基于深度聚类的开源软件漏洞检测方法

针对开源软件漏洞,提出一种基于深度聚类算法的软件源代码漏洞检测方法。该方法利用代码图模型构造开源软件代码属性图,遍历得到关键代码节点并提取出应用程序编程接口（API）序列,将其嵌入向量空间,以关键代码为中心进行聚类,根据聚类结果计算每个函数的异常值,生成检测报告并匹配漏洞库,从而检测出源代码中的漏洞。实验结果表明,该方法能够定位开源软件中漏洞所在的关键代码段并检测出相应漏洞。     

Time-line based model for software project scheduling with genetic algorithms

Effective management of complex software projects depends on the ability to solve complex, subtle optimization problems. Most studies on software project management do not pay enough attention to difficult problems such as employee-to-task assignments, which require optimal schedules and careful use of resources. Commercial tools, such as Microsoft Project, assume that managers as users are capable of assigning tasks to employees to achieve the efficiency of resource utilization, while the project continually evolves. Our earlier work applied genetic algorithms (GAs) to these problems. This paper extends that work, introducing a new, richer model that is capable of more realistically simulating real-world situations. The new model is described along with a new GA that produces optimal or near-optimal schedules. Simulation results show that this new model enhances the ability of GA-based approaches, while providing decision support under more realistic conditions.     

Prediction of concrete compressive strength: Research on hybrid models genetic based algorithms and ANFIS

The management of concrete quality is an important task of concrete industry. This paper researched on the structured and unstructured factors which affect the concrete quality. Compressive strength of concrete is one of the most essential qualities of concrete, conventional regression models to predict the concrete strength could not achieve an expected result due to the unstructured factors. For this reason, two hybrid models were proposed in this paper, one was the genetic based algorithm the other was the adaptive network-based fuzzy inference system (ANFIS). For the genetic based algorithm, genetic algorithm (GA) was applied to optimize the weights and thresholds of back-propagation artificial neural network (BP-ANN). For the ANFIS model, two building methods were explored. By adopting these predicting methods, considerable cost and time-consuming laboratory tests could be saved. The result showed that both of these two hybrid models have good performance in desirable accuracy and applicability in practical production, endowing them high potential to substitute the conventional regression models in real engineering practice.     

基于配置模糊的软件漏洞检测方法

为了检测特定配置条件下的软件漏洞,提出了一种配置模糊测试方法.它通过改变被测程序的配置检测一些只在特定运行时特定配置下才能表现出来的软件漏洞.应用程序运行在部署环境下时,配置模糊测试技术连续不断的模糊应用程序的配置信息,检查软件是否违反了“安全准则”,若违反,则表示存在一个安全漏洞,配置模糊测试技术执行测试时利用的是正在运行的一个应用程序的副本,因此不会影响应用程序的状态.描述了配置模糊测试方法的原型实现,并通过实验验证了该方法的高效性.     

一种基于fuzzing技术的漏洞发掘新思路*

目前检测软件缓冲区溢出漏洞仅局限于手工分析、二进制补丁比较及fuzzing技术等,这些技术要么对人工分析依赖程度高,要么盲目性太大,致使漏洞发掘效率极为低下。结合fuzzing技术、数据流动态分析技术以及异常自动分析技术等,提出一种新的缓冲区溢出漏洞发掘思路。新思路克服了已有缓冲区溢出漏洞发掘技术的缺点,能有效发掘网络服务器软件中潜在的未知安全漏洞（0day）,提高了缓冲区溢出漏洞发掘效率和自动化程度。     

基于改进遗传算法的最小生成树算法

以图论和改进遗传算法为基础,提出了一种求最小生成树的遗传算法。该算法采用二进制表示最小树问题,并设计出相应的适应度函数、算子以及几种控制策略,以提高执行速度和进化效率。传统算法一次只能得到一个候选解。用该算法对其求解,可以在较短的时间内以较高的概率获得多个候选解。应用实例表明该算法优于传统算法。     

基于机器学习的软件脆弱性分析方法综述

随着被披露脆弱性代码样本数量的不断增加和机器学习方法的广泛应用,基于机器学习的软件脆弱性分析逐渐成为信息安全领域的热点研究方向。首先,通过分析已有研究工作,提出了基于机器学习的软件脆弱性挖掘框架;然后,从程序分析角度对已有研究工作进行了分类综述;最后,对研究成果进行了对比分析,并分析了当前基于机器学习的脆弱性分析方法面临的挑战,展望了未来的发展方向。     

基于小生境的开放式遗传算法

针对现有遗传算法处理带约束优化问题时存在的缺点,基于小生境技术提出一种新的开放式遗传算法, 证明它一定能收敛到全局最优解。该算法避免罚因子的选择问题,具有很强的通用性,对问题本身和约束基本没有要求,实施起来十分方便,可以充分发挥GA的优势。通过两个小生境相互作用机制,使GA群体搜索的特点得到很好的利用,保证群体的多样性,加速搜索速度。仿真实例说明了它的有效性。     

基于遗传算法混沌系统同步的研究

把混沌同步和混沌控制相结合, 利用引导混沌轨道的基本原理, 将模拟自然界生物进化过程的遗传算法用于混沌同步, 提出基于遗传算法引导混沌轨道, 从而实现混沌系统同步的新方法, 目的是使初始条件不同的混沌系统在小扰动作用下能迅速到达同步, 并采取策略使同步得以维持. 以H啨ｎｏｎＭａｐ系统为例的仿真表明, 用此方法实现同步效果良好.     

The optimization of success probability for software projects using genetic algorithms

The software development process is usually affected by many risk factors that may cause the loss of control and failure, thus which need to be identified and mitigated by project managers. Software development companies are currently improving their process by adopting internationally accepted practices, with the aim of avoiding risks and demonstrating the quality of their work.This paper aims to develop a method to identify which risk factors are more influential in determining project outcome. This method must also propose a cost effective investment of project resources to improve the probability of project success.To achieve these aims, we use the probability of success relative to cost to calculate the efficiency of the probable project outcome. The definition of efficiency used in this paper was proposed by researchers in the field of education. We then use this efficiency as the fitness function in an optimization technique based on genetic algorithms. This method maximizes the success probability output of a prediction model relative to cost.The optimization method was tested with several software risk prediction models that have been developed based on the literature and using data from a survey which collected information from in-house and outsourced software development projects in the Chilean software industry. These models predict the probability of success of a project based on the activities undertaken by the project manager and development team. The results show that the proposed method is very useful to identify those activities needing greater allocation of resources, and which of these will have a higher impact on the projects success probability.Therefore using the measure of efficiency has allowed a modular approach to identify those activities in software development on which to focus the project's limited resources to improve its probability of success. The genetic algorithm and the measure of efficiency presented in this paper permit model independence, in both prediction of success and cost evaluation.     

Recognizing arabic handwritten characters using deep learning and genetic algorithms

Automated techniques for Arabic content recognition are at a beginning period contrasted with their partners for the Latin and Chinese contents recognition. There is a bulk of handwritten Arabic archives available in libraries, data centers, historical centers, and workplaces. Digitization of these documents facilitates (1) to preserve and transfer the country’s history electronically, (2) to save the physical storage space, (3) to proper handling of the documents, and (4) to enhance the retrieval of information through the Internet and other mediums. Arabic handwritten character recognition (AHCR) systems face several challenges including the unlimited variations in human handwriting and the leakage of large and public databases. In the current study, the segmentation and recognition phases are addressed. The text segmentation challenges and a set of solutions for each challenge are presented. The convolutional neural network (CNN), deep learning approach, is used in the recognition phase. The usage of CNN leads to significant improvements across different machine learning classification algorithms. It facilitates the automatic feature extraction of images. 14 different native CNN architectures are proposed after a set of try-and-error trials. They are trained and tested on the HMBD database that contains 54,115 of the handwritten Arabic characters. Experiments are performed on the native CNN architectures and the best-reported testing accuracy is 91.96%. A transfer learning (TF) and genetic algorithm (GA) approach named “HMB-AHCR-DLGA” is suggested to optimize the training parameters and hyperparameters in the recognition phase. The pre-trained CNN models (VGG16, VGG19, and MobileNetV2) are used in the later approach. Five optimization experiments are performed and the best combinations are reported. The highest reported testing accuracy is 92.88%.

     

基于词典和遗传算法的文本特征获取方法

Web文本特征获取是Web挖掘中重要而关键的前提工作,传统文本特征获取方法由于在确定文本词条的权重方面做得不够准确,从而直接影响了文本分类算法的精确度.为此,提出一种基于主题词典和遗传算法的文本特征获取方法(dic.tionary and GA-based feature selection algorithms,DGFSA),利用主题词典来调整词条权重,从而获取文本特征向量.实验结果表明,DGFSA比传统算法在文本分类的准确率和特征词的约简率方面分别提高了28.4%和16.3%.     

软件脆弱性分类方法研究

分析了在分类标准、分类规则、框架结构以及分类视角等方面具有特色的软件脆弱性分类方法;在此基础上,提炼出脆弱性分类的要素,并对经典的分类法进行多角度的比较分析,总结出每个分类法的特点和主要问题,讨论了现今脆弱性分类研究的关键问题和发展趋势。     

Economics of software vulnerability disclosure

Information security breaches frequently exploit software flaws or vulnerabilities, causing significant economic losses. Considerable debate exists about how to disclose such vulnerabilities. A coherent theoretical framework helps identify the key data elements needed to develop a sensible way of handling vulnerability disclosure     

基于遗传算法求任意函数的数值积分

针对复杂函数的数值积分问题,给出了若干个任意分割积分区间的数值积分的误差结果,并提出一种基于遗传算法的不等距节点分割的数值积分方法。该方法初始时在积分区间内任意选取一定的节点,通过遗传算法优化这些节点,在相邻节点间利用Simpson公式近似计算积分,最后得到较准确的积分结果。数值计算结果表明,该方法计算精度高,而且可以计算奇异函数及震荡函数的积分。     

Group multicast routing problem: A genetic algorithms based approach

To save network resources, multicast transmissions are more and more adopted by the operators when the same content has to reach several destinations in parallel, such as in IPTV services, radio broadcast and video-clip streaming. Though, with respect to unicast transmissions, multicast sessions make the routing problem more complex with huge sets of trees to be evaluated. Additionally, since in the real world several multicast sessions occur simultaneously, the suitable trees for more sessions have to be found concurrently. This problem is addressed in this paper, which proposes the use of the genetic algorithms (GA) to reduce the number of solutions to be evaluated. Firstly, a heuristic procedure is employed to generate a set of possible trees for each session in isolation; secondly, the GA are applied to find the appropriate combination of the trees to comply with the bandwidth needs of the group of multicast sessions simultaneously. The goodness of each solution is assessed by means of an expression that weights both network bandwidth allocation and one-way delay. Some key parameters are also introduced that allow the operator to find the desired balance between quality of service and network resource utilization. Experimental results are provided to show the performance of the proposed algorithm compared with alternative solutions in terms of bandwidth utilization and transmission delay and to illustrate the influence of the selection and crossover procedures configuration.     

基于软硬件协同形式验证的固件漏洞分析技术

为了系统高效地分析固件中潜在的安全隐患,提出了一种基于行为时序逻辑 TLA 的软硬件协同形式验证方法。通过对固件工作过程中的软硬件交互机制进行形式建模分析,在动态调整攻击模型的基础上,发现了固件更新过程中存在的安全漏洞,并通过实验证实了该漏洞的存在,从而证明了形式验证方法的可靠性。     

基于GA的非线性系统Fuzzy控制规则自调整

控制精度和自适应能力一直是模糊控制中较难解决的问题,对于非线性系统更是如此,解决这一技术的核心问题在于控制规则的选取,而遗传算法可以较好地解决常规的数学优化技术不能有效解决的问题。该文给出了对于具有修正因子的控制规则,采用遗传算法对其参数进行自调整的方法,以提高整个控制器的性能。仿真结果表明,这种方法可提高模糊控制器的性能,对非线性系统的控制是有效的。     

深度学习行人检测方法综述

行人检测技术在智能交通系统、智能安防监控和智能机器人等领域均表现出了极高的应用价值,已经成为计算机视觉领域的重要研究方向之一。得益于深度学习的飞速发展,基于深度卷积神经网络的通用目标检测模型不断拓展应用到行人检测领域,并取得了良好的性能。但是由于行人目标内在的特殊性和复杂性,特别是考虑到复杂场景下的行人遮挡和尺度变化等问题,基于深度学习的行人检测方法也面临着精度及效率的严峻挑战。本文针对上述问题,以基于深度学习的行人检测技术为研究对象,在充分调研文献的基础上,分别从基于锚点框、基于无锚点框以及通用技术改进(例如损失函数改进、非极大值抑制方法等)3个角度,对行人检测算法进行详细划分,并针对性地选取具有代表性的方法进行详细结合和对比分析。本文总结了当前行人检测领域的通用数据集,从数据构成角度分析各数据集应用场景。同时讨论了各类算法在不同数据集上的性能表现,对比分析各算法在不同数据集中的优劣。最后,对行人检测中待解决的问题与未来的研究方法做出预测和展望。如何缓解遮挡导致的特征缺失问题、如何应对单一视角下尺度变化问题、如何提高检测器效率以及如何有效利用多模态信息提高行人检测精度,均是值得进一步...     

基于流量分析的软件升级漏洞自动检测方法

软件升级过程中,缺乏对升级信息或升级包的认证可能会导致基于中间人攻击的远程代码执行漏洞。为此,提出一种升级漏洞自动检测方法。该方法通过提取升级过程中的网络流量,对升级机制自动画像,将其与漏洞特征向量匹配,预判升级漏洞;在模拟验证环境中,利用画像信息实施中间人攻击,验证检测结果。基于该方法设计了升级漏洞自动分析与验证系统,对 184 个 Windows 应用软件样本进行测试,检测出 117个样本的升级漏洞,证明了本方法的有效性。