Advanced Persistent Threat(APT)is now the most common network assault.However,the existing threat analysis models cannot simultaneously predict the macro-development trend and micro-propagation path of APT attacks.The...Advanced Persistent Threat(APT)is now the most common network assault.However,the existing threat analysis models cannot simultaneously predict the macro-development trend and micro-propagation path of APT attacks.They cannot provide rapid and accurate early warning and decision responses to the present system state because they are inadequate at deducing the risk evolution rules of network threats.To address the above problems,firstly,this paper constructs the multi-source threat element analysis ontology(MTEAO)by integrating multi-source network security knowledge bases.Subsequently,based on MTEAO,we propose a two-layer threat prediction model(TL-TPM)that combines the knowledge graph and the event graph.The macro-layer of TL-TPM is based on the knowledge graph to derive the propagation path of threats among devices and to correlate threat elements for threat warning and decision-making;The micro-layer ingeniously maps the attack graph onto the event graph and derives the evolution path of attack techniques based on the event graph to improve the explainability of the evolution of threat events.The experiment’s results demonstrate that TL-TPM can completely depict the threat development trend,and the early warning results are more precise and scientific,offering knowledge and guidance for active defense.展开更多
According to the requirement of computer forensic and network forensic, a novel forensic computing model is presented, which exploits XML/OEM/RM data model, Data fusion technology, forensic knowledgebase, inference me...According to the requirement of computer forensic and network forensic, a novel forensic computing model is presented, which exploits XML/OEM/RM data model, Data fusion technology, forensic knowledgebase, inference mechanism of expert system and evidence mining engine. This model takes advantage of flexility and openness, so it can be widely used in mining evidence.展开更多
为有效解决构建电力运检知识图谱的关键步骤之一的电力运检命名实体识别问题,通过构建一种基于Stacking多模型融合的隐马尔可夫-条件随机场-双向长短期记忆网络(hidden Markov-conditional random fields-bi-directional long short-ter...为有效解决构建电力运检知识图谱的关键步骤之一的电力运检命名实体识别问题,通过构建一种基于Stacking多模型融合的隐马尔可夫-条件随机场-双向长短期记忆网络(hidden Markov-conditional random fields-bi-directional long short-term,HCB)模型方法研究了电力运检命名实体识别问题。HCB模型分为两层,第一层使用隐马尔可夫模型(hidden Markov model,HMM)、条件随机场(conditional random fields,CRF)和双向长短期记忆网络(bi-directional long short-term memory,Bi-LSTM)模型进行训练预测,再将预测结果输入第二层的CRF模型进行训练,经过双层模型训练预测得出最后的命名实体。结果表明:在电力运检命名实体识别问题上HCB模型的精确率、召回率及F1值等指标明显优于单模型以及其他的融合模型。可见HCB模型能有效解决电力运检命名实体识别问题。展开更多
网格服务质量(QoS)保证是网格环境中最关键的研究内容之一,以往的网格QoS保证机制大多关注于性能QoS的保证,而对于安全QoS鲜有涉及.针对这一不足,提出了用网格安全保护质量(grid quality of protection,GQoP)的概念来定义网格安全QoS,...网格服务质量(QoS)保证是网格环境中最关键的研究内容之一,以往的网格QoS保证机制大多关注于性能QoS的保证,而对于安全QoS鲜有涉及.针对这一不足,提出了用网格安全保护质量(grid quality of protection,GQoP)的概念来定义网格安全QoS,并给出了相应的测量技术.将GQoP看作为网格QoS(GQoS)的一个子类,通过融合模型和协商算法来消除两者之间的资源竞争矛盾,并据此提出了一种具有GQoP保证的网格QoS自适应调度算法.该算法不需要中央节点的控制,而由各资源提供者按照一定的概率分布来调节GQoP和GQoS等级,不仅能够保证用户的GQoP和GQoS需求,而且能够通过构造的马尔可夫链,渐进地逼近系统效用的全局最优解.展开更多
针对姿态多变化的飞机自动目标识别中的低识别率问题,提出了一种基于DSm T(Dezert-Smarandache theory)与隐马尔可夫模型(Hidden Markov model,HMM)的飞机多特征序列信息融合识别算法(Multiple features and sequential information fus...针对姿态多变化的飞机自动目标识别中的低识别率问题,提出了一种基于DSm T(Dezert-Smarandache theory)与隐马尔可夫模型(Hidden Markov model,HMM)的飞机多特征序列信息融合识别算法(Multiple features and sequential information fusion,MFSIF).其创新性在于将单幅图像的多特征信息融合识别和序列图像信息融合识别进行有机结合.首先,对图像进行二值化预处理,并提取目标的Hu矩和轮廓局部奇异值特征;然后,利用概率神经网络(Probabilistic neural networks,PNN)构造基本信度赋值(Basic belief assignment,BBA);接着,利用DSm T对该图像的不同特征进行融合,从而获得HMM的观察值序列;再接着,利用隐马尔可夫模型对飞机序列信息融合,计算观察值序列与各隐马尔可夫模型之间的相似度,从而实现姿态多变化的飞机目标自动识别;最后,通过仿真实验,验证了该算法在飞机姿态发生较大变化时,依然可以获得较高的正确识别率,同时在实时性方面也可以满足飞机目标识别的要求.另外,在飞机序列发生连续遮挡帧数τ≤6的情况下,也具有较高的飞机目标正确识别率.展开更多
文摘Advanced Persistent Threat(APT)is now the most common network assault.However,the existing threat analysis models cannot simultaneously predict the macro-development trend and micro-propagation path of APT attacks.They cannot provide rapid and accurate early warning and decision responses to the present system state because they are inadequate at deducing the risk evolution rules of network threats.To address the above problems,firstly,this paper constructs the multi-source threat element analysis ontology(MTEAO)by integrating multi-source network security knowledge bases.Subsequently,based on MTEAO,we propose a two-layer threat prediction model(TL-TPM)that combines the knowledge graph and the event graph.The macro-layer of TL-TPM is based on the knowledge graph to derive the propagation path of threats among devices and to correlate threat elements for threat warning and decision-making;The micro-layer ingeniously maps the attack graph onto the event graph and derives the evolution path of attack techniques based on the event graph to improve the explainability of the evolution of threat events.The experiment’s results demonstrate that TL-TPM can completely depict the threat development trend,and the early warning results are more precise and scientific,offering knowledge and guidance for active defense.
基金Supported by the Scientific and TechnologicalBureau of the Ministry of Public Security of P.R.China ,the Projectof the Network Supervising Bureau(2005yycxhbst117) the Project ofthe 15th Overall Plan of Education Department of Hubei Province(2004d349) the Project of the 15th Overall Plan of Social ScienceFund of Hubei Province([2005]073)
文摘According to the requirement of computer forensic and network forensic, a novel forensic computing model is presented, which exploits XML/OEM/RM data model, Data fusion technology, forensic knowledgebase, inference mechanism of expert system and evidence mining engine. This model takes advantage of flexility and openness, so it can be widely used in mining evidence.
文摘为有效解决构建电力运检知识图谱的关键步骤之一的电力运检命名实体识别问题,通过构建一种基于Stacking多模型融合的隐马尔可夫-条件随机场-双向长短期记忆网络(hidden Markov-conditional random fields-bi-directional long short-term,HCB)模型方法研究了电力运检命名实体识别问题。HCB模型分为两层,第一层使用隐马尔可夫模型(hidden Markov model,HMM)、条件随机场(conditional random fields,CRF)和双向长短期记忆网络(bi-directional long short-term memory,Bi-LSTM)模型进行训练预测,再将预测结果输入第二层的CRF模型进行训练,经过双层模型训练预测得出最后的命名实体。结果表明:在电力运检命名实体识别问题上HCB模型的精确率、召回率及F1值等指标明显优于单模型以及其他的融合模型。可见HCB模型能有效解决电力运检命名实体识别问题。
文摘网格服务质量(QoS)保证是网格环境中最关键的研究内容之一,以往的网格QoS保证机制大多关注于性能QoS的保证,而对于安全QoS鲜有涉及.针对这一不足,提出了用网格安全保护质量(grid quality of protection,GQoP)的概念来定义网格安全QoS,并给出了相应的测量技术.将GQoP看作为网格QoS(GQoS)的一个子类,通过融合模型和协商算法来消除两者之间的资源竞争矛盾,并据此提出了一种具有GQoP保证的网格QoS自适应调度算法.该算法不需要中央节点的控制,而由各资源提供者按照一定的概率分布来调节GQoP和GQoS等级,不仅能够保证用户的GQoP和GQoS需求,而且能够通过构造的马尔可夫链,渐进地逼近系统效用的全局最优解.
文摘针对姿态多变化的飞机自动目标识别中的低识别率问题,提出了一种基于DSm T(Dezert-Smarandache theory)与隐马尔可夫模型(Hidden Markov model,HMM)的飞机多特征序列信息融合识别算法(Multiple features and sequential information fusion,MFSIF).其创新性在于将单幅图像的多特征信息融合识别和序列图像信息融合识别进行有机结合.首先,对图像进行二值化预处理,并提取目标的Hu矩和轮廓局部奇异值特征;然后,利用概率神经网络(Probabilistic neural networks,PNN)构造基本信度赋值(Basic belief assignment,BBA);接着,利用DSm T对该图像的不同特征进行融合,从而获得HMM的观察值序列;再接着,利用隐马尔可夫模型对飞机序列信息融合,计算观察值序列与各隐马尔可夫模型之间的相似度,从而实现姿态多变化的飞机目标自动识别;最后,通过仿真实验,验证了该算法在飞机姿态发生较大变化时,依然可以获得较高的正确识别率,同时在实时性方面也可以满足飞机目标识别的要求.另外,在飞机序列发生连续遮挡帧数τ≤6的情况下,也具有较高的飞机目标正确识别率.