自适应滤波实时网络流量异常检测方法

针对网络中的各种常见攻击,提出一种基于自适应滤波的网络流量异常检测方法.首先对多种流量指标进行递推最小二乘法预测,然后以预测误差所构造的统计量容许范围进行异常检测,最后对检测结果实施归一化评估.该方法具有无需任何历史训练数据、能大量减少报警次数、突出报警严重程度的特点.在DARPA入侵检测评估数据集上的实验表明,所提方法更适合检测拒绝服务攻击引起的异常,较之相同权向量下的同类方法,其异常检测率、误报率和检测速度等性能更好.     

基于非负定自适应卡尔曼滤波的电力系统虚假数据攻击检测

虚假数据攻击(false data attack, FDA)是通过对电网中远程终端单元(remote terminal unit, RTU)、同步相量测量单元(phasor measurement unit, PMU)等通信环节的攻击,误导电力系统的状态估计,给电力系统的安全可靠运行带来巨大威胁。构建了电网虚假数据攻击检测架构、电压信号状态空间模型和虚假数据攻击模型,提出了非负定自适应卡尔曼滤波算法来估计模型中的状态量,旨在准确检测电力系统中的虚假数据。通过对3节点电力系统仿真,结果验证文中所提的算法在保证滤波稳定性的同时,提高了攻击检测的运算速度。     

入侵检测系统利用信息熵检测网络攻击的方法

针对传统入侵检测系统报警事件数量多、误报率高的问题,提出了一种基于信息熵的网络攻击检测方法。该方法利用雷尼熵对报警事件源IP地址、目标IP地址、源威胁度、目标威胁度以及数据报大小这5个属性香农熵的融合结果来表示网络状态,通过与正常网络状态的对比识别网络异常。真实攻击和人工合成攻击环境中的实验结果表明,该方法能在保持误报率低于1%的情况下命中率高于90%;与基于特征香农熵的攻击检测方法相比,该方法对攻击更敏感,最易检测出DoS攻击和主机入侵,其次是主机扫描和端口扫描,对蠕虫攻击的检测敏感度稍差。对比测试结果表明,该方法在提高命中率的同时,还能有效降低误报率。     

异常检测中单类分类算法和免疫框架设计

基于主机系统执行迹的异常检测系统可以检测类似U2R和R2L这两类攻击。由于攻击数据难以获取，往往只能得到正常的系统调用执行迹数据。该文设计了基于自组织特征映射的单类分类器的异常检测模型，只利用正常数据建立分类器，所有偏离正常模式的活动都被认为是入侵。通过对主机系统执行迹数据集的测试，试验获得了对异常样本接近100％的检测率，而误报警率为4．9％。该文将单类分类器作为抗体检测器，运用人工免疫学原理建立了分布式的异常检测框架，使入侵检测系统具有分布式、自组织和高效的特性，为建立分布式的入侵检测提出一种新的思路。     

基于BP网络的入侵检测模型研究与实现

入侵检测是一种积极主动的安全防护技术。入侵检测系统可分为基于主机的和基于网络的两种。和防火墙等其它安全产品相比,他们还存在很多缺陷。人工神经网络通过对大量训练样本的学习,可以获得正常和异常数据的分类知识,从而能够对入侵的异常数据进行识别。为此给出了基于BP网络的入侵检测系统,从试验数据发现,该系统不仅在测试阶段的检全率和误检率达到了令人满意的效果,而且在实时检测中,由于计算量不大,对于攻击和扫描的反应速度快,只要建立相应的报警机制,一旦检测到可能的入侵行为,系统就会立即通知管理员采取适当的措施,保护系统安全。     

一种基于少量异常标签的SQL注入攻击检测方法

SQL注入攻击通过入侵目标数据库实现对数据的窃取或破坏,危害性极大.SQL注入攻击检测可帮助及时发现潜在的安全威胁,从而有利于数据库安全防护.然而在智能交通系统中,由于其内部的复杂性和SQL注入攻击新变种的不断涌现,可供机器学习模型训练的异常标签样本往往较少,使得现有大多数SQL注入攻击检测方法容易存在模型过拟合和性能退化的问题.针对上述问题,本文综合考虑智能交通系统和SQL注入攻击的特点,设计了一种基于比特编码的SQL注入攻击检测框架.该框架无需预训练词嵌入模型和进行语法规则解析.基于该框架,本文提出基于注意力机制的半监督SQL注入攻击检测模型(ASDM).该模型首先通过重构数据样本,学习样本特征的中心趋势和离散程度等高层次特征,表达特征后验分布和特征偏离程度;接着将该高层次特征与数据编码特征融合,突出不同类别数据间的差异;最后引入注意力机制和残差网络构造检测器输出判定结果,以使模型能够根据重要程度对特征施加不同的关注力度,同时具有较强的泛化能力.实验结果表明：本文方法在数据标签不平衡的情况下,相较于其他SQL注入攻击检测方法具有更优的检测性能;并能够检测未知SQL注入攻击.     

变分自编码器和注意力机制的异常入侵检测方法

针对传统的机器学习算法在检测未知攻击方面表现不佳的问题,提出了一种基于变分自动编码器和注意力机制的异常入侵检测方法,通过将变分自编码器和注意力机制相结合,实现使用深度学习方法从基于流量的数据中检测异常网络流量的目标。所提方法利用独热编码和归一化技术对输入数据进行预处理;将数据输入到基于注意力机制的变分编码器中,采集训练样本中隐含特征信息,并将其融入最终潜变量中;计算原始数据与重建数据之间的重建误差,进而基于适当的阈值判断流量的异常情况。实验结果表明,与其他入侵检测方法相比,所提方法明显改善了入侵检测的精度,不仅可以检测已知和未知攻击,而且还可以提高低频次攻击的检测率。     

论电力系统信息网络中的数据挖掘技术及IDS应用

电力系统在整个国家国民经济中起着举足轻重的作用,其安全性不容忽视。简要介绍了基于数据挖掘技术的入侵检测系统在电力信息网络中的应用,提出用入侵检测系统从网络技术上保证电力系统的安全性。     

机器学习缓解的广域阻尼控制系统异常检测

为了建立攻击弹性,以抵抗对测量信号和控制信号段的隐蔽网络攻击,提出了一种基于机器学习缓解策略的广域阻尼控制系统异常检测方法。首先提出基于信号熵的特征提取,从而提高机器学习模型的训练检测精度和鲁棒性。然后提出一种基于电力系统运行条件和网络攻击事件的组合数据集生成方法,以便用于任何大规模电网模型。引入的缓解模块能够调谐系统信号,并同时在测量和控制信号上进行攻击检测。在2区域4机电力系统的测试环境下对本文方法的性能进行了评估,结果表明本文方法能够实现高精度的异常检测。     

分布式智能人侵检测系统模型设计与实现

设计了一种分布式网络智能入侵检测系统模型。在该模型中采用了面向混合类型数据的快速聚类算法和基于属性约束的规则挖掘算法,对每一个IDS初始数据进行智能分类和关联;并且建立了入侵模式库,用于不同网段的实时检测;在数据融合中心采用基于D-S证据理论的数据融合方法处理来自不同IDS的初级报警,并生成高级报警,有效地抑制了海量警报。实验结果表明,该设计方案能够消除重复报警,降低误报率,提高报警所含的信息量,并为管理员提供一个网络安全的整体视图。     

Markedness and its Interpretation in Language Use

Language markedness is a common phenomenon in languages, and is reflected from hearing, vision and sense, i.e. the variation in the three aspects such as phonology, morphology and semantics. This paper focuses on the interpretation of markedness in language use following the three perspectives, i.e. pragmatic interpretation, psychological interpretation and cognitive interpretation, with an aim to define the function of markedness.     

Lower Paleozoic oil relationships within Williston Basin, Canada

The Williston Basin is a significant petroleum province, containing oil production zones that include the Middle Cambrian to Lower Ordovician, Upper Ordovician, Middle Devonian, Upper Devonian and Mississippian and within the Jurassic and Cretaceous. The oils of the Williston Basin exhibit a wide range of geochemical characteristics defined as "oil families", although the geochemical signature of the Cambrian Deadwood Formation and Lower Ordovician Winnipeg reservoired oils does not match any "oil family". Despite their close stratigraphic proximity, it is evident that the oils of the Lower Palaeozoic within the Williston Basin are distinct. This suggests the presence of a new "oil family" within the Williston Basin. Diagnostic geochemical signatures occur in the gasoline range chromatograms, within saturate fraction gas chromatograms and biomarker fingerprints. However, some of the established criteria and cross-plots that are currently used to segregate oils into distinct genetic families within the basin do not always meet with success, particularly when applied to the Lower Palaeozoic oils of the Deadwood and Winnipeg Formation.     

An Analysis of Catherine＇s Character——Wuthering Heights

Wuthering Heights, Emily Bronte＇s only novel, was published in December of 1847 under the pseudonym Ellis Bell. The book did not gain immediate success, but it is now thought one of the finest novels in the English language. Catherine is the key character of this masterpiece, because everybody and everything center on her though she had a short life. We can understand this masterpiece better if we know Catherine well.     

Features of Women's language

Language is a means of verbal communication. People use language to communicate with each other. In the society, no two speakers are exactly alike in the way of speaking. Some differences are due to age, gender, statue and personality. Above all, gender is one of the obvious reasons. The writer of this paper tries to describe the features of women＇s language from these perspectives： pronunciation, intonation, diction, subjects, grammar and discourse. From the discussion of the features of women＇s language, more attention should be paid to language use in social context. What＇s more, the linguistic phenomena in a speaking community can be understood more thoroughly.     

Characterization of Ordovician carbonate reservoirs, southeastern Saskatchewan, Canada

The discovery of the prolific Ordovician Red River reservoirs in 1995 in southeastern Saskatchewan was the catalyst for extensive exploration activity which resulted in the discovery of more than 15 new Red River pools. The best yields of Red River production to date have been from dolomite reservoirs. Understanding the processes of dolomitization is, therefore, crucial for the prediction of the connectivity, spatial distribution and heterogeneity of dolomite reservoirs.The Red River reservoirs in the Midale area consist of 3～4 thin dolomitized zones, with a total thickness of about 20 m, which occur at the top of the Yeoman Formation. Two types of replacement dolomite were recognized in the Red River reservoir: dolomitized burrow infills and dolomitized host matrix. The spatial distribution of dolomite suggests that burrowing organisms played an important role in facilitating the fluid flow in the backfilled sediments. This resulted in penecontemporaneous dolomitization of burrow infills by normal seawater. The dolomite in the host matrix is interpreted as having occurred at shallow burial by evaporitic seawater during precipitation of Lake Almar anhydrite that immediately overlies the Yeoman Formation. However, the low δ18O values of dolomited burrow infills (-5.9‰～ -7.8‰, PDB) and matrix dolomites (-6.6‰～ -8.1‰, avg. -7.4‰ PDB) compared to the estimated values for the late Ordovician marine dolomite could be attributed to modification and alteration of dolomite at higher temperatures during deeper burial, which could also be responsible for its 87Sr/86Sr ratios (0.7084～0.7088) that are higher than suggested for the late Ordovician seawaters (0.7078～0.7080). The trace amounts of saddle dolomite cement in the Red River carbonates are probably related to "cannibalization" of earlier replacement dolomite during the chemical compaction.     

Design and analysis of generic LBS application developing platform

Location based services is promising due to its novel working style and contents.A software platform is proposed to provide application programs of typical location based services and support new applications developing efficiently. The analysis shows that this scheme is easy implemented, low cost and adapt to all kinds of mobile nework system.     

橡胶颗粒沥青混合料低温抗裂性试验研究

以AC-13级配为基础,将橡胶颗粒代替部分集料掺入混合料中,以低温弯曲试验为评价方法对不同橡胶颗粒掺量下沥青混合料的低温抗裂性进行研究,并引入应变能密度值对混合料的低温抗裂性进行综合评价.试验结果表明:橡胶颗粒沥青混合料试件的破坏微应变均超过2 300,满足冬寒区的技术指标;无论是否掺加橡胶颗粒,随着温度的下降,沥青混合料破坏时的最大弯拉强度增大,弯拉应变降低,劲度模量增大;弯曲应变能密度在胶粒掺量为1%左右时具有较大的弯曲应变能密度值,此时橡胶颗粒沥青混合料具有较好的低温抗裂性.     

低渗透非均质砂岩油藏启动压力梯度研究

理论推导与室内实验相结合,建立了低渗透非均质砂岩油藏启动压力梯度确定方法。首先借助油藏流场与电场相似的原理,推导了非均质砂岩油藏启动压力梯度计算公式。其次基于稳定流实验方法,建立了非均质砂岩油藏启动压力梯度测试方法。结果表明:低渗透非均质砂岩油藏的启动压力梯度确定遵循两个等效原则。平面非均质油藏的启动压力梯度等于各级渗透率段的启动压力梯度关于长度的加权平均;纵向非均质油藏的启动压力梯度等于各渗透率层的启动压力梯度关于渗透率与渗流面积乘积的加权平均。研究成果可用于有效指导低渗透非均质砂岩油藏的合理井距确定,促进该类油藏的高效开发。     

Quantitative trait loci （QTLs） for quality traits related to protein and starch in wheat

Quality traits in wheat （Triticum aestirum L.） were studied by quantitative trait locus （QTL） analysis in a recombinant inbred line （RIL） population, a set of 131 lines derived from Chuan 35050 × Shannong 483 cross （ChSh）. Grains from RILs were assayed for 21 quality traits related to protein and starch. A total of 35 putative QTLs for 19 traits with a single QTL explaining 7.99-40.52% of phenotypic variations were detected on 10 chromosomes, 1D, 2A, 2D, 3B, 3D, 5A, 6A, 6B, 6D, and 7B. The additive effects of 30 QTLs were positive, contributed by Chuan 35050, the remaining 5 QTLs were negative with the additive effect contributed by Shannong 483. For protein traits, 15 QTLs were obtained and most of them were located on chromosomes 1 D, 3B and 6D, while 20 QTLs for starch traits were detected and most of them were located on chromosomes 3D, 6B and 7B. Only 7 QTLs for protein and starch traits were co-located in three regions on chromosomes 1D, 2A and 2D. These protein and starch trait QTLs showed a distinct distribution pattern in certain regions and chromosomes. Twenty-two QTLs were clustered in 6 regions of 5 chromosomes. Two QTL clusters for protein traits were located on chromosomes 1D and 3B, respectively, three clusters for starch traits on chromosomes 3D, 6B and 7B, and one cluster including protein and starch traits on chromosome 1D.     

On Tragic Consciousness In The Works By Ernest Hemingway

As an American modern novelist who were famous in the literary world, Hemingway was not a person who always followed the trend but a sharp observer. At the same time, he was a tragedy maestro, he paid great attention on existence, fate and end-result. The dramatis personae's tragedy of his works was an extreme limit by all means tragedy on the meaning of fearless challenge that failed. The beauty of tragedy was not produced on the destruction of life, but now this kind of value was in the impact activity. They performed for the reader about the tragedy on challenging for the limit and the death.