随着IT及互联网技术不断的演进,安全威胁也在不断的发生演变,新的威胁APT攻击、0day攻击、水坑攻击等正在不断涌现,单纯依靠传统的基于特征库的静态检测防御技术已无法完全确保业务系统的安全性,通过研究一种基于业务系统网络流量学习...随着IT及互联网技术不断的演进,安全威胁也在不断的发生演变,新的威胁APT攻击、0day攻击、水坑攻击等正在不断涌现,单纯依靠传统的基于特征库的静态检测防御技术已无法完全确保业务系统的安全性,通过研究一种基于业务系统网络流量学习的智能安全流量建模技术和系统,可较快的建立符合业务系统自身特点的"Secure By Default"安全模型,完善对新安全威胁的检测和防护能力。展开更多
To address the issue of finegrained classification of Internet multimedia traffic from a Quality of Service(QoS) perspective with a suitable granularity, this paper defines a new set of QoS classes and presents a modi...To address the issue of finegrained classification of Internet multimedia traffic from a Quality of Service(QoS) perspective with a suitable granularity, this paper defines a new set of QoS classes and presents a modified K-Singular Value Decomposition(K-SVD) method for multimedia identification. After analyzing several instances of typical Internet multimedia traffic captured in a campus network, this paper defines a new set of QoS classes according to the difference in downstream/upstream rates and proposes a modified K-SVD method that can automatically search for underlying structural patterns in the QoS characteristic space. We define bagQoS-words as the set of specific QoS local patterns, which can be expressed by core QoS characteristics. After the dictionary is constructed with an excess quantity of bag-QoSwords, Locality Constrained Feature Coding(LCFC) features of QoS classes are extracted. By associating a set of characteristics with a percentage of error, an objective function is formulated. In accordance with the modified K-SVD, Internet multimedia traffic can be classified into a corresponding QoS class with a linear Support Vector Machines(SVM) clas-sifier. Our experimental results demonstrate the feasibility of the proposed classification method.展开更多
In order to improve the accuracy and stability of terminal traffic flow prediction in convective weather,a multi-input deep learning(MICL)model is proposed.On the basis of previous studies,this paper expands the set o...In order to improve the accuracy and stability of terminal traffic flow prediction in convective weather,a multi-input deep learning(MICL)model is proposed.On the basis of previous studies,this paper expands the set of weather characteristics affecting the traffic flow in the terminal area,including weather forecast data and Meteorological Report of Aerodrome Conditions(METAR)data.The terminal airspace is divided into smaller areas based on function and the weather severity index(WSI)characteristics extracted from weather forecast data are established to better quantify the impact of weather.MICL model preserves the advantages of the convolution neural network(CNN)and the long short-term memory(LSTM)model,and adopts two channels to input WSI and METAR information,respectively,which can fully reflect the temporal and spatial distribution characteristics of weather in the terminal area.Multi-scene experiments are designed based on the real historical data of Guangzhou Terminal Area operating in typical convective weather.The results show that the MICL model has excellent performance in mean squared error(MSE),root MSE(RMSE),mean absolute error(MAE)and other performance indicators compared with the existing machine learning models or deep learning models,such as Knearest neighbor(KNN),support vector regression(SVR),CNN and LSTM.In the forecast period ranging from 30 min to 6 h,the MICL model has the best prediction accuracy and stability.展开更多
Interact traffic classification is vital to the areas of network operation and management. Traditional classification methods such as port mapping and payload analysis are becoming increasingly difficult as newly emer...Interact traffic classification is vital to the areas of network operation and management. Traditional classification methods such as port mapping and payload analysis are becoming increasingly difficult as newly emerged applications (e. g. Peer-to-Peer) using dynamic port numbers, masquerading techniques and encryption to avoid detection. This paper presents a machine learning (ML) based traffic classifica- tion scheme, which offers solutions to a variety of network activities and provides a platform of performance evaluation for the classifiers. The impact of dataset size, feature selection, number of application types and ML algorithm selection on classification performance is analyzed and demonstrated by the following experiments: (1) The genetic algorithm based feature selection can dramatically reduce the cost without diminishing classification accuracy. (2) The chosen ML algorithms can achieve high classification accuracy. Particularly, REPTree and C4.5 outperform the other ML algorithms when computational complexity and accuracy are both taken into account. (3) Larger dataset and fewer application types would result in better classification accuracy. Finally, early detection with only several initial packets is proposed for real-time network activity and it is proved to be feasible according to the preliminary results.展开更多
Accurate and real-time classification of network traffic is significant to network operation and management such as QoS differentiation, traffic shaping and security surveillance. However, with many newly emerged P2P ...Accurate and real-time classification of network traffic is significant to network operation and management such as QoS differentiation, traffic shaping and security surveillance. However, with many newly emerged P2P applications using dynamic port numbers, masquerading techniques, and payload encryption to avoid detection, traditional classification approaches turn to be ineffective. In this paper, we present a layered hybrid system to classify current Internet traffic, motivated by variety of network activities and their requirements of traffic classification. The proposed method could achieve fast and accurate traffic classification with low overheads and robustness to accommodate both known and unknown/encrypted applications. Furthermore, it is feasible to be used in the context of real-time traffic classification. Our experimental results show the distinct advantages of the proposed classifi- cation system, compared with the one-step Machine Learning (ML) approach.展开更多
A SLon full-scale continuous centrifugal concentrator was used to reconcentrate hematite from a high gradient magnetic separation concentrate to study the effect of impact angle, concentrate mass and drum rotation spe...A SLon full-scale continuous centrifugal concentrator was used to reconcentrate hematite from a high gradient magnetic separation concentrate to study the effect of impact angle, concentrate mass and drum rotation speed on the impact energy of turbulent water sprays for continuous centrifugal concentration, under conditions of feed volume flow rate around 9 m3/h, feed solid concentration of 25%-35% and reciprocating velocity of water sprays at 0.05 m/s. The results indicate that a minimal critical impact energy is required in the water sprays for achieving continuous concentration of the concentrator; an unfitted impact angle reduces the impact efficiency, and the highest impact efficiency of 0.6416 is found at the mpact angle of 60°; the increase in concentrate mass leads to an increase in impact energy, and the highest impact efficiency is maintained when the concentrate mass varies in the range of 0.44-0.59 kg/s; when the concentrate mass and the pressure of water sprays are kept at around 0.45 kg/s and in the range of 0.4-0.6 MPa respectively, the impact energy increases proportionally with the increase of drum rotation speed.展开更多
The deflection angle of a river bend plays an important role on behaviours of the flow within it, and a clear understanding of the angle's influence is significant in both theoretical study and engineering applica...The deflection angle of a river bend plays an important role on behaviours of the flow within it, and a clear understanding of the angle's influence is significant in both theoretical study and engineering application. This paper presents a systematic numerical investigation on effects of deflection angles(30°, 60°, 90°, 120°, 150°, and 180°) on flow phenomena and their evolution in open-channel bends using a Re-Normalization Group(RNG) κ-ε model and a volume of fluid(VOF) method. The numerical results indicate that the deflection angle is a key factor for flows in bends. It is shown that the maximum transverse slope of water surface occurs at the middle cross section of a bend, and it increases with the deflection angle. Besides a major vortex, or, the primary circulation cell near the channel bottom, a secondary vortex, or, an outer bank cell, may also appear above the former and near the outer bank when the deflection angle is sufficiently large, and it will gradually migrate towards the inner bank and evolve into an inner bank cell. The strength of the secondary circulations increases with the deflection angle. The simulation demonstrates that there is alow-stress zone on the bed near the outer bank and a high-stress zone on the bed near the inner bank, and both of them increase in size with the deflection angle. The maximum of shear stress on the inner bank increases nonlinearly with the angle, and its maximums on the outer bank and on the bed take place when the deflection angle becomes 120°.展开更多
Accurately identifying network traffics at the early stage is very important for the application of traffic identification.Recent years,more and more research works have tried to build effective machine learning model...Accurately identifying network traffics at the early stage is very important for the application of traffic identification.Recent years,more and more research works have tried to build effective machine learning models to identify traffics with the few packets at the early stage.However,a basic and important problem is still unresolved,that is how many packets are most effective in early stage traffic identification.In this paper,we try to resolve this problem using experimental methods.We firstly extract the packet size of the first 2-10 packets of 3 traffic data sets.And then execute crossover identification experiments with different numbers of packets using 11 well-known machine learning classifiers.Finally,statistical tests are applied to find out which number is the best performed one.Our experimental results show that 5-7are the best packet numbers for early stage traffic identification.展开更多
The research intends to solve the problem of the occupation of bandwidth of local network by abnormal traffic which affects normal user's network behaviors.Firstly,a new algorithm in this paper named danger-theory...The research intends to solve the problem of the occupation of bandwidth of local network by abnormal traffic which affects normal user's network behaviors.Firstly,a new algorithm in this paper named danger-theory-based abnormal traffic detection was presented.Then an advanced ID3 algorithm was presented to classify the abnormal traffic.Finally a new model of anomaly traffic detection was built upon the two algorithms above and the detection results were integrated with firewall.The firewall limits the bandwidth based on different types of abnormal traffic.Experiments show the outstanding performance of the proposed approach in real-time property,high detection rate,and unsupervised learning.展开更多
In this paper, we present Real-Time Flow Filter (RTFF) -a system that adopts a middle ground between coarse-grained volume anomaly detection and deep packet inspection. RTFF was designed with the goal of scaling to hi...In this paper, we present Real-Time Flow Filter (RTFF) -a system that adopts a middle ground between coarse-grained volume anomaly detection and deep packet inspection. RTFF was designed with the goal of scaling to high volume data feeds that are common in large Tier-1 ISP networks and providing rich, timely information on observed attacks. It is a software solution that is designed to run on off-the-shelf hardware platforms and incorporates a scalable data processing architecture along with lightweight analysis algorithms that make it suitable for deployment in large networks. RTFF also makes use of state of the art machine learning algorithms to construct attack models that can be used to detect as well as predict attacks.展开更多
We introduce and study a geometric heat flow to find Killing vector fields on closed Riemannian manifolds with positive sectional curvature. We study its various properties, prove the global existence of the solution ...We introduce and study a geometric heat flow to find Killing vector fields on closed Riemannian manifolds with positive sectional curvature. We study its various properties, prove the global existence of the solution to this flow, discuss its convergence and possible applications, and its relation to the Navier-Stokes equations on manifolds and Kazdan-Warner-Bourguignon-Ezin identity for conformal Killing vector fields. We also provide two new criterions on the existence of Killing vector fields. A similar flow to finding holomorphic vector fields on K¨ahler manifolds will be studied by Li and Liu(2014).展开更多
文摘随着IT及互联网技术不断的演进,安全威胁也在不断的发生演变,新的威胁APT攻击、0day攻击、水坑攻击等正在不断涌现,单纯依靠传统的基于特征库的静态检测防御技术已无法完全确保业务系统的安全性,通过研究一种基于业务系统网络流量学习的智能安全流量建模技术和系统,可较快的建立符合业务系统自身特点的"Secure By Default"安全模型,完善对新安全威胁的检测和防护能力。
基金supported in part by the National Natural Science Foundation of China (NO. 61401004, 61271233, 60972038)Plan of introduction and cultivation of university leading talents in Anhui (No.gxfxZ D2016013)+3 种基金the Natural Science Foundation of the Higher Education Institutions of Anhui Province, China (No. KJ2010B357)Startup Project of Anhui Normal University Doctor Scientific Research (No.2016XJJ129)the US National Science Foundation under grants CNS1702957 and ACI-1642133the Wireless Engineering Research and Education Center at Auburn University
文摘To address the issue of finegrained classification of Internet multimedia traffic from a Quality of Service(QoS) perspective with a suitable granularity, this paper defines a new set of QoS classes and presents a modified K-Singular Value Decomposition(K-SVD) method for multimedia identification. After analyzing several instances of typical Internet multimedia traffic captured in a campus network, this paper defines a new set of QoS classes according to the difference in downstream/upstream rates and proposes a modified K-SVD method that can automatically search for underlying structural patterns in the QoS characteristic space. We define bagQoS-words as the set of specific QoS local patterns, which can be expressed by core QoS characteristics. After the dictionary is constructed with an excess quantity of bag-QoSwords, Locality Constrained Feature Coding(LCFC) features of QoS classes are extracted. By associating a set of characteristics with a percentage of error, an objective function is formulated. In accordance with the modified K-SVD, Internet multimedia traffic can be classified into a corresponding QoS class with a linear Support Vector Machines(SVM) clas-sifier. Our experimental results demonstrate the feasibility of the proposed classification method.
基金supported by the Civil Aviation Safety Capacity Building Project.
文摘In order to improve the accuracy and stability of terminal traffic flow prediction in convective weather,a multi-input deep learning(MICL)model is proposed.On the basis of previous studies,this paper expands the set of weather characteristics affecting the traffic flow in the terminal area,including weather forecast data and Meteorological Report of Aerodrome Conditions(METAR)data.The terminal airspace is divided into smaller areas based on function and the weather severity index(WSI)characteristics extracted from weather forecast data are established to better quantify the impact of weather.MICL model preserves the advantages of the convolution neural network(CNN)and the long short-term memory(LSTM)model,and adopts two channels to input WSI and METAR information,respectively,which can fully reflect the temporal and spatial distribution characteristics of weather in the terminal area.Multi-scene experiments are designed based on the real historical data of Guangzhou Terminal Area operating in typical convective weather.The results show that the MICL model has excellent performance in mean squared error(MSE),root MSE(RMSE),mean absolute error(MAE)and other performance indicators compared with the existing machine learning models or deep learning models,such as Knearest neighbor(KNN),support vector regression(SVR),CNN and LSTM.In the forecast period ranging from 30 min to 6 h,the MICL model has the best prediction accuracy and stability.
基金Supported by the National High Technology Research and Development Programme of China (No. 2005AA121620, 2006AA01Z232)the Zhejiang Provincial Natural Science Foundation of China (No. Y1080935 )the Research Innovation Program for Graduate Students in Jiangsu Province (No. CX07B_ 110zF)
文摘Interact traffic classification is vital to the areas of network operation and management. Traditional classification methods such as port mapping and payload analysis are becoming increasingly difficult as newly emerged applications (e. g. Peer-to-Peer) using dynamic port numbers, masquerading techniques and encryption to avoid detection. This paper presents a machine learning (ML) based traffic classifica- tion scheme, which offers solutions to a variety of network activities and provides a platform of performance evaluation for the classifiers. The impact of dataset size, feature selection, number of application types and ML algorithm selection on classification performance is analyzed and demonstrated by the following experiments: (1) The genetic algorithm based feature selection can dramatically reduce the cost without diminishing classification accuracy. (2) The chosen ML algorithms can achieve high classification accuracy. Particularly, REPTree and C4.5 outperform the other ML algorithms when computational complexity and accuracy are both taken into account. (3) Larger dataset and fewer application types would result in better classification accuracy. Finally, early detection with only several initial packets is proposed for real-time network activity and it is proved to be feasible according to the preliminary results.
基金Supported in part by the National 863 Project of China (No.2006AA01Z232)Zhejiang Natural Science Founda-tion (No.Y1080935)Research Innovation Program Project for Graduate Students in Jiangsu Province ( No.CX07B_110zF)
文摘Accurate and real-time classification of network traffic is significant to network operation and management such as QoS differentiation, traffic shaping and security surveillance. However, with many newly emerged P2P applications using dynamic port numbers, masquerading techniques, and payload encryption to avoid detection, traditional classification approaches turn to be ineffective. In this paper, we present a layered hybrid system to classify current Internet traffic, motivated by variety of network activities and their requirements of traffic classification. The proposed method could achieve fast and accurate traffic classification with low overheads and robustness to accommodate both known and unknown/encrypted applications. Furthermore, it is feasible to be used in the context of real-time traffic classification. Our experimental results show the distinct advantages of the proposed classifi- cation system, compared with the one-step Machine Learning (ML) approach.
基金Sponsored by the National Natural Science Foundation of China (Grant No. 50638020)
文摘A SLon full-scale continuous centrifugal concentrator was used to reconcentrate hematite from a high gradient magnetic separation concentrate to study the effect of impact angle, concentrate mass and drum rotation speed on the impact energy of turbulent water sprays for continuous centrifugal concentration, under conditions of feed volume flow rate around 9 m3/h, feed solid concentration of 25%-35% and reciprocating velocity of water sprays at 0.05 m/s. The results indicate that a minimal critical impact energy is required in the water sprays for achieving continuous concentration of the concentrator; an unfitted impact angle reduces the impact efficiency, and the highest impact efficiency of 0.6416 is found at the mpact angle of 60°; the increase in concentrate mass leads to an increase in impact energy, and the highest impact efficiency is maintained when the concentrate mass varies in the range of 0.44-0.59 kg/s; when the concentrate mass and the pressure of water sprays are kept at around 0.45 kg/s and in the range of 0.4-0.6 MPa respectively, the impact energy increases proportionally with the increase of drum rotation speed.
基金supported by the National Natural Science Foundation of China(Grant No:51579162,51879174 and 51379137)the Open Funds of the State Key Laboratory of Hydraulics and Mountain River Engineering,Sichuan University(SKHL1301,SKHL1509)
文摘The deflection angle of a river bend plays an important role on behaviours of the flow within it, and a clear understanding of the angle's influence is significant in both theoretical study and engineering application. This paper presents a systematic numerical investigation on effects of deflection angles(30°, 60°, 90°, 120°, 150°, and 180°) on flow phenomena and their evolution in open-channel bends using a Re-Normalization Group(RNG) κ-ε model and a volume of fluid(VOF) method. The numerical results indicate that the deflection angle is a key factor for flows in bends. It is shown that the maximum transverse slope of water surface occurs at the middle cross section of a bend, and it increases with the deflection angle. Besides a major vortex, or, the primary circulation cell near the channel bottom, a secondary vortex, or, an outer bank cell, may also appear above the former and near the outer bank when the deflection angle is sufficiently large, and it will gradually migrate towards the inner bank and evolve into an inner bank cell. The strength of the secondary circulations increases with the deflection angle. The simulation demonstrates that there is alow-stress zone on the bed near the outer bank and a high-stress zone on the bed near the inner bank, and both of them increase in size with the deflection angle. The maximum of shear stress on the inner bank increases nonlinearly with the angle, and its maximums on the outer bank and on the bed take place when the deflection angle becomes 120°.
基金This research was partially supported by National Natural Science Foundation of China under grant No.61472164,No.61402475,No.61173078,No.61203105,No.61173079,No.61070130,and No.60903176,the Provincial Natural Science Foundation of Shandong under grant No.ZR2012FM010,No.ZR2011FZ001,No.ZR2010FM047,No.ZR2010FQ028 and No.ZR2012FQ016
文摘Accurately identifying network traffics at the early stage is very important for the application of traffic identification.Recent years,more and more research works have tried to build effective machine learning models to identify traffics with the few packets at the early stage.However,a basic and important problem is still unresolved,that is how many packets are most effective in early stage traffic identification.In this paper,we try to resolve this problem using experimental methods.We firstly extract the packet size of the first 2-10 packets of 3 traffic data sets.And then execute crossover identification experiments with different numbers of packets using 11 well-known machine learning classifiers.Finally,statistical tests are applied to find out which number is the best performed one.Our experimental results show that 5-7are the best packet numbers for early stage traffic identification.
基金Shanghai Education Commission Foundation for Excellent Young High Education Teachers,China(No.xqz05001No.YYY-07008)
文摘The research intends to solve the problem of the occupation of bandwidth of local network by abnormal traffic which affects normal user's network behaviors.Firstly,a new algorithm in this paper named danger-theory-based abnormal traffic detection was presented.Then an advanced ID3 algorithm was presented to classify the abnormal traffic.Finally a new model of anomaly traffic detection was built upon the two algorithms above and the detection results were integrated with firewall.The firewall limits the bandwidth based on different types of abnormal traffic.Experiments show the outstanding performance of the proposed approach in real-time property,high detection rate,and unsupervised learning.
文摘In this paper, we present Real-Time Flow Filter (RTFF) -a system that adopts a middle ground between coarse-grained volume anomaly detection and deep packet inspection. RTFF was designed with the goal of scaling to high volume data feeds that are common in large Tier-1 ISP networks and providing rich, timely information on observed attacks. It is a software solution that is designed to run on off-the-shelf hardware platforms and incorporates a scalable data processing architecture along with lightweight analysis algorithms that make it suitable for deployment in large networks. RTFF also makes use of state of the art machine learning algorithms to construct attack models that can be used to detect as well as predict attacks.
基金supported by National Natural Science Foundation of China(Grant No.11401374)Shanghai YangFan Project(Grant No.14YF1401400)
文摘We introduce and study a geometric heat flow to find Killing vector fields on closed Riemannian manifolds with positive sectional curvature. We study its various properties, prove the global existence of the solution to this flow, discuss its convergence and possible applications, and its relation to the Navier-Stokes equations on manifolds and Kazdan-Warner-Bourguignon-Ezin identity for conformal Killing vector fields. We also provide two new criterions on the existence of Killing vector fields. A similar flow to finding holomorphic vector fields on K¨ahler manifolds will be studied by Li and Liu(2014).
