With the continuous development of network technology,various large-scale cyber-attacks continue to emerge.These attacks pose a severe threat to the security of systems,networks,and data.Therefore,how to mine attack p...With the continuous development of network technology,various large-scale cyber-attacks continue to emerge.These attacks pose a severe threat to the security of systems,networks,and data.Therefore,how to mine attack patterns from massive data and detect attacks are urgent problems.In this paper,an approach for attack mining and detection is proposed that performs tasks of alarm correlation,false-positive elimination,attack mining,and attack prediction.Based on the idea of CluStream,the proposed approach implements a flow clustering method and a two-step algorithm that guarantees efficient streaming and clustering.The context of an alarm in the attack chain is analyzed and the LightGBM method is used to perform falsepositive recognition with high accuracy.To accelerate the search for the filtered alarm sequence data to mine attack patterns,the PrefixSpan algorithm is also updated in the store strategy.The updated PrefixSpan increases the processing efficiency and achieves a better result than the original one in experiments.With Bayesian theory,the transition probability for the sequence pattern string is calculated and the alarm transition probability table constructed to draw the attack graph.Finally,a long-short-term memory network and embedding word-vector method are used to perform online prediction.Results of numerical experiments show that the method proposed in this paper has a strong practical value for attack detection and prediction.展开更多
In communication alarm correlation analysis,traditional association rules generation(ARG) algorithm usually has low efficiency and high error rate.This paper proposes an alarm correlation rules generation algorithm ba...In communication alarm correlation analysis,traditional association rules generation(ARG) algorithm usually has low efficiency and high error rate.This paper proposes an alarm correlation rules generation algorithm based on the confidence covered value.Confidence covered value method can judge whether a rule is redundant or not scientific After the rules that based on weighted frequent patterns(WFPs) generated,the association rules were deleted by the confidence covered value,in order to delete the redundant rules and keep the rules with more information.Experiments show that the alarm correlation rules generation algorithm based on the confidence covered value has higher efficiency than the traditional method,and can effectively remove redundant rules.Thus it is very suitable for telecommunication alarm association rules processing.展开更多
Structure damage identification and alarming of long-span bridge were conducted with three-dimensional dynamic displacement data collected by GPS subsystem of health monitoring system on Runyang Suspension Bridge.Firs...Structure damage identification and alarming of long-span bridge were conducted with three-dimensional dynamic displacement data collected by GPS subsystem of health monitoring system on Runyang Suspension Bridge.First,the effects of temperature on the main girder spatial position coordinates were analyzed from the transverse,longitudinal and vertical directions of bridge,and the correlation regression models were built between temperature and the position coordinates of main girder in the longitudinal and vertical directions;then the alarming indices of coordinate residuals were conducted,and the mean-value control chart was applied to making statistical pattern identification for abnormal changes of girder dynamic coordinates;and finally,the structural damage alarming method of main girder was established.Analysis results show that temperature has remarkable correlation with position coordinates in the longitudinal and vertical directions of bridge,and has weak correlation with the transverse coordinates.The 3%abnormal change of the longitudinal coordinates and 5%abnormal change of the vertical ones caused by structural damage are respectively identified by the mean-value control chart method based on GPS dynamic monitoring data and hence the structural abnormalities state identification and damage alarming for main girder of long-span suspension bridge can be realized in multiple directions.展开更多
Efficient methods exist for discovering association rules fromlarge collections of data. The number of discovered rules can,however, be so large. At the same time it is well known that manydiscovered associations are ...Efficient methods exist for discovering association rules fromlarge collections of data. The number of discovered rules can,however, be so large. At the same time it is well known that manydiscovered associations are redundant or minor variations of others.Their existence may simply be due to chance rather than truecorrelation. Thus, those spurious and insignificant rules should beremoved. In this paper, we propose a novel technique to over- Comethis problem. The technique firstly introduces the newconcept-structure rule cover, and then present a Quantitative methodto prune redundant correlation patterns. The user can now obtain acomplete picture of the do- Main without being overwhelmed by a hugenumber of rules.展开更多
基金This work is supported by the National Key R&D Program of China(2016QY05X1000)the National Natural Science Foundation of China(Grant No.201561402137).
文摘With the continuous development of network technology,various large-scale cyber-attacks continue to emerge.These attacks pose a severe threat to the security of systems,networks,and data.Therefore,how to mine attack patterns from massive data and detect attacks are urgent problems.In this paper,an approach for attack mining and detection is proposed that performs tasks of alarm correlation,false-positive elimination,attack mining,and attack prediction.Based on the idea of CluStream,the proposed approach implements a flow clustering method and a two-step algorithm that guarantees efficient streaming and clustering.The context of an alarm in the attack chain is analyzed and the LightGBM method is used to perform falsepositive recognition with high accuracy.To accelerate the search for the filtered alarm sequence data to mine attack patterns,the PrefixSpan algorithm is also updated in the store strategy.The updated PrefixSpan increases the processing efficiency and achieves a better result than the original one in experiments.With Bayesian theory,the transition probability for the sequence pattern string is calculated and the alarm transition probability table constructed to draw the attack graph.Finally,a long-short-term memory network and embedding word-vector method are used to perform online prediction.Results of numerical experiments show that the method proposed in this paper has a strong practical value for attack detection and prediction.
基金Project of Sichuan Provincial Department of Education,China(No.13Z215)the Foundation of Scientific Research of Chengdu University of Information Technology,China(No.J201405)+1 种基金the Project of Sichuan Provincial Department of Science and Technology,China(No.2015JY0047)the Open Research Subject of Key Laboratory of Signal and Information Processing,China(No.szjj 2015-070)
文摘In communication alarm correlation analysis,traditional association rules generation(ARG) algorithm usually has low efficiency and high error rate.This paper proposes an alarm correlation rules generation algorithm based on the confidence covered value.Confidence covered value method can judge whether a rule is redundant or not scientific After the rules that based on weighted frequent patterns(WFPs) generated,the association rules were deleted by the confidence covered value,in order to delete the redundant rules and keep the rules with more information.Experiments show that the alarm correlation rules generation algorithm based on the confidence covered value has higher efficiency than the traditional method,and can effectively remove redundant rules.Thus it is very suitable for telecommunication alarm association rules processing.
基金Project(51078080)supported by the National Natural Science Foundation of ChinaProject(20130969010)supported by Aeronautical Science Foundation of China+1 种基金Project(2011Y03-6)supported by Traffic Transportation Technology Project of Jiangsu Province,ChinaProject(BK2012562)supported by the Natural Science Foundation of Jiangsu Province,China
文摘Structure damage identification and alarming of long-span bridge were conducted with three-dimensional dynamic displacement data collected by GPS subsystem of health monitoring system on Runyang Suspension Bridge.First,the effects of temperature on the main girder spatial position coordinates were analyzed from the transverse,longitudinal and vertical directions of bridge,and the correlation regression models were built between temperature and the position coordinates of main girder in the longitudinal and vertical directions;then the alarming indices of coordinate residuals were conducted,and the mean-value control chart was applied to making statistical pattern identification for abnormal changes of girder dynamic coordinates;and finally,the structural damage alarming method of main girder was established.Analysis results show that temperature has remarkable correlation with position coordinates in the longitudinal and vertical directions of bridge,and has weak correlation with the transverse coordinates.The 3%abnormal change of the longitudinal coordinates and 5%abnormal change of the vertical ones caused by structural damage are respectively identified by the mean-value control chart method based on GPS dynamic monitoring data and hence the structural abnormalities state identification and damage alarming for main girder of long-span suspension bridge can be realized in multiple directions.
文摘Efficient methods exist for discovering association rules fromlarge collections of data. The number of discovered rules can,however, be so large. At the same time it is well known that manydiscovered associations are redundant or minor variations of others.Their existence may simply be due to chance rather than truecorrelation. Thus, those spurious and insignificant rules should beremoved. In this paper, we propose a novel technique to over- Comethis problem. The technique firstly introduces the newconcept-structure rule cover, and then present a Quantitative methodto prune redundant correlation patterns. The user can now obtain acomplete picture of the do- Main without being overwhelmed by a hugenumber of rules.
