A new approach for abnormal behavior detection was proposed using causality analysis and sparse reconstruction. To effectively represent multiple-object behavior, low level visual features and causality features were ...A new approach for abnormal behavior detection was proposed using causality analysis and sparse reconstruction. To effectively represent multiple-object behavior, low level visual features and causality features were adopted. The low level visual features, which included trajectory shape descriptor, speeded up robust features and histograms of optical flow, were used to describe properties of individual behavior, and causality features obtained by causality analysis were introduced to depict the interaction information among a set of objects. In order to cope with feature noisy and uncertainty, a method for multiple-object anomaly detection was presented via a sparse reconstruction. The abnormality of the testing sample was decided by the sparse reconstruction cost from an atomically learned dictionary. Experiment results show the effectiveness of the proposed method in comparison with other state-of-the-art methods on the public databases for abnormal behavior detection.展开更多
为了能在攻击目标受损之前检测到攻击事件,提出了面向网络行为因果关联的攻击检测方法.该方法基于SNMP管理信息库数据,根据攻击目标的异常行为,首先利用Granger因果关联检验(GCT)从检测变量中挖掘出与异常变量存在整体行为关联的基本攻...为了能在攻击目标受损之前检测到攻击事件,提出了面向网络行为因果关联的攻击检测方法.该方法基于SNMP管理信息库数据,根据攻击目标的异常行为,首先利用Granger因果关联检验(GCT)从检测变量中挖掘出与异常变量存在整体行为关联的基本攻击变量,然后针对异常行为特征再次利用GCT从基本攻击变量中挖掘出与异常变量存在局部行为关联的攻击变量,最后根据攻击变量和异常变量之间的因果关系,构建面向攻击方检测的攻击关联规则.在Trin00 UDP Flood检测实验中,所提方法成功挖掘出攻击变量udp Out Datagram,取得了满意的检测效果.实验结果表明,该方法能够在攻击方检测到攻击事件,为及时阻止攻击过程向攻击目标进一步扩散提供预警.展开更多
基金Project(50808025) supported by the National Natural Science Foundation of ChinaProject(20090162110057) supported by the Doctoral Fund of Ministry of Education,China
文摘A new approach for abnormal behavior detection was proposed using causality analysis and sparse reconstruction. To effectively represent multiple-object behavior, low level visual features and causality features were adopted. The low level visual features, which included trajectory shape descriptor, speeded up robust features and histograms of optical flow, were used to describe properties of individual behavior, and causality features obtained by causality analysis were introduced to depict the interaction information among a set of objects. In order to cope with feature noisy and uncertainty, a method for multiple-object anomaly detection was presented via a sparse reconstruction. The abnormality of the testing sample was decided by the sparse reconstruction cost from an atomically learned dictionary. Experiment results show the effectiveness of the proposed method in comparison with other state-of-the-art methods on the public databases for abnormal behavior detection.
基金ACKNOWLEDGEMENTS We especially thank the National Science Foundation of China (70771009, 71071017) and the Fundamental Research Funds for the Central Universities (FRF-BR-09-019) for supporting this research.
文摘为了能在攻击目标受损之前检测到攻击事件,提出了面向网络行为因果关联的攻击检测方法.该方法基于SNMP管理信息库数据,根据攻击目标的异常行为,首先利用Granger因果关联检验(GCT)从检测变量中挖掘出与异常变量存在整体行为关联的基本攻击变量,然后针对异常行为特征再次利用GCT从基本攻击变量中挖掘出与异常变量存在局部行为关联的攻击变量,最后根据攻击变量和异常变量之间的因果关系,构建面向攻击方检测的攻击关联规则.在Trin00 UDP Flood检测实验中,所提方法成功挖掘出攻击变量udp Out Datagram,取得了满意的检测效果.实验结果表明,该方法能够在攻击方检测到攻击事件,为及时阻止攻击过程向攻击目标进一步扩散提供预警.