法，比已有同类算法具有更强的路由自适应性。仿真实验表明，该算法对于良性业务模式可提高吞吐率18%，对于恶性业务模式可提高吞吐率10%~24%。     

基于实时方差时间图法的DDoS攻击检测

分布式拒绝服务攻击(DDoS)是目前最难解决的网络安全问题之一。基于自相似理论求解Hurst参数值存在的问题,在改进的方差时间图算法(OTVTP)的基础上,文章提出了基于自相似参数方差检测DDoS攻击的方法,并设计了采用该方法检测DDoS攻击的模型。实验结果表明,提出的方法能实时、准确检测和区分由DDoS攻击引起的Hurst参数变化,且检测率比传统方法要高。     

基于多种检测算法的隐写分析方法

针对隐写分析中检测隐秘信息存在的问题,综合现有的检测算法,利用贝叶斯的独立二值分类模型,提出一种隐写分析算法。对其进行分类效果分析和参数控制,并将其应用到图像空域最低有效位隐写的检测中,结果表明,该方法较大程度地降低了虚警率和漏报率,并可以通过调整参数改善分类效果。     

Intrusion detection using reduced-size RNN based on feature grouping

Intrusion detection is well-known as an essential component to secure the systems in Information and Communication Technology (ICT). Based on the type of analyzing events, two kinds of Intrusion Detection Systems (IDS) have been proposed: anomaly-based and misuse-based. In this paper, three-layer Recurrent Neural Network (RNN) architecture with categorized features as inputs and attack types as outputs of RNN is proposed as misuse-based IDS. The input features are categorized to basic features, content features, time-based traffic features, and host-based traffic features. The attack types are classified to Denial-of-Service (DoS), Probe, Remote-to-Local (R2L), and User-to-Root (U2R). For this purpose, in this study, we use the 41 features per connection defined by International Knowledge Discovery and Data mining group (KDD). The RNN has an extra output which corresponds to normal class (no attack). The connections between the nodes of two hidden layers of RNN are considered partial. Experimental results show that the proposed model is able to improve classification rate, particularly in R2L attacks. This method also offers better Detection Rate (DR) and Cost Per Example (CPE) when compared to similar related works and also the simulated Multi-Layer Perceptron (MLP) and Elman-based intrusion detectors. On the other hand, False Alarm Rate (FAR) of the proposed model is not degraded significantly when compared to some recent machine learning methods.     

A lightweight distributed detection algorithm for DDAO attack on RPL routing protocol in Internet of Things

A significant increase in the number of connected devices in the Internet of Things poses a key challenge to efficiently handling the attacks in routing protocols such as Routing Protocol for Low Power and Lossy Networks (RPL). The attacks on RPL are partly studied in the literature, and the proposed solutions typically overlook the appropriate trade-off among the detection rate and communication and computational overhead. This study aimed at introducing a new attack called Dropped Destination Advertisement Object (DDAO) and a new Intrusion Detection System (IDS) to counter this attack in RPL protocol. DDAO attack adversely affects the network by preventing the creation of the downward routes through not forwarding Destination Advertisement Object (DAO) messages and sending fake Destination Advertisement Object Acknowledgment (DAO-ACK) messages to the DAO source. A distributed lightweight IDS is proposed in this study to detect and counter DDAO attacks by monitoring the behavior of parents against forwarded DAO messages. According to the evaluations conducted on the Cooja simulator under different real-world conditions, the proposed IDS can detect DDAO attacks with high accuracy, precision, and True Positive Rate (TPR) and low False Positive Rate (i.e., close to zero). Additionally, compared to RPL, the proposed IDS improves Packet Delivery Rate (PDR) by 158 percent when countering attacks.     

Random Early Detection method for ABR service

A new implementation for the Random Early Detection method algorithm for ABR (REDM–ABR) service is proposed in this paper. It keeps running an exponential average of the queue length (Q). When a cell arrives, the average queue size (Q_avg) is compared with two threshold levels, lower queue threshold (Q_L) and higher queue threshold (Q_H). If it is smaller than Q_L, the cell is passed, but if it is larger than Q_H, the cell marking probability is set to one. If it is in between the two thresholds, the cell marking probability is calculated depending on the value of Q_avg. The values of Resource Management (RM) cell fields: Congestion Indication (CI), No Additive Increase (NI), and Explicit Rate (ER) are filled by the Relative Rate Marking (RRM) switch and sent back to the sources. The sources will change their rate depending on CI, NI, and ER values. To investigate the effect of decreasing the impending congestion area, a dynamic Q threshold (Q_D) is used. The Q_D is shifted from Q_L toward Q_H for decreasing the congestion area and to investigate the effect of this shift on the performance of the switch through simulation study.     

Monitoring and optimizing the state of pollution of high voltage insulators using wireless sensor network based convolutional neural network

In this paper, a wireless sensor network (WSN) is combined with Convolutional Neural Network (CNN) forming a hybrid framework to detect the pollution state in high voltage insulators. The WSN is formed by the collection of sensor readings from each high voltage insulator over the transmission tower. The collected sensor readings from the sensor network is sent to the processing unit or detection unit, where CNN is used for the purpose of detecting the partial discharged high voltage insulator. The CNN is used with partial discharge diagnosis model to detect the dischargers in high voltage insulators. The extraction of relevant features from the CNN helps to improve the detection. The experimental validation are conducted on the proposed model with collected training datasets and real time testing datasets. The proposed method is compared with existing models to test the partial discharges in high voltage insulators, namely Artificial Neural Network, Fuzzy and Ant Colony Optimization. The result shows that the proposed method is effective in detecting the partial discharges than the existing methods in terms of False Acceptance Rate and Missing Detection Rate.     

强噪声环境下基于改进HHT的语音端点检测

为提高语音端点检测系统在低信噪比环境下检测的正确率,提出一种强噪声环境下基于改进的希尔伯特-黄变换语音端点检测方法。对每帧信号进行经验模态分解,得到有限个固有模态函数,去掉第一个固有模态函数,其他的都让其通过一个带宽为250～3500Hz的带通滤波器,消除部分噪声。对所选固有模态函数加权,再进行希尔伯特变换得到能量特征值。通过分析噪声特性,估计噪声阈值。在希尔伯特能量谱上,根据阈值搜索语音起点以及终点。仿真实验表明,在低信噪比的情况下,方法的准确率有明显的提高,并具有很强的鲁棒性。     

CAN总线仪表通讯的自寻波特率方法

介绍了一种CAN总线仪表数据通讯波特率的自寻方法。利用该方法可以方便地实现CAN仪表的通讯速率的自适应。该方法符合开放的现场总线技术的发展方向 ,具有较大的应用价值。文中也介绍了实现该方法的软件     

基于随机丢包网络的网络存储系统故障检测方法

针对网络随机丢包的特性,研究网络存储系统在带有随机丢包的网络中故障检测失误率高的问题,提出了一种在随机丢包网络中的网络存储故障检测方法。该方法将残差发生、残差评估和误报率引入故障检测中。首先,在系统框架中实现残差发生;然后,充分利用随机丢包的随机特性获得残差评价;最后,通过切比雪夫不等式对所设计的阈值进行性能评价,即误报率的计算,给出了相应的诊断算法。仿真结果表明,该方法对故障具有较高的检测灵敏度,并且也证明了该方法的有效性。     

Dynamics analysis of TCP Veno with RED

This paper studies the dynamics of TCP Veno with the queue management of RED (Random Early Detection). We develop a fluid-flow model to describe the behaviors of TCP Veno in wired/wireless networks. This model is further linearized to study TCP Veno’s stability issue through the linear feedback control theory. The analysis points out how the RED queue oscillates under different network parameters such as link capacity, round-trip time. Simulations are carried to validate our theoretical analysis. Furthermore, based on the analysis results obtained in this paper, we are able to provide guidelines for tuning RED parameters to stabilize the router queue, and improve the co-existence between TCP Veno and TFRC (TCP-friendly Rate Control) flows.