A Digital Evidence Fusion Method in Network Forensics Systems with Dempster-Shafer Theory

Network intrusion forensics is an important extension to present security infrastructure,and is becoming the focus of forensics research field.However,comparison with sophisticated multi-stage attacks and volume of sensor data,current practices in network forensic analysis are to manually examine,an error prone,labor-intensive and time consuming process.To solve these problems,in this paper we propose a digital evidence fusion method for network forensics with Dempster-Shafer theory that can detect efficiently computer crime in networked environments,and fuse digital evidence from different sources such as hosts and sub-networks automatically.In the end,we evaluate the method on well-known KDD Cup1999 dataset.The results prove our method is very effective for real-time network forensics,and can provide comprehensible messages for a forensic investigators.

Fault diagnosis method of hydraulic system based on fusion of neural network and D-S evidence theory

According to fault type diversity and fault information uncertainty problem of the hydraulic driven rocket launcher servo system（HDRLSS） , the fault diagnosis method based on the evidence theory and neural network ensemble is proposed. In order to overcome the shortcomings of the single neural network, two improved neural network models are set up at the com-mon nodes to simplify the network structure. The initial fault diagnosis is based on the iron spectrum data and the pressure, flow and temperature（PFT） characteristic parameters as the input vectors of the two improved neural network models, and the diagnosis result is taken as the basic probability distribution of the evidence theory. Then the objectivity of assignment is real-ized. The initial diagnosis results of two improved neural networks are fused by D-S evidence theory. The experimental results show that this method can avoid the misdiagnosis of neural network recognition and improve the accuracy of the fault diagnosis of HDRLSS.

A Transductive Scheme Based Inference Techniques for Network Forensic Analysis

Network forensics is a security infrastructure,and becomes the research focus of forensic investigation.However many challenges still exist in conducting network forensics:network has produced large amounts of data;the comprehensibility of evidence extracting from collected data;the efficiency of evidence analysis methods,etc.To solve these problems,in this paper we develop a network intrusion forensics system based on transductive scheme that can detect and analyze efficiently computer crime in networked environments,and extract digital evidence automatically.At the end of the paper,we evaluate our method on a series of experiments on KDD Cup 1999 dataset.The results demonstrate that our methods are actually effective for real-time network forensics,and can provide comprehensible aid for a forensic expert.

Full Diversity Reception Based on Dempster-Shafer Theory for Network Coding with Multiple-Antennas Relay

In this paper,a two-way relay system which achieves bi-directional communication via a multiple-antenna relay in two time slots is studied.In the multiple access(MA) phase,the novel receive schemes based on Dempster-Shafer(D-S) evidence theory are proposed at the relay node.Instead of traditional linear detection,the first proposed MIMO-DS NC scheme adopts D-S evidence theory to detect the signals of each source node before mapping them into network-coded signal.Moreover,different from traditional physical-layer network coding(PNC) based on virtual MIMO model,the further proposed MIMO-DS PNC comes from the vector space perspective and combines PNC mapping with D-S theory to obtain network-coded signal without estimating each source node signal.D-S theory can appropriately characterize uncertainty and make full use of multiple evidence source information by Dempster's combination rule to obtain reliable decisions.In the broadcast(BC) phase,the space-time coding(STC) and antenna selection(AS) schemes are adopted to achieve transmit diversity.Simulation results reveal that the STC and AS schemes both achieve full transmit diversity in the BC phase and the proposed MIMO-DS NC/PNC schemes obtain better end-to-end BER performance and throughputs compared with traditional schemes with a little complexity increasing and no matter which scheme is adopted in the BC phase,MIMO-DS PNC always achieves full end-to-end diversity gain as MIMO-ML NC but with a lower complexity and its throughput approaches the throughput of MIMO-ML NC in high SNR regime.

Handling epistemic uncertainties in PRA using evidential networks

In order to overcome the limitations of traditional methods in uncertainty analysis, a modified Bayesian network(BN), which is called evidence network(EN), was proposed with evidence theory to handle epistemic uncertainty in probabilistic risk assessment(PRA). Fault trees(FTs) and event trees(ETs) were transformed into an EN which is used as a uniform framework to represent accident scenarios. Epistemic uncertainties of basic events in PRA were presented in evidence theory form and propagated through the network. A case study of a highway tunnel risk analysis was discussed to demonstrate the proposed approach. Frequencies of end states are obtained and expressed by belief and plausibility measures. The proposed approach addresses the uncertainties in experts' knowledge and can be easily applied to uncertainty analysis of FTs/ETs that have dependent events.

INTELLIGENT FUSION FOR AEROENGINE WEAR FAULT DIAGNOSIS

Four common oil analysis techniques, including the ferrography analysis （FA）, the spectrometric oil analysis （SOA）, the particle count analysis （PCA）, and the oil quality testing （OQT）, are used to implement the military aeroengine wear fault diagnosis during the test drive process. To improve the precision and the reliability of the diagnosis, the aeroengine wear fault fusion diagnosis method based on the neural networks （NN） and the Dempster-Shafter （D-S） evidence theory is proposed. Firstly, according to the standard value of the wear limit, original data are pre-processed into Boolean values. Secondly, sub-NNs are established to perform the single diagnosis, and their training samples are dependent on experiences from experts. After each sub-NN is trained, diagnosis results are obtained. Thirdly, the diagnosis results of each sub-NN are considered as the basic probability allocation value to faults. The improved D-S evidence theory is applied to the fusion diagnosis, and the final fusion results are obtained. Finally, the method is verified by a diagnosis example.