Malware attacks on Windows machines pose significant cybersecurity threats,necessitating effective detection and prevention mechanisms.Supervised machine learning classifiers have emerged as promising tools for malwar...Malware attacks on Windows machines pose significant cybersecurity threats,necessitating effective detection and prevention mechanisms.Supervised machine learning classifiers have emerged as promising tools for malware detection.However,there remains a need for comprehensive studies that compare the performance of different classifiers specifically for Windows malware detection.Addressing this gap can provide valuable insights for enhancing cybersecurity strategies.While numerous studies have explored malware detection using machine learning techniques,there is a lack of systematic comparison of supervised classifiers for Windows malware detection.Understanding the relative effectiveness of these classifiers can inform the selection of optimal detection methods and improve overall security measures.This study aims to bridge the research gap by conducting a comparative analysis of supervised machine learning classifiers for detecting malware on Windows systems.The objectives include Investigating the performance of various classifiers,such as Gaussian Naïve Bayes,K Nearest Neighbors(KNN),Stochastic Gradient Descent Classifier(SGDC),and Decision Tree,in detecting Windows malware.Evaluating the accuracy,efficiency,and suitability of each classifier for real-world malware detection scenarios.Identifying the strengths and limitations of different classifiers to provide insights for cybersecurity practitioners and researchers.Offering recommendations for selecting the most effective classifier for Windows malware detection based on empirical evidence.The study employs a structured methodology consisting of several phases:exploratory data analysis,data preprocessing,model training,and evaluation.Exploratory data analysis involves understanding the dataset’s characteristics and identifying preprocessing requirements.Data preprocessing includes cleaning,feature encoding,dimensionality reduction,and optimization to prepare the data for training.Model training utilizes various supervised classifiers,and their performance is evaluated using metrics such as accuracy,precision,recall,and F1 score.The study’s outcomes comprise a comparative analysis of supervised machine learning classifiers for Windows malware detection.Results reveal the effectiveness and efficiency of each classifier in detecting different types of malware.Additionally,insights into their strengths and limitations provide practical guidance for enhancing cybersecurity defenses.Overall,this research contributes to advancing malware detection techniques and bolstering the security posture of Windows systems against evolving cyber threats.展开更多
Principal component analysis(PCA)has been already employed for fault detection of air conditioning systems.The sliding window,which is composed of some parameters satisfying with thermal load balance,can select the ta...Principal component analysis(PCA)has been already employed for fault detection of air conditioning systems.The sliding window,which is composed of some parameters satisfying with thermal load balance,can select the target historical fault-free reference data as the template which is similar to the current snapshot data.The size of sliding window is usually given according to empirical values,while the influence of different sizes of sliding windows on fault detection of an air conditioning system is not further studied.The air conditioning system is a dynamic response process,and the operating parameters change with the change of the load,while the response of the controller is delayed.In a variable air volume(VAV)air conditioning system controlled by the total air volume method,in order to ensure sufficient response time,30 data points are selected first,and then their multiples are selected.Three different sizes of sliding windows with 30,60 and 90 data points are applied to compare the fault detection effect in this paper.The results show that if the size of the sliding window is 60 data points,the average fault-free detection ratio is 80.17%in fault-free testing days,and the average fault detection ratio is 88.47%in faulty testing days.展开更多
In recent years, network traffic data have become larger and more complex, leading to higher possibilities of network intrusion. Traditional intrusion detection methods face difficulty in processing high-speed network...In recent years, network traffic data have become larger and more complex, leading to higher possibilities of network intrusion. Traditional intrusion detection methods face difficulty in processing high-speed network data and cannot detect currently unknown attacks. Therefore, this paper proposes a network attack detection method combining a flow calculation and deep learning. The method consists of two parts: a real-time detection algorithm based on flow calculations and frequent patterns and a classification algorithm based on the deep belief network and support vector machine(DBN-SVM). Sliding window(SW) stream data processing enables real-time detection, and the DBN-SVM algorithm can improve classification accuracy. Finally, to verify the proposed method, a system is implemented.Based on the CICIDS2017 open source data set, a series of comparative experiments are conducted. The method's real-time detection efficiency is higher than that of traditional machine learning algorithms. The attack classification accuracy is 0.7 percentage points higher than that of a DBN, which is 2 percentage points higher than that of the integrated algorithm boosting and bagging methods. Hence, it is suitable for the real-time detection of high-speed network intrusions.展开更多
Cloud detection and classification form a basis in weather analysis. Split window algorithm (SWA) is one of the simple and matured algorithms used to detect and classify water and ice clouds in the atmosphere using sa...Cloud detection and classification form a basis in weather analysis. Split window algorithm (SWA) is one of the simple and matured algorithms used to detect and classify water and ice clouds in the atmosphere using satellite data. The recent availability of Himawari-8 data has considerably strengthened the possibility of better cloud classification owing to its enhanced multi-band configuration as well as high temporal resolution. In SWA, cloud classification is attained by considering the spatial distributions of the brightness temperature (BT) and brightness temperature difference (BTD) of thermal infrared bands. In this study, we compare unsupervised classification results of SWA using the band pair of band 13 and 15 (SWA13-15, 10 and 12 μm bands), versus that of band 15 and 16 (SWA15-16, 12 and 13 μm bands) over the Japan area. Different threshold values of BT and BTD are chosen in winter and summer seasons to categorize cloud regions into nine different types. The accuracy of classification is verified by using the cloud-top height information derived from the data of Cloud-Aerosol Lidar and Infrared Pathfinder Satellite Observations (CALIPSO). For this purpose, six different paths of the space-borne lidar are selected in both summer and winter seasons, on the condition that the time span of overpass falls within the time ranges between 01:00 and 05:00 UTC, which corresponds to the local time around noon. The result of verification indicates that the classification based on SWA13-15 can detect more cloud types as compared with that based on SWA15-16 in both summer and winter seasons, though the latter combination is useful for delineating cumulonimbus underneath dense cirrus展开更多
On-site programming big data refers to the massive data generated in the process of software development with the characteristics of real-time,complexity and high-difficulty for processing.Therefore,data cleaning is e...On-site programming big data refers to the massive data generated in the process of software development with the characteristics of real-time,complexity and high-difficulty for processing.Therefore,data cleaning is essential for on-site programming big data.Duplicate data detection is an important step in data cleaning,which can save storage resources and enhance data consistency.Due to the insufficiency in traditional Sorted Neighborhood Method(SNM)and the difficulty of high-dimensional data detection,an optimized algorithm based on random forests with the dynamic and adaptive window size is proposed.The efficiency of the algorithm can be elevated by improving the method of the key-selection,reducing dimension of data set and using an adaptive variable size sliding window.Experimental results show that the improved SNM algorithm exhibits better performance and achieve higher accuracy.展开更多
A scheme for designing one-dimensional (1-D) convolution window of the circularly symmetric Gabor filter which is directly obtained from frequency domain is proposed. This scheme avoids the problem of choosing the sam...A scheme for designing one-dimensional (1-D) convolution window of the circularly symmetric Gabor filter which is directly obtained from frequency domain is proposed. This scheme avoids the problem of choosing the sampling frequency in the spatial domain, or the sampling frequency must be determined when the window data is obtained by means of sampling the Gabor function, the impulse response of the Gabor filter. In this scheme, the discrete Fourier transform of the Gabor function is obtained by discretizing its Fourier transform. The window data can be derived by minimizing the sums of the squares of the complex magnitudes of difference between its discrete Fourier transform and the Gabor function's discrete Fourier transform. Not only the full description of this scheme but also its application to fabric defect detection are given in this paper. Experimental results show that the 1-D convolution windows can be used to significantly reduce computational cost and greatly ensure the quality of the Gabor filters. So this scheme can be used in some real-time processing systems.展开更多
Due to the particularity of its location algorithm,there are some unique difficulties and features regarding the test of target motion states of multilateration(MLAT)system for airport surface surveillance.This paper ...Due to the particularity of its location algorithm,there are some unique difficulties and features regarding the test of target motion states of multilateration(MLAT)system for airport surface surveillance.This paper proposed a test method applicable for the airport surface surveillance MLAT system,which can effectively determine whether the target is static or moving at a certain speed.Via a normalized test statistic designed in the sliding data window,the proposed method not only eliminates the impact of geometry Dilution of precision(GDOP)effectively,but also transforms the test of different motion states into the test of different probability density functions.Meanwhile,by adjusting the size of the sliding window,it can fulfill different test performance requirements.The method was developed through strict theoretical extrapolation and performance analysis,and simulations results verified its correctness and effectiveness.展开更多
基金This researchwork is supported by Princess Nourah bint Abdulrahman University Researchers Supporting Project Number(PNURSP2024R411),Princess Nourah bint Abdulrahman University,Riyadh,Saudi Arabia.
文摘Malware attacks on Windows machines pose significant cybersecurity threats,necessitating effective detection and prevention mechanisms.Supervised machine learning classifiers have emerged as promising tools for malware detection.However,there remains a need for comprehensive studies that compare the performance of different classifiers specifically for Windows malware detection.Addressing this gap can provide valuable insights for enhancing cybersecurity strategies.While numerous studies have explored malware detection using machine learning techniques,there is a lack of systematic comparison of supervised classifiers for Windows malware detection.Understanding the relative effectiveness of these classifiers can inform the selection of optimal detection methods and improve overall security measures.This study aims to bridge the research gap by conducting a comparative analysis of supervised machine learning classifiers for detecting malware on Windows systems.The objectives include Investigating the performance of various classifiers,such as Gaussian Naïve Bayes,K Nearest Neighbors(KNN),Stochastic Gradient Descent Classifier(SGDC),and Decision Tree,in detecting Windows malware.Evaluating the accuracy,efficiency,and suitability of each classifier for real-world malware detection scenarios.Identifying the strengths and limitations of different classifiers to provide insights for cybersecurity practitioners and researchers.Offering recommendations for selecting the most effective classifier for Windows malware detection based on empirical evidence.The study employs a structured methodology consisting of several phases:exploratory data analysis,data preprocessing,model training,and evaluation.Exploratory data analysis involves understanding the dataset’s characteristics and identifying preprocessing requirements.Data preprocessing includes cleaning,feature encoding,dimensionality reduction,and optimization to prepare the data for training.Model training utilizes various supervised classifiers,and their performance is evaluated using metrics such as accuracy,precision,recall,and F1 score.The study’s outcomes comprise a comparative analysis of supervised machine learning classifiers for Windows malware detection.Results reveal the effectiveness and efficiency of each classifier in detecting different types of malware.Additionally,insights into their strengths and limitations provide practical guidance for enhancing cybersecurity defenses.Overall,this research contributes to advancing malware detection techniques and bolstering the security posture of Windows systems against evolving cyber threats.
基金Fundamental Research Funds for the Central Universities of Ministry of Education of China。
文摘Principal component analysis(PCA)has been already employed for fault detection of air conditioning systems.The sliding window,which is composed of some parameters satisfying with thermal load balance,can select the target historical fault-free reference data as the template which is similar to the current snapshot data.The size of sliding window is usually given according to empirical values,while the influence of different sizes of sliding windows on fault detection of an air conditioning system is not further studied.The air conditioning system is a dynamic response process,and the operating parameters change with the change of the load,while the response of the controller is delayed.In a variable air volume(VAV)air conditioning system controlled by the total air volume method,in order to ensure sufficient response time,30 data points are selected first,and then their multiples are selected.Three different sizes of sliding windows with 30,60 and 90 data points are applied to compare the fault detection effect in this paper.The results show that if the size of the sliding window is 60 data points,the average fault-free detection ratio is 80.17%in fault-free testing days,and the average fault detection ratio is 88.47%in faulty testing days.
基金supported by the National Key Research and Development Program of China(2017YFB1401300,2017YFB1401304)the National Natural Science Foundation of China(61702211,L1724007,61902203)+3 种基金Hubei Provincial Science and Technology Program of China(2017AKA191)the Self-Determined Research Funds of Central China Normal University(CCNU)from the Colleges’Basic Research(CCNU17QD0004,CCNU17GF0002)the Natural Science Foundation of Shandong Province(ZR2017QF015)the Key Research and Development Plan–Major Scientific and Technological Innovation Projects of Shandong Province(2019JZZY020101)。
文摘In recent years, network traffic data have become larger and more complex, leading to higher possibilities of network intrusion. Traditional intrusion detection methods face difficulty in processing high-speed network data and cannot detect currently unknown attacks. Therefore, this paper proposes a network attack detection method combining a flow calculation and deep learning. The method consists of two parts: a real-time detection algorithm based on flow calculations and frequent patterns and a classification algorithm based on the deep belief network and support vector machine(DBN-SVM). Sliding window(SW) stream data processing enables real-time detection, and the DBN-SVM algorithm can improve classification accuracy. Finally, to verify the proposed method, a system is implemented.Based on the CICIDS2017 open source data set, a series of comparative experiments are conducted. The method's real-time detection efficiency is higher than that of traditional machine learning algorithms. The attack classification accuracy is 0.7 percentage points higher than that of a DBN, which is 2 percentage points higher than that of the integrated algorithm boosting and bagging methods. Hence, it is suitable for the real-time detection of high-speed network intrusions.
文摘Cloud detection and classification form a basis in weather analysis. Split window algorithm (SWA) is one of the simple and matured algorithms used to detect and classify water and ice clouds in the atmosphere using satellite data. The recent availability of Himawari-8 data has considerably strengthened the possibility of better cloud classification owing to its enhanced multi-band configuration as well as high temporal resolution. In SWA, cloud classification is attained by considering the spatial distributions of the brightness temperature (BT) and brightness temperature difference (BTD) of thermal infrared bands. In this study, we compare unsupervised classification results of SWA using the band pair of band 13 and 15 (SWA13-15, 10 and 12 μm bands), versus that of band 15 and 16 (SWA15-16, 12 and 13 μm bands) over the Japan area. Different threshold values of BT and BTD are chosen in winter and summer seasons to categorize cloud regions into nine different types. The accuracy of classification is verified by using the cloud-top height information derived from the data of Cloud-Aerosol Lidar and Infrared Pathfinder Satellite Observations (CALIPSO). For this purpose, six different paths of the space-borne lidar are selected in both summer and winter seasons, on the condition that the time span of overpass falls within the time ranges between 01:00 and 05:00 UTC, which corresponds to the local time around noon. The result of verification indicates that the classification based on SWA13-15 can detect more cloud types as compared with that based on SWA15-16 in both summer and winter seasons, though the latter combination is useful for delineating cumulonimbus underneath dense cirrus
基金supported by the National Key R&D Program of China(Nos.2018YFB1003905)the National Natural Science Foundation of China under Grant No.61971032,Fundamental Research Funds for the Central Universities(No.FRF-TP-18-008A3).
文摘On-site programming big data refers to the massive data generated in the process of software development with the characteristics of real-time,complexity and high-difficulty for processing.Therefore,data cleaning is essential for on-site programming big data.Duplicate data detection is an important step in data cleaning,which can save storage resources and enhance data consistency.Due to the insufficiency in traditional Sorted Neighborhood Method(SNM)and the difficulty of high-dimensional data detection,an optimized algorithm based on random forests with the dynamic and adaptive window size is proposed.The efficiency of the algorithm can be elevated by improving the method of the key-selection,reducing dimension of data set and using an adaptive variable size sliding window.Experimental results show that the improved SNM algorithm exhibits better performance and achieve higher accuracy.
基金Scientific and Technological Development Project of Beijing Municipal Education Commission (No KM200510012002)
文摘A scheme for designing one-dimensional (1-D) convolution window of the circularly symmetric Gabor filter which is directly obtained from frequency domain is proposed. This scheme avoids the problem of choosing the sampling frequency in the spatial domain, or the sampling frequency must be determined when the window data is obtained by means of sampling the Gabor function, the impulse response of the Gabor filter. In this scheme, the discrete Fourier transform of the Gabor function is obtained by discretizing its Fourier transform. The window data can be derived by minimizing the sums of the squares of the complex magnitudes of difference between its discrete Fourier transform and the Gabor function's discrete Fourier transform. Not only the full description of this scheme but also its application to fabric defect detection are given in this paper. Experimental results show that the 1-D convolution windows can be used to significantly reduce computational cost and greatly ensure the quality of the Gabor filters. So this scheme can be used in some real-time processing systems.
基金supported by the National Science and Technology Pillar Program of China (No.2011BAH24B06)the National Nature Science Foundation of China+1 种基金Chinese Civil Aviation Jointly Funded Foundation Project (No.U1433129)the Sichuan Provincial Department of Education Foundation(No.13ZB0287)
文摘Due to the particularity of its location algorithm,there are some unique difficulties and features regarding the test of target motion states of multilateration(MLAT)system for airport surface surveillance.This paper proposed a test method applicable for the airport surface surveillance MLAT system,which can effectively determine whether the target is static or moving at a certain speed.Via a normalized test statistic designed in the sliding data window,the proposed method not only eliminates the impact of geometry Dilution of precision(GDOP)effectively,but also transforms the test of different motion states into the test of different probability density functions.Meanwhile,by adjusting the size of the sliding window,it can fulfill different test performance requirements.The method was developed through strict theoretical extrapolation and performance analysis,and simulations results verified its correctness and effectiveness.
