A novel method for detecting anomalous program behavior is presented, which is applicable to hostbased intrusion detection systems that monitor system call activities. The method constructs a homogeneous Markov chain ...A novel method for detecting anomalous program behavior is presented, which is applicable to hostbased intrusion detection systems that monitor system call activities. The method constructs a homogeneous Markov chain model to characterize the normal behavior of a privileged program, and associates the states of the Markov chain with the unique system calls in the training data. At the detection stage, the probabilities that the Markov chain model supports the system call sequences generated by the program are computed. A low probability indicates an anomalous sequence that may result from intrusive activities. Then a decision rule based on the number of anomalous sequences in a locality frame is adopted to classify the program's behavior. The method gives attention to both computational efficiency and detection accuracy, and is especially suitable for on-line detection. It has been applied to practical host-based intrusion detection systems.展开更多
With the capability of the virtual machine monitor, a novel approach for logging system activities is designed. In the design, the guest operating system runs on the virtual machine monitor as non-privileged mode. The...With the capability of the virtual machine monitor, a novel approach for logging system activities is designed. In the design, the guest operating system runs on the virtual machine monitor as non-privileged mode. The redirecting and monitoring modules are added into the virtual machine monitor. When a guest application is calling a system call, it is trapped and redirected from the least privileged level into the virtual machine monitor running in the most privileged level. After logging is finished. it returns to the guest operating system running in the more privileged level and starts the system call. Compared with the traditional methods for logging system activities, the novel method makes it more difficult to destroy or tamper the logs. The preliminary evaluation shows that the prototype is simple and efficient.展开更多
A new classification model for host intrusion detection based on the unidentified short sequences and RIPPER algorithm is proposed. The concepts of different short sequences on the system call traces are strictly defi...A new classification model for host intrusion detection based on the unidentified short sequences and RIPPER algorithm is proposed. The concepts of different short sequences on the system call traces are strictly defined on the basis of in-depth analysis of completeness and correctness of pattern databases. Labels of short sequences are predicted by learned RIPPER rule set and the nature of the unidentified short sequences is confirmed by statistical method. Experiment results indicate that the classification model increases clearly the deviation between the attack and the normal traces and improves detection capability against known and unknown attacks.展开更多
To detect more attacks aiming at key security data in program behavior-based anomaly detection,the data flow properties were formulated as unary and binary relations on system call arguments.A new method named two-phr...To detect more attacks aiming at key security data in program behavior-based anomaly detection,the data flow properties were formulated as unary and binary relations on system call arguments.A new method named two-phrase analysis(2PA)is designed to analyze the efficient relation dependency,and its description as well as advantages are discussed.During the phase of static analysis,a dependency graph was constructed according to the program's data dependency graph,which was used in the phase of dynamic learning to learn specified binary relations.The constructed dependency graph only stores the information of related arguments and events,thus improves the efficiency of the learning algorithm and reduces the size of learned relation dependencies.Performance evaluations show that the new method is more efficient than existing methods.展开更多
Introduction: The ring system is one of the devices that are necessary for patients in hospital. Patients can use it in emergencies and call nurses for help. Patients who have a tracheal tube cannot make the simplest ...Introduction: The ring system is one of the devices that are necessary for patients in hospital. Patients can use it in emergencies and call nurses for help. Patients who have a tracheal tube cannot make the simplest requests, and they do not have verbal communication due to tracheal tube or tracheostomy tube. According to surveys, patients’ survival is 55.5% in intensive care unit (ICU). They experience severe stressful conditions. This project is designed to solve communicational problems for ICU patients. We have developed and successfully tested a new moveable “nurse call system” for ICU patient. Material Methods: this is an interventional study. Regarding the main goal of this project, it seems that the best design for “nurse call system” is horizontal panels. The Panel of device contains a touchable board, which consists of symbols that allow patients to select them despite of their physical limitation. When patient touches any symbol, the message will be sent and heard by the nurse and the patient as well, so the patient will be sure that the massages is received properly. A notepad device will be used on which patients are able to write too. It is finger touch, and has virtual keywords in both Persian and English alphabets. The voice messages and other data will be transmitted to the computer in central nurse station by a wireless accesses point. In this study, we evaluated the viewpoint of nurses and patients who have used this device. Results: 40 questionnaires were distributed, but 30 cases were collected. Results showed that 26.7% (8 cases) were men, 73.3% (22 cases) women. 26.7% (23 cases) were nurses, 6.7% (2 cases) doctor, 6.7% (2 cases) nurse assistant. 33.3% (9 cases) were in the morning shift, 66.7% (21 cases) worked in other shifts. About patient 60% (6 cases) were men, 40% (4 cases) women and in 98% comments were completely compliant and device was full consent. Conclusion: The Nurse Call system caused patients’ satisfaction. In addition, this device resolved many problems of patients and made it possible to have active communication with them.展开更多
Acclimatizing itself to the development of network,Math Works Inc constructed a MATLAB Web Server environment by dint of which one can browse the calculation and plots of MATLAB through Internet directly.The installat...Acclimatizing itself to the development of network,Math Works Inc constructed a MATLAB Web Server environment by dint of which one can browse the calculation and plots of MATLAB through Internet directly.The installation and use of the environment is introduced.A code established on the platform of MATLAB,which deals with the modal analysis of magnetic bearing system(MBS) supporting rotors of five degrees of freedom and considering the coupling of thrust bearing with radical bearings is modified to work in the environment.The purpose is to realize a remote call of the code by users through Internet for the performance analysis of the system.Such an application is very important to the concurrent design of MBS and for the utilization of distributive knowledge acquisition resources in collaborative design.The work on modification and realization is described and the results are discussed.展开更多
Satellite and terrestrial components of IMT-Advanced need to be integrated so that the traditional strengths of each component can be fully exploited. LTE/LTE-A is now a recognized foundation of terrestrial 4G network...Satellite and terrestrial components of IMT-Advanced need to be integrated so that the traditional strengths of each component can be fully exploited. LTE/LTE-A is now a recognized foundation of terrestrial 4G networks, and mobile satellite networks should be based on it. Long transmission delay is one of the main disadvantages of satellite communication, especially in a GEO system, and terminal-to-terminal (TtT) design reduces this delay. In this paper, we propose a protocol architecture based on LTE/LTE-A for GEO mobile satellite communication. We propose a detailed call procedure and four TtT modes for this architecture. We describe the division of tasks between the satellite gateway (SAT-GW) and satellite as well as TtT processing in the physical layer of the satellite in order to reduce delay and ensure compatibility with a terrestrial LTE/LTE-A system.展开更多
基金the National Grand Fundamental Research "973" Program of China (2004CB318109)the High-Technology Research and Development Plan of China (863-307-7-5)the National Information Security 242 Program ofChina (2005C39).
文摘A novel method for detecting anomalous program behavior is presented, which is applicable to hostbased intrusion detection systems that monitor system call activities. The method constructs a homogeneous Markov chain model to characterize the normal behavior of a privileged program, and associates the states of the Markov chain with the unique system calls in the training data. At the detection stage, the probabilities that the Markov chain model supports the system call sequences generated by the program are computed. A low probability indicates an anomalous sequence that may result from intrusive activities. Then a decision rule based on the number of anomalous sequences in a locality frame is adopted to classify the program's behavior. The method gives attention to both computational efficiency and detection accuracy, and is especially suitable for on-line detection. It has been applied to practical host-based intrusion detection systems.
文摘With the capability of the virtual machine monitor, a novel approach for logging system activities is designed. In the design, the guest operating system runs on the virtual machine monitor as non-privileged mode. The redirecting and monitoring modules are added into the virtual machine monitor. When a guest application is calling a system call, it is trapped and redirected from the least privileged level into the virtual machine monitor running in the most privileged level. After logging is finished. it returns to the guest operating system running in the more privileged level and starts the system call. Compared with the traditional methods for logging system activities, the novel method makes it more difficult to destroy or tamper the logs. The preliminary evaluation shows that the prototype is simple and efficient.
文摘A new classification model for host intrusion detection based on the unidentified short sequences and RIPPER algorithm is proposed. The concepts of different short sequences on the system call traces are strictly defined on the basis of in-depth analysis of completeness and correctness of pattern databases. Labels of short sequences are predicted by learned RIPPER rule set and the nature of the unidentified short sequences is confirmed by statistical method. Experiment results indicate that the classification model increases clearly the deviation between the attack and the normal traces and improves detection capability against known and unknown attacks.
文摘To detect more attacks aiming at key security data in program behavior-based anomaly detection,the data flow properties were formulated as unary and binary relations on system call arguments.A new method named two-phrase analysis(2PA)is designed to analyze the efficient relation dependency,and its description as well as advantages are discussed.During the phase of static analysis,a dependency graph was constructed according to the program's data dependency graph,which was used in the phase of dynamic learning to learn specified binary relations.The constructed dependency graph only stores the information of related arguments and events,thus improves the efficiency of the learning algorithm and reduces the size of learned relation dependencies.Performance evaluations show that the new method is more efficient than existing methods.
文摘Introduction: The ring system is one of the devices that are necessary for patients in hospital. Patients can use it in emergencies and call nurses for help. Patients who have a tracheal tube cannot make the simplest requests, and they do not have verbal communication due to tracheal tube or tracheostomy tube. According to surveys, patients’ survival is 55.5% in intensive care unit (ICU). They experience severe stressful conditions. This project is designed to solve communicational problems for ICU patients. We have developed and successfully tested a new moveable “nurse call system” for ICU patient. Material Methods: this is an interventional study. Regarding the main goal of this project, it seems that the best design for “nurse call system” is horizontal panels. The Panel of device contains a touchable board, which consists of symbols that allow patients to select them despite of their physical limitation. When patient touches any symbol, the message will be sent and heard by the nurse and the patient as well, so the patient will be sure that the massages is received properly. A notepad device will be used on which patients are able to write too. It is finger touch, and has virtual keywords in both Persian and English alphabets. The voice messages and other data will be transmitted to the computer in central nurse station by a wireless accesses point. In this study, we evaluated the viewpoint of nurses and patients who have used this device. Results: 40 questionnaires were distributed, but 30 cases were collected. Results showed that 26.7% (8 cases) were men, 73.3% (22 cases) women. 26.7% (23 cases) were nurses, 6.7% (2 cases) doctor, 6.7% (2 cases) nurse assistant. 33.3% (9 cases) were in the morning shift, 66.7% (21 cases) worked in other shifts. About patient 60% (6 cases) were men, 40% (4 cases) women and in 98% comments were completely compliant and device was full consent. Conclusion: The Nurse Call system caused patients’ satisfaction. In addition, this device resolved many problems of patients and made it possible to have active communication with them.
文摘Acclimatizing itself to the development of network,Math Works Inc constructed a MATLAB Web Server environment by dint of which one can browse the calculation and plots of MATLAB through Internet directly.The installation and use of the environment is introduced.A code established on the platform of MATLAB,which deals with the modal analysis of magnetic bearing system(MBS) supporting rotors of five degrees of freedom and considering the coupling of thrust bearing with radical bearings is modified to work in the environment.The purpose is to realize a remote call of the code by users through Internet for the performance analysis of the system.Such an application is very important to the concurrent design of MBS and for the utilization of distributive knowledge acquisition resources in collaborative design.The work on modification and realization is described and the results are discussed.
文摘Satellite and terrestrial components of IMT-Advanced need to be integrated so that the traditional strengths of each component can be fully exploited. LTE/LTE-A is now a recognized foundation of terrestrial 4G networks, and mobile satellite networks should be based on it. Long transmission delay is one of the main disadvantages of satellite communication, especially in a GEO system, and terminal-to-terminal (TtT) design reduces this delay. In this paper, we propose a protocol architecture based on LTE/LTE-A for GEO mobile satellite communication. We propose a detailed call procedure and four TtT modes for this architecture. We describe the division of tasks between the satellite gateway (SAT-GW) and satellite as well as TtT processing in the physical layer of the satellite in order to reduce delay and ensure compatibility with a terrestrial LTE/LTE-A system.
