吴以才,刘渊,郑楼英

DOI: https://doi.org/10.3785/j.issn.1008-973X.2001.05.021

2001-01-01

Abstract:A modified BIR model was developed for FTP file retrieval. It solved the problems happened to current retrieval method based on string match, which can't rank the retrieval results and may miss retrieval targets when filenames are abbreviated. Some heuristic rules were proposed to obtain training set for estimating the parameters of our retrieval model, and enabled the new model to do the whole retrieval process automatically. The experiment showed that the results of the new retrieval model have higher precision and recall than the string-match methods'.

Jianxin Xu,Dongqin Feng

DOI: https://doi.org/10.1155/2017/2430835

IF: 1.968

2017-01-01

Security and Communication Networks

Abstract:This paper discusses two aspects of major risks related to the cyber security of an industrial control system (ICS), including the exploitation of the vulnerabilities of legitimate communication parties and the features abused by unauthorized parties. We propose a novel framework for exposing the above two types of risks. A state fusion finite state machine (SF-FSM) model is defined to describe multiple request-response packet pair sequence signatures of various applications using the same protocol. An inverted index of keywords in an industrial protocol is also proposed to accomplish fast state sequence matching. Then we put forward the concept of scenario reconstruction, using state sequence matching based on SF-FSM, to present the known vulnerabilities corresponding to applications of a specific type and version by identifying the packet interaction characteristics from the data flow in the supervisory control layer network. We also implement an anomaly detection approach to identifying illegal access using state sequence matching based on SF-FSM. An anomaly is asserted if none of the state sequence signatures in the SF-FSM is matched with a packet flow. Ultimately, an example based on industrial protocols is demonstrated by a prototype system to validate the methods of scenario reconstruction and anomaly detection.

郭明,王树青

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.06.003

2004-01-01

Abstract:To improve the performance of fault detection and diagnosis, an integrated framework for process monitoring and fault diagnosis was presented, which combines independent component analysis (ICA) for feature extraction and support vector machine (SVM) for identification of different fault source. ICA as a new signal processing technique was used to determine the projection coefficient matrix which represents the features characterizing the current operating condition. Multiple support vector machines were well-trained by using the projection coefficient matrix as their inputs to identify the fault. The monitoring performance of the proposed method and that of the conventional principal component analysis (PCA) method were compared with regard to their application to the Tennessee Eastman process. The results show that the proposed ICA-based method is efficient and superior over the PCA-based method.

Wen-ming YANG,Qing-min LIAO,Ji-lin Liu

DOI: https://doi.org/10.3969/j.issn.1007-0249.2008.03.021

2008-01-01

Abstract:Automatic segmentation of moving objects in video sequences is a significant technology for implementing emerging object-based video coding standard MPEG-4. A novel algorithm for automatic segmentation of moving objects based on intra-frame image partition is proposed. At first, a binary moving mask image is achieved by gaussianity test based on temporal motion information. Subsequently, the further test is performed by establishing MRF model. Then, an improved watershed algorithm based on nonlinear transform is employed to partition intra-frame image aiming to establish borderlines between objects and background. Finally, moving objects are extracted by performing ratio operation on results of temporal segmentation and intra-frame image partition. Experimental results including of MPEG-4 standard tesing sequences and own-captured finger sequence show that the proposed algorithm is efficient.

陈国金,梁军,刘育明,钱积新

DOI: https://doi.org/10.3785/j.issn.1008-973X.2004.12.006

2004-01-01

Abstract:To overcome the shortcoming of the conventional process monitoring methods' assumption that the extracted features must be subject to multivariate normal distribution, a novel method based on independent component analysis (ICA) and principal component analysis (PCA) was presented for process performance monitoring by using a two-step procedure. Step I: Process operating information with non-normal distribution was extracted by means of ICA, and the density function of this part of the information was estimated by means of Parzen density estimator for calculating the confidence limits; Step H: The information with normal distribution was extracted from the underlying residual datasets by PCA, and the confidence limits were determined for Q and Retelling T2 statistic. With the advantage that no assumption of normal distribution on process datasets is needed, application of the proposed method to a double-effect evaporator yielded has less missing alarms than the conventional process monitoring methods.

Ying-ying Sun,Kou-gen Zheng

DOI: https://doi.org/10.3724/sp.j.1087.2010.03115

2010-01-01

Journal of Computer Applications

Abstract:File security access control is the core of the bank automatic teller machine security. File monitoring system based on minifilter, combining users and processes to access control rights, real-time monitored files and achieved the file security access. Minifilter model shortened the development time, and was stable and compatible. The log file operation based on mutex lock, achieved the log events generat and the log written synchronization, and improved the log-written efficiency. The file monitoring system enhances the file security and the system stability.

Sung-Hwa Han,Daesung Lee

DOI: https://doi.org/10.3390/electronics11121871

IF: 2.9

2022-06-15

Electronics

Abstract:Obfuscation and cryptography technologies are applied to malware to make the detection of malware through intrusion prevention systems (IPSs), intrusion detection systems (IDSs), and antiviruses difficult. To address this problem, the security requirements for post-detection and proper response are presented, with emphasis on the real-time file access monitoring function. However, current operating systems provide only file access control techniques, such as SELinux (version 2.6, Red Hat, Raleigh, NC, USA) and AppArmor (version 2.5, Immunix, Portland, OR, USA), to protect system files and do not provide real-time file access monitoring. Thus, the service manager or data owner cannot determine real-time unauthorized modification and leakage of important files by malware. In this paper, a structure to monitor user access to important files in real time is proposed. The proposed structure has five components, with a kernel module interrelated to the application process. With this structural feature, real-time monitoring is possible for all file accesses, and malicious attackers cannot bypass this file access monitoring function. By verifying the positive and negative functions of the proposed structure, it was validated that the structure accurately provides real-time file access monitoring function, the monitoring function resource is sufficiently low, and the file access monitoring performance is high, further confirming the effectiveness of the proposed structure.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yang Ping,Li Xiaorun

DOI: https://doi.org/10.3969/j.issn.1000-386X.2012.06.034

2012-01-01

Abstract:Real-time tunnel traffic safety monitoring system is an important means to ensure secure operation of tunnel.Aiming at the particularity of the environment in tunnel,a vehicle detection algorithm based on accumulation of difference depth matrix and a vehicle tracking algorithm based on Kalman filter are proposed,by which the detection and tracking of multiple moving vehicles are achieved.An intelligent tunnel traffic safety monitoring system based on video detection processing is designed in this paper using the techniques of image processing,computer vision,pattern recognition and software engineering,etc.The system can accurately detect various traffic operation parameters and traffic events,and provide strong guarantee for tunnel traffic safety.

Jia CHEN,Lei CHENG,Tiange SI,Yiqi DAI

DOI: https://doi.org/10.3321/j.issn:1000-0054.2007.04.040

2007-01-01

Abstract:To solve the problem of Intranet information leakage, this paper proposed a new Intranet security strategy. There are two characteristics in this strategy. In the first place, information is classified by hierarchical means. In the second place, a component called monitor is introduced. With exerting access control over the communication among the entities in the network, the monitor can dynamically isolate the physical connections among host computers involved in security. This new strategy not only ensures information security, but also improves resource utility efficiently. In addition, according to this strategy, a monitor system is also designed based on the Intel IXP2400 chip. Experimental results show that, by virtue of the powerful processing ability of IXP2400, the monitor system could efficiently process high-speed data stream in Gb/s-net.

Ya Cong,Le Zhou,Zhihuan Song,Zhiqiang Ge

DOI: https://doi.org/10.1109/tase.2019.2896205

IF: 6.636

2019-01-01

IEEE Transactions on Automation Science and Engineering

Abstract:Multivariate statistical process monitoring (MSPM) has been widely used in modern industries and most of traditional MSPM methods are developed using uniformly sampled measurements. However, process variables are often sampled with different rates in practical industries. On the other hand, most of the industries are dynamic processes in which the measurements are highly autocorrelated. Thus, it is difficult to build a dynamic process model with incomplete data sets in multirate processes. In this paper, a multirate linear Gaussian state-space model is exploited to deal with the above issues. Both the offline model training and online process monitoring schemes are developed in the present of incomplete multirate process data sets. The proposed method is validated through a numerical example and the Tennessee Eastman benchmark process. Note to Practitioners Process monitoring is essential to industrial process maintenance and safety. Typical monitoring methods focus on uniformly sampled variables which are rarely satisfied in practical industries. On the other hand, most industries are dynamic processes which bring more difficulties to process monitoring with multirate variables. This paper proposed a new scheme for multirate dynamic process monitoring based on the multirate linear Gaussian state-space model. To fully implement this approach: 1) the multirate process data need to be well divided into multiblocks. Each of the block should contain at least one variable; 2) the amount of latent variable's dimension needs to be properly determined; and 3) the sampling rates of the process cannot be extremely distinguished otherwise will lead to a poor model performance. Two cases studied on both numerical example and Tennessee Eastman benchmark are given to validate the efficiency of the proposed algorithm on multirate dynamic process monitoring.

Guodong Sa,Zhengyang Jiang,Jiacheng Sun,Chan Qiu,Zhenyu Liu,Jianrong Tan

DOI: https://doi.org/10.1108/jimse-06-2024-0011

2024-01-01

Journal of Intelligent Manufacturing and Special Equipment

Abstract:Purpose – Real-time monitoring of the critical physical fields of core components in complex equipment is of great significance as it can predict potential failures, provide reasonable preventive maintenance strategies and thereby ensure the service performance of the equipment. This research aims to propose a hierarchical explicit–implicit combined sensing-based real-time monitoring method to achieve the sensing of critical physical field information of core components in complex equipment. Design/methodology/approach – Sensor deployable and non-deployable areas are divided based on the dynamic and static constraints in actual service. An integrated method of measurement point layout and performance evaluation is used to optimize sensor placement, and an association mapping between information in non-deployable and deployable areas is established, achieving hierarchical explicit–implicit combined sensing of key sensor information for core components. Finally, the critical physical fields of core components are reconstructed and visualized. Findings – The proposed method is applied to the spindle system of CNC machine tools, and the result shows that this method can effectively monitor the spindle system temperature field. Originality/value – This research provides an effective method for monitoring the service performance of complex equipment, especially considering the dynamic and static constraints during the service process and detecting critical information in non-deployable areas.

Jun Li

DOI: https://doi.org/10.48550/arXiv.1712.05074

2017-12-14

Abstract:Advanced computing and data acquisition technologies have made possible the collection of high-dimensional data streams in many fields. Efficient online monitoring tools which can correctly identify any abnormal data stream for such data are highly sought after. However, most of the existing monitoring procedures directly apply the false discover rate (FDR) controlling procedure to the data at each time point, and the FDR at each time point (the point-wise FDR) is either specified by users or determined by the in-control (IC) average run length (ARL). If the point-wise FDR is specified by users, the resulting procedure lacks control of the global FDR and keeps users in the dark in terms of the IC-ARL. If the point-wise FDR is determined by the IC-ARL, the resulting procedure does not give users the flexibility to choose the number of false alarms (Type-I errors) they can tolerate when identifying abnormal data streams, which often makes the procedure too conservative. To address those limitations, we propose a two-stage monitoring procedure that can control both the IC-ARL and Type-I errors at the levels specified by users. As a result, the proposed procedure allows users to choose not only how often they expect any false alarms when all data streams are IC, but also how many false alarms they can tolerate when identifying abnormal data streams. With this extra flexibility, our proposed two-stage monitoring procedure is shown in the simulation study and real data analysis to outperform the exiting methods.

Methodology

Zhichao Li,Mingxue Shen,Li Tian,Xuefeng Yan

DOI: https://doi.org/10.1088/1361-6501/ad1a87

IF: 2.398

2024-01-04

Measurement Science and Technology

Abstract:Modern industrial processes are increasingly complex, where multiple characteristics usually coexist in process data. Therefore, traditional monitoring methods based on a single model may ignore other data characteristics and obtain poor monitoring performance. Aiming at this problem, a novel monitoring method based on multi-model information extraction and fusion is proposed in this paper. Firstly, several methods are used to extract different characteristics from process data. For example, principal component analysis, independent component analysis and slow features analysis can be used to extract Gaussian, non-Gaussian and dynamic characteristics respectively. Secondly, features extracted from multiple models are combined into new potential features. Then, Lasso regression models between potential features and process variables are established. In this way, not only are multiple characteristics in process data considered during the reconstruction, but key potential features (KPFs) can be selected for each process variable. The KPFs for each process variable can form a monitoring subspace to enhance the sensitivity for fault detection. Furthermore, cluster analysis is used to reduce the redundancy of monitoring subspaces based on the similarity of each subspace. Process monitoring can be achieved by fusing the monitoring results of finally determined multiple subspaces and residual space. Case studies on three simulation processes and a real industrial process demonstrate the effectiveness and better performance.

engineering, multidisciplinary,instruments & instrumentation

B Li,QM Chen

DOI: https://doi.org/10.1109/icsssm.2005.1500232

2005-01-01

Abstract:With the rapid growth of expressway in China, the monitor video in expressway is also increased, and a surveillance-net is gradually formed, in order to manage all the videos automatically, in this paper, a framework of real-time auto-surveillance net based on a robust recognition and tracking strategy is studied. Recognition is focused on the ROI of the video, and a pixel weight based high-level information abstraction is used to get the detail information of the objects. A hypothesis based tracking is used to maintain correspondences between objects identified at successive recognition instants to provide spatio-temporal trajectories. Results of experiment by dealing with expressway video are obtained, which demonstrate the accuracy and time responses.

YU Yang,YANG Ze-hong,JIA Pei-fa

DOI: https://doi.org/10.3969/j.issn.1000-3428.2007.24.051

2007-01-01

Abstract:As information security is challenged by the development of information technology,computer monitor system may be an effective solution to this problem.A monitor process is composed of data collection and analysis,rule-based discrimination,possible danger interception and whole process log recording.Its key features are the monitor technology for file,text and user operations.By experiments of comparing and analyzing,a research is made on the theory and application of the key features.Research of the key technologies will improve the efficiency and stability of the system.

Xiongfeng Jiao,Mingming Shuai,Yi Qin,Jun Chen,Xianzhen Fan

DOI: https://doi.org/10.3233/jcm-226723

2023-02-16

Journal of Computational Methods in Sciences and Engineering

Abstract:Railway transportation is the main means of transportation for people and the main way of logistics transportation, playing an important role in daily life. Therefore, the safety inspection of railway track has been widely valued. The abnormal intelligent detection of rail fasteners is the key content of rail safety detection. The traditional rail fastener detection method is based on machine learning for image recognition, such as SVM, to detect abnormal rail fasteners. But the traditional method has two defects. The first point is that the detection time is long, and the second point is that the detection accuracy is low. To solve this problem, a rail fastener anomaly detection model based on SVM optimized by IFOA algorithm is proposed. Firstly, the image of rail fastener is collected and filtered; Then, edge detection and image segmentation are performed to obtain the image of the target area; Finally, the HOG feature and LBP feature of the image are extracted, and the improved IFOA-SVM is used to recognize and classify the features, so as to achieve intelligent rail fastener anomaly detection. The experimental results show that when the IACO-SVM model is iterated to 254 times, the fitness value tends to be stable, which is 0.24. The detection accuracy of the model reaches 99.82%, which is higher than the traditional models, and can meet the work requirements of rail fastener anomaly detection. The rail fastener anomaly detection model based on SVM can improve the efficiency of rail fastener anomaly detection, and has a positive effect on the normal operation of railway transportation. However, the number of experimental samples used in the study is limited, which may lead to some errors in the experimental results. Therefore, it is necessary to increase the number of samples in subsequent studies.

Lu Jun,Liu Daxin,Ding Dayong

DOI: https://doi.org/10.3969/j.issn.1000-386X.2006.06.016

2006-01-01

Abstract:This paper summarized methods of detecting file modification.We put forward log-watching one another by using affixed log for defending internal attack.Watching log and affixed log watch each other,so they can inspect malicious attack from internal skill attacker.To multilevel-log method,log-watching method economizes more resource and system spending.It is more efficiently.

Yusheng Dai,Hui Li,Yekui Qian,Yunling Guo,Ruipeng Yang,Min Zheng

DOI: https://doi.org/10.1016/j.cose.2020.102109

2021-01-01

Abstract:<p>Malware seriously threatens national security and personal privacy, but the evasive behavior of malware is becoming more and more covert and difficult to analyze. Thus, effectively detect malware is of great significance. Distributed malware injection is a new type of evasion technique. By dividing the malware into blocks, and then injecting the blocks into multiple benign processes, each block communicates with each other and can perform complete malicious actions in sequence, making the existing of malware detection fails. Currently, commercial anti-virus software cannot effectively detect distributed malware. At the same time, for this type of malware research, we believe that there is still room for improvement in detection performance. For this evasion technique, this paper proposes a detection method using I/O request package (IRP) sequence features combined with local alignment algorithms in bioinformatics. In the detection process, we filter and extract important IRP requests in operating system, and use the local alignment algorithm to compare with the malware's IRP sequence, which can effectively identify the distributed malware hidden in the system. This paper uses real malware to split and perform detection experiments. The results prove that our detection method can effectively detect distributed malware, and the detection accuracy is better than similar research.</p>

computer science, information systems

MA Li-Bo,LI Xing,ZHANG Liang

DOI: https://doi.org/10.3724/SP.J.1001.2009.03337

2009-01-01

Journal of Software

Abstract:Constructing an effective scan monitoring system is a necessary step for early detection and warning of unknown threats. Scan monitoring systems constructed by routable unused IP addresses will be more effective than those deployed in active networks for their special advantages in identifying threats precisely which results in low false alarm rate. Nowadays systematic researches on how to deploy such an effective monitoring system are still missing. This paper presents a novel scan monitoring model based on BGP route distribution to answer two practical deployment questions. One is how to design and deploy an ideal target-specified scan monitoring system and the other is how to evaluate the detecting effectiveness of actual limited deploying resources. On the basis of the model, this paper puts forward a new concept of deployment threshold which describes the most economical matching value between the monitoring system’s scale and the scanner’s scanning width on the same detection probability demand. According to the model and the deployment threshold, an effective monitoring system can be designed and appropriate detecting targets can be proposed which match the practical deploying resources to avoid blind deployment as before. Simulation results are coincident with the theretical analyses.

Wei LIU,Quan-lin LI,Li RUI

DOI: https://doi.org/10.3969/j.issn.1671-1122.2015.09.011

2015-01-01

Abstract:Intrusion prevention system (IPS) is a crucial defensive measure against malicious attacks to information system. However, the improper IPS conifguration can have a negative impact on network performances in terms of end-to-end delay or packets loss. Most researchers mainly focus on putting forward new IPS and analyzing the different methodologies, but ignoring the research of quantitative analysis on IPS. By analyzing the system as a quasi-birth-and –death process, this paper obtains the steady probabilities distribution to compute some important indices by establishing a two-dimensional Markov chain model. The experimental results prove that the general analytical method can effectively evaluate the performances of IPS, and also testify the correctness of the model indirectly.